From b21fd1ddfb31038d12daf54bbc8146a19d7cbc62 Mon Sep 17 00:00:00 2001 From: Simon Bennetts Date: Sat, 14 Mar 2026 17:45:48 +0000 Subject: [PATCH] Fix Java 21 warnings Signed-off-by: Simon Bennetts --- addOns/addOns.gradle.kts | 1 - .../SessionFixationScanRule.java | 12 ++++--- .../extension/browserView/BrowserPanel.java | 7 ++-- addOns/bruteforce/CHANGELOG.md | 3 +- .../DirBuster/GenBaseCase.java | 22 +++++++++--- .../DirBuster/HTMLparse.java | 24 ++++++++----- .../sittinglittleduck/DirBuster/Manager.java | 14 ++++---- .../workGenerators/BruteForceURLFuzz.java | 10 +++--- .../BruteForceWorkGenerator.java | 12 ++++--- .../workGenerators/WorkerGenerator.java | 27 +++++++------- .../WorkerGeneratorURLFuzz.java | 10 +++--- .../zap/extension/bruteforce/BruteForce.java | 5 +-- .../client/spider/ClientSpiderDialog.java | 3 +- addOns/graphql/CHANGELOG.md | 3 +- .../org/zaproxy/addon/graphql/UrlBuilder.java | 3 +- .../llm/services/LlmCommunicationService.java | 2 +- addOns/network/CHANGELOG.md | 3 +- .../ClientCertificatesOptionsPanel.java | 7 ++-- addOns/openapi/CHANGELOG.md | 1 + .../zap/extension/openapi/ImportDialog.java | 3 +- .../openapi/llm/LlmOpenApiImportDialog.java | 3 +- addOns/paramdigger/CHANGELOG.md | 1 + .../paramdigger/gui/ParamDiggerDialog.java | 3 +- addOns/postman/CHANGELOG.md | 3 +- .../zaproxy/addon/postman/ImportDialog.java | 3 +- .../addon/postman/automation/PostmanJob.java | 6 ++-- .../automation/PostmanJobUnitTest.java | 25 +++++++++++++ addOns/pscanrules/CHANGELOG.md | 1 + .../UserControlledHTMLAttributesScanRule.java | 6 ++-- .../UserControlledOpenRedirectScanRule.java | 5 +-- addOns/quickstart/CHANGELOG.md | 3 +- .../zap/extension/quickstart/AttackPanel.java | 2 +- .../quickstart/ExtensionQuickStart.java | 5 +-- .../zap/extension/quickstart/ZapItScan.java | 5 +-- .../launch/OptionsQuickStartLaunchPanel.java | 6 ++-- addOns/reports/CHANGELOG.md | 2 +- .../reports/sarif/SarifReportDataSupport.java | 12 +++++-- .../addon/reports/sarif/SarifToolData.java | 15 ++++++-- addOns/soap/CHANGELOG.md | 3 +- .../zap/extension/soap/ImportDialog.java | 3 +- .../zaproxy/addon/spider/SpiderDialog.java | 3 +- .../addon/spider/UrlCanonicalizer.java | 35 +++++++++++++++---- addOns/spiderAjax/CHANGELOG.md | 1 + .../extension/spiderAjax/AjaxSpiderAPI.java | 6 +++- .../spiderAjax/AjaxSpiderDialog.java | 22 +++++++++--- .../extension/spiderAjax/ExtensionAjax.java | 7 +++- .../JRandTest/Algo/BFcipher.java | 2 +- .../JRandTest/IO/HttpGetUrlRandomStream.java | 3 +- .../Tests/BinaryRankTestFor6x8Matrices.java | 2 +- .../OverlappingPairsSparseOccupancy.java | 2 +- .../treetools/ExtensionTreeTools.java | 6 ++-- addOns/zest/CHANGELOG.md | 1 + .../zap/extension/zest/ZestZapUtils.java | 15 ++++++-- .../zest/dialogs/ZestRecordScriptDialog.java | 4 +-- .../zest/dialogs/ZestRequestDialog.java | 10 +++--- .../zest/dialogs/ZestScriptsDialog.java | 4 +-- .../extension/zest/ZestZapUtilsUnitTest.java | 8 ++--- 57 files changed, 281 insertions(+), 134 deletions(-) diff --git a/addOns/addOns.gradle.kts b/addOns/addOns.gradle.kts index fe23555f29d..24553f24123 100644 --- a/addOns/addOns.gradle.kts +++ b/addOns/addOns.gradle.kts @@ -138,7 +138,6 @@ subprojects { val lintFlags = mutableListOf("-processing") if (JavaVersion.current().getMajorVersion() >= "21") { lintFlags.add("-this-escape") - options.compilerArgs = options.compilerArgs - "-Werror" } options.compilerArgs = options.compilerArgs + "-Xlint:${lintFlags.joinToString(",")}" } diff --git a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SessionFixationScanRule.java b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SessionFixationScanRule.java index acba61a1f38..abbfa145cad 100644 --- a/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SessionFixationScanRule.java +++ b/addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SessionFixationScanRule.java @@ -19,8 +19,7 @@ */ package org.zaproxy.zap.extension.ascanrulesBeta; -import java.net.MalformedURLException; -import java.net.URL; +import java.net.URISyntaxException; import java.time.Instant; import java.time.ZonedDateTime; import java.util.Collections; @@ -188,13 +187,16 @@ public void scan() { String requestUrl = "Unknown URL"; try { requestUrl = - new URL( + new java.net.URI( requestUri.getScheme(), + null, requestUri.getHost(), requestUri.getPort(), - requestUri.getPath()) + requestUri.getPath(), + null, + null) .toString(); - } catch (MalformedURLException e) { + } catch (URISyntaxException e) { // no point in continuing. The URL is invalid. This is a peculiarity in the Zap // core, // and can happen when diff --git a/addOns/browserView/src/main/java/org/zaproxy/zap/extension/browserView/BrowserPanel.java b/addOns/browserView/src/main/java/org/zaproxy/zap/extension/browserView/BrowserPanel.java index c9adf1ae7a7..751348e4667 100644 --- a/addOns/browserView/src/main/java/org/zaproxy/zap/extension/browserView/BrowserPanel.java +++ b/addOns/browserView/src/main/java/org/zaproxy/zap/extension/browserView/BrowserPanel.java @@ -22,7 +22,8 @@ import java.awt.BorderLayout; import java.awt.Dimension; import java.net.MalformedURLException; -import java.net.URL; +import java.net.URI; +import java.net.URISyntaxException; import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicReference; @@ -104,8 +105,8 @@ public void loadContent(final String content) { private static String toURL(String str) { try { - return new URL(str).toExternalForm(); - } catch (MalformedURLException exception) { + return new URI(str).toURL().toExternalForm(); + } catch (MalformedURLException | URISyntaxException exception) { return null; } } diff --git a/addOns/bruteforce/CHANGELOG.md b/addOns/bruteforce/CHANGELOG.md index 3dea83a5bef..5593ae56c1b 100644 --- a/addOns/bruteforce/CHANGELOG.md +++ b/addOns/bruteforce/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Maintenance changes. ## [20] - 2025-12-15 ### Changed diff --git a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/GenBaseCase.java b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/GenBaseCase.java index ac6c37450b7..49f2f76d03d 100644 --- a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/GenBaseCase.java +++ b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/GenBaseCase.java @@ -24,6 +24,8 @@ import com.sittinglittleduck.DirBuster.SimpleHttpClient.HttpMethod; import java.io.IOException; import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import java.util.Vector; import java.util.regex.Matcher; @@ -84,16 +86,16 @@ public static BaseCase genBaseCase( String baseResponce = ""; URL failurl = null; if (isDir) { - failurl = new URL(url + failString + "/"); + failurl = toUrl(url + failString + "/"); } else { if (manager.isBlankExt()) { fileExtention = ""; - failurl = new URL(url + failString + fileExtention); + failurl = toUrl(url + failString + fileExtention); } else { if (!fileExtention.startsWith(".")) { fileExtention = "." + fileExtention; } - failurl = new URL(url + failString + fileExtention); + failurl = toUrl(url + failString + fileExtention); } } @@ -175,7 +177,7 @@ public static BaseCase genBaseCase( baseCase = new BaseCase( - new URL(url), + toUrl(url), failcode, isDir, failurl, @@ -207,7 +209,7 @@ public static BaseCase genURLFuzzBaseCase(Manager manager, String fuzzStart, Str boolean useRegexInstead = false; String regex = null; - URL failurl = new URL(fuzzStart + failString + FuzzEnd); + URL failurl = toUrl(fuzzStart + failString + FuzzEnd); HttpResponse response = manager.getHttpClient().send(HttpMethod.GET, failurl.toString()); @@ -277,4 +279,14 @@ private static String getBaseCaseAgain(Manager manager, URL failurl, String fail return null; } } + + private static URL toUrl(String value) throws MalformedURLException { + try { + return new URI(value).toURL(); + } catch (URISyntaxException e) { + MalformedURLException ex = new MalformedURLException(e.getMessage()); + ex.initCause(e); + throw ex; + } + } } diff --git a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/HTMLparse.java b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/HTMLparse.java index cd35b0a80ee..a3e014940d0 100644 --- a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/HTMLparse.java +++ b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/HTMLparse.java @@ -23,6 +23,8 @@ import com.sittinglittleduck.DirBuster.SimpleHttpClient.HttpMethod; import java.io.IOException; import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import java.util.Vector; import net.htmlparser.jericho.Attribute; @@ -102,7 +104,8 @@ public void run() { if (attr != null) { // creates a full qulaifed domian name, based on the page we // have just tested - URL tempURL = new URL(work.getWork(), attr.getValue()); + URL tempURL = + work.getWork().toURI().resolve(attr.getValue()).toURL(); String urlString = tempURL.getPath(); // check it is not already there and the link is from the same @@ -125,7 +128,7 @@ public void run() { } } - } catch (MalformedURLException e) { + } catch (MalformedURLException | URISyntaxException e) { LOGGER.debug("Bad URL", e); } } @@ -179,11 +182,16 @@ public void run() { // ports WorkUnit workUnit = new WorkUnit( - new URL( - work.getWork().getProtocol(), - work.getWork().getHost(), - work.getWork().getPort(), - founditem), + new URI( + work.getWork() + .getProtocol(), + null, + work.getWork().getHost(), + work.getWork().getPort(), + founditem, + null, + null) + .toURL(), founditem.endsWith("/"), method, baseCase, @@ -198,7 +206,7 @@ public void run() { // workUnit.getWork().toString() + " to the work // queue"); } - } catch (MalformedURLException ex) { + } catch (MalformedURLException | URISyntaxException ex) { LOGGER.debug("Bad URL", ex); } catch (InterruptedException ex) { LOGGER.debug(ex); diff --git a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/Manager.java b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/Manager.java index efb39ee4d9a..a995c78510a 100644 --- a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/Manager.java +++ b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/Manager.java @@ -24,6 +24,8 @@ import com.sittinglittleduck.DirBuster.workGenerators.WorkerGenerator; import com.sittinglittleduck.DirBuster.workGenerators.WorkerGeneratorURLFuzz; import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import java.util.Date; import java.util.Locale; @@ -214,10 +216,10 @@ public void setupManager( // add the start point to the running list // TODO change this so it sctually checks for it try { - url = new URL(firstPartOfURL + startPoint); + url = new URI(firstPartOfURL + startPoint).toURL(); // gui.addResult(new ResultsTableObject("Dir", url.getPath(), "---", "Scanning", // url.toString(), "Start point of testing", null, null, this.recursive, null)); - } catch (MalformedURLException ex) { + } catch (MalformedURLException | URISyntaxException ex) { LOGGER.error("Bad URL", ex); } @@ -266,10 +268,10 @@ public void setupManager( // add the start point to the running list try { - url = new URL(firstPartOfURL + startPoint); + url = new URI(firstPartOfURL + startPoint).toURL(); // gui.addResult(new ResultsTableObject("Dir", url.getPath(), "---", "Scanning", // url.toString(), "Start point of testing", null, null, this.recursive, null)); - } catch (MalformedURLException ex) { + } catch (MalformedURLException | URISyntaxException ex) { LOGGER.error("Bad URL", ex); } @@ -872,7 +874,7 @@ public synchronized BaseCase getBaseCase(String base, boolean isDir, String file for (int a = 0; a < producedBasesCases.size(); a++) { BaseCase tempBaseCase = producedBasesCases.elementAt(a); - if (tempBaseCase.getBaseCaseURL().equals(new URL(base)) + if (tempBaseCase.getBaseCaseURL().equals(new URI(base).toURL()) && tempBaseCase.isDir() == isDir) { if (!isDir) { if (tempBaseCase.getFileExt().equals(fileExt)) { @@ -883,7 +885,7 @@ public synchronized BaseCase getBaseCase(String base, boolean isDir, String file } } } - } catch (MalformedURLException ex) { + } catch (MalformedURLException | URISyntaxException ex) { // do nothing I dont care } diff --git a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/BruteForceURLFuzz.java b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/BruteForceURLFuzz.java index 040fa52a4f5..90ca6689b73 100644 --- a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/BruteForceURLFuzz.java +++ b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/BruteForceURLFuzz.java @@ -29,6 +29,8 @@ import com.sittinglittleduck.DirBuster.WorkUnit; import java.io.IOException; import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import java.util.concurrent.BlockingQueue; import org.apache.logging.log4j.LogManager; @@ -83,7 +85,7 @@ public void run() { if (manager.getAuto()) { try { - URL headurl = new URL(firstPart); + URL headurl = new URI(firstPart).toURL(); int responceCode = manager.getHttpClient() @@ -96,7 +98,7 @@ public void run() { // switch the mode to just GET requests manager.setAuto(false); } - } catch (IOException e) { + } catch (IOException | URISyntaxException e) { LOGGER.error(e, e); } } @@ -177,12 +179,12 @@ private void showString(int len, String baseCase, BaseCase baseCaseObj) { method = HttpMethod.GET; } - URL currentURL = new URL(firstPart + urlFuzzStart + temp + urlFuzzEnd); + URL currentURL = new URI(firstPart + urlFuzzStart + temp + urlFuzzEnd).toURL(); workQueue.put(new WorkUnit(currentURL, true, method, baseCaseObj, temp)); } catch (InterruptedException e) { LOGGER.debug(e); - } catch (MalformedURLException e) { + } catch (MalformedURLException | URISyntaxException e) { LOGGER.debug("Bad URL", e); } } diff --git a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/BruteForceWorkGenerator.java b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/BruteForceWorkGenerator.java index 19e78d0d013..e55a96cf428 100644 --- a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/BruteForceWorkGenerator.java +++ b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/BruteForceWorkGenerator.java @@ -31,6 +31,8 @@ import com.sittinglittleduck.DirBuster.WorkUnit; import java.io.IOException; import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import java.util.Vector; import java.util.concurrent.BlockingQueue; @@ -95,7 +97,7 @@ public void run() { if (manager.getAuto()) { try { - URL headurl = new URL(firstPart); + URL headurl = new URI(firstPart).toURL(); int responceCode = manager.getHttpClient() @@ -108,7 +110,7 @@ public void run() { // switch the mode to just GET requests manager.setAuto(false); } - } catch (IOException e) { + } catch (IOException | URISyntaxException e) { LOGGER.error(e, e); } } @@ -232,18 +234,18 @@ private void showString(int len, String baseCase, BaseCase baseCaseObj) { } if (doingDirs) { - URL currentURL = new URL(firstPart + currentDir + temp + "/"); + URL currentURL = new URI(firstPart + currentDir + temp + "/").toURL(); workQueue.put(new WorkUnit(currentURL, true, method, baseCaseObj, temp)); } else { - URL currentURL = new URL(firstPart + currentDir + temp + fileExtention); + URL currentURL = new URI(firstPart + currentDir + temp + fileExtention).toURL(); workQueue.put(new WorkUnit(currentURL, false, method, baseCaseObj, temp)); } } catch (InterruptedException e) { LOGGER.debug(e); - } catch (MalformedURLException e) { + } catch (MalformedURLException | URISyntaxException e) { LOGGER.debug("Bad URL", e); } } diff --git a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/WorkerGenerator.java b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/WorkerGenerator.java index d74b790a5b4..e4d80ad2b94 100644 --- a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/WorkerGenerator.java +++ b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/WorkerGenerator.java @@ -35,6 +35,8 @@ import java.io.IOException; import java.io.InputStreamReader; import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import java.util.Vector; import java.util.concurrent.BlockingQueue; @@ -113,7 +115,7 @@ public void run() { // checks if the server surports heads requests if (manager.getAuto()) { try { - URL headurl = new URL(firstPart); + URL headurl = new URI(firstPart).toURL(); int responceCode = manager.getHttpClient() @@ -132,7 +134,7 @@ public void run() { // switch the mode to just GET requests manager.setAuto(false); } - } catch (IOException e) { + } catch (IOException | URISyntaxException e) { LOGGER.error(e, e); } } @@ -210,14 +212,14 @@ public void run() { } else { method = "GET"; } - currentURL = new URL(firstPart + currentDir); + currentURL = new URI(firstPart + currentDir).toURL(); // System.out.println("first part = " + firstPart); // System.out.println("current dir = " + currentDir); workQueue.put( new WorkUnit( currentURL, true, HttpMethod.GET, baseCaseObj, null)); LOGGER.debug("1 adding dir to work list {} {}", method, currentDir); - } catch (MalformedURLException ex) { + } catch (MalformedURLException | URISyntaxException ex) { LOGGER.debug("Bad URL", ex); } catch (InterruptedException ex) { LOGGER.debug(ex); @@ -249,7 +251,7 @@ public void run() { method = HttpMethod.GET; } - currentURL = new URL(firstPart + currentDir + line + "/"); + currentURL = new URI(firstPart + currentDir + line + "/").toURL(); // BaseCase baseCaseObj = new BaseCase(currentURL, failcode, true, // failurl, baseResponce); // if the base case is null then we need to switch to content @@ -260,7 +262,7 @@ public void run() { new WorkUnit(currentURL, true, method, baseCaseObj, line)); // System.out.println("Gen finshed adding to queue"); LOGGER.debug("2 adding dir to work list {} {}", method, currentURL); - } catch (MalformedURLException e) { + } catch (MalformedURLException | URISyntaxException e) { // TODO deal with bad line // e.printStackTrace(); // do nothing if it's malformed, I dont care about them! @@ -345,11 +347,12 @@ public void run() { } URL currentURL = - new URL( - firstPart - + currentDir - + line - + fileExtention); + new URI( + firstPart + + currentDir + + line + + fileExtention) + .toURL(); // BaseCase baseCaseObj = new BaseCase(currentURL, true, // failurl, baseResponce); workQueue.put( @@ -363,7 +366,7 @@ public void run() { "adding file to work list {} {}", method, currentURL); - } catch (MalformedURLException e) { + } catch (MalformedURLException | URISyntaxException e) { // e.printStackTrace(); // again do nothing as I dont care } catch (InterruptedException e) { diff --git a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/WorkerGeneratorURLFuzz.java b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/WorkerGeneratorURLFuzz.java index 1aba00e31ac..0b06fda8511 100644 --- a/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/WorkerGeneratorURLFuzz.java +++ b/addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/workGenerators/WorkerGeneratorURLFuzz.java @@ -35,6 +35,8 @@ import java.io.IOException; import java.io.InputStreamReader; import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import java.net.URLEncoder; import java.util.concurrent.BlockingQueue; @@ -121,7 +123,7 @@ public void run() { if (manager.getAuto()) { try { - URL headurl = new URL(firstPart); + URL headurl = new URI(firstPart).toURL(); int responceCode = manager.getHttpClient() .send(HttpMethod.HEAD, headurl.toString()) @@ -134,7 +136,7 @@ public void run() { "Changing to GET only HEAD test returned 501(method no implmented) or a 400"); manager.setAuto(false); } - } catch (MalformedURLException e) { + } catch (MalformedURLException | URISyntaxException e) { LOGGER.debug("Malformed URL", e); } catch (IOException e) { LOGGER.debug(e); @@ -168,7 +170,7 @@ public void run() { // url encode all the items line = URLEncoder.encode(line, "UTF-8"); - URL currentURL = new URL(firstPart + urlFuzzStart + line + urlFuzzEnd); + URL currentURL = new URI(firstPart + urlFuzzStart + line + urlFuzzEnd).toURL(); // BaseCase baseCaseObj = new BaseCase(currentURL, failcode, true, failurl, // baseResponce); // if the base case is null then we need to switch to content anylsis mode @@ -179,7 +181,7 @@ public void run() { } } catch (InterruptedException ex) { LOGGER.debug(ex.toString()); - } catch (MalformedURLException ex) { + } catch (MalformedURLException | URISyntaxException ex) { LOGGER.warn("Failed to create the fuzzed URL:", ex); } catch (IOException ex) { LOGGER.warn("Failed to create the fuzzed URL:", ex); diff --git a/addOns/bruteforce/src/main/java/org/zaproxy/zap/extension/bruteforce/BruteForce.java b/addOns/bruteforce/src/main/java/org/zaproxy/zap/extension/bruteforce/BruteForce.java index 80190231a36..20ba2f9c2a1 100644 --- a/addOns/bruteforce/src/main/java/org/zaproxy/zap/extension/bruteforce/BruteForce.java +++ b/addOns/bruteforce/src/main/java/org/zaproxy/zap/extension/bruteforce/BruteForce.java @@ -26,6 +26,7 @@ import java.io.File; import java.io.IOException; import java.net.MalformedURLException; +import java.net.URISyntaxException; import java.net.URL; import java.util.ArrayList; import java.util.Arrays; @@ -132,7 +133,7 @@ public void run() { Stats.incCounter("stats.bruteforce.started"); tableModel.clear(); - URL targetURL = new URL(target.getURI().toString()); + URL targetURL = new java.net.URI(target.getURI().toString()).toURL(); manager.setTargetURL(targetURL); manager.setAuto(true); @@ -202,7 +203,7 @@ public void run() { } catch (InterruptedException e) { } } - } catch (MalformedURLException ex) { + } catch (MalformedURLException | URISyntaxException ex) { LOGGER.error("Failed brute forcing site {}", target.getURI(), ex); } diff --git a/addOns/client/src/main/java/org/zaproxy/addon/client/spider/ClientSpiderDialog.java b/addOns/client/src/main/java/org/zaproxy/addon/client/spider/ClientSpiderDialog.java index 79123243703..b33bd0f4e4c 100644 --- a/addOns/client/src/main/java/org/zaproxy/addon/client/spider/ClientSpiderDialog.java +++ b/addOns/client/src/main/java/org/zaproxy/addon/client/spider/ClientSpiderDialog.java @@ -25,7 +25,6 @@ import java.awt.GridBagLayout; import java.awt.Insets; import java.net.URI; -import java.net.URL; import java.util.ArrayList; import java.util.List; import javax.swing.ImageIcon; @@ -429,7 +428,7 @@ public String validateFields() { try { // Need both constructors as they catch slightly different issues ;) new URI(startUrl); - new URL(startUrl); + new URI(startUrl).toURL(); } catch (Exception e) { return Constant.messages.getString("client.scandialog.nostart.error"); } diff --git a/addOns/graphql/CHANGELOG.md b/addOns/graphql/CHANGELOG.md index 5fc7fe9e807..467150c1569 100644 --- a/addOns/graphql/CHANGELOG.md +++ b/addOns/graphql/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased - +### Changed +- Maintenance changes. ## [0.32.0] - 2026-03-02 ### Added diff --git a/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/UrlBuilder.java b/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/UrlBuilder.java index e9d4ad9193c..c2848ff185a 100644 --- a/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/UrlBuilder.java +++ b/addOns/graphql/src/main/java/org/zaproxy/addon/graphql/UrlBuilder.java @@ -19,7 +19,6 @@ */ package org.zaproxy.addon.graphql; -import java.net.URL; import org.apache.commons.httpclient.URI; import org.apache.commons.httpclient.URIException; import org.parosproxy.paros.network.HttpHeader; @@ -36,7 +35,7 @@ public static URI build(String urlStr) throws URIException { throw new URIException("URL is incomplete."); } try { - new URL(urlStr).toURI(); + new java.net.URI(urlStr).toURL(); return new URI(urlStr, true); } catch (Exception e) { throw new URIException(e.getMessage()); diff --git a/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java b/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java index ba79136cc3b..f7000ab808c 100644 --- a/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java +++ b/addOns/llm/src/main/java/org/zaproxy/addon/llm/services/LlmCommunicationService.java @@ -141,7 +141,7 @@ private Integer importHttpCalls(String openapiContent) throws RuntimeException { public Integer importOpenapiFromUrl(String urlString) { Integer endpointCount = 0; try { - URL url = URI.create(urlString).toURL(); + URL url = new URI(urlString).toURL(); HttpURLConnection connection = (HttpURLConnection) url.openConnection(); connection.setRequestMethod("GET"); diff --git a/addOns/network/CHANGELOG.md b/addOns/network/CHANGELOG.md index fadd716a97f..e6f3103f539 100644 --- a/addOns/network/CHANGELOG.md +++ b/addOns/network/CHANGELOG.md @@ -5,7 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased - +### Changed +- Maintenance changes. ## [0.25.0] - 2025-12-15 ### Changed diff --git a/addOns/network/src/main/java/org/zaproxy/addon/network/ClientCertificatesOptionsPanel.java b/addOns/network/src/main/java/org/zaproxy/addon/network/ClientCertificatesOptionsPanel.java index bb539e13e91..94db28b24f3 100644 --- a/addOns/network/src/main/java/org/zaproxy/addon/network/ClientCertificatesOptionsPanel.java +++ b/addOns/network/src/main/java/org/zaproxy/addon/network/ClientCertificatesOptionsPanel.java @@ -24,6 +24,7 @@ import java.io.IOException; import java.lang.reflect.InvocationTargetException; import java.net.URI; +import java.net.URISyntaxException; import java.security.KeyStoreException; import java.security.ProviderException; import java.security.cert.Certificate; @@ -823,19 +824,19 @@ private static void showErrorMessageSunPkcs11ProviderNotAvailable(View view) { Object[] hyperlinks = new Object[2]; try { JXHyperlink hyperlinkLabel = new JXHyperlink(); - hyperlinkLabel.setURI(URI.create(sunReference)); + hyperlinkLabel.setURI(new URI(sunReference)); hyperlinkLabel.setText( Constant.messages.getString( "network.ui.options.clientcertificates.error.pkcs11.notavailable.sun.hyperlink.text")); hyperlinks[0] = hyperlinkLabel; hyperlinkLabel = new JXHyperlink(); - hyperlinkLabel.setURI(URI.create(ibmReference)); + hyperlinkLabel.setURI(new URI(ibmReference)); hyperlinkLabel.setText( Constant.messages.getString( "network.ui.options.clientcertificates.error.pkcs11.notavailable.ibm.hyperlink.text")); hyperlinks[1] = hyperlinkLabel; - } catch (UnsupportedOperationException e) { + } catch (UnsupportedOperationException | URISyntaxException e) { hyperlinks[0] = sunReference; hyperlinks[1] = ibmReference; } diff --git a/addOns/openapi/CHANGELOG.md b/addOns/openapi/CHANGELOG.md index 738d1d15938..c18e90758ca 100644 --- a/addOns/openapi/CHANGELOG.md +++ b/addOns/openapi/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [52] - 2026-02-11 ### Changed - Enable Swagger Secret Detector Script Scan Rule, the JS Engine memory leak has been addressed (Issue 9230). +- Maintenance changes. ## [51] - 2026-01-28 ### Changed diff --git a/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ImportDialog.java b/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ImportDialog.java index 808e4b00231..44d0e14031c 100644 --- a/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ImportDialog.java +++ b/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/ImportDialog.java @@ -25,7 +25,6 @@ import java.io.File; import java.net.MalformedURLException; import java.net.URISyntaxException; -import java.net.URL; import javax.swing.JButton; import javax.swing.JComboBox; import javax.swing.JFileChooser; @@ -333,7 +332,7 @@ private boolean importDefinition() { } try { - new URL(definitionLocation).toURI(); + new java.net.URI(definitionLocation).toURL(); var uri = new URI(definitionLocation, true); return extOpenApi.importOpenApiDefinition( uri, diff --git a/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/llm/LlmOpenApiImportDialog.java b/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/llm/LlmOpenApiImportDialog.java index bc90ed8510c..0ba5a442b13 100644 --- a/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/llm/LlmOpenApiImportDialog.java +++ b/addOns/openapi/src/main/java/org/zaproxy/zap/extension/openapi/llm/LlmOpenApiImportDialog.java @@ -25,7 +25,6 @@ import java.io.File; import java.net.MalformedURLException; import java.net.URISyntaxException; -import java.net.URL; import javax.swing.JButton; import javax.swing.JFileChooser; import javax.swing.JFrame; @@ -313,7 +312,7 @@ public void clearFields() { private boolean isValidURL(String url) { try { - new URL(url).toURI(); + new java.net.URI(url).toURL(); new URI(url, true); } catch (URIException | MalformedURLException | URISyntaxException e) { // Not a valid URI diff --git a/addOns/paramdigger/CHANGELOG.md b/addOns/paramdigger/CHANGELOG.md index d8a734615b7..b97e8f99163 100644 --- a/addOns/paramdigger/CHANGELOG.md +++ b/addOns/paramdigger/CHANGELOG.md @@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Update minimum ZAP version to 2.17.0. +- Maintenance changes. ### Fixed - Error logs to always include stack trace. diff --git a/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/gui/ParamDiggerDialog.java b/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/gui/ParamDiggerDialog.java index 98bd453576f..66287bcaec2 100644 --- a/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/gui/ParamDiggerDialog.java +++ b/addOns/paramdigger/src/main/java/org/zaproxy/addon/paramdigger/gui/ParamDiggerDialog.java @@ -24,7 +24,6 @@ import java.awt.GridBagConstraints; import java.awt.GridBagLayout; import java.awt.Insets; -import java.net.URL; import java.nio.file.Files; import java.nio.file.Paths; import java.util.ArrayList; @@ -511,7 +510,7 @@ public String validateFields() { } try { new URI(url, true); - new URL(url); + new java.net.URI(url).toURL(); } catch (Exception e) { return Constant.messages.getString("paramdigger.dialog.error.url.invalid"); } diff --git a/addOns/postman/CHANGELOG.md b/addOns/postman/CHANGELOG.md index 2834f1f4c74..97fda08e00a 100644 --- a/addOns/postman/CHANGELOG.md +++ b/addOns/postman/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Maintenance changes. ## [0.9.0] - 2025-12-15 ### Changed diff --git a/addOns/postman/src/main/java/org/zaproxy/addon/postman/ImportDialog.java b/addOns/postman/src/main/java/org/zaproxy/addon/postman/ImportDialog.java index e4baa836206..754adb0f29d 100644 --- a/addOns/postman/src/main/java/org/zaproxy/addon/postman/ImportDialog.java +++ b/addOns/postman/src/main/java/org/zaproxy/addon/postman/ImportDialog.java @@ -27,7 +27,6 @@ import java.io.IOException; import java.net.MalformedURLException; import java.net.URISyntaxException; -import java.net.URL; import javax.swing.JButton; import javax.swing.JFileChooser; import javax.swing.JFrame; @@ -239,7 +238,7 @@ private boolean importCollection() { boolean importedWithoutErrors = false; try { - new URL(collectionLocation).toURI(); + new java.net.URI(collectionLocation).toURL(); new URI(collectionLocation, true); importedWithoutErrors = parser.importFromUrl( diff --git a/addOns/postman/src/main/java/org/zaproxy/addon/postman/automation/PostmanJob.java b/addOns/postman/src/main/java/org/zaproxy/addon/postman/automation/PostmanJob.java index 9b53ec14e20..3108508c418 100644 --- a/addOns/postman/src/main/java/org/zaproxy/addon/postman/automation/PostmanJob.java +++ b/addOns/postman/src/main/java/org/zaproxy/addon/postman/automation/PostmanJob.java @@ -22,7 +22,6 @@ import java.io.File; import java.io.IOException; import java.net.URISyntaxException; -import java.net.URL; import java.nio.charset.StandardCharsets; import java.util.LinkedHashMap; import java.util.Map; @@ -105,9 +104,12 @@ public void runJob(AutomationEnvironment env, AutomationProgress progress) { if (!StringUtils.isEmpty(collectionStr)) { String collectionUrl = env.replaceVars(collectionStr); + if (collectionUrl == null) { + collectionUrl = collectionStr; + } try { - new URL(collectionUrl).toURI(); + new java.net.URI(collectionUrl).toURL(); new URI(collectionUrl, true); parser.importFromUrl(collectionUrl, variables, false); diff --git a/addOns/postman/src/test/java/org/zaproxy/addon/postman/automation/PostmanJobUnitTest.java b/addOns/postman/src/test/java/org/zaproxy/addon/postman/automation/PostmanJobUnitTest.java index f6d00cf0148..49fd2962c9f 100644 --- a/addOns/postman/src/test/java/org/zaproxy/addon/postman/automation/PostmanJobUnitTest.java +++ b/addOns/postman/src/test/java/org/zaproxy/addon/postman/automation/PostmanJobUnitTest.java @@ -172,6 +172,31 @@ void shouldFailIfInvalidUrl() { assertThat(progress.getErrors().get(0), is(equalTo("!postman.automation.error!"))); } + @Test + void shouldFailIfInvalidUrlWhenVariablesResolveToNull() { + // Given + Constant.messages = new I18N(Locale.ENGLISH); + AutomationProgress progress = new AutomationProgress(); + AutomationEnvironment env = mock(AutomationEnvironment.class); + String collectionUrl = "Invalid URL."; + String yamlStr = "parameters:\n" + " collectionUrl: '" + collectionUrl + "'"; + Yaml yaml = new Yaml(); + Object data = yaml.load(yamlStr); + + PostmanJob job = new PostmanJob(); + job.setJobData(((LinkedHashMap) data)); + given(env.replaceVars(collectionUrl)).willReturn(null); + + // When + job.verifyParameters(progress); + job.runJob(env, progress); + + // Then + assertThat(progress.hasWarnings(), is(equalTo(false))); + assertThat(progress.hasErrors(), is(equalTo(true))); + assertThat(progress.getErrors().get(0), is(equalTo("!postman.automation.error!"))); + } + @Test void shouldFailIfInvalidFile() { // Given diff --git a/addOns/pscanrules/CHANGELOG.md b/addOns/pscanrules/CHANGELOG.md index 8d00f9bc408..87ce7745e41 100644 --- a/addOns/pscanrules/CHANGELOG.md +++ b/addOns/pscanrules/CHANGELOG.md @@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Attempts to collect comments from JavaScript content using the ANTLR library, which should be more accurate. - Provides more context in the evidence (Issue 9185). - The Content Security Policy scan rule leverages an updated version of the htmlunit-csp library that includes support for the trusted-types and require-trusted-types-for directives. +- Maintenance changes. ## [70] - 2025-12-15 ### Added diff --git a/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/UserControlledHTMLAttributesScanRule.java b/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/UserControlledHTMLAttributesScanRule.java index b510a6e476c..10e356e5c06 100644 --- a/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/UserControlledHTMLAttributesScanRule.java +++ b/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/UserControlledHTMLAttributesScanRule.java @@ -20,6 +20,8 @@ package org.zaproxy.zap.extension.pscanrules; import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import java.util.Collections; import java.util.HashMap; @@ -146,8 +148,8 @@ private void checkHtmlAttribute( if (attrValue.indexOf("://") > 0) { URL url; try { - url = new URL(attrValue); - } catch (MalformedURLException e) { + url = new URI(attrValue).toURL(); + } catch (MalformedURLException | URISyntaxException e) { return; } // get protocol diff --git a/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/UserControlledOpenRedirectScanRule.java b/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/UserControlledOpenRedirectScanRule.java index 3e98b3e7073..cea543e327f 100644 --- a/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/UserControlledOpenRedirectScanRule.java +++ b/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/UserControlledOpenRedirectScanRule.java @@ -20,6 +20,7 @@ package org.zaproxy.zap.extension.pscanrules; import java.net.MalformedURLException; +import java.net.URISyntaxException; import java.net.URL; import java.util.Collections; import java.util.HashMap; @@ -117,8 +118,8 @@ private void checkUserControllableLocationHeaderValue( if (responseLocation.indexOf("://") > 0) { URL responseURL; try { - responseURL = new URL(responseLocation); - } catch (MalformedURLException e) { + responseURL = new java.net.URI(responseLocation).toURL(); + } catch (MalformedURLException | URISyntaxException e) { return; } diff --git a/addOns/quickstart/CHANGELOG.md b/addOns/quickstart/CHANGELOG.md index 6de83c736e8..9c9b9386012 100644 --- a/addOns/quickstart/CHANGELOG.md +++ b/addOns/quickstart/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Maintenance changes. ## [55] - 2026-03-09 ### Fixed diff --git a/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/AttackPanel.java b/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/AttackPanel.java index 6af055d3ce9..dace2f7f739 100644 --- a/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/AttackPanel.java +++ b/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/AttackPanel.java @@ -390,7 +390,7 @@ boolean attackUrl() { String urlStr = item.toString(); URL url; try { - url = new URL(urlStr); + url = new java.net.URI(urlStr).toURL(); // Validate the actual request-uri of the HTTP message accessed. new URI(urlStr, true); } catch (Exception e) { diff --git a/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ExtensionQuickStart.java b/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ExtensionQuickStart.java index fc778e55818..d46efe58f12 100644 --- a/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ExtensionQuickStart.java +++ b/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ExtensionQuickStart.java @@ -23,6 +23,7 @@ import java.io.File; import java.io.IOException; import java.net.MalformedURLException; +import java.net.URISyntaxException; import java.net.URL; import java.nio.charset.StandardCharsets; import java.nio.file.Files; @@ -723,10 +724,10 @@ private class HeadlessQuickAttacker extends QuickAttacker { public boolean attack(String url) { URL targetURL; try { - targetURL = new URL(url); + targetURL = new java.net.URI(url).toURL(); // Validate the actual request-uri of the HTTP message accessed. new URI(url, true); - } catch (MalformedURLException | URIException e) { + } catch (MalformedURLException | URIException | URISyntaxException e) { reportError( Constant.messages.getString( "quickstart.cmdline.quickurl.error.invalidUrl")); diff --git a/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ZapItScan.java b/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ZapItScan.java index 407645abf0d..69d6f879ffb 100644 --- a/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ZapItScan.java +++ b/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ZapItScan.java @@ -21,6 +21,7 @@ import java.lang.reflect.Method; import java.net.MalformedURLException; +import java.net.URISyntaxException; import java.net.URL; import java.util.ArrayList; import java.util.Collections; @@ -73,10 +74,10 @@ public boolean recon(String url) { URL targetURL; try { - targetURL = new URL(url); + targetURL = new java.net.URI(url).toURL(); // Validate the actual request-uri of the HTTP message accessed. new URI(url, true); - } catch (MalformedURLException | URIException e) { + } catch (MalformedURLException | URIException | URISyntaxException e) { CommandLine.error( Constant.messages.getString("quickstart.cmdline.quickurl.error.invalidUrl")); return false; diff --git a/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/launch/OptionsQuickStartLaunchPanel.java b/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/launch/OptionsQuickStartLaunchPanel.java index 04d715011e2..fb947d65a76 100644 --- a/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/launch/OptionsQuickStartLaunchPanel.java +++ b/addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/launch/OptionsQuickStartLaunchPanel.java @@ -21,7 +21,7 @@ import java.awt.GridBagLayout; import java.awt.Insets; -import java.net.URL; +import java.net.URI; import javax.swing.JComboBox; import javax.swing.JLabel; import javax.swing.JPanel; @@ -89,7 +89,7 @@ public void validateParam(Object obj) throws Exception { if (getStartPageOption().getSelectedIndex() == 2) { try { // Validate the url - new URL(getStartUrl().getText()); + new URI(getStartUrl().getText()).toURL(); } catch (Exception e) { getStartUrl().requestFocus(); throw new IllegalArgumentException( @@ -111,7 +111,7 @@ public void saveParam(Object obj) throws Exception { param.setLaunchBlankStartPage(); break; case 2: - param.setLaunchStartPage(new URL(getStartUrl().getText())); + param.setLaunchStartPage(new URI(getStartUrl().getText()).toURL()); break; default: param.setLaunchZapStartPage(); diff --git a/addOns/reports/CHANGELOG.md b/addOns/reports/CHANGELOG.md index e83fb0d16e6..ee22b00680a 100644 --- a/addOns/reports/CHANGELOG.md +++ b/addOns/reports/CHANGELOG.md @@ -8,8 +8,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - "Other Info" to the modern HTML report ### Changed -- Maintenance changes. - "Other Info" sections of the HTML reports to split the text on newlines. +- Maintenance changes. ## [0.43.0] - 2025-12-15 ### Added diff --git a/addOns/reports/src/main/java/org/zaproxy/addon/reports/sarif/SarifReportDataSupport.java b/addOns/reports/src/main/java/org/zaproxy/addon/reports/sarif/SarifReportDataSupport.java index ad0001c52c2..34c840a3ba4 100644 --- a/addOns/reports/src/main/java/org/zaproxy/addon/reports/sarif/SarifReportDataSupport.java +++ b/addOns/reports/src/main/java/org/zaproxy/addon/reports/sarif/SarifReportDataSupport.java @@ -20,6 +20,7 @@ package org.zaproxy.addon.reports.sarif; import java.net.URI; +import java.net.URISyntaxException; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -123,8 +124,15 @@ private void createCweTaxonomy(List list) { for (Integer foundCWEId : foundCWEIds) { SarifTaxa taxa = taxonomy.addTaxa("" + foundCWEId); - taxa.helpUri = - URI.create("https://cwe.mitre.org/data/definitions/" + foundCWEId + ".html"); + taxa.helpUri = toUri("https://cwe.mitre.org/data/definitions/" + foundCWEId + ".html"); + } + } + + private static URI toUri(String value) { + try { + return new URI(value); + } catch (URISyntaxException e) { + throw new IllegalArgumentException(e); } } diff --git a/addOns/reports/src/main/java/org/zaproxy/addon/reports/sarif/SarifToolData.java b/addOns/reports/src/main/java/org/zaproxy/addon/reports/sarif/SarifToolData.java index 71c51409c9e..46cb5366be5 100644 --- a/addOns/reports/src/main/java/org/zaproxy/addon/reports/sarif/SarifToolData.java +++ b/addOns/reports/src/main/java/org/zaproxy/addon/reports/sarif/SarifToolData.java @@ -20,6 +20,7 @@ package org.zaproxy.addon.reports.sarif; import java.net.URI; +import java.net.URISyntaxException; public class SarifToolData { @@ -33,7 +34,7 @@ public class SarifToolData { .setTaxonomyComprehensive(true) .setShortDescription("Zed Attack Proxy") .setOrganization("ZAP") - .setTaxonomyInformationUri(URI.create("https://www.zaproxy.org/")) + .setTaxonomyInformationUri(toUri("https://www.zaproxy.org/")) .build(); static final SarifToolDataProvider CWE_WITH_4_8_TAXONOMY = @@ -43,9 +44,9 @@ public class SarifToolData { .setTaxonomyComprehensive(true) .setTaxonomyReleaseDateUtc("2022-06-28") .setTaxonomyDownloadUri( - URI.create("https://cwe.mitre.org/data/xml/cwec_v4.8.xml.zip")) + toUri("https://cwe.mitre.org/data/xml/cwec_v4.8.xml.zip")) .setTaxonomyInformationUri( - URI.create("https://cwe.mitre.org/data/published/cwe_v4.8.pdf")) + toUri("https://cwe.mitre.org/data/published/cwe_v4.8.pdf")) .setShortDescription("The MITRE Common Weakness Enumeration") .setOrganization("MITRE") .build(); @@ -66,6 +67,14 @@ static SarifToolDataProviderBuilder builder() { return new SarifToolDataProviderBuilder(); } + private static URI toUri(String value) { + try { + return new URI(value); + } catch (URISyntaxException e) { + throw new IllegalArgumentException(e); + } + } + static class SarifToolDataProviderBuilder { private String name; diff --git a/addOns/soap/CHANGELOG.md b/addOns/soap/CHANGELOG.md index 1392b33675a..434355d142c 100644 --- a/addOns/soap/CHANGELOG.md +++ b/addOns/soap/CHANGELOG.md @@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased - +### Changed +- Maintenance changes. ## [29] - 2025-12-15 ### Changed diff --git a/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/ImportDialog.java b/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/ImportDialog.java index 43f7e55c271..08f1337ece1 100644 --- a/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/ImportDialog.java +++ b/addOns/soap/src/main/java/org/zaproxy/zap/extension/soap/ImportDialog.java @@ -25,7 +25,6 @@ import java.io.File; import java.net.MalformedURLException; import java.net.URISyntaxException; -import java.net.URL; import javax.swing.JButton; import javax.swing.JFileChooser; import javax.swing.JFrame; @@ -116,7 +115,7 @@ private boolean importWsdl() { } try { - new URL(wsdlLocation).toURI(); + new java.net.URI(wsdlLocation).toURL(); new URI(wsdlLocation, true); extSoap.extUrlWSDLImport(wsdlLocation); return true; diff --git a/addOns/spider/src/main/java/org/zaproxy/addon/spider/SpiderDialog.java b/addOns/spider/src/main/java/org/zaproxy/addon/spider/SpiderDialog.java index c43fa4c2198..f5b2d5cdd88 100644 --- a/addOns/spider/src/main/java/org/zaproxy/addon/spider/SpiderDialog.java +++ b/addOns/spider/src/main/java/org/zaproxy/addon/spider/SpiderDialog.java @@ -23,7 +23,6 @@ import java.awt.Frame; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; -import java.net.URL; import java.util.ArrayList; import java.util.List; import javax.swing.JButton; @@ -392,7 +391,7 @@ public String validateFields() { try { // Need both constructors as they catch slightly different issues ;) new URI(url, true); - new URL(url); + new java.net.URI(url).toURL(); } catch (Exception e) { return Constant.messages.getString("spider.custom.nostart.error"); } diff --git a/addOns/spider/src/main/java/org/zaproxy/addon/spider/UrlCanonicalizer.java b/addOns/spider/src/main/java/org/zaproxy/addon/spider/UrlCanonicalizer.java index 496d5a63ecd..181e0ee442f 100644 --- a/addOns/spider/src/main/java/org/zaproxy/addon/spider/UrlCanonicalizer.java +++ b/addOns/spider/src/main/java/org/zaproxy/addon/spider/UrlCanonicalizer.java @@ -20,8 +20,8 @@ */ package org.zaproxy.addon.spider; +import java.net.MalformedURLException; import java.net.URI; -import java.net.URL; import java.util.HashSet; import java.util.Set; import java.util.SortedSet; @@ -153,10 +153,8 @@ public static String getCanonicalUrl(ParseContext ctx, String url, String baseUR /* Process parameters and sort them. */ final SortedSet params = createSortedParameters(canonicalURI.getRawQuery()); - final String queryString; String canonicalParams = canonicalize(params, ctx.getSpiderParam()::isIrrelevantUrlParameter); - queryString = (canonicalParams.isEmpty() ? "" : "?" + canonicalParams); /* Add starting slash if needed */ if (path.length() == 0) { @@ -172,10 +170,35 @@ public static String getCanonicalUrl(ParseContext ctx, String url, String baseUR /* Lowercasing protocol and host */ String protocol = canonicalURI.getScheme().toLowerCase(); String host = canonicalURI.getHost().toLowerCase(); - String pathAndQueryString = normalizePath(path) + queryString; + String normalizedPath = normalizePath(path); + String query = canonicalParams.isEmpty() ? null : canonicalParams; - URL result = new URL(protocol, host, port, pathAndQueryString); - return result.toExternalForm(); + /* + * Build the canonical URL string directly to preserve percent-encoding. + * The multi-argument URI constructor would re-encode % to %25, causing + * double-encoding of already-encoded path/query components. + */ + StringBuilder result = new StringBuilder(); + result.append(protocol).append("://").append(host); + if (port != -1) { + result.append(':').append(port); + } + result.append(normalizedPath); + if (query != null) { + result.append('?').append(query); + } + String resultStr = result.toString(); + /* + * Validate the scheme is supported by java.net.URL (e.g. http, https, ftp). + * Unsupported schemes like "scheme://" would have caused toURL() to throw + * in the previous implementation, returning null. + */ + try { + new URI(resultStr).toURL(); + } catch (MalformedURLException | IllegalArgumentException e) { + return null; + } + return resultStr; } catch (Exception ex) { LOGGER.warn( diff --git a/addOns/spiderAjax/CHANGELOG.md b/addOns/spiderAjax/CHANGELOG.md index 9bb36d55436..139edc470b1 100644 --- a/addOns/spiderAjax/CHANGELOG.md +++ b/addOns/spiderAjax/CHANGELOG.md @@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Update Crawljax to version 3.8.0 (Issues 3412 and 7138). +- Maintenance changes. ## [23.29.0] - 2025-12-15 ### Changed diff --git a/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/AjaxSpiderAPI.java b/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/AjaxSpiderAPI.java index afd73c317fb..18a025c3ac1 100644 --- a/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/AjaxSpiderAPI.java +++ b/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/AjaxSpiderAPI.java @@ -484,7 +484,11 @@ private void startScan( throw new ApiException(Type.MISSING_PARAMETER, PARAM_URL); } - startURI = URI.create(nodes.get(0).getHistoryReference().getURI().toString()); + try { + startURI = new URI(nodes.get(0).getHistoryReference().getURI().toString()); + } catch (URISyntaxException e) { + throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e); + } validateUrl = false; } else if (context != null && !context.isInContext(url)) { throw new ApiException(Type.URL_NOT_IN_CONTEXT, PARAM_URL); diff --git a/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/AjaxSpiderDialog.java b/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/AjaxSpiderDialog.java index 09524fc5ee3..a5c7e7adee3 100644 --- a/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/AjaxSpiderDialog.java +++ b/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/AjaxSpiderDialog.java @@ -22,7 +22,7 @@ import java.awt.Dimension; import java.awt.Frame; import java.net.URI; -import java.net.URL; +import java.net.URISyntaxException; import java.util.ArrayList; import java.util.List; import javax.swing.JButton; @@ -381,11 +381,19 @@ public void save() { URI startUri = null; if (!this.getStringValue(FIELD_START).equals(getTargetText(target))) { - startUri = URI.create(getStringValue(FIELD_START)); + try { + startUri = new URI(getStringValue(FIELD_START)); + } catch (URISyntaxException e) { + return; + } } else { SiteNode startNode = target.getStartNode(); if (startNode != null) { - startUri = URI.create(startNode.getHistoryReference().getURI().toString()); + try { + startUri = new URI(startNode.getHistoryReference().getURI().toString()); + } catch (URISyntaxException e) { + return; + } } else if (target.getContext() != null) { startUri = extension.getFirstUriInContext(target.getContext()); } @@ -460,7 +468,7 @@ public String validateFields() { try { // Need both constructors as they catch slightly different issues ;) startUri = new URI(url); - new URL(url); + new URI(url).toURL(); } catch (Exception e) { return Constant.messages.getString("spiderajax.scandialog.nostart.error"); } @@ -471,7 +479,11 @@ public String validateFields() { SiteNode startNode = target.getStartNode(); if (startNode != null) { - startUri = URI.create(startNode.getHistoryReference().getURI().toString()); + try { + startUri = new URI(startNode.getHistoryReference().getURI().toString()); + } catch (URISyntaxException e) { + return Constant.messages.getString("spiderajax.scandialog.nostart.error"); + } } else if (context != null) { if (getBoolValue(FIELD_SUBTREE_ONLY)) { return Constant.messages.getString( diff --git a/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/ExtensionAjax.java b/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/ExtensionAjax.java index 3d7954faf05..d72fbb0d65b 100644 --- a/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/ExtensionAjax.java +++ b/addOns/spiderAjax/src/main/java/org/zaproxy/zap/extension/spiderAjax/ExtensionAjax.java @@ -21,6 +21,7 @@ import java.awt.event.KeyEvent; import java.net.URI; +import java.net.URISyntaxException; import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; @@ -451,7 +452,11 @@ private static URI findFirstUriInContext(Context context, SiteNode node) { while (en.hasMoreElements()) { SiteNode childNode = (SiteNode) en.nextElement(); if (context.isInContext(childNode)) { - return URI.create(childNode.getHistoryReference().getURI().toString()); + try { + return new URI(childNode.getHistoryReference().getURI().toString()); + } catch (URISyntaxException e) { + // Skip invalid URI and keep searching. + } } URI uri = findFirstUriInContext(context, childNode); diff --git a/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Algo/BFcipher.java b/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Algo/BFcipher.java index 302132038c3..1b0f9fc1191 100644 --- a/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Algo/BFcipher.java +++ b/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Algo/BFcipher.java @@ -274,7 +274,7 @@ synchronized int BF_enc(int np, int L, int R) { long s2 = (FS[0x100 + ((R >>> 16) & 0xff)]); long s3 = (FS[0x200 + ((R >>> 8) & 0xff)]); long s4 = (FS[0x300 + ((R) & 0xff)]); - long s = (((s1 + s2) ^ s3) + s4) & (0xffffffff); + int s = (int) (((s1 + s2) ^ s3) + s4); L ^= FP[np]; L ^= s; return L; diff --git a/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/IO/HttpGetUrlRandomStream.java b/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/IO/HttpGetUrlRandomStream.java index f926da0a478..c55b52c4e87 100644 --- a/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/IO/HttpGetUrlRandomStream.java +++ b/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/IO/HttpGetUrlRandomStream.java @@ -33,6 +33,7 @@ package com.fasteasytrade.JRandTest.IO; import java.io.DataInputStream; +import java.net.URI; import java.net.URL; import java.net.URLConnection; import java.util.Collection; @@ -112,7 +113,7 @@ public boolean openInputStream() throws Exception { return false; try { - url = new URL(filename); + url = new URI(filename).toURL(); con = url.openConnection(); con.connect(); lengthOfData = con.getContentLength(); diff --git a/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Tests/BinaryRankTestFor6x8Matrices.java b/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Tests/BinaryRankTestFor6x8Matrices.java index 22ab5087b42..302bdd458e0 100644 --- a/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Tests/BinaryRankTestFor6x8Matrices.java +++ b/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Tests/BinaryRankTestFor6x8Matrices.java @@ -44,7 +44,7 @@ public class BinaryRankTestFor6x8Matrices extends Base { int no_row, no_col; - long mask; + int mask; String testName = "6x8"; // test name: "6x8", "31x31", "32x32" diff --git a/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Tests/OverlappingPairsSparseOccupancy.java b/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Tests/OverlappingPairsSparseOccupancy.java index 22382b77ff6..ab42dc6959a 100644 --- a/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Tests/OverlappingPairsSparseOccupancy.java +++ b/addOns/tokengen/src/main/java/com/fasteasytrade/JRandTest/Tests/OverlappingPairsSparseOccupancy.java @@ -101,7 +101,7 @@ public void test(String filename) int j; int u, l; int wd; - long[] maskbit = new long[32]; + int[] maskbit = new int[32]; int i, k, rt = 0; int no_wds = (int) pow(2, bits_pw + 1); int no_mswds; diff --git a/addOns/treetools/src/main/java/org/zaproxy/zap/extension/treetools/ExtensionTreeTools.java b/addOns/treetools/src/main/java/org/zaproxy/zap/extension/treetools/ExtensionTreeTools.java index e4e0ddd2a09..a852cbbb0cc 100644 --- a/addOns/treetools/src/main/java/org/zaproxy/zap/extension/treetools/ExtensionTreeTools.java +++ b/addOns/treetools/src/main/java/org/zaproxy/zap/extension/treetools/ExtensionTreeTools.java @@ -20,6 +20,8 @@ package org.zaproxy.zap.extension.treetools; import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import org.parosproxy.paros.Constant; import org.parosproxy.paros.extension.ExtensionAdaptor; @@ -58,8 +60,8 @@ public String getDescription() { @Override public URL getURL() { try { - return new URL("http://www.chs.us"); - } catch (MalformedURLException e) { + return new URI("http://www.chs.us").toURL(); + } catch (MalformedURLException | URISyntaxException e) { return null; } } diff --git a/addOns/zest/CHANGELOG.md b/addOns/zest/CHANGELOG.md index d8e0eef6af4..a3136958034 100644 --- a/addOns/zest/CHANGELOG.md +++ b/addOns/zest/CHANGELOG.md @@ -19,6 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - Update Zest library to 0.35.0: - Migrate JSON serialization from Gson to Jackson. +- Maintenance changes. ## [48.11.0] - 2025-12-15 ### Changed diff --git a/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestZapUtils.java b/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestZapUtils.java index 19fe7f33c78..76953f81afa 100644 --- a/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestZapUtils.java +++ b/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/ZestZapUtils.java @@ -21,6 +21,7 @@ import java.io.File; import java.net.MalformedURLException; +import java.net.URISyntaxException; import java.net.URL; import java.nio.file.InvalidPathException; import java.nio.file.Path; @@ -1044,7 +1045,7 @@ public static HttpMessage toHttpMessage(ZestRequest request, ZestResponse respon } public static ZestResponse toZestResponse(HttpMessage msg) throws MalformedURLException { - return toZestResponse(new URL(msg.getRequestHeader().getURI().toString()), msg); + return toZestResponse(toUrl(msg.getRequestHeader().getURI().toString()), msg); } private static ZestResponse toZestResponse(URL url, HttpMessage msg) { @@ -1071,7 +1072,7 @@ public static ZestRequest toZestRequest( throw new HttpMalformedHeaderException("The request header does not have a URI."); } - req.setUrl(new URL(uri.toString())); + req.setUrl(toUrl(uri.toString())); if (replaceTokens) { req.setUrlToken(correctTokens(uri.toString())); req.setData(correctTokens(msg.getRequestBody().toString())); @@ -1096,6 +1097,16 @@ public static ZestRequest toZestRequest( return req; } + private static URL toUrl(String value) throws MalformedURLException { + try { + return new java.net.URI(value).toURL(); + } catch (URISyntaxException e) { + MalformedURLException ex = new MalformedURLException(e.getMessage()); + ex.initCause(e); + throw ex; + } + } + private static void setHeaders( ZestRequest req, HttpMessage msg, boolean replaceTokens, List ignoreHeaders) { String[] headers = msg.getRequestHeader().getHeadersAsString().split(HttpHeader.CRLF); diff --git a/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestRecordScriptDialog.java b/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestRecordScriptDialog.java index 852840dfd88..c0791cfcb63 100644 --- a/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestRecordScriptDialog.java +++ b/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestRecordScriptDialog.java @@ -22,7 +22,7 @@ import java.awt.Dimension; import java.awt.Frame; import java.net.MalformedURLException; -import java.net.URL; +import java.net.URI; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -250,7 +250,7 @@ public String validateFields() { } if (!this.isEmptyField(FIELD_PREFIX)) { try { - new URL(this.getStringValue(FIELD_PREFIX)); + new URI(this.getStringValue(FIELD_PREFIX)).toURL(); } catch (Exception e) { return Constant.messages.getString("zest.dialog.script.error.prefix"); } diff --git a/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestRequestDialog.java b/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestRequestDialog.java index 08ef3ee542c..f25d10f8345 100644 --- a/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestRequestDialog.java +++ b/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestRequestDialog.java @@ -22,6 +22,8 @@ import java.awt.Dimension; import java.awt.Frame; import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URL; import java.util.ArrayList; import java.util.List; @@ -203,9 +205,9 @@ public void save() { setUrlToken(request, url); } else { try { - request.setUrl(new URL(url)); + request.setUrl(new URI(url).toURL()); request.setUrlToken(null); - } catch (MalformedURLException e) { + } catch (MalformedURLException | URISyntaxException e) { // Assume this is because it includes a token setUrlToken(request, url); } @@ -262,8 +264,8 @@ private JButton getAddButton() { if (url == null) { // Happens on a new request dialog try { - url = new URL(getStringValue(FIELD_URL)); - } catch (MalformedURLException e2) { + url = new URI(getStringValue(FIELD_URL)).toURL(); + } catch (MalformedURLException | URISyntaxException e2) { // Ignore - it could not be set up or parameterized } } diff --git a/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestScriptsDialog.java b/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestScriptsDialog.java index 436ecc18a9a..3e453dde33c 100644 --- a/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestScriptsDialog.java +++ b/addOns/zest/src/main/java/org/zaproxy/zap/extension/zest/dialogs/ZestScriptsDialog.java @@ -22,7 +22,7 @@ import java.awt.Dimension; import java.awt.Frame; import java.net.MalformedURLException; -import java.net.URL; +import java.net.URI; import java.util.ArrayList; import java.util.Base64; import java.util.HashMap; @@ -442,7 +442,7 @@ public String validateFields() { } if (!this.isEmptyField(FIELD_PREFIX)) { try { - new URL(this.getStringValue(FIELD_PREFIX)); + new URI(this.getStringValue(FIELD_PREFIX)).toURL(); } catch (Exception e) { return Constant.messages.getString("zest.dialog.script.error.prefix"); } diff --git a/addOns/zest/src/test/java/org/zaproxy/zap/extension/zest/ZestZapUtilsUnitTest.java b/addOns/zest/src/test/java/org/zaproxy/zap/extension/zest/ZestZapUtilsUnitTest.java index 749b8d5d85a..8eb483b7c33 100644 --- a/addOns/zest/src/test/java/org/zaproxy/zap/extension/zest/ZestZapUtilsUnitTest.java +++ b/addOns/zest/src/test/java/org/zaproxy/zap/extension/zest/ZestZapUtilsUnitTest.java @@ -26,7 +26,7 @@ import static org.hamcrest.Matchers.nullValue; import static org.junit.jupiter.api.Assertions.assertThrows; -import java.net.URL; +import java.net.URI; import java.util.Arrays; import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; @@ -161,12 +161,12 @@ void shouldCreateStdHttpMessage() throws Exception { // Given String urlStr = "https://www.example.com"; ZestRequest req = new ZestRequest(); - req.setUrl(new URL(urlStr)); + req.setUrl(new URI(urlStr).toURL()); req.setMethod("GET"); req.setHeaders("example-req-header: example-value"); ZestResponse resp = new ZestResponse( - new URL(urlStr), + new URI(urlStr).toURL(), "HTTP/1.1 200 OK\r\nexample-resp-header: example-value", "The body", 200, @@ -207,7 +207,7 @@ void shouldCreateHttpMessageWithTokenInUrl() throws Exception { req.setHeaders("example-req-header: example-value"); ZestResponse resp = new ZestResponse( - new URL(urlStr), + new URI(urlStr).toURL(), "HTTP/1.1 200 OK\r\nexample-resp-header: example-value", "The body", 200,