Merge pull request #9 from Chave0v0/dev

修复已知bug

Author: Chave0v0

src/main/java/com/chave/Main.java

@@ -22,14 +22,15 @@ public void initialize(MontoyaApi montoyaApi) {
         Logging log = API.logging();
 
         API.extension().setName("API Highlighter");
-        log.logToOutput("API Highlighter v1.0.0\n\n" +
+        log.logToOutput("API Highlighter v2.1.0\n\n" +
                 "Rebuild: Chave\n" +
                 "GitHub: https://github.com/Chave0v0/API-Highlighter\n");
 
         // 初始化ui
         UI = new MainUI();
         API.userInterface().registerSuiteTab("API Highlighter", UI.getMainTabbedPane());
         API.http().registerHttpHandler(new APIHighLighterHandler());
+        // 添加敏感信息展示Tab
         API.userInterface().registerHttpRequestEditorProvider(new RequestEditor());
         API.userInterface().registerHttpResponseEditorProvider(new ResponseEditor());
 

src/main/java/com/chave/config/APIConfig.java

@@ -9,13 +9,15 @@ public class APIConfig {
 
     public static final HashMap ITEM_FIELD = new HashMap();
 
+    public static final String SENSITIVE_INFO_RESULT = "存在敏感信息";
+
     static {
         ITEM_FIELD.put(0, "method");
         ITEM_FIELD.put(1, "path");
         ITEM_FIELD.put(2, "result");
         ITEM_FIELD.put(3, "state");
         ITEM_FIELD.put(4, "note");
-        ITEM_FIELD.put(5, "domain");
+        ITEM_FIELD.put(5, "isFound");
     }
 
 }

src/main/java/com/chave/editor/RequestEditor.java

@@ -8,17 +8,15 @@
 import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider;
 import com.chave.Main;
 import com.chave.config.SensitiveInfoConfig;
-import com.chave.config.UserConfig;
-import com.chave.service.APIMatchService;
 import com.chave.service.SensitiveInfoMatchService;
+import com.chave.utils.Util;
 
 import javax.swing.*;
 import javax.swing.table.DefaultTableCellRenderer;
 import javax.swing.table.DefaultTableModel;
 import javax.swing.table.JTableHeader;
 import javax.swing.table.TableCellRenderer;
 import java.awt.*;
-import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Set;
@@ -32,7 +30,6 @@ public ExtensionProvidedHttpRequestEditor provideHttpRequestEditor(EditorCreatio
     private static class Editor implements ExtensionProvidedHttpRequestEditor {
         private HttpRequestResponse requestResponse;
         private final JTabbedPane jTabbedPane = new JTabbedPane();
-        private APIMatchService apiMatchService = new APIMatchService();
         private SensitiveInfoMatchService sensitiveInfoMatchService = new SensitiveInfoMatchService();
 
         public Editor() {
@@ -52,8 +49,9 @@ public void setRequestResponse(HttpRequestResponse requestResponse) {
         public boolean isEnabledFor(HttpRequestResponse requestResponse) {
             HttpRequest request = requestResponse.request();
             try {
-                Method matchMethod = APIMatchService.class.getMethod(UserConfig.MATCH_MOD.name(), HttpRequest.class);
-                if ((Boolean) matchMethod.invoke(apiMatchService, request) && SensitiveInfoConfig.IS_CHECK_SENSITIVE_INFO) {
+                HashMap apiMatchResult = Util.getAPIMatchResult(request);
+                boolean isMatched = (boolean) apiMatchResult.get("isMatched");
+                if (isMatched && SensitiveInfoConfig.IS_CHECK_SENSITIVE_INFO) {
                     HashMap result = sensitiveInfoMatchService.sensitiveInfoMatch(request);
                     if (!result.isEmpty()) {
                         genreateEditorUI(result);

src/main/java/com/chave/editor/ResponseEditor.java

@@ -7,18 +7,15 @@
 import burp.api.montoya.ui.editor.extension.*;
 import com.chave.Main;
 import com.chave.config.SensitiveInfoConfig;
-import com.chave.config.UserConfig;
-import com.chave.service.APIMatchService;
 import com.chave.service.SensitiveInfoMatchService;
+import com.chave.utils.Util;
 
 import javax.swing.*;
 import javax.swing.table.DefaultTableCellRenderer;
 import javax.swing.table.DefaultTableModel;
 import javax.swing.table.JTableHeader;
 import javax.swing.table.TableCellRenderer;
 import java.awt.*;
-import java.lang.reflect.Array;
-import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Set;
@@ -33,7 +30,6 @@ public ExtensionProvidedHttpResponseEditor provideHttpResponseEditor(EditorCreat
     private static class Editor implements ExtensionProvidedHttpResponseEditor {
         private HttpRequestResponse requestResponse;
         private final JTabbedPane jTabbedPane = new JTabbedPane();
-        private APIMatchService apiMatchService = new APIMatchService();
         private SensitiveInfoMatchService sensitiveInfoMatchService = new SensitiveInfoMatchService();
 
         public Editor() {
@@ -54,8 +50,9 @@ public boolean isEnabledFor(HttpRequestResponse requestResponse) {
             HttpResponse response = requestResponse.response();
             HttpRequest request = requestResponse.request();
             try {
-                Method matchMethod = APIMatchService.class.getMethod(UserConfig.MATCH_MOD.name(), HttpRequest.class);
-                if ((Boolean) matchMethod.invoke(apiMatchService, request) && SensitiveInfoConfig.IS_CHECK_SENSITIVE_INFO) {
+                HashMap apiMatchResult = Util.getAPIMatchResult(request);
+                boolean isMatched = (boolean) apiMatchResult.get("isMatched");
+                if (isMatched && SensitiveInfoConfig.IS_CHECK_SENSITIVE_INFO) {
                     HashMap result = sensitiveInfoMatchService.sensitiveInfoMatch(response);
                     if (!result.isEmpty()) {
                         genreateEditorUI(result);

src/main/java/com/chave/handler/APIHighLighterHandler.java

@@ -4,85 +4,96 @@
 import burp.api.montoya.http.message.requests.HttpRequest;
 import burp.api.montoya.logging.Logging;
 import com.chave.Main;
+import com.chave.config.APIConfig;
 import com.chave.config.Color;
-import com.chave.config.UserConfig;
-import com.chave.service.APIMatchService;
+import com.chave.config.SensitiveInfoConfig;
+import com.chave.pojo.APIItem;
 import com.chave.service.SensitiveInfoMatchService;
 import com.chave.utils.Util;
-import java.lang.reflect.Method;
-import java.util.ArrayList;
 import java.util.HashMap;
 
 public class APIHighLighterHandler implements HttpHandler {
     private Logging log;
-    private APIMatchService apiMatchService;
     private SensitiveInfoMatchService sensitiveInfoMatchService;
-    private ArrayList<Integer> messageIdList;
+    private HashMap<Integer, HttpRequest> messageIdList;
 
     public APIHighLighterHandler() {
         this.log = Main.API.logging();
-        this.apiMatchService = new APIMatchService();
         this.sensitiveInfoMatchService = new SensitiveInfoMatchService();
-        this.messageIdList = new ArrayList<>();
+        this.messageIdList = new HashMap<>();
     }
 
     @Override
     public RequestToBeSentAction handleHttpRequestToBeSent(HttpRequestToBeSent requestToBeSent) {
         try {
-            Method matchMethod = APIMatchService.class.getMethod(UserConfig.MATCH_MOD.name(), HttpRequest.class);
-            if ((Boolean) matchMethod.invoke(apiMatchService, requestToBeSent)) {
+            HashMap apiMatchResult = Util.getAPIMatchResult(requestToBeSent);
+            boolean isMatched = (boolean) apiMatchResult.get("isMatched");
+            APIItem matchedItem = (APIItem) apiMatchResult.get("api");
+
+            if (isMatched) {
                 // 添加到arraylist中 为了检查对应response
-                messageIdList.add(requestToBeSent.messageId());
+                if (messageIdList.get(requestToBeSent.messageId()) == null) {
+                    messageIdList.put(requestToBeSent.messageId(), requestToBeSent);
+                }
+
+                // 对匹配到的接口进行标记
+                Util.setAPIFound(matchedItem.getPath(), requestToBeSent);
 
                 // 匹配到进行高亮处理
                 Util.setHighlightColor(requestToBeSent, Color.YELLOW);
 
-                // 只对匹配到的接口进行敏感信息检查
-                HashMap result = sensitiveInfoMatchService.sensitiveInfoMatch(requestToBeSent);
-                if (!result.isEmpty()) {
-                    // 对history进行红色高亮处理
-                    Util.setHighlightColor(requestToBeSent, Color.ORANGE);
+                if (SensitiveInfoConfig.IS_CHECK_SENSITIVE_INFO) {
+                    // 只对匹配到的接口进行敏感信息检查
+                    HashMap sensitiveInfoMatchResult = sensitiveInfoMatchService.sensitiveInfoMatch(requestToBeSent);
+                    if (!sensitiveInfoMatchResult.isEmpty()) {
+                        // 对history进行红色高亮处理
+                        Util.setHighlightColor(requestToBeSent, Color.ORANGE);
+
+                        // 标记result 存在敏感信息
+                        Util.setAPIResult(APIConfig.SENSITIVE_INFO_RESULT, matchedItem.getPath(), requestToBeSent);
 
-                    if (APIMatchService.MATCHED_ITEM.getResult() != null && !APIMatchService.MATCHED_ITEM.getResult().contains("敏感信息")) {
-                        APIMatchService.MATCHED_ITEM.setResult(APIMatchService.MATCHED_ITEM.getResult() + "/存在敏感信息");
-                    } else {
-                        APIMatchService.MATCHED_ITEM.setResult("存在敏感信息");
                     }
+                }
 
-                    // 刷新列表
-                    Util.flushAPIList(Main.UI.getHighlighterMainUI().getApiTable());
 
-                }
+                // 刷新列表
+                Util.flushAPIList(Main.UI.getHighlighterMainUI().getApiTable());
             }
 
         } catch (Exception e) {
-            log.logToError(e);
+            log.logToError("request handler异常");
         }
         return null;
     }
 
     @Override
     public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived responseReceived) {
         try {
-            if (messageIdList.contains(responseReceived.messageId())) {
-                HashMap result = sensitiveInfoMatchService.sensitiveInfoMatch(responseReceived);
-                if (!result.isEmpty()) {
-                    // 对history进行红色高亮处理
-                    Util.setHighlightColor(responseReceived, Color.ORANGE);
-
-                    if (APIMatchService.MATCHED_ITEM.getResult() != null && !APIMatchService.MATCHED_ITEM.getResult().contains("存在敏感信息")) {
-                        APIMatchService.MATCHED_ITEM.setResult(APIMatchService.MATCHED_ITEM.getResult() + "/存在敏感信息");
-                    } else {
-                        APIMatchService.MATCHED_ITEM.setResult("存在敏感信息");
-                    }
+            if (SensitiveInfoConfig.IS_CHECK_SENSITIVE_INFO) {
+                // 查询当前response对应的request是否被匹配
+                HttpRequest request = messageIdList.get(responseReceived.messageId());
+                if (request != null) {
+                    HashMap sensitiveInfoMatch = sensitiveInfoMatchService.sensitiveInfoMatch(responseReceived);
+
+                    if (!sensitiveInfoMatch.isEmpty()) {
+                        // 对history进行红色高亮处理
+                        Util.setHighlightColor(responseReceived, Color.ORANGE);
+
+                        // 重新匹配一次 找到对应的apiItem
+                        HashMap apiMatchResult = Util.getAPIMatchResult(request);
+                        APIItem matchedItem = (APIItem) apiMatchResult.get("api");
 
-                    // 刷新列表
-                    Util.flushAPIList(Main.UI.getHighlighterMainUI().getApiTable());
+                        // 标记result 存在敏感信息
+                        Util.setAPIResult(APIConfig.SENSITIVE_INFO_RESULT, matchedItem.getPath(), request);
 
+                        // 刷新列表
+                        Util.flushAPIList(Main.UI.getHighlighterMainUI().getApiTable());
+
+                    }
                 }
             }
         } catch (Exception e) {
-            log.logToError(e);
+            log.logToError("response handler异常");
         }
 
         return null;

src/main/java/com/chave/pojo/APIItem.java

@@ -13,7 +13,7 @@ public class APIItem {
     private String result;
     private Boolean state = Boolean.FALSE;
     private String note;
-    private String domain;
+    private String isFound;
 
     public APIItem(String path) {
         this.path = path;