[pull] main from zaproxy:main

zap/src/main/java/org/parosproxy/paros/db/Database.java

@@ -130,7 +130,11 @@ default void setDatabaseOptions(DatabaseParam options) {}
     // ZAP: Added method.
     void setTableSessionUrl(TableSessionUrl tableSessionUrl);
 
-    // ZAP: Added method.
+    /**
+     * @deprecated (2.18.0) Use the Params add-on.
+     */
+    @SuppressWarnings("removal")
+    @Deprecated(since = "2.18.0", forRemoval = true)
     TableParam getTableParam();
 
     TableContext getTableContext();

zap/src/main/java/org/parosproxy/paros/db/RecordParam.java

@@ -19,6 +19,11 @@
  */
 package org.parosproxy.paros.db;
 
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings("removal")
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class RecordParam {
 
     private long paramId;

zap/src/main/java/org/parosproxy/paros/db/TableParam.java

@@ -24,9 +24,12 @@
  * implements this interface has been moved to the 'paros' sub package and prefixed with 'Paros'
  *
  * @author psiinon
+ * @deprecated (2.18.0) Use the Params add-on.
  */
 import java.util.List;
 
+@SuppressWarnings("removal")
+@Deprecated(since = "2.18.0", forRemoval = true)
 public interface TableParam extends DatabaseListener {
 
     RecordParam read(long urlId) throws DatabaseException;

zap/src/main/java/org/parosproxy/paros/db/paros/ParosDatabase.java

@@ -82,8 +82,10 @@ public class ParosDatabase extends AbstractDatabase {
     private TableTag tableTag = null;
     // ZAP: Added TableSessionUrl.
     private TableSessionUrl tableSessionUrl = null;
-    // ZAP: Added TableParam.
-    private TableParam tableParam = null;
+
+    @SuppressWarnings("removal")
+    private TableParam tableParam;
+
     private TableContext tableContext = null;
     private TableStructure tableStructure = null;
 
@@ -107,8 +109,6 @@ public ParosDatabase() {
         tableTag = new ParosTableTag();
         // ZAP: Added statement.
         tableSessionUrl = new ParosTableSessionUrl();
-        // ZAP: Added statement.
-        tableParam = new ParosTableParam();
         tableContext = new ParosTableContext();
         tableStructure = new ParosTableStructure();
 
@@ -119,7 +119,6 @@ public ParosDatabase() {
         internalDatabaseListeners.add(tableScan);
         internalDatabaseListeners.add(tableTag);
         internalDatabaseListeners.add(tableSessionUrl);
-        internalDatabaseListeners.add(tableParam);
         internalDatabaseListeners.add(tableContext);
         internalDatabaseListeners.add(tableStructure);
     }
@@ -268,9 +267,16 @@ public void setTableSessionUrl(TableSessionUrl tableSessionUrl) {
         this.tableSessionUrl = tableSessionUrl;
     }
 
-    // ZAP: Added method.
+    /**
+     * @deprecated (2.18.0) Use the Params add-on.
+     */
+    @SuppressWarnings("removal")
+    @Deprecated(since = "2.18.0", forRemoval = true)
     @Override
     public TableParam getTableParam() {
+        if (tableParam == null) {
+            tableParam = new ParosTableParam();
+        }
         return tableParam;
     }
 

zap/src/main/java/org/parosproxy/paros/db/paros/ParosTableParam.java

@@ -31,6 +31,11 @@
 import org.parosproxy.paros.db.RecordParam;
 import org.parosproxy.paros.db.TableParam;
 
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings("removal")
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class ParosTableParam extends ParosAbstractTable implements TableParam {
 
     private static final String TABLE_NAME = "PARAM";

zap/src/main/java/org/zaproxy/zap/control/CoreFunctionality.java

@@ -112,7 +112,6 @@ private static synchronized void createExtensions() {
                             .ExtensionHttpPanelSyntaxHighlightTextView());
             extensions.add(new org.zaproxy.zap.extension.httpsessions.ExtensionHttpSessions());
             extensions.add(new org.zaproxy.zap.extension.keyboard.ExtensionKeyboard());
-            extensions.add(new org.zaproxy.zap.extension.params.ExtensionParams());
             extensions.add(new org.zaproxy.zap.extension.pscan.ExtensionPassiveScan());
             extensions.add(new org.zaproxy.zap.extension.ruleconfig.ExtensionRuleConfig());
             extensions.add(new org.zaproxy.zap.extension.script.ExtensionScript());

zap/src/main/java/org/zaproxy/zap/db/sql/SqlDatabase.java

@@ -48,7 +48,10 @@ public class SqlDatabase extends AbstractDatabase {
     private TableScan tableScan = null;
     private TableTag tableTag = null;
     private TableSessionUrl tableSessionUrl = null;
-    private TableParam tableParam = null;
+
+    @SuppressWarnings("removal")
+    private TableParam tableParam;
+
     private TableContext tableContext = null;
     private TableStructure tableStructure = null;
 
@@ -66,7 +69,6 @@ public SqlDatabase() {
         tableAlertTag = new SqlTableAlertTag();
         tableContext = new SqlTableContext();
         tableHistory = new SqlTableHistory();
-        tableParam = new SqlTableParam();
         tableScan = new SqlTableScan();
         tableSession = new SqlTableSession();
         tableSessionUrl = new SqlTableSessionUrl();
@@ -81,7 +83,6 @@ public SqlDatabase() {
         internalDatabaseListeners.add(tableScan);
         internalDatabaseListeners.add(tableTag);
         internalDatabaseListeners.add(tableSessionUrl);
-        internalDatabaseListeners.add(tableParam);
         internalDatabaseListeners.add(tableContext);
         internalDatabaseListeners.add(tableStructure);
     }
@@ -227,8 +228,16 @@ public void setTableSessionUrl(TableSessionUrl tableSessionUrl) {
         this.tableSessionUrl = tableSessionUrl;
     }
 
+    /**
+     * @deprecated (2.18.0) Use the Params add-on.
+     */
+    @SuppressWarnings("removal")
+    @Deprecated(since = "2.18.0", forRemoval = true)
     @Override
     public TableParam getTableParam() {
+        if (tableParam == null) {
+            tableParam = new SqlTableParam();
+        }
         return tableParam;
     }
 

zap/src/main/java/org/zaproxy/zap/db/sql/SqlTableParam.java

@@ -29,6 +29,11 @@
 import org.parosproxy.paros.db.RecordParam;
 import org.parosproxy.paros.db.TableParam;
 
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings("removal")
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class SqlTableParam extends SqlAbstractTable implements TableParam {
 
     private static final String TABLE_NAME = DbSQL.getSQL("param.table_name");

zap/src/main/java/org/zaproxy/zap/extension/api/ApiGeneratorUtils.java

@@ -33,7 +33,6 @@
 import org.zaproxy.zap.extension.brk.BreakAPI;
 import org.zaproxy.zap.extension.forceduser.ForcedUserAPI;
 import org.zaproxy.zap.extension.httpsessions.HttpSessionsAPI;
-import org.zaproxy.zap.extension.params.ParamsAPI;
 import org.zaproxy.zap.extension.ruleconfig.RuleConfigAPI;
 import org.zaproxy.zap.extension.search.SearchAPI;
 import org.zaproxy.zap.extension.sessions.SessionManagementAPI;
@@ -74,8 +73,6 @@ public static List<ApiImplementor> getAllImplementors() {
         api = new CoreAPI();
         imps.add(api);
 
-        imps.add(new ParamsAPI(null));
-
         api = new ActiveScanAPI(null);
         api.addApiOptions(new ScannerParam());
         imps.add(api);

zap/src/main/java/org/zaproxy/zap/extension/params/ExtensionParams.java

@@ -61,6 +61,11 @@
 import org.zaproxy.zap.view.SiteMapListener;
 import org.zaproxy.zap.view.SiteMapTreeCellRenderer;
 
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings("removal")
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class ExtensionParams extends ExtensionAdaptor
         implements SessionChangedListener, /*ProxyListener, */ SiteMapListener {
 

zap/src/main/java/org/zaproxy/zap/extension/params/HtmlParameterStats.java

@@ -24,6 +24,11 @@
 import java.util.Set;
 import org.parosproxy.paros.network.HtmlParameter;
 
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings("removal")
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class HtmlParameterStats implements Comparable<HtmlParameterStats> {
     private long id = -1;
     private String site;

zap/src/main/java/org/zaproxy/zap/extension/params/ParamScanner.java

@@ -24,6 +24,11 @@
 import org.zaproxy.zap.extension.pscan.PassiveScanner;
 import org.zaproxy.zap.extension.pscan.PluginPassiveScanner;
 
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings("removal")
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class ParamScanner implements PassiveScanner {
 
     private final ExtensionParams extParams;

zap/src/main/java/org/zaproxy/zap/extension/params/ParamsAPI.java

@@ -32,6 +32,11 @@
 import org.zaproxy.zap.extension.api.ApiView;
 import org.zaproxy.zap.utils.ApiUtils;
 
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings("removal")
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class ParamsAPI extends ApiImplementor {
 
     private static final String PREFIX = "params";

zap/src/main/java/org/zaproxy/zap/extension/params/ParamsPanel.java

@@ -42,7 +42,11 @@
 import org.zaproxy.zap.utils.TableExportButton;
 import org.zaproxy.zap.view.ScanPanel;
 
-@SuppressWarnings("serial")
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings({"removal", "serial"})
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class ParamsPanel extends AbstractPanel {
 
     private static final long serialVersionUID = 1L;

zap/src/main/java/org/zaproxy/zap/extension/params/ParamsTableModel.java

@@ -26,7 +26,11 @@
 import javax.swing.table.AbstractTableModel;
 import org.parosproxy.paros.Constant;
 
-@SuppressWarnings("serial")
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings({"removal", "serial"})
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class ParamsTableModel extends AbstractTableModel {
 
     private static final long serialVersionUID = 1L;

zap/src/main/java/org/zaproxy/zap/extension/params/PopupMenuAddAntiCSRF.java

@@ -24,7 +24,11 @@
 import org.parosproxy.paros.extension.ExtensionPopupMenuItem;
 import org.parosproxy.paros.network.HtmlParameter;
 
-@SuppressWarnings("serial")
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings({"removal", "serial"})
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class PopupMenuAddAntiCSRF extends ExtensionPopupMenuItem {
 
     private static final long serialVersionUID = 1L;

zap/src/main/java/org/zaproxy/zap/extension/params/PopupMenuAddSession.java

@@ -24,7 +24,11 @@
 import org.parosproxy.paros.extension.ExtensionPopupMenuItem;
 import org.parosproxy.paros.network.HtmlParameter;
 
-@SuppressWarnings("serial")
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings({"removal", "serial"})
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class PopupMenuAddSession extends ExtensionPopupMenuItem {
 
     private static final long serialVersionUID = 1L;

zap/src/main/java/org/zaproxy/zap/extension/params/PopupMenuParamSearch.java

@@ -23,7 +23,11 @@
 import org.parosproxy.paros.Constant;
 import org.parosproxy.paros.extension.ExtensionPopupMenuItem;
 
-@SuppressWarnings("serial")
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings({"removal", "serial"})
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class PopupMenuParamSearch extends ExtensionPopupMenuItem {
 
     private static final long serialVersionUID = 1L;

zap/src/main/java/org/zaproxy/zap/extension/params/PopupMenuRemoveAntiCSRF.java

@@ -24,7 +24,11 @@
 import org.parosproxy.paros.extension.ExtensionPopupMenuItem;
 import org.parosproxy.paros.network.HtmlParameter;
 
-@SuppressWarnings("serial")
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings({"removal", "serial"})
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class PopupMenuRemoveAntiCSRF extends ExtensionPopupMenuItem {
 
     private static final long serialVersionUID = 1L;

zap/src/main/java/org/zaproxy/zap/extension/params/PopupMenuRemoveSession.java

@@ -24,7 +24,11 @@
 import org.parosproxy.paros.extension.ExtensionPopupMenuItem;
 import org.parosproxy.paros.network.HtmlParameter;
 
-@SuppressWarnings("serial")
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings({"removal", "serial"})
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class PopupMenuRemoveSession extends ExtensionPopupMenuItem {
 
     private static final long serialVersionUID = 1L;

zap/src/main/java/org/zaproxy/zap/extension/params/SiteParameters.java

@@ -32,6 +32,11 @@
 import org.zaproxy.zap.extension.httpsessions.ExtensionHttpSessions;
 import org.zaproxy.zap.utils.ThreadUtils;
 
+/**
+ * @deprecated (2.18.0) Use the Params add-on.
+ */
+@SuppressWarnings("removal")
+@Deprecated(since = "2.18.0", forRemoval = true)
 public class SiteParameters {
     private ExtensionParams extension;
     private String site;

zap/src/main/resources/org/zaproxy/zap/resources/Messages.properties

@@ -152,7 +152,7 @@ all.button.unpin = Unpin Tab
 all.prompt.dontshow = Do not show this message again.
 
 anticsrf.desc = Handles anti cross site request forgery (CSRF) tokens
-anticsrf.genForm.popup = Generate Anti-CSRF Test FORM
+anticsrf.genForm.popup = Generate Anti-CSRF Test Form
 
 api.deprecated.option.endpoint = Option no longer in effective use.
 api.desc = Provides a rest based API for controlling and accessing ZAP
@@ -2129,7 +2129,7 @@ options.acsrf.dialog.token.remove.text = Are you sure you want to remove the sel
 options.acsrf.dialog.token.remove.title = Remove Anti-CSRF Token
 options.acsrf.dialog.token.warning.name.repeated.text = An anti-CSRF token with the given name already exists.
 options.acsrf.dialog.token.warning.name.repeated.title = Duplicated Anti-CSRF Token Name
-options.acsrf.label.tokens = <html><body><p>These tokens are treated as anti-CSRF tokens.</p><p>At the moment only FORM parameter tokens are supported</p><p>All token names are treated as being case-insensitive.</p><p>If you add or change any of the token names then you MUST revisit pages containing those tokens before they will be recognised</p> </body></html>
+options.acsrf.label.tokens = <html><body><p>These tokens are treated as anti-CSRF tokens.</p><p>At the moment only form parameter tokens are supported</p><p>All token names are treated as being case-insensitive.</p><p>If you add or change any of the token names then you MUST revisit pages containing those tokens before they will be recognised</p> </body></html>
 options.acsrf.table.header.enabled = Enabled
 options.acsrf.table.header.token = Token
 options.acsrf.title = Anti-CSRF Tokens
@@ -2389,7 +2389,7 @@ rules.common.sleep = The length of time in seconds used for timing attacks
 rules.cookie.ignorelist = A comma separated list of cookie names. Cookies included in this list will be ignored when scanning for cookie related issues.
 rules.csrf.ignore.attname = The name of an HTML attribute that can be used to indicate that a form does not need an anti-CSRF Token. If 'rules.csrf.ignore.attvalue' is specified then this must also match the attribute's value. If found any related alerts will be raised at INFO level. 
 rules.csrf.ignore.attvalue = The value of an HTML attribute named by 'rules.csrf.ignore.attname' that can be used to indicate that a form does not need an anti-CSRF Token. If found any related alerts will be raised at INFO level.
-rules.csrf.ignorelist = A comma separated list of identifiers. Any FORMs with a name or ID that matches one of these identifiers will be ignored when scanning for missing anti-CSRF tokens. Only use this feature to ignore FORMs that you know are safe, for example search forms.
+rules.csrf.ignorelist = A comma separated list of identifiers. Any forms with a name or ID that matches one of these identifiers will be ignored when scanning for missing anti-CSRF tokens. Only use this feature to ignore FORMs that you know are safe, for example search forms.
 rules.domains.trusted = A comma separated list of URL regex patterns. Any URLs that match the patterns will be considered trusted domains and the issues ignored.
 rules.domxss.browserid = The ID of the browser to be used by DOM XSS scan rule. The IDs supported are documented in the help of DOM XSS add-on.
 

zap/src/main/resources/org/zaproxy/zap/resources/zapdb.script

@@ -49,7 +49,6 @@ ALTER TABLE PUBLIC.SCAN ALTER COLUMN SCANID RESTART WITH 0
 CREATE CACHED TABLE PUBLIC.CONTEXT_DATA (DATAID BIGINT GENERATED BY DEFAULT AS IDENTITY (START WITH 1), CONTEXTID INTEGER NOT NULL, TYPE INTEGER NOT NULL, DATA VARCHAR(1048576) DEFAULT '')
 CREATE INDEX INDEX_CONTEXT_DATA_CONTEXTID ON PUBLIC.CONTEXT_DATA(CONTEXTID)
 CREATE INDEX INDEX_CONTEXT_DATA_TYPE ON PUBLIC.CONTEXT_DATA(TYPE)
-CREATE CACHED TABLE PUBLIC.PARAM (PARAMID BIGINT GENERATED BY DEFAULT AS IDENTITY (START WITH 1), SITE VARCHAR(32768) NOT NULL, TYPE VARCHAR(32768) NOT NULL, NAME VARCHAR(32768) NOT NULL, USED INTEGER NOT NULL, FLAGS VARCHAR(32768) NOT NULL, VALS VARCHAR(8388608) NOT NULL)
 CREATE CACHED TABLE PUBLIC.SESSION_URL (URLID BIGINT GENERATED BY DEFAULT AS IDENTITY (START WITH 1), TYPE INTEGER NOT NULL, URL VARCHAR(8192) DEFAULT '')
 CREATE INDEX INDEX_SESSION_URL_TYPE_AND_URL ON PUBLIC.SESSION_URL(TYPE,URL)
 CREATE CACHED TABLE PUBLIC.TAG (TAGID BIGINT GENERATED BY DEFAULT AS IDENTITY (START WITH 1), HISTORYID BIGINT NOT NULL, TAG VARCHAR(1024) DEFAULT '')

zap/src/main/weekly-add-ons.json

@@ -34,6 +34,7 @@
       ":addOns:onlineMenu",
       ":addOns:openapi",
       ":addOns:postman",
+      ":addOns:params",
       ":addOns:plugnhack",
       ":addOns:pscan",
       ":addOns:pscanrules",