NPE when threadfix.properties not cleaned up about attack-surface-detector-zap HOT 7 CLOSED

I see that does seem to be a problem. I will be looking into it right away but I could use some clarification. When you say " I couldn't get it to action the menu item" is that the import endpoints menu button in the tools tab? Did you try and open the options dialog and change the source code location? If so did opening the options dialog also cause the Null Pointer Exception?

from attack-surface-detector-zap.

The menu item worked once (displayed the options dialog), I clicked ok and nothing happened. Then wouldn't display the options dialog again until I removed the file. When I checked the log on subsequent clicks of the menu item I saw the NPE.

Edit: @matthewD-AVI I'd be happy to submit or assist with the solution. I just didn't have time to dig into this before work when I was testing it. I looked at the code quickly and didn't see anything obvious. If it's a quick thing that you see because you're familiar with the code then cool. If not, then if you have a few tips I can try to look into it at lunch or this evening.

from attack-surface-detector-zap.

I will look into and of course you are free to as well. I just want to make sure that I fully understand what is happening. If I understand your issue correctly you are receiving a npe but the program is not crtashing correct? You should be seeing this dialog when trying to import from a .war

The properties file is designed to not be cleared so that the configurations can persist through versions and session. Also the options dialog is designed to not show when selecting "Import endpoints from Source" when all required options are given. these can be changed by manually opening the options dialog. through the status pane located here.

Opening the tab should have a button labeled options. which should show the following dialog.

As you can see I did all of this after configuring the plugin to import from a .war file and this was done after trying to import. Have you followed these steps? If you select the options button does the options dialog fail to show? if so can I see a screen shot of the options button and then what happens when the options dialog fails to load?

from attack-surface-detector-zap.

No the program doesn't crash. It just does nothing (on subsequent tries) and I see the NPE in the logs. The warning dialog you mentioned doesn't display.

I didn't even look for the other tab and functionality, I only got as far as the Tools menu item then hit these few issues and had to leave for work :(

I'll use it some more at lunch and see where I can get with it.

from attack-surface-detector-zap.

I see, I would like to see if you are able to open the options dialog, if so I don't see this much as a bug in fact this was the desired functionality so that the user does not have to configure every time they do another import. I will discuss having the dialog show from the tools menu, but I am not sure if it defeats the purpose of the options dialog. If you are able to reconfigure through the options dialog then this issue can most likely be resolved as commit #6916ef1 should resolve the NPE

from attack-surface-detector-zap.

The user has the option to open the options dialog through the status window for the Attack Surface Difference generator to reconfigure the attack properties. The properties will still persist through sessions. The NPE will no longer be thrown when the plugin is given an unsupported framework and only valid file formats are now selectable. This issue has been resolved 5d0e946

from attack-surface-detector-zap.

Thanks @matthewD-AVI I'll try it out sometime this week.

from attack-surface-detector-zap.