Merge pull request #6418 from thc202/spiderAjax/third-party

spiderAjax: show flexible accesses

Author: ricekot

addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/AjaxSpiderResultsTable.java

@@ -38,6 +38,7 @@
 import org.parosproxy.paros.model.HistoryReference;
 import org.zaproxy.zap.extension.spiderAjax.AjaxSpiderResultsTableModel.ProcessedCellItem;
 import org.zaproxy.zap.extension.spiderAjax.SpiderListener.ResourceState;
+import org.zaproxy.zap.utils.DisplayUtils;
 import org.zaproxy.zap.view.table.HistoryReferencesTable;
 
 @SuppressWarnings("serial")
@@ -119,6 +120,11 @@ private static class ProcessedCellItemIconHighlighter extends AbstractHighlighte
                 new ImageIcon(
                         AjaxSpiderResultsTable.class.getResource("/resource/icon/16/149.png"));
 
+        /** The icon that indicates the entry is a 3rd party one. */
+        private static final ImageIcon THIRD_PARTY_ICON =
+                DisplayUtils.getScaledIcon(
+                        AjaxSpiderResultsTable.class.getResource("/resource/icon/16/154.png"));
+
         private final int columnIndex;
 
         public ProcessedCellItemIconHighlighter(final int columnIndex) {
@@ -129,23 +135,26 @@ public ProcessedCellItemIconHighlighter(final int columnIndex) {
         protected Component doHighlight(Component component, ComponentAdapter adapter) {
             ProcessedCellItem cell = (ProcessedCellItem) adapter.getValue(columnIndex);
 
-            boolean processed = cell.getState() == ResourceState.PROCESSED;
-            Icon icon = getProcessedIcon(processed);
-            if (component instanceof IconAware) {
-                ((IconAware) component).setIcon(icon);
-            } else if (component instanceof JLabel) {
-                ((JLabel) component).setIcon(icon);
+            Icon icon = getProcessedIcon(cell.getState());
+            if (component instanceof IconAware iconAware) {
+                iconAware.setIcon(icon);
+            } else if (component instanceof JLabel label) {
+                label.setIcon(icon);
             }
 
-            if (component instanceof JLabel) {
-                ((JLabel) component).setText(processed ? "" : cell.getLabel());
+            if (component instanceof JLabel label) {
+                label.setText(cell.getState() == ResourceState.PROCESSED ? "" : cell.getLabel());
             }
 
             return component;
         }
 
-        private static Icon getProcessedIcon(final boolean processed) {
-            return processed ? PROCESSED_ICON : NOT_PROCESSED_ICON;
+        private static Icon getProcessedIcon(ResourceState state) {
+            return switch (state) {
+                case PROCESSED -> PROCESSED_ICON;
+                case THIRD_PARTY -> THIRD_PARTY_ICON;
+                default -> NOT_PROCESSED_ICON;
+            };
         }
 
         /**

addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/AjaxSpiderResultsTableModel.java

@@ -85,6 +85,7 @@ public class AjaxSpiderResultsTableModel
         addState(statesMap, ResourceState.OUT_OF_SCOPE, "outofscope");
         addState(statesMap, ResourceState.EXCLUDED, "excluded");
         addState(statesMap, ResourceState.IO_ERROR, "ioerror");
+        addState(statesMap, ResourceState.THIRD_PARTY, "thirdparty");
     }
 
     public AjaxSpiderResultsTableModel() {

addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/SpiderListener.java

@@ -29,7 +29,8 @@ enum ResourceState {
         OUT_OF_SCOPE,
         OUT_OF_CONTEXT,
         EXCLUDED,
-        IO_ERROR
+        IO_ERROR,
+        THIRD_PARTY,
     }
 
     void spiderStarted();

addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/SpiderThread.java

@@ -408,27 +408,18 @@ public void handleMessage(HttpMessageHandlerContext ctx, HttpMessage httpMessage
 
             ResourceState state =
                     checkState(httpMessage.getRequestHeader().getURI().getEscapedURI());
-            boolean processed = state == ResourceState.PROCESSED;
 
             if (!ctx.isFromClient()) {
-                if (target.getOptions().getScopeCheck() == ScopeCheck.STRICT) {
-                    notifyMessage(
-                            httpMessage,
-                            HistoryReference.TYPE_SPIDER_AJAX,
-                            getResourceState(httpMessage));
-                    return;
-                }
-
                 notifyMessage(
                         httpMessage,
-                        processed
-                                ? HistoryReference.TYPE_SPIDER_AJAX
-                                : HistoryReference.TYPE_SPIDER_AJAX_TEMPORARY,
-                        httpMessage.isResponseFromTargetHost() ? state : ResourceState.IO_ERROR);
+                        HistoryReference.TYPE_SPIDER_AJAX,
+                        target.getOptions().getScopeCheck() == ScopeCheck.STRICT
+                                ? getResourceState(httpMessage)
+                                : getResourceStateFlexible(httpMessage, state));
                 return;
             }
 
-            if (!processed) {
+            if (state != ResourceState.PROCESSED) {
                 if (target.getOptions().getScopeCheck() == ScopeCheck.STRICT) {
                     setOutOfScopeResponse(httpMessage);
                     notifyMessage(httpMessage, HistoryReference.TYPE_SPIDER_AJAX_TEMPORARY, state);
@@ -462,6 +453,17 @@ private ResourceState getResourceState(HttpMessage httpMessage) {
             return ResourceState.PROCESSED;
         }
 
+        private ResourceState getResourceStateFlexible(
+                HttpMessage httpMessage, ResourceState state) {
+            if (!httpMessage.isResponseFromTargetHost()) {
+                return ResourceState.IO_ERROR;
+            }
+            if (state != ResourceState.PROCESSED) {
+                return ResourceState.THIRD_PARTY;
+            }
+            return state;
+        }
+
         public void setAllowAll(boolean allow) {
             this.allowAll = allow;
         }
@@ -476,7 +478,7 @@ private void notifyMessage(
             }
 
             HistoryReference historyRef = new HistoryReference(session, historyType, httpMessage);
-            if (state == ResourceState.PROCESSED) {
+            if (state == ResourceState.PROCESSED || state == ResourceState.THIRD_PARTY) {
                 historyRef.setCustomIcon("/resource/icon/10/spiderAjax.png", true);
                 session.getSiteTree().addPath(historyRef, httpMessage);
             }

addOns/spiderAjax/src/main/resources/org/zaproxy/zap/extension/spiderAjax/resources/Messages.properties

@@ -218,6 +218,7 @@ spiderajax.panel.table.cell.ioerror = I/O Error
 spiderajax.panel.table.cell.outofcontext = Out of Context
 spiderajax.panel.table.cell.outofscope = Out of Scope
 spiderajax.panel.table.cell.processed = Processed
+spiderajax.panel.table.cell.thirdparty = 3rd Party
 spiderajax.panel.table.header.processed = Processed
 spiderajax.panel.title = AJAX Spider