diff --git a/zap/src/main/java/org/parosproxy/paros/core/scanner/JsonParamParser.java b/zap/src/main/java/org/parosproxy/paros/core/scanner/JsonParamParser.java index 1690348b68d..57d80f37a80 100644 --- a/zap/src/main/java/org/parosproxy/paros/core/scanner/JsonParamParser.java +++ b/zap/src/main/java/org/parosproxy/paros/core/scanner/JsonParamParser.java @@ -102,6 +102,7 @@ private void parseObject(int state, List list) { int endToken; int chr; + boolean primitive = false; while (!done) { switch (state) { case STATE_INIT: @@ -115,7 +116,7 @@ private void parseObject(int state, List list) { state = STATE_READ_VALUE; } else { - // Lets see if its just a primitive string + primitive = true; sr.unreadLastCharacter(); state = STATE_READ_VALUE; } @@ -176,13 +177,13 @@ private void parseObject(int state, List list) { break; case STATE_READ_VALUE: - if (field == null) { + if (!primitive && field == null) { // field is null when you have an untyped Object[], so we place // the JsonArray on the @items field. field = "@items"; } - parseValue(field, list); + parseValue(primitive, field, list); state = STATE_READ_POST_VALUE; break; @@ -211,7 +212,7 @@ private static String getUnescapedValue(String value) { return StringEscapeUtils.unescapeJava(value); } - private void parseValue(String fieldName, List list) { + private void parseValue(boolean primitive, String fieldName, List list) { int chr = sr.read(); // Check if the value is a string @@ -233,7 +234,11 @@ private void parseValue(String fieldName, List list) { int beginToken = sr.getPosition(); do { chr = sr.read(); + if (chr == -1) { + if (primitive) { + break; + } throw new IllegalArgumentException("Reached EOF while reading number"); } @@ -244,7 +249,9 @@ private void parseValue(String fieldName, List list) { || (chr == '+') || (chr == '-')); - sr.unreadLastCharacter(); + if (!primitive) { + sr.unreadLastCharacter(); + } // Now we have the int object value // Put everything inside the parameter array int endToken = sr.getPosition(); @@ -298,7 +305,7 @@ private void parseArray(String fieldName, List list) { while (true) { sr.skipWhitespaceRead(); sr.unreadLastCharacter(); - parseValue(fieldName + "[" + (idx++) + "]", list); + parseValue(false, fieldName + "[" + (idx++) + "]", list); chr = sr.skipWhitespaceRead(); if (chr == END_ARRAY) { diff --git a/zap/src/test/java/org/parosproxy/paros/core/scanner/VariantJSONQueryUnitTest.java b/zap/src/test/java/org/parosproxy/paros/core/scanner/VariantJSONQueryUnitTest.java index 53ce46ebf4f..13c0937ce48 100644 --- a/zap/src/test/java/org/parosproxy/paros/core/scanner/VariantJSONQueryUnitTest.java +++ b/zap/src/test/java/org/parosproxy/paros/core/scanner/VariantJSONQueryUnitTest.java @@ -419,6 +419,31 @@ void shouldReplacePrimitiveString() throws HttpMalformedHeaderException { assertThat(message.getRequestBody().toString(), is("\"injection\"")); } + @Test + void shouldExtractPrimitiveNumbers() throws HttpMalformedHeaderException { + // Given + VariantJSONQuery variantJSONQuery = new VariantJSONQuery(); + variantJSONQuery.setMessage(getMessageWithBody("12345")); + // When + List parameters = variantJSONQuery.getParamList(); + // Then + assertThat(parameters.size(), is(equalTo(1))); + assertThat(parameters.get(0).getValue(), is("12345")); + } + + @Test + void shouldReplacePrimitiveNumbers() throws HttpMalformedHeaderException { + // Given + VariantJSONQuery variantJSONQuery = new VariantJSONQuery(); + HttpMessage message = getMessageWithBody("12345"); + variantJSONQuery.setMessage(message); + // When + List parameters = variantJSONQuery.getParamList(); + variantJSONQuery.setParameter(message, parameters.get(0), "", "injection"); + // Then + assertThat(message.getRequestBody().toString(), is("\"injection\"")); + } + private static HttpMessage getMessageWithBody(String body) throws HttpMalformedHeaderException { return new HttpMessage( new HttpRequestHeader(