Merge pull request #5726 from thc202/exim/base64-response

exim: base64 decode the HAR response body

Author: kingthorin

addOns/exim/CHANGELOG.md

@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Fixed
 - Correctly load Automation Framework template plans.
+- Base64 decode the response body when importing HARs.
 
 ## [0.10.0] - 2024-07-22
 ### Changed

addOns/exim/src/main/java/org/zaproxy/addon/exim/har/HarImporter.java

@@ -28,6 +28,7 @@
 import de.sstoehr.harreader.model.HarResponse;
 import java.io.File;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.List;
 import java.util.function.Predicate;
 import java.util.stream.Collectors;
@@ -46,7 +47,6 @@
 import org.parosproxy.paros.network.HttpResponseHeader;
 import org.zaproxy.addon.commonlib.ui.ProgressPaneListener;
 import org.zaproxy.addon.exim.ExtensionExim;
-import org.zaproxy.zap.network.HttpResponseBody;
 import org.zaproxy.zap.utils.Stats;
 import org.zaproxy.zap.utils.ThreadUtils;
 
@@ -253,7 +253,19 @@ private static void setHttpResponse(HarResponse harResponse, HttpMessage message
         }
         message.setResponseFromTargetHost(true);
         if (harContent != null) {
-            message.setResponseBody(new HttpResponseBody(harContent.getText()));
+            if ("base64".equals(harContent.getEncoding())) {
+                var text = harContent.getText();
+                if (text != null)
+                    try {
+                        message.setResponseBody(Base64.getDecoder().decode(text));
+                    } catch (IllegalArgumentException e) {
+                        LOGGER.debug(
+                                "Failed to base64 decode body {}. Setting as plain text.", text, e);
+                        message.setResponseBody(text);
+                    }
+            } else {
+                message.setResponseBody(harContent.getText());
+            }
         }
     }
 

addOns/exim/src/test/java/org/zaproxy/addon/exim/har/HarImporterUnitTest.java

@@ -335,6 +335,28 @@ void shouldSkipLocalPrivate() throws Exception {
                 is(equalTo("Skipping local private entry: about:blank")));
     }
 
+    @Test
+    void shouldBase64DecodeResponseBody() throws Exception {
+        // Given
+        HarLog harLog = getHarLog("response-base64.har", "");
+        // When
+        List<HttpMessage> messages = HarImporter.getHttpMessages(harLog);
+        // Then
+        assertThat(messages, hasSize(1));
+        assertThat(messages.get(0).getResponseBody().toString(), is(equalTo("1234")));
+    }
+
+    @Test
+    void shouldFallbackToPlainTextOnMalformedBase64ResponseBody() throws Exception {
+        // Given
+        HarLog harLog = getHarLog("response-base64-invalid.har", "");
+        // When
+        List<HttpMessage> messages = HarImporter.getHttpMessages(harLog);
+        // Then
+        assertThat(messages, hasSize(1));
+        assertThat(messages.get(0).getResponseBody().toString(), is(equalTo("Not base 64")));
+    }
+
     private HarLog getHarLog(String path, String replacement) throws HarReaderException {
         return new HarReader()
                 .readFromString(getHtml(path, Map.of(PLACEHOLDER, replacement)))

addOns/exim/src/test/resources/org/zaproxy/addon/exim/har/response-base64-invalid.har

@@ -0,0 +1,23 @@
+{
+  "log": {
+    "version": "1.2",
+    "entries": [
+      {
+        "request": {
+          "method": "GET",
+          "url": "http://example.com/",
+          "httpVersion": "HTTP/1.1"
+        },
+        "response": {
+          "status": 200,
+          "statusText": "OK",
+          "httpVersion": "HTTP/1.1",
+          "content": {
+            "encoding": "base64",
+            "text": "Not base 64"
+          }
+        }
+      }
+    ]
+  }
+}

addOns/exim/src/test/resources/org/zaproxy/addon/exim/har/response-base64.har

@@ -0,0 +1,23 @@
+{
+  "log": {
+    "version": "1.2",
+    "entries": [
+      {
+        "request": {
+          "method": "GET",
+          "url": "http://example.com/",
+          "httpVersion": "HTTP/1.1"
+        },
+        "response": {
+          "status": 200,
+          "statusText": "OK",
+          "httpVersion": "HTTP/1.1",
+          "content": {
+            "encoding": "base64",
+            "text": "MTIzNA=="
+          }
+        }
+      }
+    ]
+  }
+}