custompayloads: SAST Fixes (SonarLint) & Options panel help button

- AbstractColumnDialog > Use List interface vs ArrayList.
- Column > Reduce visibility.
- CustomPayloadColumns > Add private constructor to hide implicit one.
Remove ID column from Options Panel display.
- CustomPayloadMultipleOptionsTableModel > Use List interface vs
ArrayList for params.
- CustomPayloadsCategoryColumn > Make getExtension static.
- CustomPayloadsMultipleOptionsTablePanel > Create buttons only once.
Make showDialog static.
- EditableColumn > Reduce visibility.
- EditableSelectColumn > Reduce visibility, adjust method naming to
proper Java camelCase.
- CustomPayloadsApiUnitTest > Remove unused param API.RequestType.

- CHANGELOG > Already has a maint note, added a note about the Options
panel help button.
- CustomPayloadsOptionsPanel > Added overridden getHelpIndex method.

- Help files > Updated to include more detailed info about the
functionality.

Signed-off-by: kingthorin <[email protected]>

addOns/custompayloads/CHANGELOG.md

@@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 - Update minimum ZAP version to 2.15.0.
 - Maintenance changes.
+- Add help button to Options panel and add further detailed Help content.
 
 ## [0.13.0] - 2023-11-10
 ### Changed

addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/AbstractColumnDialog.java

@@ -21,7 +21,6 @@
 
 import java.awt.Dimension;
 import java.awt.Window;
-import java.util.ArrayList;
 import java.util.List;
 import org.zaproxy.zap.utils.DisplayUtils;
 import org.zaproxy.zap.view.StandardFieldsDialog;
@@ -95,7 +94,7 @@ private void createStringTextFieldForColumn(Column<T> column) {
     private void createStringComboFieldForColumn(Column<T> column) {
         EditableSelectColumn<T> selectColumn = (EditableSelectColumn<T>) column;
         String value = column.getTypedValue(model);
-        ArrayList<String> selectableValues = selectColumn.getTypedSelectableValues(model);
+        List<String> selectableValues = selectColumn.getTypedSelectableValues(model);
         this.addComboField(column.getNameKey(), selectableValues, value);
     }
 

addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/Column.java

@@ -19,11 +19,11 @@
  */
 package org.zaproxy.zap.extension.custompayloads;
 
-public abstract class Column<T> {
+abstract class Column<T> {
     Class<?> columnClass;
     String nameKey;
 
-    public Column(Class<?> columnClass, String nameKey) {
+    Column(Class<?> columnClass, String nameKey) {
         this.columnClass = columnClass;
         this.nameKey = nameKey;
     }

addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadCategoryColumn.java

@@ -61,7 +61,7 @@ public ArrayList<Object> getSelectableValues(CustomPayload payload) {
         return categoryObjects;
     }
 
-    private ExtensionCustomPayloads getExtension() {
+    private static ExtensionCustomPayloads getExtension() {
         return Control.getSingleton()
                 .getExtensionLoader()
                 .getExtension(ExtensionCustomPayloads.class);

addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadColumns.java

@@ -25,6 +25,10 @@
 
 public final class CustomPayloadColumns {
 
+    private CustomPayloadColumns() {
+        // Nothing to do
+    }
+
     public static List<Column<CustomPayload>> createColumns() {
         ArrayList<Column<CustomPayload>> columns = new ArrayList<>();
         columns.add(createEnabledColumn());
@@ -37,9 +41,8 @@ public static List<Column<CustomPayload>> createColumns() {
     public static List<Column<CustomPayload>> createColumnsForOptionsTable() {
         ArrayList<Column<CustomPayload>> columns = new ArrayList<>();
         columns.add(createEnabledColumn());
-        columns.add(createIdColumn());
-        columns.add(createCategoryColumn().AsReadonly());
-        columns.add(createPayloadColumn().AsReadonly());
+        columns.add(createCategoryColumn().asReadonly());
+        columns.add(createPayloadColumn().asReadonly());
         return columns;
     }
 

addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadMultipleOptionsTableModel.java

@@ -19,7 +19,6 @@
  */
 package org.zaproxy.zap.extension.custompayloads;
 
-import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
 
@@ -66,7 +65,7 @@ public void resetToDefaults() {
         }
     }
 
-    public void addToTable(ArrayList<CustomPayload> payloads) {
+    public void addToTable(List<CustomPayload> payloads) {
         for (CustomPayload payload : payloads) {
             payload.setId(nextPayloadId++);
             addModel(payload);

addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsMultipleOptionsTablePanel.java

@@ -86,76 +86,85 @@ public CustomPayloadsMultipleOptionsTablePanel(
     }
 
     private void addMissingDefaultsButton() {
-        addMissingDefaultsButton = new JButton(ADD_MISSING_DEFAULTS_BUTTON);
-        addMissingDefaultsButton.addActionListener(e -> tableModel.addMissingDefaultPayloads());
+        if (addMissingDefaultsButton == null) {
+            addMissingDefaultsButton = new JButton(ADD_MISSING_DEFAULTS_BUTTON);
+            addMissingDefaultsButton.addActionListener(e -> tableModel.addMissingDefaultPayloads());
+        }
         addButton(addMissingDefaultsButton);
     }
 
     private void addResetIdButton() {
-        resetButtonId = new JButton(RESET_ID_BUTTON);
-        resetButtonId.addActionListener(e -> tableModel.resetPayloadIds());
+        if (resetButtonId == null) {
+            resetButtonId = new JButton(RESET_ID_BUTTON);
+            resetButtonId.addActionListener(e -> tableModel.resetPayloadIds());
+        }
         addButton(resetButtonId);
     }
 
     private void addResetButton() {
-        resetButton = new JButton(RESET_BUTTON);
-        resetButton.addActionListener(e -> tableModel.resetToDefaults());
+        if (resetButton == null) {
+            resetButton = new JButton(RESET_BUTTON);
+            resetButton.addActionListener(e -> tableModel.resetToDefaults());
+        }
         addButton(resetButton);
     }
 
     private void addPayloadFileButton() {
-        fileButton = new JButton(ADD_MULTIPLE_PAYLOADS_BUTTON);
-        fileButton.addActionListener(
-                e -> {
-                    CustomPayload multiplePayloads = new CustomPayload(-1, true, "", "");
-                    CustomMultiplePayloadDialog dialog =
-                            new CustomMultiplePayloadDialog(
-                                    View.getSingleton().getOptionsDialog(null), multiplePayloads);
-                    dialog.pack();
-                    dialog.setVisible(true);
-                    File file = null;
-                    boolean preventDuplicates = false;
-                    if (dialog.isSaved()) {
-                        file = dialog.getFile();
-                        preventDuplicates = dialog.isPreventDuplicates();
-                    }
-                    if (file == null) {
-                        return;
-                    }
-                    try (BufferedReader txtReader = Files.newBufferedReader(file.toPath())) {
-                        String line;
-                        ArrayList<CustomPayload> payloads = new ArrayList<>();
-                        Set<String> existingPayloads = new HashSet<>();
-                        if (preventDuplicates) {
-                            tableModel.getPayloadsOfACategory(
-                                    existingPayloads, multiplePayloads.getCategory());
+        if (fileButton == null) {
+            fileButton = new JButton(ADD_MULTIPLE_PAYLOADS_BUTTON);
+            fileButton.addActionListener(
+                    e -> {
+                        CustomPayload multiplePayloads = new CustomPayload(-1, true, "", "");
+                        CustomMultiplePayloadDialog dialog =
+                                new CustomMultiplePayloadDialog(
+                                        View.getSingleton().getOptionsDialog(null),
+                                        multiplePayloads);
+                        dialog.pack();
+                        dialog.setVisible(true);
+                        File file = null;
+                        boolean preventDuplicates = false;
+                        if (dialog.isSaved()) {
+                            file = dialog.getFile();
+                            preventDuplicates = dialog.isPreventDuplicates();
                         }
-                        while ((line = txtReader.readLine()) != null) {
-                            CustomPayload newPayload =
-                                    new CustomPayload(multiplePayloads.getCategory(), "");
-                            newPayload.setPayload(line);
+                        if (file == null) {
+                            return;
+                        }
+                        try (BufferedReader txtReader = Files.newBufferedReader(file.toPath())) {
+                            String line;
+                            ArrayList<CustomPayload> payloads = new ArrayList<>();
+                            Set<String> existingPayloads = new HashSet<>();
                             if (preventDuplicates) {
-                                if (existingPayloads.add(newPayload.getPayload())) {
+                                tableModel.getPayloadsOfACategory(
+                                        existingPayloads, multiplePayloads.getCategory());
+                            }
+                            while ((line = txtReader.readLine()) != null) {
+                                CustomPayload newPayload =
+                                        new CustomPayload(multiplePayloads.getCategory(), "");
+                                newPayload.setPayload(line);
+                                if (preventDuplicates) {
+                                    if (existingPayloads.add(newPayload.getPayload())) {
+                                        payloads.add(newPayload);
+                                    }
+                                } else {
                                     payloads.add(newPayload);
                                 }
-                            } else {
-                                payloads.add(newPayload);
                             }
+                            tableModel.addToTable(payloads);
+
+                        } catch (IOException ex) {
+                            LOGGER.warn(ex.getMessage(), ex);
+                            JOptionPane.showMessageDialog(
+                                    this,
+                                    Constant.messages.getString(
+                                            "custompayloads.options.dialog.addMultiplePayload.error.text",
+                                            ex.getMessage()),
+                                    Constant.messages.getString(
+                                            "custompayloads.options.dialog.addMultiplePayload.error.title"),
+                                    JOptionPane.INFORMATION_MESSAGE);
                         }
-                        tableModel.addToTable(payloads);
-
-                    } catch (IOException ex) {
-                        LOGGER.warn(ex.getMessage(), ex);
-                        JOptionPane.showMessageDialog(
-                                this,
-                                Constant.messages.getString(
-                                        "custompayloads.options.dialog.addMultiplePayload.error.text",
-                                        ex.getMessage()),
-                                Constant.messages.getString(
-                                        "custompayloads.options.dialog.addMultiplePayload.error.title"),
-                                JOptionPane.INFORMATION_MESSAGE);
-                    }
-                });
+                    });
+        }
         addButton(fileButton);
     }
 
@@ -169,7 +178,7 @@ public CustomPayload showAddDialogue() {
         return null;
     }
 
-    private boolean showDialog(CustomPayload payload) {
+    private static boolean showDialog(CustomPayload payload) {
         CustomPayloadDialog dialog =
                 new CustomPayloadDialog(
                         View.getSingleton().getOptionsDialog(null),

addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsOptionsPanel.java

@@ -70,4 +70,9 @@ public void saveParam(Object obj) throws Exception {
         param.setNextPayloadId(tableModel.getNextPayloadId());
         param.setConfirmRemoveToken(tablePanel.isRemoveWithoutConfirmation());
     }
+
+    @Override
+    public String getHelpIndex() {
+        return "custompayloads.options";
+    }
 }

addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/EditableColumn.java

@@ -19,9 +19,9 @@
  */
 package org.zaproxy.zap.extension.custompayloads;
 
-public abstract class EditableColumn<T> extends Column<T> {
+abstract class EditableColumn<T> extends Column<T> {
 
-    public EditableColumn(Class<?> columnClass, String name) {
+    EditableColumn(Class<?> columnClass, String name) {
         super(columnClass, name);
     }
 
@@ -32,7 +32,7 @@ public boolean isEditable(T model) {
 
     public abstract void setValue(T model, Object value);
 
-    public Column<T> AsReadonly() {
+    public Column<T> asReadonly() {
         return new Column<T>(this.columnClass, this.nameKey) {
 
             @Override

addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/EditableSelectColumn.java

@@ -20,19 +20,20 @@
 package org.zaproxy.zap.extension.custompayloads;
 
 import java.util.ArrayList;
+import java.util.List;
 
-public abstract class EditableSelectColumn<T> extends EditableColumn<T> {
+abstract class EditableSelectColumn<T> extends EditableColumn<T> {
 
-    public EditableSelectColumn(Class<?> columnClass, String name) {
+    EditableSelectColumn(Class<?> columnClass, String name) {
         super(columnClass, name);
     }
 
-    public abstract ArrayList<Object> getSelectableValues(T model);
+    public abstract List<Object> getSelectableValues(T model);
 
-    public <V> ArrayList<V> getTypedSelectableValues(T model) {
-        ArrayList<Object> values = getSelectableValues(model);
+    public <V> List<V> getTypedSelectableValues(T model) {
+        List<Object> values = getSelectableValues(model);
 
-        ArrayList<V> typedValues = new ArrayList<>();
+        List<V> typedValues = new ArrayList<>();
         for (Object value : values) {
             V typedValue = getTypedObject(value);
             typedValues.add(typedValue);

addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/contents/custompayloads.html

@@ -8,7 +8,7 @@
 <BODY>
 <H1>Custom Payloads</H1>
 
-This addon adds an Options panel from which users are able to add, update, remove payloads of their creation/choosing for use by active or passive scan rules 
+This addon adds an <a href="options.html">Options</a> panel from which users are able to add, update, remove payloads of their creation/choosing for use by active or passive scan rules 
 which support custom payloads (accessible via the Tools menu Options menu item).
 <p>
 The option panel interface also facilitates addition of multiple payloads from a file.

addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/contents/options.html

@@ -0,0 +1,48 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<HTML>
+<HEAD>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
+<TITLE>Options Custom Payloads screen</TITLE>
+</HEAD>
+<BODY>
+<H1>Options Custom Payloads screen</H1>
+<p>
+<strong>Note</strong>: Payload categories which are not listen in the table may be available via the Add button as not all rules which support
+custom payloads have default payloads.
+<p>
+This screen/table allows you to configure <a href="custompayloads.html">Custom Payload</a> options:
+
+<H2>Custom Payloads Table</H2>
+
+<H3>Enabled</H3>
+A checkbox indicating whether or not the particular custom payload is to be used or not.
+
+<H3>Category</H3>
+Indicates the category and by association the scan rule for which the cusotm payload value should be used.
+(The categories should be fairly obviously relatable to a scan rule, and are also mentioned in the help entry for the scan rules.)
+
+<h3>Payload</H3>
+Yhe value of the specific custom payload.
+
+<H2>Custom Payloads Buttons</H2>
+
+<H3>Add</H3>
+Allows users to add a custom payload, setting the enable state, category, and payload value.
+
+<H3>Modify/Remove</H3>
+Either modify or remove the custom payload defined by the selected row.
+
+<H3>Enable All/Desable All</h3>
+Sets the enable state of all custom payloads as applicable.
+
+<H3>Add Missing Defaults</H3>
+Facilitates restoration of one or more missing default custom payloads if they've been previously removed.
+
+<H3>Reset to Defaults</H3>
+Removes all payloads and restores just the defaults. (<strong>Note</strong>: User added payloads will be lost.)
+
+<H3>Add Multiple Payloads</H3>
+Allows the user to import a text file of payloads (one payload per line) for the selected category.
+
+</BODY>
+</HTML>

addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/index.xml

@@ -7,4 +7,5 @@
     <!-- index entries are merged (sorted) into core index -->
     <indexitem text="custompayloads" target="custompayloads" />
     <indexitem text="Custom Payloads API" target="custompayloads.api" />
+    <indexitem text="Custom Payloads Options" target="custompayloads.options" />
 </index>

addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/map.jhm

@@ -6,4 +6,5 @@
 <map version="1.0">
     <mapID target="custompayloads" url="contents/custompayloads.html" />
     <mapID target="custompayloads.api" url="contents/api.html" />
+    <mapID target="custompayloads.options" url="contents/options.html" />
 </map>

addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/toc.xml

@@ -8,6 +8,7 @@
 		<tocitem text="Add Ons" tocid="addons">
 			<tocitem text="Custom Payloads" target="custompayloads">
 				<tocitem text="API" target="custompayloads.api" />
+				<tocitem text="Options" target="custompayloads.options" />
 			</tocitem>
 		</tocitem>
 	</tocitem>