Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add API endpoints for getting and setting UI options #320

Merged
merged 2 commits into from
Jan 3, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Added
- Add API endpoints for getting and setting UI options. [#319](https://github.com/zaproxy/zap-hud/issues/319)

## [0.2.0] - 2018-12-31

### Added
Expand Down
29 changes: 29 additions & 0 deletions src/main/java/org/zaproxy/zap/extension/hud/HudAPI.java
Original file line number Diff line number Diff line change
Expand Up @@ -76,20 +76,26 @@ public class HudAPI extends ApiImplementor {

private static final String PREFIX = "hud";

private static final int MAX_KEY_LENGTH = 50;

private Map<String, String> siteUrls = new HashMap<String, String>();
private ExtensionHUD extension;

private static final String ACTION_LOG = "log";
private static final String ACTION_RECORD_REQUEST = "recordRequest";
private static final String ACTION_RESET_TUTORIAL_TASKS = "resetTutorialTasks";
private static final String ACTION_SET_UI_OPTION = "setUiOption";

private static final String VIEW_GET_UI_OPTION = "getUiOption";
private static final String VIEW_HUD_ALERT_DATA = "hudAlertData";
private static final String VIEW_HEARTBEAT = "heartbeat";

private static final String PARAM_RECORD = "record";
private static final String PARAM_HEADER = "header";
private static final String PARAM_BODY = "body";
private static final String PARAM_URL = "url";
private static final String PARAM_KEY = "key";
private static final String PARAM_VALUE = "value";

/** The only files that can be included on domain */
private static final List<String> DOMAIN_FILE_WHITELIST =
Expand Down Expand Up @@ -121,9 +127,15 @@ public HudAPI(ExtensionHUD extension) {
this.addApiAction(
new ApiAction(ACTION_RECORD_REQUEST, new String[] {PARAM_HEADER, PARAM_BODY}));
this.addApiAction(new ApiAction(ACTION_RESET_TUTORIAL_TASKS));
this.addApiAction(
new ApiAction(
ACTION_SET_UI_OPTION,
new String[] {PARAM_KEY},
new String[] {PARAM_VALUE}));

this.addApiView(new ApiView(VIEW_HUD_ALERT_DATA, new String[] {PARAM_URL}));
this.addApiView(new ApiView(VIEW_HEARTBEAT));
this.addApiView(new ApiView(VIEW_GET_UI_OPTION, new String[] {PARAM_KEY}));

hudFileProxy = new HudFileProxy(this);
hudFileUrl = API.getInstance().getCallBackUrl(hudFileProxy, API.API_URL_S);
Expand Down Expand Up @@ -247,13 +259,26 @@ public ApiResponse handleApiAction(String name, JSONObject params) throws ApiExc
this.extension.resetTutorialTasks();
break;

case ACTION_SET_UI_OPTION:
String key = params.getString(PARAM_KEY);
String value = params.optString(PARAM_VALUE, "");
validateKey(key);
this.extension.getHudParam().setUiOption(key, value);
break;

default:
throw new ApiException(ApiException.Type.BAD_ACTION);
}

return ApiResponseElement.OK;
}

private void validateKey(String key) throws ApiException {
if (key.length() == 0 || key.length() > MAX_KEY_LENGTH || !key.matches("[a-zA-Z0-9]+")) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_KEY);
}
}

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {

Expand All @@ -267,6 +292,10 @@ public ApiResponse handleApiView(String name, JSONObject params) throws ApiExcep
case VIEW_HEARTBEAT:
logger.debug("Received heartbeat");
return ApiResponseElement.OK;
case VIEW_GET_UI_OPTION:
String key = params.getString(PARAM_KEY);
validateKey(key);
return new ApiResponseElement(key, this.extension.getHudParam().getUiOption(key));
default:
throw new ApiException(ApiException.Type.BAD_VIEW);
}
Expand Down
14 changes: 14 additions & 0 deletions src/main/java/org/zaproxy/zap/extension/hud/HudParam.java
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ public class HudParam extends VersionedAbstractParam {
private static final String PARAM_SHOW_WELCOME_SCREEN = PARAM_BASE_KEY + ".showWelcomeScreen";
private static final String PARAM_ENABLE_ON_DOMAIN_MSGS =
PARAM_BASE_KEY + ".enableOnDomainMsgs";
private static final String PARAM_UI_OPTION_PREFIX = PARAM_BASE_KEY + ".uiOption.";

/**
* The version of the configurations. Used to keep track of configurations changes between
Expand Down Expand Up @@ -281,4 +282,17 @@ public void resetTutorialTasks() {
log.error(e.getMessage(), e);
}
}

public void setUiOption(String key, String value) {
getConfig().setProperty(PARAM_UI_OPTION_PREFIX + key, value);
try {
this.getConfig().save();
} catch (ConfigurationException e) {
log.error(e.getMessage(), e);
}
}

public String getUiOption(String key) {
return getConfig().getString(PARAM_UI_OPTION_PREFIX + key, "");
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ hud.api.action.setOptionDevelopmentMode = Sets the boolean option 'Development m
hud.api.action.setOptionEnabled = Sets whether the HUD is enabled or not
hud.api.action.setOptionInScopeOnly = Sets the boolean option 'In scope only'
hud.api.action.setOptionRemoveCSP = Sets the boolean option 'Remove CSP'
hud.api.action.setUiOption = Sets a UI option with the given key and value. The key must be 50 alphanumeric characters or less
hud.api.view.getUiOption = Gets a UI option set using setUiOption. If the supplied key is not set then an empty string is returned
hud.api.view.optionAllowUnsafeEval = Returns true if the 'Allow unsafe eval' option is set
hud.api.view.optionBaseDirectory = Returns the base directory from which the HUD files are loaded
hud.api.view.optionDevelopmentMode = Returns true if the 'Development mode' option is set
Expand Down