Comments (7)
I see that does seem to be a problem. I will be looking into it right away but I could use some clarification. When you say " I couldn't get it to action the menu item" is that the import endpoints menu button in the tools tab? Did you try and open the options dialog and change the source code location? If so did opening the options dialog also cause the Null Pointer Exception?
from attack-surface-detector-zap.
The menu item worked once (displayed the options dialog), I clicked ok and nothing happened. Then wouldn't display the options dialog again until I removed the file. When I checked the log on subsequent clicks of the menu item I saw the NPE.
Edit: @matthewD-AVI I'd be happy to submit or assist with the solution. I just didn't have time to dig into this before work when I was testing it. I looked at the code quickly and didn't see anything obvious. If it's a quick thing that you see because you're familiar with the code then cool. If not, then if you have a few tips I can try to look into it at lunch or this evening.
from attack-surface-detector-zap.
I will look into and of course you are free to as well. I just want to make sure that I fully understand what is happening. If I understand your issue correctly you are receiving a npe but the program is not crtashing correct? You should be seeing this dialog when trying to import from a .war
The properties file is designed to not be cleared so that the configurations can persist through versions and session. Also the options dialog is designed to not show when selecting "Import endpoints from Source" when all required options are given. these can be changed by manually opening the options dialog. through the status pane located here.
Opening the tab should have a button labeled options. which should show the following dialog.
As you can see I did all of this after configuring the plugin to import from a .war file and this was done after trying to import. Have you followed these steps? If you select the options button does the options dialog fail to show? if so can I see a screen shot of the options button and then what happens when the options dialog fails to load?
from attack-surface-detector-zap.
No the program doesn't crash. It just does nothing (on subsequent tries) and I see the NPE in the logs. The warning dialog you mentioned doesn't display.
I didn't even look for the other tab and functionality, I only got as far as the Tools menu item then hit these few issues and had to leave for work :(
I'll use it some more at lunch and see where I can get with it.
from attack-surface-detector-zap.
I see, I would like to see if you are able to open the options dialog, if so I don't see this much as a bug in fact this was the desired functionality so that the user does not have to configure every time they do another import. I will discuss having the dialog show from the tools menu, but I am not sure if it defeats the purpose of the options dialog. If you are able to reconfigure through the options dialog then this issue can most likely be resolved as commit #6916ef1 should resolve the NPE
from attack-surface-detector-zap.
The user has the option to open the options dialog through the status window for the Attack Surface Difference generator to reconfigure the attack properties. The properties will still persist through sessions. The NPE will no longer be thrown when the plugin is given an unsupported framework and only valid file formats are now selectable. This issue has been resolved 5d0e946
from attack-surface-detector-zap.
Thanks @matthewD-AVI I'll try it out sometime this week.
from attack-surface-detector-zap.
Related Issues (13)
- Submit to the ZAP Marketplace HOT 2
- NPE importing php app (or JSP content) HOT 11
- NullPointerException while importing WAR file HOT 5
- Version mismatch in add-on manifest HOT 3
- Update Installation wiki page to mention marketplace HOT 3
- attack-surface-detector-zap automation with python3 HOT 2
- Standardize Layout? HOT 2
- Usage via ZAP REST API? HOT 5
- ASD adds extra forward slash to URL HOT 1
- how to install into headless zap? HOT 4
- ZAP Spider Changes
- The description appears in HTML format. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from attack-surface-detector-zap.