second batch of reviews

Author: TmmmmmR

addOns/llm/src/main/java/org/zaproxy/addon/llm/ExtensionLlm.java

@@ -72,7 +72,6 @@ public void hook(ExtensionHook extensionHook) {
             extensionHook.getHookMenu().addImportMenuItem(getMenuLLM());
             extensionHook.getHookMenu().addPopupMenuItem(getCheckLlmMenu());
             extensionHook.addOptionsParamSet(getOptionsParam());
-            // change to a message
             getView().getOptionsDialog().addParamPanel(ROOT, getOptionsPanel(), true);
 
             extensionHook.addSessionListener(
@@ -114,10 +113,10 @@ private ZapMenuItem getMenuLLM() {
         if (menuLLM == null) {
             menuLLM =
                     new ZapMenuItem(
-                            "llm.topmenu.import.importSwagger",
+                            "llm.topmenu.import.importOpenAPI",
                             getView().getMenuShortcutKeyStroke(KeyEvent.VK_J, 0, false));
             menuLLM.setToolTipText(
-                    Constant.messages.getString("llm.topmenu.import.importSwagger.tooltip"));
+                    Constant.messages.getString("llm.topmenu.import.importOpenAPI.tooltip"));
             menuLLM.addActionListener(
                     e -> {
                         if (importDialog == null) {

addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmAssistant.java

@@ -27,23 +27,22 @@
 
 public interface LlmAssistant {
     @UserMessage(
-            "Given the following swagger generate list of chained HTTP request to simulate a real world user : {{swagger}} ")
+            "GGiven the following OpenAPI definition, generate a list of chained HTTP requests to simulate a real world user : {{swagger}} ")
     HttpRequestList extractHttpRequests(String swagger);
 
     @UserMessage(
             "As software architect, and based on your previous answer, generate other potential missing endpoints that are not mentioned in the swagger file. For example, if there is GET /product/1, suggest DELETE /product/1 if it's not mentioned")
     HttpRequestList complete();
 
     @SystemMessage(
-            "You are a web application security expert in review false positives. Answer only in JSON.")
+            "You are a web application security expert reviewing false positives. Answer only in JSON.")
     @UserMessage(
             "Your task is to review the following finding from ZAP (Zed Attack Proxy).\n"
                     + "The confidence level is a pull down field which allows you to specify how confident you are in the validity of the finding : \n"
                     + "- 0 if it's False Positive\n"
                     + "- 1 if it's Low\n"
                     + "- 2 if it's Medium\n"
                     + "- 3 if it's High\n"
-                    + "- 4 if it's Confirmed\n"
                     + "\n"
                     + "The alert is described as follows : {{description}}\n"
                     + "\n"

addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java

@@ -52,8 +52,8 @@ public class LlmCommunicationService {
     private LlmOptionsParam llmOptionsParam;
 
     private static final Logger LOGGER = LogManager.getLogger(LlmCommunicationService.class);
-    private static final String AI_REVIEWED_TAG_KEY = "AI-Reviewed";
-    private static final String AI_REVIEWED_TAG_VALUE = "1";
+    private static final String AI_REVIEWD_TAG_KEY = "AI-Reviewed";
+    private static final String AI_REVIEWD_TAG_VALUE = "1";
 
     public String endpoint;
     private String apiKey;
@@ -90,13 +90,14 @@ public LlmCommunicationService(String modelName, String apiKey, String endpoint)
 
     private Integer importHttpCalls(String swaggercontent) throws IOException {
         HttpRequestList listHttpRequest = llmAssistant.extractHttpRequests(swaggercontent);
-        if (listHttpRequest == null)
+        if (listHttpRequest == null) {
             throw new RuntimeException("An issue occurred hy trying to get response from LLM");
+        }
         requestor.run(listHttpRequest);
         return listHttpRequest.getRequests().size();
     }
 
-    public Integer importSwaggerFromUrl(String urlString) {
+    public Integer importOpenapiFromUrl(String urlString) {
         Integer endpointCount = 0;
         try {
             URL url = new URL(urlString);
@@ -114,24 +115,24 @@ public Integer importSwaggerFromUrl(String urlString) {
                     new BufferedReader(new InputStreamReader((connection.getInputStream())));
             String openApiDefinition = br.lines().collect(Collectors.joining());
 
-            // Use the existing importSwagger method
+            // Use the existing importOpenapi method
             endpointCount = importHttpCalls(openApiDefinition);
 
             connection.disconnect();
         } catch (Exception e) {
-            e.printStackTrace();
+            LOGGER.error(e.getMessage());
         }
         return endpointCount;
     }
 
-    public Integer importSwaggerFromFile(String filePath) {
+    public Integer importOpenapiFromFile(String filePath) {
         Integer endpointCount = 0;
 
         try {
             // Read the file content into a String
             String openApiDefinition = new String(Files.readAllBytes(Paths.get(filePath)));
 
-            // Use the existing importSwagger method
+            // Use the existing importOpenapi method
             endpointCount = importHttpCalls(openApiDefinition);
 
         } catch (Exception e) {
@@ -145,7 +146,7 @@ public void reviewAlert(Alert alert) {
         Alert updatedAlert = alert;
         Alert originalAlert = updatedAlert.newInstance();
 
-        if (!alert.getTags().containsKey(AI_REVIEWED_TAG_KEY)) {
+        if (!alert.getTags().containsKey(AI_REVIEWD_TAG_KEY)) {
             Confidence conf_llm;
             LOGGER.debug("Reviewing alert :" + alert.getName());
             LOGGER.debug("Confidence level from ZAP : " + alert.getConfidence());
@@ -160,7 +161,7 @@ public void reviewAlert(Alert alert) {
                     "LLM Explanation : " + conf_llm.getExplanation() + "\n" + alert.getOtherInfo());
             Map<String, String> alertTags = alert.getTags();
 
-            alertTags.putIfAbsent(AI_REVIEWED_TAG_KEY, AI_REVIEWED_TAG_VALUE);
+            alertTags.putIfAbsent(AI_REVIEWD_TAG_KEY, AI_REVIEWD_TAG_VALUE);
             updatedAlert.setTags(alertTags);
 
             try {

addOns/llm/src/main/java/org/zaproxy/addon/llm/ui/ImportDialog.java

@@ -60,11 +60,12 @@ public class ImportDialog extends AbstractDialog {
     private static final long serialVersionUID = -7074394202143400215L;
 
     private final ExtensionLlm extLlm;
-    private JTextField fieldSwagger;
+    private JTextField fieldOpenapi;
     private JButton buttonChooseFile;
     private JButton buttonCancel;
     private JButton buttonImport;
     private JProgressBar progressBar;
+    private LlmOptionsParam llmOptionsParam;
 
     public ImportDialog(JFrame parent, final ExtensionLlm extLlm) {
         super(parent, true);
@@ -79,12 +80,12 @@ public ImportDialog(JFrame parent, final ExtensionLlm extLlm) {
         var labelWsdl =
                 new ZapHtmlLabel(
                         "<html>"
-                                + Constant.messages.getString("llm.importDialog.labelSwagger")
+                                + Constant.messages.getString("llm.importDialog.labelOpenAPI")
                                 + "<font color=red>*</font></html>");
         fieldsPanel.add(
                 labelWsdl, LayoutHelper.getGBC(0, fieldsRow, 1, 0.5, new Insets(0, 0, 4, 4)));
         fieldsPanel.add(
-                getSwaggerField(),
+                getOpenapiField(),
                 LayoutHelper.getGBC(1, fieldsRow, 1, 0.5, new Insets(0, 4, 4, 4)));
         fieldsPanel.add(
                 getChooseFileButton(),
@@ -111,11 +112,11 @@ public ImportDialog(JFrame parent, final ExtensionLlm extLlm) {
         setDefaultCloseOperation(DISPOSE_ON_CLOSE);
     }
 
-    private boolean importSwagger()
+    private boolean importOpenapi()
             throws IOException, URISyntaxException, ApiException, DatabaseException {
 
-        String swaggerLocation = getSwaggerField().getText();
-        LlmOptionsParam llmOptionsParam = extLlm.getOptionsParam();
+        String openapiLocation = getOpenapiField().getText();
+        llmOptionsParam = extLlm.getOptionsParam();
         Integer endpointCount = 0;
 
         if (StringUtils.isEmpty(llmOptionsParam.getApiKey())) {
@@ -134,40 +135,39 @@ private boolean importSwagger()
                 new LlmCommunicationService(
                         llmOptionsParam.getModelName(), llmOptionsParam.getApiKey(), llmOptionsParam.getEndpoint());
 
-        if (StringUtils.isEmpty(swaggerLocation)) {
+        if (StringUtils.isEmpty(openapiLocation)) {
             ThreadUtils.invokeAndWaitHandled(
                     () -> {
                         showWarningDialog(
                                 Constant.messages.getString(
-                                        "llm.importDialog.error.missingSwagger"));
-                        getSwaggerField().requestFocusInWindow();
+                                        "llm.importDialog.error.missingOpenapi"));
+                        getOpenapiField().requestFocusInWindow();
                     });
             return false;
         }
 
         try {
-            new URL(swaggerLocation).toURI();
-            new URI(swaggerLocation, true);
-            // implement logic here
-            endpointCount = llmCommunicationService.importSwaggerFromUrl(swaggerLocation);
+            new URL(openapiLocation).toURI();
+            new URI(openapiLocation, true);
+            endpointCount = llmCommunicationService.importOpenapiFromUrl(openapiLocation);
 
             return true;
         } catch (URIException | MalformedURLException | URISyntaxException e) {
             // Not a valid URI, try to import as a file
-            endpointCount = llmCommunicationService.importSwaggerFromFile(swaggerLocation);
+            endpointCount = llmCommunicationService.importOpenapiFromFile(openapiLocation);
         }
 
-        var file = new File(swaggerLocation);
+        var file = new File(openapiLocation);
         if (!file.canRead()) {
             ThreadUtils.invokeAndWaitHandled(
                     () -> {
-                        showWarningFileNotFound(swaggerLocation);
-                        getSwaggerField().requestFocusInWindow();
+                        showWarningFileNotFound(openapiLocation);
+                        getOpenapiField().requestFocusInWindow();
                     });
             return false;
         }
 
-        endpointCount = llmCommunicationService.importSwaggerFromFile(swaggerLocation);
+        endpointCount = llmCommunicationService.importOpenapiFromFile(openapiLocation);
 
         showMessageDialog(
                 Constant.messages.getString("llm.importDialog.import.success", endpointCount));
@@ -185,12 +185,12 @@ private static void setContextMenu(JTextField field) {
         field.setComponentPopupMenu(jPopupMenu);
     }
 
-    private JTextField getSwaggerField() {
-        if (fieldSwagger == null) {
-            fieldSwagger = new JTextField(25);
-            setContextMenu(fieldSwagger);
+    private JTextField getOpenapiField() {
+        if (fieldOpenapi == null) {
+            fieldOpenapi = new JTextField(25);
+            setContextMenu(fieldOpenapi);
         }
-        return fieldSwagger;
+        return fieldOpenapi;
     }
 
     private JButton getChooseFileButton() {
@@ -213,7 +213,7 @@ private JButton getChooseFileButton() {
                         if (state == JFileChooser.APPROVE_OPTION) {
                             String filename = fileChooser.getSelectedFile().getAbsolutePath();
                             try {
-                                getSwaggerField().setText(filename);
+                                getOpenapiField().setText(filename);
                                 Model.getSingleton()
                                         .getOptionsParam()
                                         .setUserDirectory(fileChooser.getCurrentDirectory());
@@ -248,20 +248,14 @@ private JButton getImportButton() {
                         new Thread(
                                         () -> {
                                             try {
-                                                if (importSwagger()) {
+                                                if (importOpenapi()) {
                                                     ThreadUtils.invokeAndWaitHandled(
                                                             () -> {
                                                                 dispose();
                                                                 showProgressBar(false);
                                                             });
                                                 }
-                                            } catch (IOException ex) {
-                                                throw new RuntimeException(ex);
-                                            } catch (URISyntaxException ex) {
-                                                throw new RuntimeException(ex);
-                                            } catch (ApiException ex) {
-                                                throw new RuntimeException(ex);
-                                            } catch (DatabaseException ex) {
+                                            } catch (Exception ex) {
                                                 throw new RuntimeException(ex);
                                             }
                                         },
@@ -296,7 +290,7 @@ private void showProgressBar(boolean show) {
         getProgressBar().setVisible(show);
 
         getImportButton().setEnabled(!show);
-        getSwaggerField().setEnabled(!show);
+        getOpenapiField().setEnabled(!show);
         getChooseFileButton().setEnabled(!show);
     }
 
@@ -310,6 +304,6 @@ private JProgressBar getProgressBar() {
     }
 
     public void clearFields() {
-        getSwaggerField().setText("");
+        getOpenapiField().setText("");
     }
 }

addOns/llm/src/main/java/org/zaproxy/addon/llm/ui/settings/LlmOptionsPanel.java

@@ -42,7 +42,7 @@ public class LlmOptionsPanel extends AbstractParamPanel {
     private JTextField apiKeyTextField;
     private JTextField llmendpointTextField;
 
-    private JComboBox<String> llmModelsComboBox; // Added JComboBox for LLM models
+    private JComboBox<String> llmModelsComboBox;
 
     public LlmOptionsPanel() {
         super();
@@ -53,13 +53,13 @@ private void initComponents() {
         super.setName(Constant.messages.getString("llm.options.title"));
 
         JLabel llmApiKey = new JLabel(Constant.messages.getString("llm.options.label.apikey"));
-        this.apiKeyTextField = new JPasswordField(); // Initialize as JPasswordField
+        this.apiKeyTextField = new JPasswordField();
 
         JLabel llmendpoint = new JLabel(Constant.messages.getString("llm.options.label.endpoint"));
-        this.llmendpointTextField = new JTextField(); // Initialize as JPasswordField
+        this.llmendpointTextField = new JTextField();
 
-        JLabel llmModelsLabel = new JLabel("Select LLM Model:"); // Label for the combo box
-        this.llmModelsComboBox = new JComboBox<>(new String[] {"gpt-4o"}); //
+        JLabel llmModelsLabel = new JLabel("Select LLM Model:");
+        this.llmModelsComboBox = new JComboBox<>(new String[] {"gpt-4o"});
 
         GroupLayout layout = new GroupLayout(this);
         super.setLayout(layout);
@@ -77,7 +77,7 @@ private void initComponents() {
                                         .addComponent(llmendpoint)
                                         .addComponent(this.llmendpointTextField))
                         .addGroup(
-                                layout.createSequentialGroup() // Add horizontal group for combo box
+                                layout.createSequentialGroup()
                                         .addComponent(llmModelsLabel)
                                         .addComponent(this.llmModelsComboBox)));
 
@@ -94,8 +94,7 @@ private void initComponents() {
                         .addGroup(
                                 layout.createParallelGroup(
                                                 GroupLayout.Alignment
-                                                        .BASELINE) // Add vertical group for combo
-                                        // box
+                                                        .BASELINE)
                                         .addComponent(llmModelsLabel)
                                         .addComponent(this.llmModelsComboBox)));
     }

addOns/llm/src/main/java/org/zaproxy/addon/llm/ui/settings/LlmOptionsParam.java

@@ -49,7 +49,6 @@ public class LlmOptionsParam extends VersionedAbstractParam {
     private String modelName;
 
     public String getApiKey() {
-        // System.out.println("API KEY FROM attribute" + this.apiKey);
         return this.apiKey;
     }
 

addOns/llm/src/main/java/org/zaproxy/addon/llm/utils/HistoryPersister.java

@@ -3,7 +3,7 @@
  *
  * ZAP is an HTTP/HTTPS proxy for assessing web application security.
  *
- * Copyright 2023 The ZAP Development Team
+ * Copyright 2024 The ZAP Development Team
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

addOns/llm/src/main/java/org/zaproxy/addon/llm/utils/Requestor.java

@@ -3,7 +3,7 @@
  *
  * ZAP is an HTTP/HTTPS proxy for assessing web application security.
  *
- * Copyright 2023 The ZAP Development Team
+ * Copyright 2024 The ZAP Development Team
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

addOns/llm/src/main/javahelp/org/zaproxy/addon/llm/resources/help/contents/about.html

@@ -2,25 +2,22 @@
 <HTML>
 <HEAD>
 <TITLE>
-Simple Example - About
+ZAP LLM - About
 </TITLE>
 </HEAD>
 <BODY>
-<H1>Simple Example - About</H1>
+<H1>ZAP LLM - About</H1>
 
 <H2>Source Code</H2>
-<a href="https://github.com/zaproxy/zap-extensions/tree/main/addOns/simpleexample">https://github.com/zaproxy/zap-extensions/tree/main/addOns/simpleexample</a>
+<a href="https://github.com/zaproxy/zap-extensions/tree/main/addOns/simpleexample">https://github.com/zaproxy/zap-extensions/tree/main/addOns/llm</a>
 
 <H2>Authors</H2>
 ZAP Dev Team
 
 <H2>History</H2>
 
-<H3>Version 2</H3>
-Updated to include example 'about' page.
-
-<H3>Version 1</H3>
-First Version
+<H3>Version 0.0.1</H3>
+First Version to perform API sequencing and alert review
 
 </BODY>
 </HTML>