-
-
Notifications
You must be signed in to change notification settings - Fork 673
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
exim: Use har-reader #5250
base: main
Are you sure you want to change the base?
exim: Use har-reader #5250
Conversation
if ((name.equalsIgnoreCase(HttpFieldsNames.CACHE_CONTROL) | ||
|| name.equalsIgnoreCase(HttpFieldsNames.SET_COOKIE)) | ||
&& (value.contains("\n") || value.contains("\r"))) { | ||
i.setValue(i.getValue().replaceAll("[\r\n]", ", ")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should I just do this in all headers? I have no idea why the samples are like this, but these headers were where I encountered the issue 🤷♂️
* @see <a href="http://www.softwareishard.com/blog/har-12-spec/">HTTP Archive 1.2</a> | ||
* @see HttpMessage | ||
*/ | ||
public final class HarUtils { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is largely an updated version of what's in core. ~85% of the code is duplicated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this one going to replace the core class to export?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the long run I guess. It depends what we do with the "search" extension usage?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once we move that out of core it can use "this" one too, I'm asking to know if more code is needed for this one. We should add a comment that custom fields are not yet migrated to this class (or add them now? I assume the new lib supports them).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hadn't really handled any of the export related functionality. We might have to use jackson for that, the lib used here is very read centric.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Almost all code is for export functionality (starting in createZapHarLog()
and following methods). It looks like it has setAdditionalField
for custom fields. We would have to use Jackson (or rely on it anyway).
e6a80ec
to
87db368
Compare
87db368
to
729cc5c
Compare
Removed the inner classes, still need to tweak the HTTP Version handling. |
729cc5c
to
36aefe2
Compare
I've adjusted the version handling now. I believe this now has all the previously discussed changes. |
addOns/commonlib/src/main/java/org/zaproxy/addon/commonlib/ui/ProgressPaneListener.java
Outdated
Show resolved
Hide resolved
addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java
Outdated
Show resolved
Hide resolved
addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java
Outdated
Show resolved
Hide resolved
I'd do a final review later in the day. |
36aefe2
to
6364ea0
Compare
addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java
Outdated
Show resolved
Hide resolved
addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java
Outdated
Show resolved
Hide resolved
addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java
Outdated
Show resolved
Hide resolved
addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java
Outdated
Show resolved
Hide resolved
addOns/exim/src/main/java/org/zaproxy/addon/exim/har/MenuImportHar.java
Outdated
Show resolved
Hide resolved
List<HttpMessage> messages = | ||
HarImporter.getHttpMessages(new HarFileReader().readHarFile(file)); | ||
int count = 1; | ||
private HarLog preProcessHarLog(HarLog log) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be great to have tests that cover these preprocessing checks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I mentioned this in an email or the Friday notes at some point. I'd like to add all the HAR files we've collected along the way and use those for tests if there's no objection. None of them are terribly huge, and it's just text so it compresses well (for git operations etc).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should still have specific tests for these, as it's easier to see what input tests what.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do both?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with both.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better to verify the messages are imported with the expected content (that's the most important).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's fair, just gotta get the tests behaving well first.
6364ea0
to
ae150b5
Compare
I think I got all the comments, just need to add tests. Please lemme know if I've missed something. |
addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java
Outdated
Show resolved
Hide resolved
092c58a
to
bd49ab6
Compare
I started to add tests. There were a number of challenges. I'll add some comments to cover those. The tests will fail, they succeed individually but there seems to be some sort of concurrency or cleanup issue when run together. |
addOns/exim/src/test/java/org/zaproxy/addon/exim/har/HarImporterUnitTest.java
Outdated
Show resolved
Hide resolved
addOns/exim/src/test/java/org/zaproxy/addon/exim/har/HarImporterUnitTest.java
Outdated
Show resolved
Hide resolved
The logger should be set up for each test not all of them, also better to call |
67a8efc
to
98d875f
Compare
I was not clear with #5250 (comment) I meant that the logger should be initialised in a |
Okay I've updated a bunch of stuff. Things are a bit better. The log handling was ripped off from GraphQL tests. I had to put your reconfigure suggestion in each method because Using mockMessages didn't seem to fix the console barf, the key is there so I don't get the issue.... Can you think of another place we've done mocking to handle persisting messages? I think I recall talking about this for another PR but I can't figure out what it was. |
98d875f
to
3a3f8fb
Compare
The log reset should be done after each test. Let me look.
|
1961879
to
4279b38
Compare
Getting closer... 🤷♂️ |
4279b38
to
d3ef666
Compare
addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java
Outdated
Show resolved
Hide resolved
addOns/exim/src/test/java/org/zaproxy/addon/exim/har/HarImporterUnitTest.java
Outdated
Show resolved
Hide resolved
Change to |
addOns/exim/src/test/java/org/zaproxy/addon/exim/har/HarImporterUnitTest.java
Outdated
Show resolved
Hide resolved
d3ef666
to
3bc7339
Compare
Latest changes bring me back to getResourcePath claiming to be null when using getHtml Edit: Doing a gradle refresh to see if it helps/matters. |
Wow it actually did help....and on a Linux VM 😕 |
Hrm missing something in cleanup I guess. UrlImporter test now failing 😢 |
It's trying to send the requests :) |
addOns/exim/src/test/java/org/zaproxy/addon/exim/har/HarImporterUnitTest.java
Outdated
Show resolved
Hide resolved
200e078
to
236471e
Compare
236471e
to
b0f5862
Compare
As discussed via slack, instead of dropping h3 requests they could probably be treated as |
48f7c92
to
6151e4e
Compare
- CHANGELOG > Added change note. - build file > Updated/added dependencies. - HarImporter > Re-worked to use har-reader lib. - HarUtils > Extensively added to to facilitate use of the new lib. - MenuImportHar > Re-worked and simplified to take advantage of the new utils, importer, and lib. - HarImporterUnitTest > Tweaked to accommodate HarImporter changes. Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
6151e4e
to
5a12576
Compare
I still have more testing to add but it's coming together |
Overview
Related Issues
NA
Checklist
./gradlew spotlessApply
for code formatting