Merge pull request #279 from ricekot/use-passed-variables

Update js scripts to use passed variables

Author: thc202

CHANGELOG.md

@@ -17,6 +17,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Changed
 - standalone/enableDebugLogging.js > Updated for more recent logging funtionality.
+- Update JS scripts to use passed singleton variables (control, model, view) if available (>= ZAP 2.12.0).
 
 ## [14] - 2021-11-01
 ### Added

extender/Simple Reverse Proxy.js

@@ -1,6 +1,10 @@
 // An extender script that adds a simple reverse proxy.
 // Requires a ZAP version greater than 2.7.0.
 
+var control, model
+if (!control) control = Java.type("org.parosproxy.paros.control.Control").getSingleton()
+if (!model) model = Java.type("org.parosproxy.paros.model.Model").getSingleton()
+
 // To where the requests are sent.
 var remoteAddress = "example.com"
 var remotePort = 80
@@ -10,12 +14,11 @@ var proxyAddress = "127.0.0.1"
 var proxyPort = 8081
 
 var ProxyServer = Java.type("org.parosproxy.paros.core.proxy.ProxyServer")
-var Model = Java.type("org.parosproxy.paros.model.Model")
 var ProxyListener = Java.type("org.parosproxy.paros.core.proxy.ProxyListener")
 var ZapXmlConfiguration = Java.type("org.zaproxy.zap.utils.ZapXmlConfiguration")
 var URI = Java.type("org.apache.commons.httpclient.URI")
 
-var extLoader = Java.type("org.parosproxy.paros.control.Control").getSingleton().getExtensionLoader()
+var extLoader = control.getExtensionLoader()
 var proxy
 
 function install(helper) {
@@ -26,7 +29,7 @@ function install(helper) {
     proxyParam.setBehindNat(false);
     proxyParam.setRemoveUnsupportedEncodings(true);
 
-    proxy.setConnectionParam(Model.getSingleton().getOptionsParam().getConnectionParam());
+    proxy.setConnectionParam(model.getOptionsParam().getConnectionParam());
     proxy.setEnableApi(false);
 
     extLoader.addProxyServer(proxy)

httpfuzzerprocessor/add_msgs_sites_tree.js

@@ -2,7 +2,10 @@
 // with messages sent by the fuzzer (by default the fuzz result/messages
 // are not shown in the Fuzzer tab).
 
-var session = org.parosproxy.paros.model.Model.getSingleton().getSession();
+var model;
+if (!model) model = Java.type("org.parosproxy.paros.model.Model").getSingleton();
+
+var session = model.getSession();
 
 function processMessage(utils, message) {}
 

httpsender/Alert on HTTP Response Code Errors.js

@@ -2,8 +2,11 @@
 // By default it will raise 'Info' level alerts for Client Errors (4xx) (apart from 404s) and 'Low' Level alerts for Server Errors (5xx)
 // But it can be easily changed.
 
+var control, model
+if (!control) control = Java.type("org.parosproxy.paros.control.Control").getSingleton()
+if (!model) model = Java.type("org.parosproxy.paros.model.Model").getSingleton()
+
 var Pattern = Java.type("java.util.regex.Pattern")
-var model = Java.type("org.parosproxy.paros.model.Model").getSingleton()
 pluginid = 100000	// https://github.com/zaproxy/zaproxy/blob/main/docs/scanners.md
 
 function sendingRequest(msg, initiator, helper) {
@@ -15,7 +18,7 @@ function responseReceived(msg, initiator, helper) {
 		// Not of interest.
 		return
 	}
-	var extensionAlert = org.parosproxy.paros.control.Control.getSingleton().getExtensionLoader().getExtension(
+	var extensionAlert = control.getExtensionLoader().getExtension(
 		org.zaproxy.zap.extension.alert.ExtensionAlert.NAME)
 	if (extensionAlert != null) {
 		var code = msg.getResponseHeader().getStatusCode()
@@ -69,8 +72,7 @@ function responseReceived(msg, initiator, helper) {
 						type = 15 // User - fallback
 						break
 				}
-				ref = new org.parosproxy.paros.model.HistoryReference(
-					org.parosproxy.paros.model.Model.getSingleton().getSession(), type, msg)
+				ref = new org.parosproxy.paros.model.HistoryReference(model.getSession(), type, msg)
 			}
 			alert.setMessage(msg)
 			alert.setUri(msg.getRequestHeader().getURI().toString())

httpsender/Alert on Unexpected Content Types.js

@@ -2,12 +2,15 @@
 // By default it will raise 'Low' level alerts for content types that are not expected to be returned by APIs.
 // But it can be easily changed.
 
+var control, model
+if (!control) control = Java.type("org.parosproxy.paros.control.Control").getSingleton()
+if (!model) model = Java.type("org.parosproxy.paros.model.Model").getSingleton()
+
 var Pattern = Java.type("java.util.regex.Pattern")
-var model = Java.type("org.parosproxy.paros.model.Model").getSingleton()
 
 var pluginid = 100001	// https://github.com/zaproxy/zaproxy/blob/main/docs/scanners.md
 
-var extensionAlert = org.parosproxy.paros.control.Control.getSingleton().getExtensionLoader().getExtension(
+var extensionAlert = control.getExtensionLoader().getExtension(
 		org.zaproxy.zap.extension.alert.ExtensionAlert.NAME)
 
 var expectedTypes = [
@@ -85,8 +88,7 @@ function responseReceived(msg, initiator, helper) {
 							type = 15 // User - fallback
 							break
 					}
-					ref = new org.parosproxy.paros.model.HistoryReference(
-						org.parosproxy.paros.model.Model.getSingleton().getSession(), type, msg)
+					ref = new org.parosproxy.paros.model.HistoryReference(model.getSession(), type, msg)
 				}
 				alert.setMessage(msg)
 				alert.setUri(msg.getRequestHeader().getURI().toString())

standalone/Active scan rule list.js

@@ -1,8 +1,10 @@
 // This script gives details about all of the active scan rules installed
 
-extAscan = org.parosproxy.paros.control.Control.getSingleton().
-    getExtensionLoader().getExtension(
-        org.zaproxy.zap.extension.ascan.ExtensionActiveScan.NAME);
+var control;
+if (!control) control = Java.type("org.parosproxy.paros.control.Control").getSingleton();
+
+extAscan = control.getExtensionLoader().getExtension(
+    org.zaproxy.zap.extension.ascan.ExtensionActiveScan.NAME);
 
 plugins = extAscan.getPolicyManager().getDefaultScanPolicy().getPluginFactory().getAllPlugin().toArray();
 

standalone/Juice shop authentication by form.js

@@ -4,15 +4,17 @@
 // a user with a name of test@test.com and a password of test123
 // You can change any of the variables to match your environment if needed.
 
+var control;
+if (!control) control = Java.type("org.parosproxy.paros.control.Control").getSingleton();
+
 var By = Java.type('org.openqa.selenium.By');
 var Thread = Java.type('java.lang.Thread');
 var juiceshop = 'http://localhost:3000/';
 var username = '[email protected]';
 var password = 'test123';
 
-var extSel = org.parosproxy.paros.control.Control.getSingleton().
-				getExtensionLoader().getExtension(
-					org.zaproxy.zap.extension.selenium.ExtensionSelenium.class) 
+var extSel = control.getExtensionLoader().getExtension(
+				org.zaproxy.zap.extension.selenium.ExtensionSelenium.class) 
 
 var wd = extSel.getWebDriverProxyingViaZAP(1, "firefox");
 wd.get(juiceshop);

standalone/Juice shop authentication by google.js

@@ -3,15 +3,17 @@
 // Juice Shop will need to be accessible via http://localhost:3000/ and you will need to change the 
 // username and password to match a valid Google account.
 
+var control
+if (!control) control = Java.type("org.parosproxy.paros.control.Control").getSingleton()
+
 var By = Java.type('org.openqa.selenium.By');
 var Thread = Java.type('java.lang.Thread');
 var juiceshop = 'http://localhost:3000/';
 var username = '[email protected]'; // Change this to an account you own
 var password = 'nottherealpassword';	// Change this to the right password for your account
 
-var extSel = org.parosproxy.paros.control.Control.getSingleton().
-				getExtensionLoader().getExtension(
-					org.zaproxy.zap.extension.selenium.ExtensionSelenium.class) 
+var extSel = control.getExtensionLoader().getExtension(
+				org.zaproxy.zap.extension.selenium.ExtensionSelenium.class) 
 
 var wd = extSel.getWebDriverProxyingViaZAP(1, "firefox");
 wd.get(juiceshop);

standalone/Loop through alerts.js

@@ -2,8 +2,10 @@
 //
 // This is a standalone script which you can run from the Script Console
 
-extAlert = org.parosproxy.paros.control.Control.getSingleton().
-    getExtensionLoader().getExtension(
+var control
+if (!control) control = Java.type("org.parosproxy.paros.control.Control").getSingleton()
+
+extAlert = control.getExtensionLoader().getExtension(
         org.zaproxy.zap.extension.alert.ExtensionAlert.NAME) 
 if (extAlert != null) {
 	var Alert = org.parosproxy.paros.core.scanner.Alert

standalone/Loop through history table.js

@@ -3,9 +3,11 @@
 // Standalone scripts have no template.
 // They are only evaluated when you run them. 
 
-extHist = org.parosproxy.paros.control.Control.getSingleton().
-    getExtensionLoader().getExtension(
-        org.parosproxy.paros.extension.history.ExtensionHistory.NAME) 
+var control
+if (!control) control = Java.type("org.parosproxy.paros.control.Control").getSingleton()
+
+extHist = control.getExtensionLoader().getExtension(
+    org.parosproxy.paros.extension.history.ExtensionHistory.NAME) 
 if (extHist != null) {
     i=1
     lastRef=extHist.getLastHistoryId();// Get current max history reference