authhelper: SAST (SonarLint) Fixes

Signed-off-by: kingthorin <[email protected]>

Author: kingthorin

addOns/authhelper/CHANGELOG.md

@@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Tweaked the auth report summary keys.
 - Only check URLs and methods once for being good verification requests.
 - Added API support to the browser based auth method proxy.
+- Maintenance changes.
 
 ### Fixed
 - Correctly read the API parameters when setting up Browser Based Authentication.

addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthDiagnosticCollector.java

@@ -205,8 +205,8 @@ protected JSONObject sanitiseJson(JSONObject jsonObject) {
         JSONObject sanObj = new JSONObject();
         for (Object key : jsonObject.keySet()) {
             Object val = jsonObject.get(key);
-            if (val instanceof String) {
-                sanObj.put(key, getSanitizedToken((String) val));
+            if (val instanceof String valStr) {
+                sanObj.put(key, getSanitizedToken(valStr));
             } else {
                 sanObj.put(key, val);
             }
@@ -215,17 +215,17 @@ protected JSONObject sanitiseJson(JSONObject jsonObject) {
     }
 
     protected Object sanitiseJson(Object obj) {
-        if (obj instanceof JSONObject) {
-            return sanitiseJson((JSONObject) obj);
-        } else if (obj instanceof JSONArray) {
+        if (obj instanceof JSONObject jObj) {
+            return sanitiseJson(jObj);
+        } else if (obj instanceof JSONArray jArr) {
             JSONArray sanArr = new JSONArray();
-            Object[] oa = ((JSONArray) obj).toArray();
+            Object[] oa = jArr.toArray();
             for (int i = 0; i < oa.length; i++) {
                 sanArr.add(sanitiseJson(oa[i]));
             }
             return sanArr;
-        } else if (obj instanceof String) {
-            return getSanitizedToken((String) obj);
+        } else if (obj instanceof String objStr) {
+            return getSanitizedToken(objStr);
 
         } else {
             return obj;

addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthTestDialog.java

@@ -168,11 +168,10 @@ public AuthTestDialog(ExtensionAuthhelper ext, Frame owner) {
         JButton copyButton =
                 new JButton(Constant.messages.getString("authhelper.auth.test.dialog.button.copy"));
         copyButton.addActionListener(
-                l -> {
-                    Toolkit.getDefaultToolkit()
-                            .getSystemClipboard()
-                            .setContents(new StringSelection(diagnosticField.getText()), null);
-                });
+                l ->
+                        Toolkit.getDefaultToolkit()
+                                .getSystemClipboard()
+                                .setContents(new StringSelection(diagnosticField.getText()), null));
 
         buttonPanel.add(new JLabel(), LayoutHelper.getGBC(0, 0, 1, 0.3D));
         buttonPanel.add(copyButton, LayoutHelper.getGBC(1, 0, 1, 0.3D));
@@ -496,7 +495,7 @@ public JButton[] getExtraButtons() {
     @Override
     public void save() {
         resetResultsPanel();
-        Thread t = new Thread(() -> authenticate(), "ZAP-auth-tester");
+        Thread t = new Thread(this::authenticate, "ZAP-auth-tester");
         t.start();
         // Save the values for next time
         this.saveDetails();

addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java

@@ -469,7 +469,7 @@ private static boolean internalAuthenticateAsUser(
         boolean pwdAdded = false;
 
         Iterator<AuthenticationStep> it = steps.stream().sorted().iterator();
-        for (; it.hasNext(); ) {
+        while (it.hasNext()) {
             AuthenticationStep step = it.next();
             if (!step.isEnabled()) {
                 continue;
@@ -537,7 +537,7 @@ private static boolean internalAuthenticateAsUser(
                 sendReturn(diags, wd, pwdField);
             }
 
-            for (; it.hasNext(); ) {
+            while (it.hasNext()) {
                 AuthenticationStep step = it.next();
                 if (!step.isEnabled()) {
                     continue;
@@ -555,18 +555,15 @@ private static boolean internalAuthenticateAsUser(
             incStatsCounter(loginPageUrl, AUTH_BROWSER_PASSED_STATS);
             AuthUtils.sleep(TimeUnit.SECONDS.toMillis(waitInSecs));
 
-            if (context != null) {
-                if (context.getAuthenticationMethod().getPollUrl() == null) {
-                    // We failed to identify a suitable URL for polling.
-                    // This can happen for more traditional apps - refresh the current one in case
-                    // its a good option.
-                    wd.get(wd.getCurrentUrl());
-                    AuthUtils.sleep(TimeUnit.SECONDS.toMillis(1));
-                    diags.recordStep(
-                            wd,
-                            Constant.messages.getString(
-                                    "authhelper.auth.method.diags.steps.refresh"));
-                }
+            if (context != null && context.getAuthenticationMethod().getPollUrl() == null) {
+                // We failed to identify a suitable URL for polling.
+                // This can happen for more traditional apps - refresh the current one in case
+                // its a good option.
+                wd.get(wd.getCurrentUrl());
+                AuthUtils.sleep(TimeUnit.SECONDS.toMillis(1));
+                diags.recordStep(
+                        wd,
+                        Constant.messages.getString("authhelper.auth.method.diags.steps.refresh"));
             }
             return true;
         }
@@ -755,7 +752,7 @@ public static Map<String, SessionToken> getResponseSessionTokens(HttpMessage msg
             } catch (JSONException e) {
                 LOGGER.debug(
                         "Unable to parse authentication response body from {} as JSON: {} ",
-                        msg.getRequestHeader().getURI().toString(),
+                        msg.getRequestHeader().getURI(),
                         responseData,
                         e);
             }
@@ -784,7 +781,7 @@ public static List<Pair<String, String>> getHeaderTokens(
                     String hv =
                             header.getValue()
                                     .replace(token.getValue(), "{%" + token.getToken() + "%}");
-                    list.add(new Pair<String, String>(header.getName(), hv));
+                    list.add(new Pair<>(header.getName(), hv));
                 }
             }
         }
@@ -817,7 +814,7 @@ protected static Map<String, SessionToken> getAllTokens(
             } catch (JSONException e) {
                 LOGGER.debug(
                         "Unable to parse authentication response body from {} as JSON: {}",
-                        msg.getRequestHeader().getURI().toString(),
+                        msg.getRequestHeader().getURI(),
                         responseData);
             }
         }
@@ -949,15 +946,15 @@ public static void extractJsonTokens(
 
     private static void extractJsonTokens(
             Object obj, String parent, Map<String, SessionToken> tokens) {
-        if (obj instanceof JSONObject) {
-            extractJsonTokens((JSONObject) obj, parent, tokens);
-        } else if (obj instanceof JSONArray) {
-            Object[] oa = ((JSONArray) obj).toArray();
+        if (obj instanceof JSONObject jsonObj) {
+            extractJsonTokens(jsonObj, parent, tokens);
+        } else if (obj instanceof JSONArray jsonArr) {
+            Object[] oa = (jsonArr.toArray());
             for (int i = 0; i < oa.length; i++) {
                 extractJsonTokens(oa[i], parent + "[" + i + "]", tokens);
             }
-        } else if (obj instanceof String) {
-            addToMap(tokens, new SessionToken(SessionToken.JSON_SOURCE, parent, (String) obj));
+        } else if (obj instanceof String str) {
+            addToMap(tokens, new SessionToken(SessionToken.JSON_SOURCE, parent, str));
         }
     }
 

addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthenticationDetectionScanRule.java

@@ -249,23 +249,21 @@ private static HtmlParameter getMatchingParam(
     }
 
     void extractJsonStrings(JSON json, String parent, TreeSet<HtmlParameter> params) {
-        if (json instanceof JSONObject) {
-            JSONObject jsonObject = (JSONObject) json;
-            for (Object key : jsonObject.keySet()) {
-                Object obj = jsonObject.get(key);
-                if (obj instanceof JSONObject) {
-                    extractJsonStrings(
-                            (JSONObject) obj, normalisedKey(parent, (String) key), params);
-                } else if (obj instanceof String) {
+        if (json instanceof JSONObject jsonObj) {
+            for (Object key : jsonObj.keySet()) {
+                Object obj = jsonObj.get(key);
+                if (obj instanceof JSONObject jsonObj2) {
+                    extractJsonStrings(jsonObj2, normalisedKey(parent, (String) key), params);
+                } else if (obj instanceof String objStr) {
                     params.add(
                             new HtmlParameter(
                                     HtmlParameter.Type.form,
                                     normalisedKey(parent, (String) key),
-                                    (String) obj));
+                                    objStr));
                 }
             }
-        } else if (json instanceof JSONArray) {
-            Object[] oa = ((JSONArray) json).toArray();
+        } else if (json instanceof JSONArray jsonArr) {
+            Object[] oa = jsonArr.toArray();
             for (int i = 0; i < oa.length; i++) {
                 extractJsonStrings((JSONArray) json, parent + "[" + i + "]", params);
             }

addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthenticationRequestDetails.java

@@ -29,7 +29,7 @@ public class AuthenticationRequestDetails {
     public enum AuthDataType {
         FORM,
         JSON
-    };
+    }
 
     private final URI uri;
     private final HtmlParameter userParam;

addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AutoDetectAuthenticationMethodType.java

@@ -222,7 +222,7 @@ public AuthMethodApiResponseRepresentation(Map<String, T> values) {
         @Override
         public JSON toJSON() {
             JSONObject response = new JSONObject();
-            response.put(getName(), super.toJSON());
+            response.put(super.getName(), super.toJSON());
             return response;
         }
     }

addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AutoDetectSessionManagementMethodType.java

@@ -92,9 +92,10 @@ public SessionManagementMethod clone() {
 
         @Override
         public boolean equals(Object obj) {
-            if (obj == null) return false;
-            if (getClass() != obj.getClass()) return false;
-            return true;
+            if (obj == null) {
+                return false;
+            }
+            return getClass() == obj.getClass();
         }
 
         @Override

addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/BrowserBasedAuthenticationMethodType.java

@@ -160,10 +160,10 @@ public Object getCookieStore() {
             HttpSender temp = getHttpSender();
             Object obj = MethodUtils.invokeMethod(temp, true, "getContext");
 
-            if (obj instanceof HttpSenderContextApache) {
+            if (obj instanceof HttpSenderContextApache hsca) {
                 return FieldUtils.readField(
                         HttpSenderContextApache.class.getDeclaredField("localCookieStore"),
-                        (HttpSenderContextApache) obj,
+                        hsca,
                         true);
             }
         } catch (Exception e) {
@@ -792,43 +792,36 @@ public BrowserBasedAuthenticationMethodOptionsPanel(Context context) {
 
             // Add behaviour for Node Select dialog
             selectButton.addActionListener(
-                    new java.awt.event.ActionListener() {
-                        @Override
-                        public void actionPerformed(java.awt.event.ActionEvent e) {
-                            NodeSelectDialog nsd =
-                                    new NodeSelectDialog(View.getSingleton().getMainFrame());
-                            // Try to pre-select the node according to what has been inserted in the
-                            // fields
-                            SiteNode node = null;
-                            if (loginUrlField.getText().trim().length() > 0)
-                                try {
-                                    node =
-                                            Model.getSingleton()
-                                                    .getSession()
-                                                    .getSiteTree()
-                                                    .findNode(
-                                                            new URI(
-                                                                    loginUrlField.getText(),
-                                                                    false));
-                                } catch (Exception e2) {
-                                    // Ignore. It means we could not properly get a node for the
-                                    // existing
-                                    // value and does not have any harmful effects
-                                }
-
-                            // Show the dialog and wait for input
-                            node = nsd.showDialog(node);
-                            if (node != null && node.getHistoryReference() != null) {
-                                try {
-                                    LOGGER.debug(
-                                            "Selected Browser Based Auth Login URL via dialog: {}",
-                                            node.getHistoryReference().getURI());
-
-                                    loginUrlField.setText(
-                                            node.getHistoryReference().getURI().toString());
-                                } catch (Exception e1) {
-                                    LOGGER.error(e1.getMessage(), e1);
-                                }
+                    e -> {
+                        NodeSelectDialog nsd =
+                                new NodeSelectDialog(View.getSingleton().getMainFrame());
+                        // Try to pre-select the node according to what has been inserted in the
+                        // fields
+                        SiteNode node = null;
+                        if (!loginUrlField.getText().trim().isEmpty())
+                            try {
+                                node =
+                                        Model.getSingleton()
+                                                .getSession()
+                                                .getSiteTree()
+                                                .findNode(new URI(loginUrlField.getText(), false));
+                            } catch (Exception e2) {
+                                // Ignore. It means we could not properly get a node for the
+                                // existing value and does not have any harmful effects
+                            }
+
+                        // Show the dialog and wait for input
+                        node = nsd.showDialog(node);
+                        if (node != null && node.getHistoryReference() != null) {
+                            try {
+                                LOGGER.debug(
+                                        "Selected Browser Based Auth Login URL via dialog: {}",
+                                        node.getHistoryReference().getURI());
+
+                                loginUrlField.setText(
+                                        node.getHistoryReference().getURI().toString());
+                            } catch (Exception e1) {
+                                LOGGER.error(e1.getMessage(), e1);
                             }
                         }
                     });
@@ -924,7 +917,7 @@ public AuthMethodApiResponseRepresentation(Map<String, T> values) {
         @Override
         public JSON toJSON() {
             JSONObject response = new JSONObject();
-            response.put(getName(), super.toJSON());
+            response.put(super.getName(), super.toJSON());
             return response;
         }
     }

addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/HeaderBasedSessionManagementMethodType.java

@@ -199,8 +199,7 @@ public ApiResponse getApiResponseRepresentation() {
         @Override
         public void processMessageToMatchSession(HttpMessage message, WebSession session)
                 throws UnsupportedWebSessionException {
-            if (session instanceof HttpHeaderBasedSession) {
-                HttpHeaderBasedSession hbSession = (HttpHeaderBasedSession) session;
+            if (session instanceof HttpHeaderBasedSession hbSession) {
                 LOGGER.debug(
                         "processMessageToMatchSession {} # headers {} ",
                         message.getRequestHeader().getURI(),
@@ -211,9 +210,7 @@ public void processMessageToMatchSession(HttpMessage message, WebSession session
                 }
                 Context context = Model.getSingleton().getSession().getContext(contextId);
                 AuthenticationMethod am = context.getAuthenticationMethod();
-                if (am instanceof BrowserBasedAuthenticationMethod) {
-                    BrowserBasedAuthenticationMethod bbam = (BrowserBasedAuthenticationMethod) am;
-
+                if (am instanceof BrowserBasedAuthenticationMethod bbam) {
                     try {
                         Method method =
                                 LegacyUtils.class.getMethod(
@@ -258,9 +255,10 @@ public SessionManagementMethod clone() {
 
         @Override
         public boolean equals(Object obj) {
-            if (obj == null) return false;
-            if (getClass() != obj.getClass()) return false;
-            return true;
+            if (obj == null) {
+                return false;
+            }
+            return getClass() == obj.getClass();
         }
 
         @Override

addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/SessionDetectionScanRule.java

@@ -154,7 +154,7 @@ public void scanHttpResponseReceive(HttpMessage msg, int id, Source source) {
                 LOGGER.debug(
                         "Failed to find source of session management tokens in {}:",
                         msg.getRequestHeader().getURI());
-                requestTokens.forEach((st) -> LOGGER.debug("Missed token {}", st.getToken()));
+                requestTokens.forEach(st -> LOGGER.debug("Missed token {}", st.getToken()));
             }
         }
     }

addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/VerificationRequestDetails.java

@@ -66,14 +66,11 @@ public VerificationRequestDetails(HttpMessage msg, String token, Context context
                     break;
                 }
                 AuthenticationCredentials creds = user.getAuthenticationCredentials();
-                if (creds instanceof UsernamePasswordAuthenticationCredentials) {
-                    UsernamePasswordAuthenticationCredentials upCreds =
-                            (UsernamePasswordAuthenticationCredentials) creds;
-                    if (responseBody.contains(upCreds.getUsername())) {
-                        containsUserDetails = true;
-                        this.setEvidence(upCreds.getUsername());
-                        break;
-                    }
+                if (creds instanceof UsernamePasswordAuthenticationCredentials upCreds
+                        && responseBody.contains(upCreds.getUsername())) {
+                    containsUserDetails = true;
+                    this.setEvidence(upCreds.getUsername());
+                    break;
                 }
             }
         }