Draft
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR simplifies the fuzz add-on’s payload and UI APIs by removing generics that were not providing meaningful type safety, and by deleting unused/tagging interfaces and dead methods. It standardises most fuzz payload types around the Payload interface (while preserving message generics where needed, e.g. WebSocket).
Changes:
- Remove
<T extends Payload>generics across payload generators/processors and their UI handler/panel hierarchies, usingPayloaddirectly. - Delete unused/tagging interfaces (e.g.
StringPayloadGenerator,DefaultPayloadProcessor) and remove dead UI class-returning methods. - Update fuzzing handlers/dialogs/iterators to use the simplified types consistently (including HTTP and WebSocket fuzzers).
Reviewed changes
Copilot reviewed 94 out of 94 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| addOns/websocket/src/main/java/org/zaproxy/zap/extension/websocket/fuzz/WebSocketFuzzerHandler.java | Update fuzzer creation to use non-generic PayloadGeneratorMessageLocation lists. |
| addOns/fuzz/src/test/java/org/zaproxy/zap/extension/fuzz/payloads/generator/JsonPayloadGeneratorUnitTest.java | Update tests to iterate over Payload instead of DefaultPayload. |
| addOns/fuzz/src/test/java/org/zaproxy/zap/extension/fuzz/payloads/generator/FileStringPayloadGeneratorUnitTest.java | Update tests to use Payload-typed iterators. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/URLEncodeProcessorUIHandler.java | Remove UI generics and dead class-binding methods. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/URLDecodeProcessorUIHandler.java | Remove UI generics and dead class-binding methods. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/TrimStringProcessorUIHandler.java | Remove UI generics; adjust panel setter to accept PayloadProcessorUI. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/SHA512HashProcessorUIHandler.java | Remove UI generics and dead class-binding methods. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/SHA256HashProcessorUIHandler.java | Remove UI generics and dead class-binding methods. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/SHA1HashProcessorUIHandler.java | Remove UI generics and dead class-binding methods. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/ScriptStringPayloadProcessorAdapterUIHandler.java | Remove UI generics; update panel setter signature and casting. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/PrefixStringProcessorUIHandler.java | Remove UI generics; adjust panel setter to accept PayloadProcessorUI. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/PostfixStringProcessorUIHandler.java | Remove UI generics; adjust panel setter to accept PayloadProcessorUI. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/PayloadProcessorUIPanel.java | Collapse generic UI panel interface to non-generic form. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/PayloadProcessorUIHandlersRegistry.java | Simplify registry storage and registration API to non-generic types. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/PayloadProcessorUIHandler.java | Simplify UI handler interface to non-generic types. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/PayloadProcessorUI.java | Simplify UI interface to return non-generic PayloadProcessor. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/MD5HashProcessorUIHandler.java | Remove UI generics and dead class-binding methods. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/JavaScriptUnescapeProcessorUIHandler.java | Remove UI generics; update setter signature. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/JavaScriptEscapeProcessorUIHandler.java | Remove UI generics; update setter signature. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/ExpandStringProcessorUIHandler.java | Remove UI generics; update panel implementation to non-generic interface. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/Base64EncodeProcessorUIHandler.java | Remove UI generics; adjust setter casting. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/Base64DecodeProcessorUIHandler.java | Remove UI generics and dead class-binding methods. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/AbstractStringHashProcessorUIPanel.java | Remove generics from base hash UI panel; update setter signature. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/AbstractProcessorUIPanel.java | Simplify base UI panel class to non-generic interface. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/AbstractCharsetProcessorUIPanel.java | Remove generics from base charset UI panel; update setter signature. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/PayloadGeneratorUIPanel.java | Collapse generator UI panel interface to non-generic form. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/PayloadGeneratorUIHandlersRegistry.java | Simplify generator UI handlers registry to non-generic types. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/PayloadGeneratorUIHandler.java | Simplify generator UI handler interface to non-generic types. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/PayloadGeneratorUI.java | Simplify generator UI interface to return non-generic PayloadGenerator. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/ScriptStringPayloadGeneratorAdapterUIHandler.java | Remove UI generics; update iterator types and setter casting. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/RegexPayloadGeneratorUIHandler.java | Remove UI generics; update preview iterator type and setter signature. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/NumberPayloadGeneratorAdapterUIHandler.java | Remove UI generics; update preview iterator type and setter signature. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/ModifyPayloadsPanel.java | Remove generics from modify panel; use PayloadGenerator/Payload directly. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/JsonPayloadGeneratorAdapterUIHandler.java | Remove UI generics; simplify panel interface usage. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/FileStringPayloadGeneratorUIHandler.java | Remove UI generics; update preview iterator type and modify-panel plumbing. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/DefaultStringPayloadGeneratorUIHandler.java | Remove UI generics; update panel setter signature and casting. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/DefaultEmptyPayloadGeneratorUIHandler.java | Remove UI generics; adjust generator return types and base class usage. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/AbstractPersistentPayloadGeneratorUIPanel.java | Remove panel generics; save-to-file iterates Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/URLEncodeProcessor.java | Switch processor to PayloadProcessor and Payload parameters. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/URLDecodeProcessor.java | Switch processor to PayloadProcessor and Payload parameters. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/TrimStringProcessor.java | Switch processor to non-generic PayloadProcessor. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/ScriptStringPayloadProcessorAdapter.java | Switch adapter to non-generic PayloadProcessor; update Javadoc. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/PrefixStringProcessor.java | Switch processor to non-generic PayloadProcessor. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/PostfixStringProcessor.java | Switch processor to non-generic PayloadProcessor. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/PayloadProcessor.java | Remove generic type parameter; process/copy now use Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/JavaScriptUnescapeProcessor.java | Switch processor to non-generic PayloadProcessor. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/JavaScriptEscapeProcessor.java | Switch processor to non-generic PayloadProcessor. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/ExpandStringProcessor.java | Switch processor to non-generic PayloadProcessor; update Javadoc. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/DefaultPayloadProcessor.java | Deleted tagging interface no longer needed after API simplification. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/Base64EncodeProcessor.java | Switch processor to Payload parameter/return types. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/Base64DecodeProcessor.java | Switch processor to Payload parameter/return types. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/AbstractStringHashProcessor.java | Switch base processor to Payload parameter/return types. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/processor/AbstractCharsetProcessor.java | Remove generic parameter from base charset processor. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/PayloadMessageLocationReplacement.java | Simplify replacement wrapper to directly hold Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/PayloadGeneratorMessageLocation.java | Remove generic payload parameter; use Payload directly. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/PayloadCollectionIterator.java | Remove generic parameter; iterate Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/StringPayloadGenerator.java | Deleted tagging interface no longer needed after API simplification. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/ScriptStringPayloadGeneratorAdapter.java | Switch adapter to non-generic PayloadGenerator; iterator returns Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/ScriptStringPayloadGenerator.java | Update docs to reference PayloadGenerator instead of removed tagging type. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/RegexPayloadGenerator.java | Switch generator to non-generic PayloadGenerator; iterator returns Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/ProcessPayloadGenerator.java | Switch generator to non-generic PayloadGenerator; iterator returns Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/ProcessedPayloadGenerator.java | Remove generic payload parameter; processors/generator lists are non-generic. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/PayloadGenerator.java | Remove generic parameter; standardise iterable/iterator types to Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/NumberPayloadGenerator.java | Switch generator/iterator interfaces to Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/JsonPayloadGenerator.java | Switch generator to PayloadGenerator; iterator returns Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/FileStringPayloadGenerator.java | Switch generator to PayloadGenerator; iterator returns Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/EmptyPayloadGenerator.java | Remove generic parameter; repeat iterator yields Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/DefaultStringPayloadGenerator.java | Switch internal storage/iterators to Payload instead of DefaultPayload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/generator/CompositePayloadGenerator.java | Remove generic parameter; compose PayloadGenerator instances directly. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/ProcessorsPayloadDialog.java | Remove generic plumbing around processor UIs and processors list types. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/ProcessorsMessageLocationDialog.java | Remove generic plumbing around processor UIs and processors list types. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/PayloadTableEntry.java | Simplify stored payload generator UI type to non-generic PayloadGeneratorUI. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/PayloadsProcessedIterator.java | Remove generic payload parameter; process Payload directly. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/PayloadProcessorTableEntry.java | Simplify stored processor UI type to non-generic PayloadProcessorUI. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/PayloadProcessorsContainer.java | Remove generics; map UI class to non-generic processor panels. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/PayloadPreviewPanel.java | Remove generics; preview processing uses non-generic PayloadProcessor. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/PayloadGeneratorsContainer.java | Remove generics; map UI class to non-generic generator panels. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/ModifyProcessorDialog.java | Remove generics from dialog; store/use non-generic processor UI/panel. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/ModifyPayloadDialog.java | Remove generics from dialog; store/use non-generic generator UI/panel. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/MessageLocationPayloadsPanel.java | Remove generics and casts around payload generator UI/dialog interactions. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/FuzzMessageLocationsPanel.java | Use non-generic generator/processor wrappers; return non-generic fuzz locations list. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/FuzzerDialog.java | Store/retrieve fuzz locations as non-generic PayloadGeneratorMessageLocation. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/AddProcessorDialog.java | Remove generics; select/store non-generic processor UI/panel. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/AddPayloadDialog.java | Remove generics; select/store non-generic generator UI/panel. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/httpfuzzer/ui/HttpMessageSelectorPanel.java | Remove redundant type args in Collections.emptyList() usage. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/httpfuzzer/HttpFuzzerHandler.java | Update fuzzer creation to use non-generic PayloadGeneratorMessageLocation lists. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/httpfuzzer/HttpFuzzer.java | Clean up Collections.emptyList() usage. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/FuzzerPayloadSource.java | Switch payload source API from removed tagging generator type to PayloadGenerator. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/FuzzerPayloadJBroFuzzSource.java | Switch JBroFuzz source generator/iterator types to PayloadGenerator/Payload. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/FuzzerPayloadGeneratorUIHandler.java | Remove UI generics; update iterators and nested modify panel integration. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/FuzzerPayloadGenerator.java | Switch composite generator to non-generic PayloadGenerator list. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/FuzzerPayloadFileSource.java | Switch file payload source API to PayloadGenerator. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/ExtensionFuzz.java | Clean up Collections.emptyList() usage in several places. |
| addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/AbstractFuzzer.java | Clean up Collections.emptyList() usage. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
...a/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/AbstractCharsetProcessorUIPanel.java
Show resolved
Hide resolved
...rg/zaproxy/zap/extension/fuzz/payloads/ui/processors/AbstractStringHashProcessorUIPanel.java
Show resolved
Hide resolved
...java/org/zaproxy/zap/extension/fuzz/payloads/ui/processors/TrimStringProcessorUIHandler.java
Show resolved
Hide resolved
...ain/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/RegexPayloadGeneratorUIHandler.java
Show resolved
Hide resolved
addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/FuzzMessageLocationsPanel.java
Outdated
Show resolved
Hide resolved
Member
|
New Issues (158)Checkmarx found the following issues in this Pull Request
Fixed Issues (5)Great job! The following issues were fixed in this Pull Request
Use @Checkmarx to interact with Checkmarx PR Assistant. |
ricekot
force-pushed
the
fuzz/reduce-generics
branch
from
d8ed030 to
41c7efa
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 94 out of 94 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
.../fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/payloads/ui/impl/ModifyPayloadsPanel.java
Show resolved
Hide resolved
addOns/fuzz/src/main/java/org/zaproxy/zap/extension/fuzz/impl/PayloadsProcessedIterator.java
Outdated
Show resolved
Hide resolved
Remove generic type parameters that provided no real type safety: - Remove <T extends Payload> from all interfaces, classes, and methods, replacing with the Payload interface in type declarations. DefaultPayload is the only implementation and no add-on ever used a custom payload type. - Remove generic type parameters from the UI hierarchy: PayloadGeneratorUI, PayloadGeneratorUIHandler, PayloadGeneratorUIPanel, PayloadProcessorUI, PayloadProcessorUIHandler, PayloadProcessorUIPanel, and all abstract/concrete implementations. Every consumer already used wildcards or unchecked casts, so the generics added no safety. - Remove dead getPayloadGeneratorClass() and getPayloadProcessorClass() methods from PayloadGeneratorUI and PayloadProcessorUI interfaces and all 23 implementations. These were never called anywhere in the codebase. - Delete tagging interfaces StringPayloadGenerator and DefaultPayloadProcessor that existed solely to bind DefaultPayload into generic parents. The <M extends Message> generics are preserved as the websocket add-on depends on them with WebSocketMessageDTO. Signed-off-by: ricekot <git@ricekot.com>
ricekot
force-pushed
the
fuzz/reduce-generics
branch
from
41c7efa to
a7c4dcb
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Remove generic type parameters that provided no real type safety:
Remove from all interfaces, classes, and methods, replacing with the Payload interface in type declarations. DefaultPayload is the only implementation and no add-on ever used a custom payload type.
Remove generic type parameters from the UI hierarchy: PayloadGeneratorUI, PayloadGeneratorUIHandler, PayloadGeneratorUIPanel, PayloadProcessorUI, PayloadProcessorUIHandler, PayloadProcessorUIPanel, and all abstract/concrete implementations. Every consumer already used wildcards or unchecked casts, so the generics added no safety.
Remove dead getPayloadGeneratorClass() and getPayloadProcessorClass() methods from PayloadGeneratorUI and PayloadProcessorUI interfaces and all 23 implementations. These were never called anywhere in the codebase.
Delete tagging interfaces StringPayloadGenerator and DefaultPayloadProcessor that existed solely to bind DefaultPayload into generic parents.
The generics are preserved as the websocket add-on depends on them with WebSocketMessageDTO.