org.zaproxy.zap.extension.ascan.PolicyAllCategoryPanel.java Source code

Java tutorial

Introduction

Here is the source code for org.zaproxy.zap.extension.ascan.PolicyAllCategoryPanel.java

Source

/*
 *
 * Paros and its related class files.
 *
 * Paros is an HTTP/HTTPS proxy for assessing web application security.
 * Copyright (C) 2003-2004 Chinotec Technologies Company
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the Clarified Artistic License
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * Clarified Artistic License for more details.
 *
 * You should have received a copy of the Clarified Artistic License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
// ZAP: 2013/03/03 Issue 546: Remove all template Javadoc comments
// ZAP: 2013/11/28 Issue 923: Allow individual rule thresholds and strengths to be set via GUI
package org.zaproxy.zap.extension.ascan;

import java.awt.GridBagConstraints;
import java.awt.GridBagLayout;
import java.awt.Insets;
import java.awt.Window;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.security.InvalidParameterException;
import java.util.ArrayList;
import java.util.List;

import javax.swing.DefaultCellEditor;
import javax.swing.JButton;
import javax.swing.JComboBox;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JScrollPane;
import javax.swing.JTable;
import javax.swing.RowSorter;
import javax.swing.SortOrder;
import javax.swing.table.TableColumn;

import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.core.scanner.Plugin;
import org.parosproxy.paros.core.scanner.Plugin.AlertThreshold;
import org.parosproxy.paros.core.scanner.Plugin.AttackStrength;
import org.parosproxy.paros.view.AbstractParamPanel;
import org.zaproxy.zap.utils.DisplayUtils;
import org.zaproxy.zap.utils.ZapTextField;
import org.zaproxy.zap.view.LayoutHelper;

public class PolicyAllCategoryPanel extends AbstractParamPanel {

    //private static final String ILLEGAL_CHRS = "/`?*\\<>|\":\t\n\r";

    private static final long serialVersionUID = 1L;
    private static final Logger logger = Logger.getLogger(PolicyAllCategoryPanel.class);

    private ZapTextField policyName = null;
    private JTable tableTest = null;
    private JScrollPane jScrollPane = null;
    private AllCategoryTableModel allCategoryTableModel = null;
    private JComboBox<String> policySelector = null;
    private JComboBox<String> comboThreshold = null;
    private JLabel labelThresholdNotes = null;
    private JComboBox<String> comboStrength = null;
    private JLabel labelStrengthNotes = null;
    private JComboBox<String> applyToThreshold = null;
    private JComboBox<String> applyToStrength = null;
    private JComboBox<String> applyToThresholdTarget = null;
    private JComboBox<String> applyToStrengthTarget = null;

    private ExtensionActiveScan extension;
    private ScanPolicy policy;
    private String currentName;
    private boolean switchable = false;

    private static final int[] width = { 300, 100, 100 };

    /**
     *
     */
    public PolicyAllCategoryPanel(Window parent, ExtensionActiveScan extension, ScanPolicy policy) {
        this(parent, extension, policy, false);
    }

    public PolicyAllCategoryPanel(Window parent, ExtensionActiveScan extension, ScanPolicy policy,
            boolean switchable) {
        super();
        this.extension = extension;
        this.policy = policy;
        this.currentName = policy.getName();
        this.switchable = switchable;

        initialize();
    }

    /**
     * This method initializes this
     */
    private void initialize() {
        this.setLayout(new GridBagLayout());
        this.setSize(375, 205);
        this.setName("categoryPanel");

        // Add Attack settings section - a copy of the options dialog
        // ---------------------------------------------

        int row = 0;
        this.add(new JLabel(Constant.messages.getString("ascan.policy.name.label")),
                LayoutHelper.getGBC(0, row, 1, 0.0D, 0, GridBagConstraints.HORIZONTAL, new Insets(2, 2, 2, 2)));
        if (this.switchable) {
            this.add(getPolicySelector(),
                    LayoutHelper.getGBC(1, row, 2, 1.0D, 0, GridBagConstraints.HORIZONTAL, new Insets(2, 2, 2, 2)));
        } else {
            this.add(getPolicyName(),
                    LayoutHelper.getGBC(1, row, 2, 1.0D, 0, GridBagConstraints.HORIZONTAL, new Insets(2, 2, 2, 2)));
        }

        row++;
        this.add(new JLabel(Constant.messages.getString("ascan.options.level.label")),
                LayoutHelper.getGBC(0, row, 1, 0.0D, 0, GridBagConstraints.HORIZONTAL, new Insets(2, 2, 2, 2)));
        this.add(getComboThreshold(),
                LayoutHelper.getGBC(1, row, 1, 0.0D, 0, GridBagConstraints.HORIZONTAL, new Insets(2, 2, 2, 2)));
        this.add(getThresholdNotes(),
                LayoutHelper.getGBC(2, row, 1, 1.0D, 0, GridBagConstraints.HORIZONTAL, new Insets(2, 2, 2, 2)));

        row++;
        this.add(new JLabel(Constant.messages.getString("ascan.options.strength.label")),
                LayoutHelper.getGBC(0, row, 1, 0.0D, 0, GridBagConstraints.HORIZONTAL, new Insets(2, 2, 2, 2)));
        this.add(getComboStrength(),
                LayoutHelper.getGBC(1, row, 1, 0.0D, 0, GridBagConstraints.HORIZONTAL, new Insets(2, 2, 2, 2)));
        this.add(getStrengthNotes(),
                LayoutHelper.getGBC(2, row, 1, 1.0D, 0, GridBagConstraints.HORIZONTAL, new Insets(2, 2, 2, 2)));

        // 'Apply to' controls
        JPanel applyToPanel = new JPanel();
        applyToPanel.setLayout(new GridBagLayout());
        applyToPanel.add(new JLabel(Constant.messages.getString("ascan.options.apply.label")),
                LayoutHelper.getGBC(0, 0, 1, 0.0, new Insets(2, 2, 2, 2)));
        applyToPanel.add(getApplyToThreshold(), LayoutHelper.getGBC(1, 0, 1, 0.0));
        applyToPanel.add(new JLabel(Constant.messages.getString("ascan.options.thresholdTo.label")),
                LayoutHelper.getGBC(2, 0, 1, 0.0, new Insets(2, 2, 2, 2)));
        applyToPanel.add(getApplyToThresholdTarget(), LayoutHelper.getGBC(3, 0, 1, 0.0));
        applyToPanel.add(new JLabel(Constant.messages.getString("ascan.options.rules.label")),
                LayoutHelper.getGBC(4, 0, 1, 0.0, new Insets(2, 2, 2, 2)));
        JButton applyThresholdButton = new JButton(Constant.messages.getString("ascan.options.go.button"));
        applyThresholdButton.addActionListener(new ActionListener() {
            @Override
            public void actionPerformed(ActionEvent e) {
                applyThreshold(strToThreshold((String) getApplyToThreshold().getSelectedItem()),
                        (String) getApplyToThresholdTarget().getSelectedItem());
                getAllCategoryTableModel().fireTableDataChanged();

            }
        });
        applyToPanel.add(applyThresholdButton, LayoutHelper.getGBC(5, 0, 1, 0.0));
        applyToPanel.add(new JLabel(""), LayoutHelper.getGBC(6, 0, 1, 1.0)); // Spacer

        applyToPanel.add(new JLabel(Constant.messages.getString("ascan.options.apply.label")),
                LayoutHelper.getGBC(0, 1, 1, 0.0, new Insets(2, 2, 2, 2)));
        applyToPanel.add(getApplyToStrength(), LayoutHelper.getGBC(1, 1, 1, 0.0));
        applyToPanel.add(new JLabel(Constant.messages.getString("ascan.options.strengthTo.label")),
                LayoutHelper.getGBC(2, 1, 1, 0.0, new Insets(2, 2, 2, 2)));
        applyToPanel.add(getApplyToStrengthTarget(), LayoutHelper.getGBC(3, 1, 1, 0.0));
        applyToPanel.add(new JLabel(Constant.messages.getString("ascan.options.rules.label")),
                LayoutHelper.getGBC(4, 1, 1, 0.0, new Insets(2, 2, 2, 2)));
        JButton applyStrengthButton = new JButton(Constant.messages.getString("ascan.options.go.button"));
        applyStrengthButton.addActionListener(new ActionListener() {
            @Override
            public void actionPerformed(ActionEvent e) {
                applyStrength(strToStrength((String) getApplyToStrength().getSelectedItem()),
                        (String) getApplyToStrengthTarget().getSelectedItem());
                getAllCategoryTableModel().fireTableDataChanged();

            }
        });
        applyToPanel.add(applyStrengthButton, LayoutHelper.getGBC(5, 1, 1, 0.0));
        applyToPanel.add(new JLabel(""), LayoutHelper.getGBC(6, 1, 1, 1.0)); // Spacer

        row++;
        this.add(applyToPanel,
                LayoutHelper.getGBC(0, row, 3, 0.0D, 0.0D, GridBagConstraints.BOTH, new Insets(0, 0, 0, 0)));

        // Add the scrolling list of active plugin categories
        row++;
        this.add(getJScrollPane(),
                LayoutHelper.getGBC(0, row, 3, 1.0D, 1.0D, GridBagConstraints.BOTH, new Insets(0, 0, 0, 0)));
        this.setThreshold(policy.getDefaultThreshold());
        this.setStrength(policy.getDefaultStrength());
    }

    public void initialise(ScanPolicy policy) {
        this.getPolicyName().setText(policy.getName());
    }

    private ZapTextField getPolicyName() {
        if (policyName == null) {
            policyName = new ZapTextField();
            policyName.setText(policy.getName());
        }
        return policyName;
    }

    private JComboBox<String> getPolicySelector() {
        if (policySelector == null) {
            policySelector = new JComboBox<>();
            for (String policy : extension.getPolicyManager().getAllPolicyNames()) {
                policySelector.addItem(policy);
            }
            policySelector.addActionListener(new ActionListener() {
                @Override
                public void actionPerformed(ActionEvent e) {
                    String policyName = (String) policySelector.getSelectedItem();
                    if (policyName == null) {
                        return;
                    }

                    ScanPolicy policy;
                    try {
                        policy = extension.getPolicyManager().getPolicy(policyName);
                        if (policy != null) {
                            setScanPolicy(policy);
                        }
                    } catch (ConfigurationException e1) {
                        logger.error(e1.getMessage(), e1);
                    }
                }
            });
        }
        return policySelector;
    }

    /**
     * Reloads the scan policies, which will pick any new ones that have been defined
     */
    public void reloadPolicies() {
        // Ensure policySelector is initialized
        Object selected = getPolicySelector().getSelectedItem();
        policySelector.removeAllItems();
        for (String policy : extension.getPolicyManager().getAllPolicyNames()) {
            policySelector.addItem(policy);
        }
        policySelector.setSelectedItem(selected);
    }

    private AlertThreshold strToThreshold(String str) {
        if (str.equals(Constant.messages.getString("ascan.options.level.off"))) {
            return AlertThreshold.OFF;
        }
        if (str.equals(Constant.messages.getString("ascan.options.level.low"))) {
            return AlertThreshold.LOW;
        }
        if (str.equals(Constant.messages.getString("ascan.options.level.medium"))) {
            return AlertThreshold.MEDIUM;
        }
        if (str.equals(Constant.messages.getString("ascan.options.level.high"))) {
            return AlertThreshold.HIGH;
        }
        return AlertThreshold.DEFAULT;
    }

    private JComboBox<String> getApplyToThreshold() {
        if (applyToThreshold == null) {
            applyToThreshold = new JComboBox<>();
            applyToThreshold.addItem(Constant.messages.getString("ascan.options.level.default"));
            applyToThreshold.addItem(Constant.messages.getString("ascan.options.level.off"));
            applyToThreshold.addItem(Constant.messages.getString("ascan.options.level.low"));
            applyToThreshold.addItem(Constant.messages.getString("ascan.options.level.medium"));
            applyToThreshold.addItem(Constant.messages.getString("ascan.options.level.high"));
        }
        return applyToThreshold;
    }

    private JComboBox<String> getApplyToThresholdTarget() {
        if (applyToThresholdTarget == null) {
            applyToThresholdTarget = new JComboBox<>();
            applyToThresholdTarget.addItem(Constant.messages.getString("ascan.policy.table.quality.all"));
            applyToThresholdTarget.addItem(Constant.messages.getString("ascan.policy.table.quality.release"));
            applyToThresholdTarget.addItem(Constant.messages.getString("ascan.policy.table.quality.beta"));
            applyToThresholdTarget.addItem(Constant.messages.getString("ascan.policy.table.quality.alpha"));
        }
        return applyToThresholdTarget;
    }

    private void applyThreshold(AlertThreshold threshold, String target) {
        for (Plugin plugin : policy.getPluginFactory().getAllPlugin()) {
            if (target.equals(Constant.messages.getString("ascan.policy.table.quality.all"))) {
                plugin.setAlertThreshold(threshold);
            } else if (target.equals(
                    Constant.messages.getString("ascan.policy.table.quality." + plugin.getStatus().name()))) {
                plugin.setAlertThreshold(threshold);
            }
        }
    }

    private AttackStrength strToStrength(String str) {
        if (str.equals(Constant.messages.getString("ascan.options.strength.low"))) {
            return AttackStrength.LOW;
        }
        if (str.equals(Constant.messages.getString("ascan.options.strength.medium"))) {
            return AttackStrength.MEDIUM;
        }
        if (str.equals(Constant.messages.getString("ascan.options.strength.high"))) {
            return AttackStrength.HIGH;
        }
        if (str.equals(Constant.messages.getString("ascan.options.strength.insane"))) {
            return AttackStrength.INSANE;
        }
        return AttackStrength.DEFAULT;
    }

    private JComboBox<String> getApplyToStrength() {
        if (applyToStrength == null) {
            applyToStrength = new JComboBox<>();
            applyToStrength.addItem(Constant.messages.getString("ascan.options.strength.default"));
            applyToStrength.addItem(Constant.messages.getString("ascan.options.strength.low"));
            applyToStrength.addItem(Constant.messages.getString("ascan.options.strength.medium"));
            applyToStrength.addItem(Constant.messages.getString("ascan.options.strength.high"));
            applyToStrength.addItem(Constant.messages.getString("ascan.options.strength.insane"));
        }
        return applyToStrength;
    }

    private JComboBox<String> getApplyToStrengthTarget() {
        if (applyToStrengthTarget == null) {
            applyToStrengthTarget = new JComboBox<>();
            applyToStrengthTarget.addItem(Constant.messages.getString("ascan.policy.table.quality.all"));
            applyToStrengthTarget.addItem(Constant.messages.getString("ascan.policy.table.quality.release"));
            applyToStrengthTarget.addItem(Constant.messages.getString("ascan.policy.table.quality.beta"));
            applyToStrengthTarget.addItem(Constant.messages.getString("ascan.policy.table.quality.alpha"));
        }
        return applyToStrengthTarget;
    }

    private void applyStrength(AttackStrength strength, String target) {
        for (Plugin plugin : policy.getPluginFactory().getAllPlugin()) {
            if (target.equals(Constant.messages.getString("ascan.policy.table.quality.all"))) {
                plugin.setAttackStrength(strength);
            } else if (target.equals(
                    Constant.messages.getString("ascan.policy.table.quality." + plugin.getStatus().name()))) {
                plugin.setAttackStrength(strength);
            }
        }
    }

    private void setThreshold(AlertThreshold threshold) {
        getComboThreshold().setSelectedItem(
                Constant.messages.getString("ascan.options.level." + threshold.name().toLowerCase()));
        getThresholdNotes().setText(
                Constant.messages.getString("ascan.options.level." + threshold.name().toLowerCase() + ".label"));
    }

    private void setStrength(AttackStrength strength) {
        getComboStrength().setSelectedItem(
                Constant.messages.getString("ascan.options.strength." + strength.name().toLowerCase()));
        getStrengthNotes().setText(
                Constant.messages.getString("ascan.options.strength." + strength.name().toLowerCase() + ".label"));
    }

    /**
     * This method initializes tableTest
     *
     * @return javax.swing.JTable
     */
    private JTable getTableTest() {
        if (tableTest == null) {
            tableTest = new JTable();
            tableTest.setModel(getAllCategoryTableModel());
            tableTest.setRowHeight(DisplayUtils.getScaledSize(18));
            tableTest.setIntercellSpacing(new java.awt.Dimension(1, 1));
            tableTest.setAutoCreateRowSorter(true);

            //Default sort by name (column 0)
            List<RowSorter.SortKey> sortKeys = new ArrayList<RowSorter.SortKey>(1);
            sortKeys.add(new RowSorter.SortKey(0, SortOrder.ASCENDING));
            tableTest.getRowSorter().setSortKeys(sortKeys);

            for (int i = 0; i < tableTest.getColumnCount() - 1; i++) {
                TableColumn column = tableTest.getColumnModel().getColumn(i);
                column.setPreferredWidth(width[i]);
            }

            JComboBox<String> jcb1 = new JComboBox<>();
            jcb1.addItem(""); // Always show a blank one for where they are not all the same
            for (AlertThreshold level : AlertThreshold.values()) {
                jcb1.addItem(Constant.messages.getString("ascan.policy.level." + level.name().toLowerCase()));
            }

            tableTest.getColumnModel().getColumn(1).setCellEditor(new DefaultCellEditor(jcb1));

            JComboBox<String> jcb2 = new JComboBox<>();
            jcb2.addItem(""); // Always show a blank one for where they are not all the same
            for (AttackStrength level : AttackStrength.values()) {
                jcb2.addItem(Constant.messages.getString("ascan.policy.level." + level.name().toLowerCase()));
            }

            tableTest.getColumnModel().getColumn(2).setCellEditor(new DefaultCellEditor(jcb2));
        }

        return tableTest;
    }

    public void setScanPolicy(ScanPolicy scanPolicy) {
        if (!switchable) {
            throw new InvalidParameterException(
                    "Cannot change policy if the panel has not been defined as switchable");
        }
        this.policy = scanPolicy;
        this.getPolicySelector().setSelectedItem(scanPolicy.getName());
        this.setThreshold(scanPolicy.getDefaultThreshold());
        this.setStrength(scanPolicy.getDefaultStrength());
        this.getAllCategoryTableModel().setPluginFactory(scanPolicy.getPluginFactory());
    }

    @Override
    public void initParam(Object obj) {
    }

    @Override
    public void validateParam(Object obj) throws Exception {
        String newName = getPolicyName().getText();
        if (newName.length() == 0) {
            throw new Exception(Constant.messages.getString("ascan.policy.warn.noname"));
        } else if (!extension.getPolicyManager().isLegalPolicyName(newName)) {
            throw new Exception(Constant.messages.getString("ascan.policy.warn.badname",
                    PolicyManager.ILLEGAL_POLICY_NAME_CHRS));

        } else if (!newName.equals(currentName)) {
            // Name changed
            if (extension.getPolicyManager().getAllPolicyNames().contains(newName)) {
                throw new Exception(Constant.messages.getString("ascan.policy.warn.exists"));
            }
        }
    }

    @Override
    public void saveParam(Object obj) throws Exception {
        this.policy.setName(getPolicyName().getText());
    }

    /**
     * This method initializes jScrollPane
     *
     * @return javax.swing.JScrollPane
     */
    private JScrollPane getJScrollPane() {
        if (jScrollPane == null) {
            jScrollPane = new JScrollPane();
            jScrollPane.setViewportView(getTableTest());
            jScrollPane.setBorder(
                    javax.swing.BorderFactory.createEtchedBorder(javax.swing.border.EtchedBorder.RAISED));
        }

        return jScrollPane;
    }

    /**
     * This method initializes categoryTableModel
     *
     * @return TableModel
     */
    private AllCategoryTableModel getAllCategoryTableModel() {
        if (allCategoryTableModel == null) {
            allCategoryTableModel = new AllCategoryTableModel(this);
            allCategoryTableModel.setPluginFactory(this.policy.getPluginFactory());
        }

        return allCategoryTableModel;
    }

    private JLabel getThresholdNotes() {
        if (labelThresholdNotes == null) {
            labelThresholdNotes = new JLabel();
        }

        return labelThresholdNotes;
    }

    private JComboBox<String> getComboThreshold() {
        if (comboThreshold == null) {
            comboThreshold = new JComboBox<>();
            comboThreshold.addItem(Constant.messages.getString("ascan.options.level.low"));
            comboThreshold.addItem(Constant.messages.getString("ascan.options.level.medium"));
            comboThreshold.addItem(Constant.messages.getString("ascan.options.level.high"));
            comboThreshold.addActionListener(new ActionListener() {
                @Override
                public void actionPerformed(ActionEvent e) {
                    // Set the explanation and save
                    if (comboThreshold.getSelectedItem()
                            .equals(Constant.messages.getString("ascan.options.level.low"))) {
                        getThresholdNotes().setText(Constant.messages.getString("ascan.options.level.low.label"));
                        policy.setDefaultThreshold(AlertThreshold.LOW);

                    } else if (comboThreshold.getSelectedItem()
                            .equals(Constant.messages.getString("ascan.options.level.medium"))) {
                        getThresholdNotes()
                                .setText(Constant.messages.getString("ascan.options.level.medium.label"));
                        policy.setDefaultThreshold(AlertThreshold.MEDIUM);

                    } else {
                        getThresholdNotes().setText(Constant.messages.getString("ascan.options.level.high.label"));
                        policy.setDefaultThreshold(AlertThreshold.HIGH);
                    }
                }
            });
        }

        return comboThreshold;
    }

    private JLabel getStrengthNotes() {
        if (labelStrengthNotes == null) {
            labelStrengthNotes = new JLabel();
        }

        return labelStrengthNotes;
    }

    private JComboBox<String> getComboStrength() {
        if (comboStrength == null) {
            comboStrength = new JComboBox<>();
            comboStrength.addItem(Constant.messages.getString("ascan.options.strength.low"));
            comboStrength.addItem(Constant.messages.getString("ascan.options.strength.medium"));
            comboStrength.addItem(Constant.messages.getString("ascan.options.strength.high"));
            comboStrength.addItem(Constant.messages.getString("ascan.options.strength.insane"));
            comboStrength.addActionListener(new ActionListener() {
                @Override
                public void actionPerformed(ActionEvent e) {
                    // Set the explanation and save
                    if (comboStrength.getSelectedItem()
                            .equals(Constant.messages.getString("ascan.options.strength.low"))) {
                        getStrengthNotes().setText(Constant.messages.getString("ascan.options.strength.low.label"));
                        policy.setDefaultStrength(AttackStrength.LOW);

                    } else if (comboStrength.getSelectedItem()
                            .equals(Constant.messages.getString("ascan.options.strength.medium"))) {
                        getStrengthNotes()
                                .setText(Constant.messages.getString("ascan.options.strength.medium.label"));
                        policy.setDefaultStrength(AttackStrength.MEDIUM);

                    } else if (comboStrength.getSelectedItem()
                            .equals(Constant.messages.getString("ascan.options.strength.high"))) {
                        getStrengthNotes()
                                .setText(Constant.messages.getString("ascan.options.strength.high.label"));
                        policy.setDefaultStrength(AttackStrength.HIGH);

                    } else {
                        getStrengthNotes()
                                .setText(Constant.messages.getString("ascan.options.strength.insane.label"));
                        policy.setDefaultStrength(AttackStrength.INSANE);
                    }
                }
            });
        }

        return comboStrength;
    }

    /**
     * 
     * @return 
     */
    @Override
    public String getHelpIndex() {
        return "ui.dialogs.scanpolicy";
    }

}