Merge pull request iriusrisk#91 from nicolasiltis/fork-2.0

Update the proxy configuration and capabilities

Author: stephendv1

Diff for: build.gradle

@@ -115,8 +115,8 @@ dependencies {
     testCompile 'org.glassfish.jersey.media:jersey-media-moxy:2.25.1'
     testCompile 'junit:junit-dep:4.11'
     testCompile 'org.hamcrest:hamcrest-all:1.3'
-    testCompile ('org.seleniumhq.selenium:selenium-java:3.5.3') { exclude group: 'junit' }
-    testCompile 'org.seleniumhq.selenium:selenium-api:3.5.3'
+    testCompile ('org.seleniumhq.selenium:selenium-java:3.12.0') { exclude group: 'junit' }
+    testCompile 'org.seleniumhq.selenium:selenium-api:3.12.0'
     testCompile 'log4j:log4j:1.2.17'
     testCompile 'args4j:args4j:2.0.16'
     testCompile 'commons-configuration:commons-configuration:1.8'

Diff for: config.xml

@@ -39,6 +39,7 @@
     <upstreamProxy>
         <host></host>
         <port></port>
+        <noProxyHosts></noProxyHosts><!-- ie: localhost,127.0.0.1,192.168.10.2 -->
     </upstreamProxy>
 
     <incorrectPassword>SDFsdfwjx1</incorrectPassword>

Diff for: src/test/java/net/continuumsecurity/Config.java

@@ -36,6 +36,7 @@ public class Config {
     protected XMLConfiguration xml;
     private String proxyHost;
     private int proxyPort = 0;
+    private String noProxyHosts;
     private String proxyApi;
     private static Config config;
 
@@ -130,6 +131,12 @@ private String validateAndGetString(String value) {
         if (ret == null) throw new RuntimeException(value+" not defined in config.xml");
         return ret;
     }
+    
+    private String[] validateAndGetStringArray(String value) {
+        String[] ret = getXml().getStringArray(value);
+        if (ret == null) throw new RuntimeException(value+" not defined in config.xml");
+        return ret;
+    }
 
     public String getSSLyzePath() { return validateAndGetString("sslyze.path"); }
     public String getSSLyzeOption() { return validateAndGetString("sslyze.option"); }
@@ -193,6 +200,8 @@ public String getReportsDir() {
     public String getNessusUsername() { return validateAndGetString("nessus.username");}
 
     public String getNessusPassword() { return validateAndGetString("nessus.password");}
+    
+    public String getNoProxyHosts() { return String.join(",", validateAndGetStringArray("upstreamProxy.noProxyHosts"));}
 
     public String getUpstreamProxyHost() { return validateAndGetString("upstreamProxy.host"); }
 

Diff for: src/test/java/net/continuumsecurity/scanner/ZapManager.java

@@ -48,7 +48,7 @@ public int startZAP(String zapPath) throws Exception {
             params.add("-config"); params.add("api.key="+API_KEY);
             Config.getInstance().setProxyApi(API_KEY);
             String upstreamProxyHost = Config.getInstance().getUpstreamProxyHost();
-            if (upstreamProxyHost != null) {
+            if (upstreamProxyHost.isEmpty()) {
                 int upstreamProxyPort = Config.getInstance().getUpstreamProxyPort();
                 log.info("Setting upstream proxy for ZAP to: "+upstreamProxyHost+":"+upstreamProxyPort);
                 params.add("-config"); params.add("connection.proxyChain.hostName="+upstreamProxyHost);

Diff for: src/test/java/net/continuumsecurity/web/drivers/DriverFactory.java

@@ -27,7 +27,6 @@
 import org.openqa.selenium.firefox.FirefoxDriver;
 import org.openqa.selenium.firefox.FirefoxProfile;
 import org.openqa.selenium.firefox.internal.ProfilesIni;
-import org.openqa.selenium.htmlunit.HtmlUnitDriver;
 import org.openqa.selenium.remote.CapabilityType;
 import org.openqa.selenium.remote.DesiredCapabilities;
 
@@ -106,23 +105,11 @@ private WebDriver createDriver(String type) {
         else if (type.equalsIgnoreCase(HTMLUNIT)) return createHtmlUnitDriver(null);
         throw new RuntimeException("Unsupported WebDriver browser: "+type);
     }
-
-    private WebDriver createHtmlUnitDriver(DesiredCapabilities capabilities) {
-        if (capabilities != null) {
-            capabilities.setBrowserName("htmlunit");
-            return new HtmlUnitDriver(capabilities);
-        }
-        capabilities = new DesiredCapabilities();
-        capabilities.setBrowserName("htmlunit");
-        capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
-        return new HtmlUnitDriver(capabilities);
-    }
-
     private WebDriver createProxyDriver(String type) {
-        if (type.equalsIgnoreCase(CHROME)) return createChromeDriver(createProxyCapabilities());
-        else if (type.equalsIgnoreCase(FIREFOX)) return createFirefoxDriver(createProxyCapabilities());
-        else if (type.equalsIgnoreCase(HTMLUNIT)) return createHtmlUnitDriver(createProxyCapabilities());
-        throw new RuntimeException("Unsupported WebDriver browser: "+type);
+        if (type.equalsIgnoreCase(CHROME)) return createChromeDriver(createProxyCapabilities(type));
+        else if (type.equalsIgnoreCase(FIREFOX)) return createFirefoxDriver(createProxyCapabilities(type));
+	else if (type.equalsIgnoreCase(HTMLUNIT)) return createHtmlUnitDriver(createProxyCapabilities(type));
+	throw new RuntimeException("Unsupported WebDriver browser: "+type);
     }
 
     public WebDriver createChromeDriver(DesiredCapabilities capabilities) {
@@ -137,10 +124,18 @@ public WebDriver createChromeDriver(DesiredCapabilities capabilities) {
 
     }
 
-    public WebDriver createFirefoxDriver(DesiredCapabilities capabilities) {
-        if (capabilities != null) {
-            return new FirefoxDriver(capabilities);
+    private WebDriver createHtmlUnitDriver(DesiredCapabilities capabilities) {
+	if (capabilities != null) {
+            capabilities.setBrowserName("htmlunit");
+            return new HtmlUnitDriver(capabilities);
         }
+        capabilities = new DesiredCapabilities();
+        capabilities.setBrowserName("htmlunit");
+        capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
+        return new HtmlUnitDriver(capabilities);
+    }
+
+    public WebDriver createFirefoxDriver(DesiredCapabilities capabilities) {
 
         ProfilesIni allProfiles = new ProfilesIni();
         FirefoxProfile myProfile = allProfiles.getProfile("WebDriver");
@@ -154,15 +149,31 @@ public WebDriver createFirefoxDriver(DesiredCapabilities capabilities) {
         myProfile.setAcceptUntrustedCertificates(true);
         myProfile.setAssumeUntrustedCertificateIssuer(true);
         myProfile.setPreference("webdriver.load.strategy", "unstable");
+	    String noProxyHosts = Config.getInstance().getNoProxyHosts();
+	    if (! noProxyHosts.isEmpty()) {
+	        myProfile.setPreference("network.proxy.no_proxies_on", noProxyHosts);
+	    }
         if (capabilities == null) {
             capabilities = new DesiredCapabilities();
         }
         capabilities.setCapability(FirefoxDriver.PROFILE, myProfile);
         return new FirefoxDriver(capabilities);
     }
 
-    public DesiredCapabilities createProxyCapabilities() {
-        DesiredCapabilities capabilities = DesiredCapabilities.chrome();
+    public DesiredCapabilities createProxyCapabilities(String type) {
+        DesiredCapabilities capabilities = null;
+	switch (type) {
+	case CHROME:
+	    capabilities = DesiredCapabilities.chrome();
+	    break;
+	case FIREFOX:
+	    capabilities = DesiredCapabilities.firefox();
+	    break;
+	case HTMLUNIT:
+	    capabilities = DesiredCapabilities.htmlunit();
+	default:
+	    break;
+	}
         Proxy proxy = new Proxy();
         proxy.setHttpProxy(Config.getInstance().getProxyHost() + ":" + Config.getInstance().getProxyPort());
         proxy.setSslProxy(Config.getInstance().getProxyHost() + ":" + Config.getInstance().getProxyPort());

Diff for: zap/db/zapdb.script

@@ -22,7 +22,7 @@ SET DATABASE TRANSACTION ROLLBACK ON CONFLICT TRUE
 SET DATABASE TEXT TABLE DEFAULTS ''
 SET FILES WRITE DELAY 20 MILLIS
 SET FILES BACKUP INCREMENT TRUE
-SET FILES CACHE SIZE 10000
+SET FILES CACHE SIZE 200000
 SET FILES CACHE ROWS 50000
 SET FILES SCALE 64
 SET FILES LOB SCALE 32