From 901c86a0c0250380de5a4ed847ea933a29e884aa Mon Sep 17 00:00:00 2001 From: mattebit Date: Fri, 21 Jul 2023 14:59:30 +0200 Subject: [PATCH] Moved variables from GUI to Test + bugifxes of checks --- doc/language.md | 18 +- tool/src/main/java/migt/BurpExtender.java | 466 +++++++++--------- tool/src/main/java/migt/Check.java | 261 ++++++---- tool/src/main/java/migt/DecodeOperation.java | 12 +- tool/src/main/java/migt/EditOperation.java | 23 +- .../main/java/migt/ExecuteActiveListener.java | 25 - tool/src/main/java/migt/ExecuteActives.java | 25 +- tool/src/main/java/migt/GUI.java | 29 -- tool/src/main/java/migt/HTTPReqRes.java | 7 +- tool/src/main/java/migt/Operation.java | 21 +- tool/src/main/java/migt/Operation_API.java | 7 + tool/src/main/java/migt/Test.java | 48 +- tool/src/main/java/migt/Tools.java | 120 ++--- tool/src/test/java/Checks_Test.java | 33 +- 14 files changed, 532 insertions(+), 563 deletions(-) diff --git a/doc/language.md b/doc/language.md index aa853c7..3d37f93 100644 --- a/doc/language.md +++ b/doc/language.md @@ -471,7 +471,7 @@ Not sure about this ^^^ , not yet implemented ^^^^ The Checks tag is a list of Check elements, which can be defined with: - `in` says were to check the given parameter, can be _head_, _body_, _url_ -- `check` checks if the given string is present in the specified message section +- `check` checks if the given string is present in the specified message section. - `check param` specifies the name of the parameter to be checked, depending on the section choosed, the tool will search for the parameter using a pattern. (for the url, it will search for a query parameter, for the head, it will search for a head parameter) - `check regex` specify a regex that checks the selected content by matching it. . `use variable` (true or false) set to true if you want to specify a variable name on the following tags, to check wrt to that variable value. @@ -484,7 +484,9 @@ The Checks tag is a list of Check elements, which can be defined with: - `is in` the value is between a list of values - `is not in` the value is not between a list of values -Note that you can use `check regex` OR `check` OR `check param`. If you use the `check` or `check param` tag, you can use all the other tags to verify the value, otherwise, if you use `check regex` you can just use `is present`. +Note that you can use `check regex` OR `check` OR `check param`. + +Note that `check` accepts only the `is present` tag. In passive tests the checks's result are intended as the entire test result, so all the checks has to pass to have a successfull test. @@ -511,6 +513,18 @@ In case a check operation is executed inside an operation that gives a JSON as a If you need to do a check on an active test, you have to do a `validate` operation, which is basically an operation where you can do checks and regex +### Examples +Check using a variable value: check that the value of the header "Host" is equal to the value of the variable "var1" +```json +"checks" : [ + { + "in": "head", + "check param": "Host", + "use variable": true, + "is": "var1" + } +] +``` ## Preconditions Preconditions are used in an operation of an active test to check something in the intercepted message before the execution of the message operations. If the checks in the preconditions are evaluated to false, the test is considered unsupported, not failed. Basically preconditions are a list of checks. diff --git a/tool/src/main/java/migt/BurpExtender.java b/tool/src/main/java/migt/BurpExtender.java index f281e95..60226d3 100644 --- a/tool/src/main/java/migt/BurpExtender.java +++ b/tool/src/main/java/migt/BurpExtender.java @@ -27,222 +27,6 @@ public class BurpExtender implements IBurpExtender, ITab, IProxyListener { public IBurpExtenderCallbacks callbacks; private GUI mainPane; // The GUI - /** - * Main function creating the extension - * - * @param callbacks The callbacks received by Burp - */ - public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { - try { - System.setOut(new PrintStream("output_log.txt")); // Changes the default outstream with this file - } catch (FileNotFoundException e) { - e.printStackTrace(); - } - - try { - System.setErr(new PrintStream("error_log.txt")); - } catch (FileNotFoundException e) { - e.printStackTrace(); - } - - System.out.println("Initializing extension"); - - this.callbacks = callbacks; - helpers = callbacks.getHelpers(); - - callbacks.setExtensionName("MIG Testing tool"); - - //The UI is created - SwingUtilities.invokeLater(() -> { - // setup output stream - OutputStream stdOut = callbacks.getStdout(); - OutputStream stdErr = callbacks.getStderr(); - printStream = new PrintStream(stdOut); - errorStream = new PrintStream(stdErr); - - mainPane = new GUI(); - mainPane.helpers = callbacks.getHelpers(); - mainPane.callbacks = callbacks; - mainPane.messageViewer = callbacks.createMessageEditor(mainPane.controller, false); - mainPane.splitPane.setRightComponent(mainPane.messageViewer.getComponent()); - - // add the custom tab to Burp's UI - callbacks.addSuiteTab(BurpExtender.this); - - // register ourselves as an HTTP listener - callbacks.registerProxyListener(BurpExtender.this); - //callbacks.registerHttpListener(BurpExtender.this); - }); - } - - @Override - public String getTabCaption() { - return "MIG-T"; - } - - @Override - public Component getUiComponent() { - return mainPane; - } - - - /** - * Proxy's listener function which is called wheter a new message arrives. Note that if the received message is a - * request, you cannot access the response - * - * @param messageIsRequest Indicates whether the HTTP message is a request - * or a response. - * @param proxy_message An - * IInterceptedProxyMessage object that extensions can use to - * query and update details of the message, and control whether the message - * should be intercepted and displayed to the user for manual review or - */ - @Override - public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage proxy_message) { - String port = proxy_message.getListenerInterface().split(":")[1]; - IHttpRequestResponse messageInfo = proxy_message.getMessageInfo(); - - if (mainPane.ACTIVE_ENABLED) { - if (!port.equals(mainPane.act_active_op.session_port)) { - return; - } - - log_message(messageIsRequest, proxy_message); - - MessageType msg_type = null; - try { - msg_type = MessageType.getFromList(mainPane.messageTypes, - mainPane.act_active_op.getMessageType()); - } catch (Exception e) { - e.printStackTrace(); - mainPane.act_active_op.applicable = false; - } - - boolean matchMessage = false; - - try { - /* If the response message name is searched, the getByResponse will be true. - * so i have to search for the request, and then evaluate the response*/ - if (msg_type.getByResponse) { - if (!messageIsRequest) { - matchMessage = Tools.executeChecks(msg_type.checks, - new HTTPReqRes(messageInfo, helpers, true), - true, mainPane); - } - } else if (msg_type.getByRequest) { - if (!messageIsRequest) { - matchMessage = Tools.executeChecks(msg_type.checks, - new HTTPReqRes(messageInfo, helpers, false), - false, mainPane); - } - } else { - if (messageIsRequest == msg_type.isRequest) { - matchMessage = Tools.executeChecks(msg_type.checks, - new HTTPReqRes(messageInfo, helpers, msg_type.isRequest), - msg_type.isRequest, mainPane); - } - } - } catch (ParsingException e) { - mainPane.act_active_op.applicable = false; - return; - } - - if (matchMessage) { - boolean isRequest = false; - if (msg_type.getByRequest) { - isRequest = false; - } else if (msg_type.getByResponse) { - isRequest = true; - } else { - isRequest = msg_type.isRequest; - } - - Operation.MatchedMessage m = new Operation.MatchedMessage( - new HTTPReqRes(messageInfo, helpers, isRequest), - HTTPReqRes.instances, - isRequest, - !isRequest, - false); - mainPane.act_active_op.matchedMessages.add(m); - - // If the operation's action is an intercept - if (Objects.requireNonNull(mainPane.act_active_op.getAction()) == Operation.Action.INTERCEPT) { - try { - /* If the response message name is searched, the getByResponse will be true. - * so i have to search for the request, and then evaluate the response*/ - if (msg_type.getByResponse) { - if (!messageIsRequest) { - if (matchMessage) { - processMatchedMsg(msg_type, messageInfo); - } - } - } else if (msg_type.getByRequest) { - if (!messageIsRequest) { - if (matchMessage) { - processMatchedMsg(msg_type, messageInfo); - } - } - } else { - if (messageIsRequest == msg_type.isRequest) { - if (matchMessage) { - processMatchedMsg(msg_type, messageInfo); - if (mainPane.act_active_op.then != null & - mainPane.act_active_op.then == Operation.Then.DROP) { - proxy_message.setInterceptAction(IInterceptedProxyMessage.ACTION_DROP); - } - } - } - } - } catch (Exception e) { - e.printStackTrace(); - mainPane.act_active_op.applicable = false; - } - } - } - } - - if (mainPane.recording) { - if (!messageIsRequest) { // do not remove - synchronized (mainPane.interceptedMessages) { - IHttpRequestResponsePersisted actual = callbacks.saveBuffersToTempFiles(messageInfo); - mainPane.interceptedMessages.add( - new HTTPReqRes(actual, helpers) - ); - if (mainPane.defaultSession != null) { - mainPane.defaultSession.addMessage(actual, helpers, mainPane.FILTERING); - } - } - } - } - } - - private void processMatchedMsg(MessageType msg_type, - IHttpRequestResponse messageInfo) { - messageInfo.setHighlight("red"); - HTTPReqRes message = new HTTPReqRes(messageInfo, helpers, msg_type.isRequest); - - mainPane.act_active_op.helpers = helpers; - mainPane.act_active_op.setAPI(new Operation_API(message, msg_type.isRequest)); - mainPane.act_active_op.execute(mainPane); - - // if message has been edited inside operation update the value - if (mainPane.act_active_op.processed_message != null) { - //TODO: remove processed_message in future - if (msg_type.isRequest) { - messageInfo.setRequest(mainPane.act_active_op.processed_message); - } else { - messageInfo.setResponse(mainPane.act_active_op.processed_message); - } - } else { - if (msg_type.isRequest) { - messageInfo.setRequest(message.getMessage(message.isRequest, helpers)); - } else { - messageInfo.setResponse(message.getMessage(message.isRequest, helpers)); - } - } - resume(); - } - /** * Given an operation, and a message, execute the Message operations contained in the operation * @@ -252,9 +36,9 @@ private void processMatchedMsg(MessageType msg_type, * @return the updated Operation with the result * @throws ParsingException if parsing of names is not successfull */ - public Operation executeMessageOps(Operation op, - HTTPReqRes messageInfo, - boolean isRequest) throws ParsingException { + public static Operation executeMessageOps(Operation op, + HTTPReqRes messageInfo, + boolean isRequest) throws ParsingException { for (MessageOperation mop : op.getMessageOerations()) { List splitted; Pattern pattern; @@ -322,19 +106,19 @@ public Operation executeMessageOps(Operation op, break; case ADD: - if (getAdding(mop) == null | getAdding(mop).equals("")) { + if (getAdding(mop, op.api.vars) == null | getAdding(mop, op.api.vars).equals("")) { // TODO: should raise exception or set operation not applicable? break; } switch (mop.from) { case HEAD: { - messageInfo.addHeadParameter(isRequest, mop.what, getAdding(mop)); + messageInfo.addHeadParameter(isRequest, mop.what, getAdding(mop, op.api.vars)); op.processed_message = messageInfo.getMessage(isRequest, helpers); break; } case BODY: { String tmp = new String(messageInfo.getBody(isRequest)); - tmp = tmp + getAdding(mop); + tmp = tmp + getAdding(mop, op.api.vars); messageInfo.setBody(isRequest, tmp); //Automatically update content-lenght op.processed_message = messageInfo.getMessage(isRequest, helpers); @@ -354,7 +138,7 @@ public Operation executeMessageOps(Operation op, while (matcher.find() & !found) { String before = header_0.substring(0, matcher.end()); String after = header_0.substring(matcher.end()); - newHeader_0 = before + getAdding(mop) + after; + newHeader_0 = before + getAdding(mop, op.api.vars) + after; found = true; } messageInfo.setUrlHeader(newHeader_0); @@ -370,7 +154,7 @@ public Operation executeMessageOps(Operation op, mop.from, messageInfo, isRequest, - getAdding(mop), + getAdding(mop, op.api.vars), true); break; @@ -381,7 +165,7 @@ public Operation executeMessageOps(Operation op, mop, messageInfo, isRequest, - getAdding(mop)); + getAdding(mop, op.api.vars)); break; case REMOVE_MATCH_WORD: @@ -450,9 +234,7 @@ public Operation executeMessageOps(Operation op, v.name = mop.save_as; v.isMessage = false; v.value = value; - synchronized (mainPane.lock) { - mainPane.act_test_vars.add(v); - } + op.api.vars.add(v); break; } case BODY: { @@ -467,9 +249,7 @@ public Operation executeMessageOps(Operation op, v.value = matcher.group(); break; } - synchronized (mainPane.lock) { - mainPane.act_test_vars.add(v); - } + op.api.vars.add(v); break; } case URL: { @@ -496,9 +276,7 @@ public Operation executeMessageOps(Operation op, v.name = mop.save_as; v.isMessage = false; v.value = value; - synchronized (mainPane.lock) { - mainPane.act_test_vars.add(v); - } + op.api.vars.add(v); } break; } @@ -534,15 +312,231 @@ public Operation executeMessageOps(Operation op, * @return the adding to be used in add/edit * @throws ParsingException if the variable name is not valid or the variable has not been initiated */ - private String getAdding(MessageOperation m) throws ParsingException { + private static String getAdding(MessageOperation m, List vars) throws ParsingException { if (!m.use.isEmpty()) { - return getVariableByName(m.use, mainPane).value; + return getVariableByName(m.use, vars).value; } else { return m.to; } } + /** + * Main function creating the extension + * + * @param callbacks The callbacks received by Burp + */ + public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { + try { + System.setOut(new PrintStream("output_log.txt")); // Changes the default outstream with this file + } catch (FileNotFoundException e) { + e.printStackTrace(); + } + + try { + System.setErr(new PrintStream("error_log.txt")); + } catch (FileNotFoundException e) { + e.printStackTrace(); + } + + System.out.println("Initializing extension"); + + this.callbacks = callbacks; + helpers = callbacks.getHelpers(); + + callbacks.setExtensionName("MIG Testing tool"); + + //The UI is created + SwingUtilities.invokeLater(() -> { + // setup output stream + OutputStream stdOut = callbacks.getStdout(); + OutputStream stdErr = callbacks.getStderr(); + printStream = new PrintStream(stdOut); + errorStream = new PrintStream(stdErr); + + mainPane = new GUI(); + mainPane.helpers = callbacks.getHelpers(); + mainPane.callbacks = callbacks; + mainPane.messageViewer = callbacks.createMessageEditor(mainPane.controller, false); + mainPane.splitPane.setRightComponent(mainPane.messageViewer.getComponent()); + + // add the custom tab to Burp's UI + callbacks.addSuiteTab(BurpExtender.this); + + // register ourselves as an HTTP listener + callbacks.registerProxyListener(BurpExtender.this); + //callbacks.registerHttpListener(BurpExtender.this); + }); + } + + @Override + public String getTabCaption() { + return "MIG-T"; + } + + @Override + public Component getUiComponent() { + return mainPane; + } + + /** + * Proxy's listener function which is called wheter a new message arrives. Note that if the received message is a + * request, you cannot access the response + * + * @param messageIsRequest Indicates whether the HTTP message is a request + * or a response. + * @param proxy_message An + * IInterceptedProxyMessage object that extensions can use to + * query and update details of the message, and control whether the message + * should be intercepted and displayed to the user for manual review or + */ + @Override + public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage proxy_message) { + String port = proxy_message.getListenerInterface().split(":")[1]; + IHttpRequestResponse messageInfo = proxy_message.getMessageInfo(); + + if (mainPane.ACTIVE_ENABLED) { + if (!port.equals(mainPane.act_active_op.session_port)) { + return; + } + + log_message(messageIsRequest, proxy_message); + + MessageType msg_type = null; + try { + msg_type = MessageType.getFromList(mainPane.messageTypes, + mainPane.act_active_op.getMessageType()); + } catch (Exception e) { + e.printStackTrace(); + mainPane.act_active_op.applicable = false; + } + + boolean matchMessage = false; + + try { + /* If the response message name is searched, the getByResponse will be true. + * so i have to search for the request, and then evaluate the response*/ + if (msg_type.getByResponse) { + if (!messageIsRequest) { + matchMessage = Tools.executeChecks(msg_type.checks, + new HTTPReqRes(messageInfo, helpers, true), + true, mainPane.act_active_op.api.vars); + } + } else if (msg_type.getByRequest) { + if (!messageIsRequest) { + matchMessage = Tools.executeChecks(msg_type.checks, + new HTTPReqRes(messageInfo, helpers, false), + false, mainPane.act_active_op.api.vars); + } + } else { + if (messageIsRequest == msg_type.isRequest) { + matchMessage = Tools.executeChecks(msg_type.checks, + new HTTPReqRes(messageInfo, helpers, msg_type.isRequest), + msg_type.isRequest, mainPane.act_active_op.api.vars); + } + } + } catch (ParsingException e) { + mainPane.act_active_op.applicable = false; + return; + } + + if (matchMessage) { + boolean isRequest = false; + if (msg_type.getByRequest) { + isRequest = false; + } else if (msg_type.getByResponse) { + isRequest = true; + } else { + isRequest = msg_type.isRequest; + } + + Operation.MatchedMessage m = new Operation.MatchedMessage( + new HTTPReqRes(messageInfo, helpers, isRequest), + HTTPReqRes.instances, + isRequest, + !isRequest, + false); + mainPane.act_active_op.matchedMessages.add(m); + + // If the operation's action is an intercept + if (Objects.requireNonNull(mainPane.act_active_op.getAction()) == Operation.Action.INTERCEPT) { + try { + /* If the response message name is searched, the getByResponse will be true. + * so i have to search for the request, and then evaluate the response*/ + if (msg_type.getByResponse) { + if (!messageIsRequest) { + if (matchMessage) { + processMatchedMsg(msg_type, messageInfo); + } + } + } else if (msg_type.getByRequest) { + if (!messageIsRequest) { + if (matchMessage) { + processMatchedMsg(msg_type, messageInfo); + } + } + } else { + if (messageIsRequest == msg_type.isRequest) { + if (matchMessage) { + processMatchedMsg(msg_type, messageInfo); + if (mainPane.act_active_op.then != null & + mainPane.act_active_op.then == Operation.Then.DROP) { + proxy_message.setInterceptAction(IInterceptedProxyMessage.ACTION_DROP); + } + } + } + } + } catch (Exception e) { + e.printStackTrace(); + mainPane.act_active_op.applicable = false; + } + } + } + } + + if (mainPane.recording) { + if (!messageIsRequest) { // do not remove + synchronized (mainPane.interceptedMessages) { + IHttpRequestResponsePersisted actual = callbacks.saveBuffersToTempFiles(messageInfo); + mainPane.interceptedMessages.add( + new HTTPReqRes(actual, helpers) + ); + if (mainPane.defaultSession != null) { + mainPane.defaultSession.addMessage(actual, helpers, mainPane.FILTERING); + } + } + } + } + } + + private void processMatchedMsg(MessageType msg_type, + IHttpRequestResponse messageInfo) { + messageInfo.setHighlight("red"); + HTTPReqRes message = new HTTPReqRes(messageInfo, helpers, msg_type.isRequest); + + mainPane.act_active_op.helpers = helpers; + mainPane.act_active_op.api.message = message; + mainPane.act_active_op.api.is_request = msg_type.isRequest; + mainPane.act_active_op.execute(); + + // if message has been edited inside operation update the value + if (mainPane.act_active_op.processed_message != null) { + //TODO: remove processed_message in future + if (msg_type.isRequest) { + messageInfo.setRequest(mainPane.act_active_op.processed_message); + } else { + messageInfo.setResponse(mainPane.act_active_op.processed_message); + } + } else { + if (msg_type.isRequest) { + messageInfo.setRequest(message.getMessage(message.isRequest, helpers)); + } else { + messageInfo.setResponse(message.getMessage(message.isRequest, helpers)); + } + } + resume(); + } + /** * Tells the lock on the Execute Actives process to resume the execution */ diff --git a/tool/src/main/java/migt/Check.java b/tool/src/main/java/migt/Check.java index 6b835d1..1b58a4e 100644 --- a/tool/src/main/java/migt/Check.java +++ b/tool/src/main/java/migt/Check.java @@ -23,10 +23,10 @@ public class Check extends Module { CheckOps op; // the check operations CheckIn in; // the section over which to search String op_val; - List value_list; + List value_list; // the eventual list of values to check between boolean isParamCheck; // specifies if what is declared in what is a parameter name - String regex; - boolean use_variable; + String regex; // the eventual regex to use + boolean use_variable; // if a variable name will be used in the check operation public Check() { init(); @@ -36,7 +36,7 @@ public Check() { * Instantiate a new Check object given its parsed JSONObject * * @param json_check the check as JSONObject - * @throws ParsingException + * @throws ParsingException if the input is not compliant with the language */ public Check(JSONObject json_check) throws ParsingException { init(); @@ -115,17 +115,54 @@ public void init() { use_variable = false; } + /** + * Loads a Decode operation's API into the check + * @param api the Decode operation's api to load + */ public void loader(DecodeOperation_API api) { this.imported_api = api; } /** - * Execute the check if it is http + * Loads an Operation's API into the check + * @param api the Operation's API to load + */ + public void loader(Operation_API api) { + this.imported_api = api; + } + + /** + * Executes the regex version of the check * - * @param message - * @param isRequest - * @return - * @throws ParsingException + * @param input the input content + * @return the result of the check + */ + private boolean execute_regex(String input) { + Pattern p = Pattern.compile(regex); + Matcher m = p.matcher(input); + applicable = true; + + String val = ""; + if (m.find()) { + val = m.group(); + } + + if (this.op == null) { + // Return result based on matched or not + return (val.length() > 0); + } else { + // execute op against matched value + return do_check(val); + } + } + + /** + * Execute the check over a message (in an Operation) + * + * @param message the message to check + * @param isRequest tells if the message is a request or a response + * @return the result of the check + * @throws ParsingException if something wrong is found wrt the language */ private boolean execute_http(HTTPReqRes message, boolean isRequest) throws ParsingException { @@ -162,65 +199,30 @@ private boolean execute_http(HTTPReqRes message, } if (this.isParamCheck) { - try { - Pattern p = this.in == CheckIn.URL ? - Pattern.compile("(?<=[?&]" + this.what + "=)[^\\n&]*") : - Pattern.compile("(?<=" + this.what + ":\\s?)[^\\n]*"); - Matcher m = p.matcher(msg_str); - - String val = ""; - if (m.find()) { - val = m.group(); - } else { - return false; - } + if (in == CheckIn.BODY) { + throw new ParsingException("Invalid check operation, cannot do \"check param\" over body, " + + "use \"check_regex instead\""); + } - if (this.op == null && val.length() != 0) { - // if it passed all the splits without errors, the param is present, but no checks are specified - // so result is true - return true; - } - switch (this.op) { - case IS: - if (!this.op_val.equals(val)) { - return false; - } - break; - case IS_NOT: - if (this.op_val.equals(val)) { - return false; - } - break; - case CONTAINS: - if (!val.contains(this.op_val)) { - return false; - } - break; - case NOT_CONTAINS: - if (val.contains(this.op_val)) { - return false; - } - break; - case IS_PRESENT: - return true; // if it gets to this, the searched param is already found - case IS_NOT_PRESENT: - return false; - case IS_IN: - return value_list.contains(val); // TODO check - case IS_NOT_IN: - return !value_list.contains(val); - } - } catch (ArrayIndexOutOfBoundsException e) { - //e.printStackTrace(); - if (this.op != null) { - if (this.op != IS_NOT_PRESENT) { - return false; - } - } else { - return false; - } + Pattern p = this.in == CheckIn.URL ? + Pattern.compile("(?<=[?&]" + this.what + "=)[^\\r\\n&]*") : + Pattern.compile("(?<=" + this.what + ":\\s?)[^\\r\\n]*"); + // TODO: this could be done better by using message methods + Matcher m = p.matcher(msg_str); + + applicable = true; + + String val = ""; + if (m.find()) { + val = m.group(); + val = val.trim(); + } else { + return false; } + + return do_check(val); } else { + applicable = true; if (!msg_str.contains(this.what)) { if (this.op != null) { return this.op == IS_NOT_PRESENT; @@ -239,8 +241,8 @@ private boolean execute_http(HTTPReqRes message, /** * Execute the json version of the check * - * @return the result of the execution //TODO: change to API - * @throws ParsingException + * @return the result of the execution + * @throws ParsingException if something wrong is found wrt the language */ private boolean execute_json() throws ParsingException { DecodeOperation_API tmp = ((DecodeOperation_API) this.imported_api); @@ -305,42 +307,109 @@ private boolean execute_json() throws ParsingException { } /** - * Executes the given check + * Executes check operations over the selected value, and returns the result * - * @param message - * @param isRequest + * @param val_to_check the value to check + * @return the result of the check + */ + public boolean do_check(String val_to_check) { + try { + if (this.op == null && val_to_check.length() != 0) { + // if it passed all the splits without errors, the param is present, but no checks are specified + // so result is true + return true; + } + switch (this.op) { + case IS: + if (!this.op_val.equals(val_to_check)) { + return false; + } + break; + case IS_NOT: + if (this.op_val.equals(val_to_check)) { + return false; + } + break; + case CONTAINS: + if (!val_to_check.contains(this.op_val)) { + return false; + } + break; + case NOT_CONTAINS: + if (val_to_check.contains(this.op_val)) { + return false; + } + break; + case IS_PRESENT: + return true; // if it gets to this, the searched param is already found + case IS_NOT_PRESENT: + return false; + case IS_IN: + return value_list.contains(val_to_check); // TODO check + case IS_NOT_IN: + return !value_list.contains(val_to_check); + } + } catch (ArrayIndexOutOfBoundsException e) { + //e.printStackTrace(); + if (this.op != null) { + if (this.op != IS_NOT_PRESENT) { + return false; + } + } else { + return false; + } + } + return true; + } + + /** + * Executes the given check (without API). Used to match messages with msg_types usually. + * + * @param message the message to check + * @param isRequest if the message is a request or a response * @return the result of the check (passed or not passed) */ public boolean execute(HTTPReqRes message, boolean isRequest, - GUI gui) throws ParsingException { + List vars) throws ParsingException { if (use_variable) { // Substitute to the op_val variable (that contains the name), the value of the variable - op_val = Tools.getVariableByName(op_val, gui).value; + op_val = Tools.getVariableByName(op_val, vars).value; } - // TODO: migrate to api result = execute_http(message, isRequest); return result; - // TODO REMOVE CONTENT TYPE } - public void execute(GUI gui) throws ParsingException { + /** + * Execute the check by using API + * @param vars the variables of the actual operation (test) + */ + public void execute(List vars) throws ParsingException { if (use_variable) { // Substitute to the op_val variable (that contains the name), the value of the variable - op_val = Tools.getVariableByName(op_val, gui).value; + op_val = Tools.getVariableByName(op_val, vars).value; } - switch (((DecodeOperation_API) imported_api).type) { - case JWT: - result = execute_json(); - break; - case NONE: - break; - //TODO - case XML: + if (imported_api instanceof Operation_API) { + // If is inside a standard Operation + result = execute_http( + ((Operation_API) imported_api).message, + ((Operation_API) imported_api).is_request + ); + } else if (imported_api instanceof DecodeOperation_API) { + // if inside a decode operation + switch (((DecodeOperation_API) imported_api).type) { + case JWT: + result = execute_json(); + break; + case NONE: + break; //TODO - break; + case XML: + //TODO + break; + } } } @@ -357,28 +426,6 @@ public String toString() { return "check: " + what + (op == null ? "" : " " + op + ": " + op_val); } - /** - * Executes the regex of the check against the given input, and returns true if the regex found something. - * - * @param input the input text to check - * @return true if the regex matches, false otherwise - */ - private boolean execute_regex(String input) { - Pattern p = Pattern.compile(regex); - Matcher m = p.matcher(input); - applicable = true; - - String val = ""; - if (m.find()) { - val = m.group(); - } else { - return false; - } - // TODO: add is, isnot, .. ? - - return true; - } - /** * enum containing all the possible check operations */ diff --git a/tool/src/main/java/migt/DecodeOperation.java b/tool/src/main/java/migt/DecodeOperation.java index f03a6df..5d7debd 100644 --- a/tool/src/main/java/migt/DecodeOperation.java +++ b/tool/src/main/java/migt/DecodeOperation.java @@ -432,7 +432,7 @@ public Operation_API exporter() throws ParsingException { * @param mainPane the mainpane is needed to access the variables * @throws ParsingException */ - public void execute(GUI mainPane) throws ParsingException { + public void execute(List vars) throws ParsingException { if (imported_api instanceof Operation_API) { decoded_content = decodeParam( helpers, @@ -477,17 +477,17 @@ public void execute(GUI mainPane) throws ParsingException { // execute edit operations if (editOperations.size() > 0) { - executeEditOps(this, mainPane); + executeEditOps(this, vars); } // executes recursive decode operations if (decodeOperations.size() != 0) { - executeDecodeOps(this, helpers, mainPane); + executeDecodeOps(this, helpers, vars); } // execute checks if (checks.size() != 0) { - executeChecks(mainPane); + executeChecks(vars); } // Rebuild JWT before encoding it @@ -504,10 +504,10 @@ public void execute(GUI mainPane) throws ParsingException { * @return the result, for convenience * @throws ParsingException if errors are found */ - public boolean executeChecks(GUI gui) throws ParsingException { + public boolean executeChecks(List vars) throws ParsingException { for (Check c : checks) { c.loader(getAPI()); - c.execute(gui); + c.execute(vars); if (!setResult(c)) { return false; } diff --git a/tool/src/main/java/migt/EditOperation.java b/tool/src/main/java/migt/EditOperation.java index 4ac74e1..649a710 100644 --- a/tool/src/main/java/migt/EditOperation.java +++ b/tool/src/main/java/migt/EditOperation.java @@ -7,6 +7,7 @@ import samlraider.application.SamlTabController; import samlraider.helpers.XMLHelpers; +import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -176,12 +177,12 @@ public DecodeOperation_API exporter() { return (DecodeOperation_API) imported_api; } - public void execute(GUI mainPane) throws ParsingException { + public void execute(List vars) throws ParsingException { if (imported_api instanceof DecodeOperation_API) { // the edit operation is being executed inside a Decode Operation // If a variable value has to be used, read the value of the variable at execution time if (!use.equals("")) { - Var v = getVariableByName(use, mainPane); + Var v = getVariableByName(use, vars); if (!v.isMessage) { value = v.value; } else { @@ -257,9 +258,7 @@ public void execute(GUI mainPane) throws ParsingException { v.name = save_as; v.isMessage = false; v.value = to_save; - synchronized (mainPane.lock) { - mainPane.act_test_vars.add(v); - } + vars.add(v); break; } case SAVE_ATTR: @@ -270,9 +269,7 @@ public void execute(GUI mainPane) throws ParsingException { v.name = save_as; v.isMessage = false; v.value = to_save; - synchronized (mainPane.lock) { - mainPane.act_test_vars.add(v); - } + vars.add(v); break; } @@ -292,16 +289,16 @@ public void execute(GUI mainPane) throws ParsingException { switch (jwt_section) { case HEADER: tmp_imported_api.jwt_header = Tools.editJson( - jwt_action, tmp_imported_api.jwt_header, what, mainPane, save_as, value); + jwt_action, tmp_imported_api.jwt_header, what, vars, save_as, value); break; case PAYLOAD: // TODO: pass newvalue tmp_imported_api.jwt_payload = Tools.editJson( - jwt_action, tmp_imported_api.jwt_payload, what, mainPane, save_as, value); + jwt_action, tmp_imported_api.jwt_payload, what, vars, save_as, value); break; case SIGNATURE: tmp_imported_api.jwt_signature = Tools.editJson( - jwt_action, tmp_imported_api.jwt_signature, what, mainPane, save_as, value); + jwt_action, tmp_imported_api.jwt_signature, what, vars, save_as, value); break; } } catch (PathNotFoundException e) { @@ -349,9 +346,7 @@ public void execute(GUI mainPane) throws ParsingException { v.name = save_as; v.isMessage = false; v.value = val; - synchronized (mainPane.lock) { - mainPane.act_test_vars.add(v); - } + vars.add(v); break; } applicable = true; diff --git a/tool/src/main/java/migt/ExecuteActiveListener.java b/tool/src/main/java/migt/ExecuteActiveListener.java index 7a2c92e..3487a4c 100644 --- a/tool/src/main/java/migt/ExecuteActiveListener.java +++ b/tool/src/main/java/migt/ExecuteActiveListener.java @@ -1,7 +1,5 @@ package migt; -import java.util.List; - /** * Listener class for ExecuteActive class * @@ -62,27 +60,4 @@ public interface ExecuteActiveListener { * @param actual_test The test that was being executed */ void onError(Test actual_test); - - /** - * This method is called before the execution of the SessionOperations in a test. It is used to update the list - * of variables with the thread - * - * @return the updated list of variables - */ - List onBeforeExSessionOps(); - - /** - * This method is called after the execution of the SessionOperations in a test. It is used to updated the list of - * variables with the thread - * - * @param re the list of variables to update - */ - void onAfterExSessionOps(List re); - - /** - * This method is called when a variable has to been set during the test - * - * @param v the new set variable - */ - void onAddVar(Var v); } diff --git a/tool/src/main/java/migt/ExecuteActives.java b/tool/src/main/java/migt/ExecuteActives.java index 1245569..eaf7801 100644 --- a/tool/src/main/java/migt/ExecuteActives.java +++ b/tool/src/main/java/migt/ExecuteActives.java @@ -172,7 +172,7 @@ public Track onUpdateTrack(String sessionName) throws ParsingException { @Override public void onSetVar(Var v) { - listener.onAddVar(v); + actual_test.vars.add(v); } }); @@ -214,9 +214,9 @@ public void onSetVar(Var v) { break; } - List act_vars = listener.onBeforeExSessionOps(); + List act_vars = actual_test.vars; List updated_vars = op.executeSessionOps(actual_test, act_vars); - listener.onAfterExSessionOps(updated_vars); + actual_test.vars = updated_vars; } else { //if it is a normal operation @@ -229,6 +229,12 @@ public void onSetVar(Var v) { op.session_port = "8080"; } + if (op.api == null) { + op.api = new Operation_API(actual_test.vars); + } else { + op.api.vars = actual_test.vars; + } + listener.onNewProcessOperation(op); synchronized (this.waiting) { @@ -241,17 +247,8 @@ public void onSetVar(Var v) { op = listener.onOperationDone(); // Take the operation from the caller - List act_vars = listener.onBeforeExSessionOps(); - if (act_vars.size() == 0) { - try { - Thread.sleep(500); - act_vars = listener.onBeforeExSessionOps(); - } catch (InterruptedException e) { - } - } - - List updated_vars = op.executeSessionOps(actual_test, act_vars); - listener.onAfterExSessionOps(updated_vars); + actual_test.vars = op.api.vars; + actual_test.vars = op.executeSessionOps(actual_test, actual_test.vars); if (op.applicable) { actual_test.success = op.result; diff --git a/tool/src/main/java/migt/GUI.java b/tool/src/main/java/migt/GUI.java index c0cf729..413b3b4 100644 --- a/tool/src/main/java/migt/GUI.java +++ b/tool/src/main/java/migt/GUI.java @@ -47,7 +47,6 @@ public class GUI extends JSplitPane { private final List actives; private final Map sessions_text; private final Object lock2 = new Object(); - public List act_test_vars; //GUI JTable resultTable; JTable testTable; @@ -115,7 +114,6 @@ public GUI() { actives = new ArrayList<>(); sessions_names = new ArrayList<>(); ACTIVE_ENABLED = false; - act_test_vars = new ArrayList<>(); sessions_text = new HashMap<>(); messageTypes = new ArrayList<>(); session_port = new HashMap<>(); @@ -1287,9 +1285,6 @@ private void executeSuite() { passives.clear(); act_active_op = null; ex = null; - synchronized (lock) { - act_test_vars = new ArrayList<>(); - } active_ex_finished = false; // clears the test suite result table @@ -1404,9 +1399,6 @@ public Session onNewSession(Session s) { @Override public void onNewTest(Test actual_test) { - synchronized (lock) { - act_test_vars = new ArrayList<>(); - } act_active_op = null; } @@ -1427,27 +1419,6 @@ public void onError(Test actual_test) { active_ex_finished = true; } } - - @Override - public List onBeforeExSessionOps() { - synchronized (lock) { - return act_test_vars; - } - } - - @Override - public void onAfterExSessionOps(List re) { - synchronized (lock) { - act_test_vars = re; - } - } - - @Override - public void onAddVar(Var v) { - synchronized (lock) { - act_test_vars.add(v); - } - } }); active_ex = new Thread(ex); diff --git a/tool/src/main/java/migt/HTTPReqRes.java b/tool/src/main/java/migt/HTTPReqRes.java index dc5fe9b..cd9a2c2 100644 --- a/tool/src/main/java/migt/HTTPReqRes.java +++ b/tool/src/main/java/migt/HTTPReqRes.java @@ -6,6 +6,7 @@ import burp.IHttpService; import java.nio.charset.StandardCharsets; +import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.regex.Matcher; @@ -477,21 +478,21 @@ public boolean matches_msg_type(MessageType msg_type, IExtensionHelpers helpers) msg_type.checks, this, true, - new GUI() // TODO: fix + new ArrayList<>() // TODO: fix ); } else if (msg_type.getByRequest) { matchedMessage = Tools.executeChecks( msg_type.checks, this, false, - new GUI() // TODO: fix + new ArrayList<>() // TODO: fix ); } else { matchedMessage = Tools.executeChecks( msg_type.checks, this, msg_type.isRequest, - new GUI() // TODO: fix + new ArrayList<>() // TODO: fix ); } } catch (Exception e) { diff --git a/tool/src/main/java/migt/Operation.java b/tool/src/main/java/migt/Operation.java index dd0163a..5ecb002 100644 --- a/tool/src/main/java/migt/Operation.java +++ b/tool/src/main/java/migt/Operation.java @@ -381,14 +381,14 @@ public void setAPI(Operation_API api) { this.processed_message = api.message.build_message(api.is_request); } - public void execute(GUI mainPane) { + public void execute() { if (!preconditions.isEmpty()) { try { applicable = Tools.executeChecks( preconditions, api.message, api.is_request, - mainPane + api.vars ); if (!applicable) return; } catch (ParsingException e) { @@ -403,8 +403,8 @@ public void execute(GUI mainPane) { if (!replace_request_name.equals("")) { try { applicable = true; - processed_message = getVariableByName(replace_request_name, mainPane).message; - processed_message_service = getVariableByName(replace_request_name, mainPane).service_info; + processed_message = getVariableByName(replace_request_name, api.vars).message; + processed_message_service = getVariableByName(replace_request_name, api.vars).service_info; //return op; } catch (ParsingException e) { e.printStackTrace(); @@ -416,8 +416,8 @@ public void execute(GUI mainPane) { if (!replace_response_name.equals("")) { try { applicable = true; - processed_message = getVariableByName(replace_response_name, mainPane).message; - processed_message_service = getVariableByName(replace_response_name, mainPane).service_info; + processed_message = getVariableByName(replace_response_name, api.vars).message; + processed_message_service = getVariableByName(replace_response_name, api.vars).service_info; //return op; } catch (ParsingException e) { e.printStackTrace(); @@ -434,7 +434,10 @@ public void execute(GUI mainPane) { BurpExtender.executeMessageOps(this, api.message, api.is_request); // TOOD: change to edits if (!applicable | !result) return; - executeDecodeOps(this, helpers, mainPane); + executeDecodeOps(this, helpers, api.vars); + if (!applicable | !result) + return; + executeChecks(this, api.vars); if (!applicable | !result) return; @@ -450,9 +453,7 @@ public void execute(GUI mainPane) { v.isMessage = true; v.message = api.is_request ? api.message.getRequest() : api.message.getResponse(); v.service_info = api.message.getHttpService(helpers); - synchronized (mainPane.lock) { - mainPane.act_test_vars.add(v); - } + api.vars.add(v); } } diff --git a/tool/src/main/java/migt/Operation_API.java b/tool/src/main/java/migt/Operation_API.java index 8e1ef04..4f7071d 100644 --- a/tool/src/main/java/migt/Operation_API.java +++ b/tool/src/main/java/migt/Operation_API.java @@ -1,14 +1,21 @@ package migt; +import java.util.List; + /** * This class provides an API for an Operation module, to be used by other modules. */ public class Operation_API extends API { public HTTPReqRes message; + public List vars; boolean is_request; public Operation_API(HTTPReqRes message, boolean is_request) { this.message = message; this.is_request = is_request; } + + public Operation_API(List vars) { + this.vars = vars; + } } diff --git a/tool/src/main/java/migt/Test.java b/tool/src/main/java/migt/Test.java index 125c030..2f577a7 100644 --- a/tool/src/main/java/migt/Test.java +++ b/tool/src/main/java/migt/Test.java @@ -28,6 +28,7 @@ public class Test { public String violated_properties; public String affected_entity; public String mitigations; + public List vars; Boolean isActive; List operations; boolean success = false; @@ -42,19 +43,7 @@ public class Test { * Empty constructor for tests */ public Test() { - this.resultSession = ""; - this.name = ""; - this.description = ""; - this.error_srt = ""; - this.operations = new ArrayList<>(); - this.sessions = new ArrayList<>(); - - this.success = false; - this.isActive = false; - - references = ""; - violated_properties = ""; - mitigations = ""; + init(); } /** @@ -63,19 +52,7 @@ public Test() { public Test(JSONObject test_json, Session defaultSession, List messageTypes) throws Exception { - this.resultSession = ""; - this.name = ""; - this.description = ""; - this.error_srt = ""; - this.operations = new ArrayList<>(); - this.sessions = new ArrayList<>(); - - this.success = false; - this.isActive = false; - - references = ""; - violated_properties = ""; - mitigations = ""; + init(); description = test_json.getString("description"); name = test_json.getString("name"); @@ -152,6 +129,23 @@ public Test(JSONObject test_json, } } + public void init() { + vars = new ArrayList<>(); + this.resultSession = ""; + this.name = ""; + this.description = ""; + this.error_srt = ""; + this.operations = new ArrayList<>(); + this.sessions = new ArrayList<>(); + + this.success = false; + this.isActive = false; + + references = ""; + violated_properties = ""; + mitigations = ""; + } + public String getName() { return name; } @@ -187,7 +181,7 @@ public List getRows() { String[] tmp = new String[]{ String.valueOf(count), String.valueOf(op.getMessageType()), - String.valueOf(op.getMessageSection()), + "", op.getChecks().toString(), msg.index.toString(), msg.isFail ? "failed" : "passed"}; diff --git a/tool/src/main/java/migt/Tools.java b/tool/src/main/java/migt/Tools.java index 72f4b8f..24e6dcc 100644 --- a/tool/src/main/java/migt/Tools.java +++ b/tool/src/main/java/migt/Tools.java @@ -45,24 +45,21 @@ public static boolean executePassiveTest(Test test, Operation currentOP = test.operations.get(j); MessageType msg_type = MessageType.getFromList(msg_types, currentOP.getMessageType()); - try { - // Check message is matched. - // TODO: execute Operation exactly as actives, idk if possible - if (messageList.get(i).matches_msg_type(msg_type, helpers)) { - res = processOperation( - currentOP, - messageList.get(i), - i, - helpers, - msg_type.isRequest - ); - } - } catch (ParsingException e) { - e.printStackTrace(); - res = false; - currentOP.applicable = false; - break; + if (currentOP.api == null) { + currentOP.api = new Operation_API(test.vars); + } else { + currentOP.api.vars = test.vars; + } + + if (messageList.get(i).matches_msg_type(msg_type, helpers)) { + currentOP.helpers = helpers; + currentOP.setAPI(new Operation_API(messageList.get(i), msg_type.isRequest)); + currentOP.execute(); + res = currentOP.getResult(); } + + test.vars = currentOP.api.vars; + actisreq = msg_type.isRequest; actisresp = !msg_type.isRequest; j++; @@ -196,10 +193,9 @@ public static String getAllHeaders(List headers) { public static boolean executeChecks(List checks, HTTPReqRes message, boolean isRequest, - GUI gui) throws ParsingException { - //TODO: change to module in progress + List vars) throws ParsingException { for (Check c : checks) { - if (!c.execute(message, isRequest, gui)) { + if (!c.execute(message, isRequest, vars)) { return false; } } @@ -207,40 +203,37 @@ public static boolean executeChecks(List checks, } /** - * Execute a list of checks from an operation. Uses API. + * Execute a list of checks in an operation. Uses API. * - * @param op - * @return - * @throws ParsingException + * @param op the operation to execute checks from + * @return the result of the checks + * @throws ParsingException if something goes wrong related to the definition of the test */ - public static boolean executeChecks(Operation op, GUI gui) throws ParsingException { - // TODO + public static Operation executeChecks(Operation op, List vars) throws ParsingException { for (Check c : op.getChecks()) { - c.loader(op.api); //TODO: change loader to an Operation api - c.execute(gui); - if (!op.setResult(c)) { - return false; - } + c.loader(op.api); + c.execute(vars); + if (!op.setResult(c)) + break; } - return true; + return op; } /** * Executes the decode operations in an operation. Uses APIs. Sets the result to the operation * - * @param op the operation to execute the decode operations from - * @param helpers the Burp helpers - * @param mainPane reference to the mainPane object (contains the variables) + * @param op the operation to execute the decode operations from + * @param helpers the Burp helpers * @return The operation (edited) * @throws ParsingException if something goes wrong */ public static Operation executeDecodeOps(Operation op, IExtensionHelpers helpers, - GUI mainPane) throws ParsingException { + List vars) throws ParsingException { Operation_API api = op.getAPI(); for (DecodeOperation dop : op.getDecodeOperations()) { dop.loader(api, helpers); - dop.execute(mainPane); + dop.execute(vars); if (!op.setResult(dop)) break; op.setAPI(dop.exporter()); @@ -250,21 +243,20 @@ public static Operation executeDecodeOps(Operation op, } /** - * Executes a decode operation, from a decode operation. This is basically the recursive step. + * Executes the decode operations in a decode operation. This is the recursive step. * - * @param op the decode operation executing its child decode operations - * @param helpers the burp helpers - * @param mainPane reference to the mainPane object (contains the variables) + * @param op the decode operation executing its child decode operations + * @param helpers the burp helpers * @return The operation (edited) * @throws ParsingException if something goes wrong */ public static DecodeOperation executeDecodeOps(DecodeOperation op, IExtensionHelpers helpers, - GUI mainPane) throws ParsingException { + List vars) throws ParsingException { DecodeOperation_API api = op.getAPI(); for (DecodeOperation dop : op.decodeOperations) { dop.loader(api, helpers); - dop.execute(mainPane); + dop.execute(vars); if (!op.setResult(dop)) break; op.setAPI(dop.exporter()); @@ -274,19 +266,18 @@ public static DecodeOperation executeDecodeOps(DecodeOperation op, } /** - * Executes the edit operations inside of a decode operation + * Executes the edit operations inside a decode operation * - * @param op the decode operation to run the edit operations from - * @param mainPane reference to the mainPane object (contains the variables) + * @param op the decode operation to run the edit operations from * @return the Decode operation (edited) * @throws ParsingException if something goes wrong */ public static DecodeOperation executeEditOps(DecodeOperation op, - GUI mainPane) throws ParsingException { + List vars) throws ParsingException { DecodeOperation_API api = op.getAPI(); for (EditOperation eop : op.editOperations) { eop.loader(api); - eop.execute(mainPane); + eop.execute(vars); if (!op.setResult(eop)) break; op.setAPI(eop.exporter()); @@ -870,24 +861,6 @@ public static byte[] editMessageParam(IExtensionHelpers helpers, ); } - /** - * Given a name, returns the corresponding variable - * - * @param name the name of the variable - * @return the Var object - * @throws ParsingException if the variable cannot be found - */ - public static Var getVariableByName(String name, GUI mainPane) throws ParsingException { - synchronized (mainPane.lock) { - for (Var act : mainPane.act_test_vars) { - if (act.name.equals(name)) { - return act; - } - } - } - throw new ParsingException("variable not defined"); - } - /** * Finds the parent div of an http element * @@ -932,18 +905,17 @@ public static String findParentDiv(String in) throws ParsingException { /** * Given a json string and a json path, edit the json. * - * @param action the action to do, (edit, remove, add, or save) - * @param content the json content as string - * @param j_path the json path as string - * @param mainPane the mainPane reference, to access the variables - * @param save_as the name of the variable if the action is save + * @param action the action to do, (edit, remove, add, or save) + * @param content the json content as string + * @param j_path the json path as string + * @param save_as the name of the variable if the action is save * @return the edited json * @throws PathNotFoundException if the path in the json is not found */ public static String editJson(EditOperation.Jwt_action action, String content, String j_path, - GUI mainPane, + List vars, String save_as, String newValue) throws PathNotFoundException { Object document = Configuration.defaultConfiguration().jsonProvider().parse(content); @@ -963,9 +935,7 @@ public static String editJson(EditOperation.Jwt_action action, v.name = save_as; v.isMessage = false; v.value = JsonPath.read(content, j_path); //TODO could rise errors - synchronized (mainPane.lock) { - mainPane.act_test_vars.add(v); - } + vars.add(v); break; } return Configuration.defaultConfiguration().jsonProvider().toJson(document); //basically converts to string diff --git a/tool/src/test/java/Checks_Test.java b/tool/src/test/java/Checks_Test.java index 1078342..b243c17 100644 --- a/tool/src/test/java/Checks_Test.java +++ b/tool/src/test/java/Checks_Test.java @@ -3,6 +3,9 @@ import org.junit.jupiter.api.DisplayName; import org.junit.jupiter.api.Test; +import java.util.ArrayList; +import java.util.List; + import static org.junit.jupiter.api.Assertions.*; public class Checks_Test { @@ -47,7 +50,7 @@ void test_check() throws ParsingException { "}"; Check c = initCheck_json(check_str); - c.execute(new GUI()); + c.execute(new ArrayList()); assertTrue(c.getResult()); } @@ -61,7 +64,7 @@ void test_check_json_is_not() throws ParsingException { "}"; Check c = initCheck_json(check_str); - c.execute(new GUI()); + c.execute(new ArrayList()); assertFalse(c.getResult()); } @@ -75,7 +78,7 @@ void test_check_json_contains() throws ParsingException { "}"; Check c = initCheck_json(check_str); - c.execute(new GUI()); + c.execute(new ArrayList()); assertTrue(c.getResult()); } @@ -89,7 +92,7 @@ void test_check_json_not_contains() throws ParsingException { "}"; Check c = initCheck_json(check_str); - c.execute(new GUI()); + c.execute(new ArrayList()); assertFalse(c.getResult()); } @@ -103,7 +106,7 @@ void test_check_json_not_found() throws ParsingException { "}"; Check c = initCheck_json(check_str); - c.execute(new GUI()); + c.execute(new ArrayList()); assertFalse(c.getResult()); } @@ -117,7 +120,7 @@ void test_check_json_not_present() throws ParsingException { "}"; Check c = initCheck_json(check_str); - c.execute(new GUI()); + c.execute(new ArrayList()); assertTrue(c.getResult()); } @@ -131,7 +134,7 @@ void test_check_json_not_present_wrong() throws ParsingException { "}"; Check c = initCheck_json(check_str); - c.execute(new GUI()); + c.execute(new ArrayList()); assertFalse(c.getResult()); } @@ -145,7 +148,7 @@ void test_check_json_is_inside_list() throws ParsingException { "}"; Check c = initCheck_json(check_str); - c.execute(new GUI()); + c.execute(new ArrayList()); assertTrue(c.getResult()); } @@ -159,7 +162,7 @@ void test_check_json_set_result() throws ParsingException { "}"; Check c = initCheck_json(check_str); - c.execute(new GUI()); + c.execute(new ArrayList()); DecodeOperation dop = new DecodeOperation(); dop.setResult(c); @@ -177,11 +180,11 @@ void test_check_use_variable() throws ParsingException { " \"is\": \"variablename\"\n" + "}"; - GUI gui = new GUI(); - gui.act_test_vars.add(new Var("variablename", "abc", false)); + List vars = new ArrayList(); + vars.add(new Var("variablename", "abc", false)); Check c = initCheck_json(check_str); - c.execute(gui); + c.execute(vars); assertTrue(c.getResult()); } @@ -195,11 +198,11 @@ void test_check_use_variable_wrong() throws ParsingException { " \"is\": \"variablename\"\n" + "}"; - GUI gui = new GUI(); - gui.act_test_vars.add(new Var("variablename", "ac", false)); + List vars = new ArrayList(); + vars.add(new Var("variablename", "ac", false)); Check c = initCheck_json(check_str); - c.execute(gui); + c.execute(vars); assertFalse(c.getResult()); } }