From 198e62e0ae6cd8cfb708600537106a2f41d235ef Mon Sep 17 00:00:00 2001
From: kingthorin <kingthorin@users.noreply.github.com>
Date: Mon, 28 Oct 2024 09:47:58 -0400
Subject: [PATCH] custompayloads: SAST Fixes (SonarLint) & Options panel help
 button

- AbstractColumnDialog > Use List interface vs ArrayList.
- Column > Reduce visibility.
- CustomPayloadColumns > Add private constructor to hide implicit one.
Remove ID column from Options Panel display.
- CustomPayloadMultipleOptionsTableModel > Use List interface vs
ArrayList for params.
- CustomPayloadsCategoryColumn > Make getExtension static.
- CustomPayloadsMultipleOptionsTablePanel > Make showDialog static.
- EditableColumn > Reduce visibility.
- EditableSelectColumn > Reduce visibility, adjust method naming to
proper Java camelCase.
- CustomPayloadsApiUnitTest > Remove unused param API.RequestType, and
pointless declared throw on shouldHavePrefix.

- CHANGELOG > Already has a maint note, added a note about the Options
panel help button.
- CustomPayloadsOptionsPanel > Added overridden getHelpIndex method.

- Help files > Updated to include more detailed info about the
functionality.

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
---
 addOns/custompayloads/CHANGELOG.md            |  1 +
 .../custompayloads/AbstractColumnDialog.java  |  3 +-
 .../zap/extension/custompayloads/Column.java  |  4 +-
 .../CustomPayloadCategoryColumn.java          |  2 +-
 .../custompayloads/CustomPayloadColumns.java  |  9 ++--
 ...ustomPayloadMultipleOptionsTableModel.java |  3 +-
 ...stomPayloadsMultipleOptionsTablePanel.java |  2 +-
 .../CustomPayloadsOptionsPanel.java           |  5 ++
 .../custompayloads/EditableColumn.java        |  6 +--
 .../custompayloads/EditableSelectColumn.java  | 13 ++---
 .../resources/help/contents/options.html      | 48 +++++++++++++++++++
 .../custompayloads/resources/help/index.xml   |  1 +
 .../custompayloads/resources/help/map.jhm     |  1 +
 .../custompayloads/resources/help/toc.xml     |  1 +
 .../CustomPayloadsApiUnitTest.java            | 15 ++----
 15 files changed, 84 insertions(+), 30 deletions(-)
 create mode 100644 addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/contents/options.html

diff --git a/addOns/custompayloads/CHANGELOG.md b/addOns/custompayloads/CHANGELOG.md
index 641b3b72f06..3cb5ed42dc3 100644
--- a/addOns/custompayloads/CHANGELOG.md
+++ b/addOns/custompayloads/CHANGELOG.md
@@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 - Update minimum ZAP version to 2.15.0.
 - Maintenance changes.
+- Add help button to Options panel and add further detailed Help content.
 
 ## [0.13.0] - 2023-11-10
 ### Changed
diff --git a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/AbstractColumnDialog.java b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/AbstractColumnDialog.java
index 0805bc1fb92..d3bf5656f98 100644
--- a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/AbstractColumnDialog.java
+++ b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/AbstractColumnDialog.java
@@ -21,7 +21,6 @@
 
 import java.awt.Dimension;
 import java.awt.Window;
-import java.util.ArrayList;
 import java.util.List;
 import org.zaproxy.zap.utils.DisplayUtils;
 import org.zaproxy.zap.view.StandardFieldsDialog;
@@ -95,7 +94,7 @@ private void createStringTextFieldForColumn(Column<T> column) {
     private void createStringComboFieldForColumn(Column<T> column) {
         EditableSelectColumn<T> selectColumn = (EditableSelectColumn<T>) column;
         String value = column.getTypedValue(model);
-        ArrayList<String> selectableValues = selectColumn.getTypedSelectableValues(model);
+        List<String> selectableValues = selectColumn.getTypedSelectableValues(model);
         this.addComboField(column.getNameKey(), selectableValues, value);
     }
 
diff --git a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/Column.java b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/Column.java
index aa92b7f14fd..7676a4b8080 100644
--- a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/Column.java
+++ b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/Column.java
@@ -19,11 +19,11 @@
  */
 package org.zaproxy.zap.extension.custompayloads;
 
-public abstract class Column<T> {
+abstract class Column<T> {
     Class<?> columnClass;
     String nameKey;
 
-    public Column(Class<?> columnClass, String nameKey) {
+    Column(Class<?> columnClass, String nameKey) {
         this.columnClass = columnClass;
         this.nameKey = nameKey;
     }
diff --git a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadCategoryColumn.java b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadCategoryColumn.java
index bf2c81ef2a2..f6a55c5afe7 100644
--- a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadCategoryColumn.java
+++ b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadCategoryColumn.java
@@ -61,7 +61,7 @@ public ArrayList<Object> getSelectableValues(CustomPayload payload) {
         return categoryObjects;
     }
 
-    private ExtensionCustomPayloads getExtension() {
+    private static ExtensionCustomPayloads getExtension() {
         return Control.getSingleton()
                 .getExtensionLoader()
                 .getExtension(ExtensionCustomPayloads.class);
diff --git a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadColumns.java b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadColumns.java
index 480f910393d..e102598cbc0 100644
--- a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadColumns.java
+++ b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadColumns.java
@@ -25,6 +25,10 @@
 
 public final class CustomPayloadColumns {
 
+    private CustomPayloadColumns() {
+        // Nothing to do
+    }
+
     public static List<Column<CustomPayload>> createColumns() {
         ArrayList<Column<CustomPayload>> columns = new ArrayList<>();
         columns.add(createEnabledColumn());
@@ -37,9 +41,8 @@ public static List<Column<CustomPayload>> createColumns() {
     public static List<Column<CustomPayload>> createColumnsForOptionsTable() {
         ArrayList<Column<CustomPayload>> columns = new ArrayList<>();
         columns.add(createEnabledColumn());
-        columns.add(createIdColumn());
-        columns.add(createCategoryColumn().AsReadonly());
-        columns.add(createPayloadColumn().AsReadonly());
+        columns.add(createCategoryColumn().asReadonly());
+        columns.add(createPayloadColumn().asReadonly());
         return columns;
     }
 
diff --git a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadMultipleOptionsTableModel.java b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadMultipleOptionsTableModel.java
index 7acb820d01d..c44b945b996 100644
--- a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadMultipleOptionsTableModel.java
+++ b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadMultipleOptionsTableModel.java
@@ -19,7 +19,6 @@
  */
 package org.zaproxy.zap.extension.custompayloads;
 
-import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
 
@@ -66,7 +65,7 @@ public void resetToDefaults() {
         }
     }
 
-    public void addToTable(ArrayList<CustomPayload> payloads) {
+    public void addToTable(List<CustomPayload> payloads) {
         for (CustomPayload payload : payloads) {
             payload.setId(nextPayloadId++);
             addModel(payload);
diff --git a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsMultipleOptionsTablePanel.java b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsMultipleOptionsTablePanel.java
index 37db69b7d87..c28afbcb45d 100644
--- a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsMultipleOptionsTablePanel.java
+++ b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsMultipleOptionsTablePanel.java
@@ -169,7 +169,7 @@ public CustomPayload showAddDialogue() {
         return null;
     }
 
-    private boolean showDialog(CustomPayload payload) {
+    private static boolean showDialog(CustomPayload payload) {
         CustomPayloadDialog dialog =
                 new CustomPayloadDialog(
                         View.getSingleton().getOptionsDialog(null),
diff --git a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsOptionsPanel.java b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsOptionsPanel.java
index da2f31cd6a4..b27a763d89f 100644
--- a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsOptionsPanel.java
+++ b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsOptionsPanel.java
@@ -70,4 +70,9 @@ public void saveParam(Object obj) throws Exception {
         param.setNextPayloadId(tableModel.getNextPayloadId());
         param.setConfirmRemoveToken(tablePanel.isRemoveWithoutConfirmation());
     }
+
+    @Override
+    public String getHelpIndex() {
+        return "custompayloads.options";
+    }
 }
diff --git a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/EditableColumn.java b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/EditableColumn.java
index 0bdb99e6546..71630e8ce0b 100644
--- a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/EditableColumn.java
+++ b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/EditableColumn.java
@@ -19,9 +19,9 @@
  */
 package org.zaproxy.zap.extension.custompayloads;
 
-public abstract class EditableColumn<T> extends Column<T> {
+abstract class EditableColumn<T> extends Column<T> {
 
-    public EditableColumn(Class<?> columnClass, String name) {
+    EditableColumn(Class<?> columnClass, String name) {
         super(columnClass, name);
     }
 
@@ -32,7 +32,7 @@ public boolean isEditable(T model) {
 
     public abstract void setValue(T model, Object value);
 
-    public Column<T> AsReadonly() {
+    public Column<T> asReadonly() {
         return new Column<T>(this.columnClass, this.nameKey) {
 
             @Override
diff --git a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/EditableSelectColumn.java b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/EditableSelectColumn.java
index 17eb3aa8a29..82502a99732 100644
--- a/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/EditableSelectColumn.java
+++ b/addOns/custompayloads/src/main/java/org/zaproxy/zap/extension/custompayloads/EditableSelectColumn.java
@@ -20,19 +20,20 @@
 package org.zaproxy.zap.extension.custompayloads;
 
 import java.util.ArrayList;
+import java.util.List;
 
-public abstract class EditableSelectColumn<T> extends EditableColumn<T> {
+abstract class EditableSelectColumn<T> extends EditableColumn<T> {
 
-    public EditableSelectColumn(Class<?> columnClass, String name) {
+    EditableSelectColumn(Class<?> columnClass, String name) {
         super(columnClass, name);
     }
 
-    public abstract ArrayList<Object> getSelectableValues(T model);
+    public abstract List<Object> getSelectableValues(T model);
 
-    public <V> ArrayList<V> getTypedSelectableValues(T model) {
-        ArrayList<Object> values = getSelectableValues(model);
+    public <V> List<V> getTypedSelectableValues(T model) {
+        List<Object> values = getSelectableValues(model);
 
-        ArrayList<V> typedValues = new ArrayList<>();
+        List<V> typedValues = new ArrayList<>();
         for (Object value : values) {
             V typedValue = getTypedObject(value);
             typedValues.add(typedValue);
diff --git a/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/contents/options.html b/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/contents/options.html
new file mode 100644
index 00000000000..5e91dd963e2
--- /dev/null
+++ b/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/contents/options.html
@@ -0,0 +1,48 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<HTML>
+<HEAD>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
+<TITLE>Options Custom Payloads screen</TITLE>
+</HEAD>
+<BODY>
+<H1>Options Custom Payloads screen</H1>
+<p>
+<strong>Note</strong>: Payload categories which are not listed in the table may be available via the Add button as not all rules which support
+custom payloads have default payloads.
+<p>
+This screen/table allows you to configure <a href="custompayloads.html">Custom Payload</a> options:
+
+<H2>Custom Payloads Table</H2>
+
+<H3>Enabled</H3>
+A checkbox indicating whether or not the particular custom payload is to be used or not.
+
+<H3>Category</H3>
+Indicates the category and by association the scan rule for which the custpm payload value should be used.
+(The categories should be fairly obviously relatable to a scan rule, and are also mentioned in the help entry for the scan rules.)
+
+<h3>Payload</H3>
+Yhe value of the specific custom payload.
+
+<H2>Custom Payloads Buttons</H2>
+
+<H3>Add</H3>
+Allows users to add a custom payload, setting the enable state, category, and payload value.
+
+<H3>Modify/Remove</H3>
+Either modify or remove the custom payload defined by the selected row.
+
+<H3>Enable All/Desable All</h3>
+Sets the enable state of all custom payloads as applicable.
+
+<H3>Add Missing Defaults</H3>
+Facilitates restoration of one or more missing default custom payloads if they've been previously removed.
+
+<H3>Reset to Defaults</H3>
+Removes all payloads and restores just the defaults. (<strong>Note</strong>: User added payloads will be lost.)
+
+<H3>Add Multiple Payloads</H3>
+Allows the user to import a text file of payloads (one payload per line) for the selected category.
+
+</BODY>
+</HTML>
diff --git a/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/index.xml b/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/index.xml
index 5b2e5b3a780..1113eb91556 100644
--- a/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/index.xml
+++ b/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/index.xml
@@ -7,4 +7,5 @@
     <!-- index entries are merged (sorted) into core index -->
     <indexitem text="custompayloads" target="custompayloads" />
     <indexitem text="Custom Payloads API" target="custompayloads.api" />
+    <indexitem text="Custom Payloads Options" target="custompayloads.options" />
 </index>
diff --git a/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/map.jhm b/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/map.jhm
index fa62a13f814..d83c40a96b1 100644
--- a/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/map.jhm
+++ b/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/map.jhm
@@ -6,4 +6,5 @@
 <map version="1.0">
     <mapID target="custompayloads" url="contents/custompayloads.html" />
     <mapID target="custompayloads.api" url="contents/api.html" />
+    <mapID target="custompayloads.options" url="contents/options.html" />
 </map>
diff --git a/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/toc.xml b/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/toc.xml
index d1241377e37..c7ce72ca92c 100644
--- a/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/toc.xml
+++ b/addOns/custompayloads/src/main/javahelp/org/zaproxy/zap/extension/custompayloads/resources/help/toc.xml
@@ -8,6 +8,7 @@
 		<tocitem text="Add Ons" tocid="addons">
 			<tocitem text="Custom Payloads" target="custompayloads">
 				<tocitem text="API" target="custompayloads.api" />
+				<tocitem text="Options" target="custompayloads.options" />
 			</tocitem>
 		</tocitem>
 	</tocitem>
diff --git a/addOns/custompayloads/src/test/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsApiUnitTest.java b/addOns/custompayloads/src/test/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsApiUnitTest.java
index edd7b964c5f..f272e77a4dc 100644
--- a/addOns/custompayloads/src/test/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsApiUnitTest.java
+++ b/addOns/custompayloads/src/test/java/org/zaproxy/zap/extension/custompayloads/CustomPayloadsApiUnitTest.java
@@ -31,8 +31,6 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.parosproxy.paros.Constant;
-import org.zaproxy.zap.extension.api.API;
-import org.zaproxy.zap.extension.api.API.RequestType;
 import org.zaproxy.zap.extension.api.ApiElement;
 import org.zaproxy.zap.extension.api.ApiImplementor;
 import org.zaproxy.zap.extension.api.ApiParameter;
@@ -50,7 +48,7 @@ void setUp() {
     }
 
     @Test
-    void shouldHavePrefix() throws Exception {
+    void shouldHavePrefix() {
         // Given / When
         String prefix = api.getPrefix();
         // Then
@@ -61,17 +59,14 @@ void shouldHavePrefix() throws Exception {
     void shouldHaveDescriptionsForAllApiElements() {
         List<String> missingKeys = new ArrayList<>();
         checkKey(api.getDescriptionKey(), missingKeys);
-        checkApiElements(api, api.getApiActions(), API.RequestType.action, missingKeys);
-        checkApiElements(api, api.getApiOthers(), API.RequestType.other, missingKeys);
-        checkApiElements(api, api.getApiViews(), API.RequestType.view, missingKeys);
+        checkApiElements(api, api.getApiActions(), missingKeys);
+        checkApiElements(api, api.getApiOthers(), missingKeys);
+        checkApiElements(api, api.getApiViews(), missingKeys);
         assertThat(missingKeys, is(empty()));
     }
 
     private static void checkApiElements(
-            ApiImplementor api,
-            List<? extends ApiElement> elements,
-            RequestType type,
-            List<String> missingKeys) {
+            ApiImplementor api, List<? extends ApiElement> elements, List<String> missingKeys) {
         elements.sort((a, b) -> a.getName().compareTo(b.getName()));
         for (ApiElement element : elements) {
             assertThat(