1 /* 2 * Zed Attack Proxy (ZAP) and its related class files. 3 * 4 * ZAP is an HTTP/HTTPS proxy for assessing web application security. 5 * 6 * Copyright 2011 The ZAP Development Team 7 * 8 * Licensed under the Apache License, Version 2.0 (the "License"); 9 * you may not use this file except in compliance with the License. 10 * You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * See the License for the specific language governing permissions and 18 * limitations under the License. 19 */ 20 package org.zaproxy.zap.extension.api; 21 22 import java.math.BigInteger; 23 import java.security.SecureRandom; 24 import javax.swing.JOptionPane; 25 import org.parosproxy.paros.Constant; 26 import org.parosproxy.paros.extension.ExtensionAdaptor; 27 import org.parosproxy.paros.extension.ExtensionHook; 28 import org.parosproxy.paros.model.Model; 29 import org.zaproxy.zap.utils.DesktopUtils; 30 import org.zaproxy.zap.view.ZapMenuItem; 31 32 public class ExtensionAPI extends ExtensionAdaptor { 33 34 public static final String NAME = "ExtensionAPI"; 35 /** 36 * @deprecated (2.7.0) Use {@link API#getBaseURL(boolean)} instead. This URL might not be 37 * correct in all cases, for example, if the API is set 'Secure' (thus needing to use 38 * HTTPS). 39 */ 40 @Deprecated public static final String API_URL = "http://zap/"; 41 42 private OptionsApiPanel optionsApiPanel = null; 43 private ZapMenuItem menuAPI = null; 44 private CoreAPI coreApi = null; 45 ExtensionAPI()46 public ExtensionAPI() { 47 super(NAME); 48 this.setOrder(10); 49 } 50 51 @Override getUIName()52 public String getUIName() { 53 return Constant.messages.getString("api.name"); 54 } 55 56 @Override hook(ExtensionHook extensionHook)57 public void hook(ExtensionHook extensionHook) { 58 super.hook(extensionHook); 59 if (getView() != null) { 60 extensionHook.getHookView().addOptionPanel(getOptionsAPIPanel()); 61 extensionHook.getHookMenu().addToolsMenuItem(getMenuAPI()); 62 } 63 64 coreApi = new CoreAPI(extensionHook.getModel().getOptionsParam().getConnectionParam()); 65 66 extensionHook.addApiImplementor(coreApi); 67 extensionHook.addApiImplementor(new ContextAPI()); 68 } 69 getOptionsAPIPanel()70 private OptionsApiPanel getOptionsAPIPanel() { 71 if (optionsApiPanel == null) { 72 optionsApiPanel = new OptionsApiPanel(); 73 } 74 return optionsApiPanel; 75 } 76 generateApiKey()77 public static String generateApiKey() { 78 SecureRandom random = new SecureRandom(); 79 return new BigInteger(130, random).toString(32); 80 } 81 getMenuAPI()82 private ZapMenuItem getMenuAPI() { 83 if (menuAPI == null) { 84 menuAPI = new ZapMenuItem("api.menu.tools.url"); 85 menuAPI.setEnabled(DesktopUtils.canOpenUrlInBrowser()); 86 87 menuAPI.addActionListener( 88 new java.awt.event.ActionListener() { 89 90 @Override 91 public void actionPerformed(java.awt.event.ActionEvent e) { 92 if (!API.getInstance().isEnabled()) { 93 String title = 94 Constant.messages.getString( 95 "api.dialogue.browseApiNotEnabled.title"); 96 String message = 97 Constant.messages.getString( 98 "api.dialogue.browseApiNotEnabled.message"); 99 String confirmButtonLabel = 100 Constant.messages.getString( 101 "api.dialogue.browseApiNotEnabled.button.confirm.label"); 102 String cancelButtonLabel = 103 Constant.messages.getString( 104 "api.dialogue.browseApiNotEnabled.button.cancel.label"); 105 106 int option = 107 JOptionPane.showOptionDialog( 108 getView().getMainFrame(), 109 message, 110 title, 111 JOptionPane.YES_NO_OPTION, 112 JOptionPane.QUESTION_MESSAGE, 113 null, 114 new String[] { 115 confirmButtonLabel, cancelButtonLabel 116 }, 117 null); 118 119 if (option != JOptionPane.YES_OPTION) { 120 return; 121 } 122 Model.getSingleton() 123 .getOptionsParam() 124 .getApiParam() 125 .setEnabled(true); 126 } 127 128 DesktopUtils.openUrlInBrowser(API.getInstance().getBaseURL(false)); 129 } 130 }); 131 } 132 return menuAPI; 133 } 134 135 @Override getAuthor()136 public String getAuthor() { 137 return Constant.ZAP_TEAM; 138 } 139 140 @Override getDescription()141 public String getDescription() { 142 return Constant.messages.getString("api.desc"); 143 } 144 getCoreAPI()145 public CoreAPI getCoreAPI() { 146 return this.coreApi; 147 } 148 149 @Override supportsDb(String type)150 public boolean supportsDb(String type) { 151 return true; 152 } 153 154 @Override supportsLowMemory()155 public boolean supportsLowMemory() { 156 return true; 157 } 158 } 159