Jython compatibility

[execveat]

Fixes issues caused by Java / Jython bump.

The main change relates to Java encapsulating a few Mac OS specific APIs, which made introspection of these API's obsolete. This was indirectly used in an SneakTabbedPaneUI class, however it seems that the class isn't required at all.

[thypon]

Not completely sure that is not required. As far as I remember, tabs are only required when there is graphql JSON with arguments, so we need to override that method https://docs.oracle.com/en/java/javase/14/docs/api/java.desktop/javax/swing/plaf/basic/BasicTabbedPaneUI.html#calculateTabAreaHeight(int,int,int)

[execveat]

If I understand correctly, this overwrite was meant to correctly display the "Query", "Variables" and "Injection Points"? These tabs are working after the change.

If the original intention was different, could you please provide the test case?

[execveat]

Ok, this is my mistake. "GraphQL" tab is actually added by GraphQL Raider, not InQL :)

Comparing both extensions: I prefer the way InQL puts Variables pane in the same tab as this mirrors GraphiQL interface. On the other hand, I prefer the way GraphQL Raider approaches GraphQL detection: the tab stays there even if I modify raw query by hand while InQL keeps disappearing every time syntax gets broken.

Still, as far as I see, nothing gets broken by omitting that class (and note that without the change extension does not load in Burp at all). Here is GraphQL query without the variables:

And here is one with variables:

By the way, I'd like the variables tab to be available all the time as otherwise converting normal query to the one with variables is clunky.

[execveat]

Found out that this batching mode (JSON list with multiple GraphQL requests) is supported natively as well. The UI works fine:

[thypon]

Is this change still required? Many features in InQL are included but appeared in context sensitive ways. This was made to leave a simple interface while having complex integrations at the same time.

[execveat]

The SneakTabbedPaneUI change can be reverted, I just don't understand the purpose of that wrapper. self.tabbed_pane.getTabCount() is never less than two (there is always one "raw" tab and at least one "GraphQL" tab) so only first branch of the condition (line 43) gets executed.

I guess the purpose was to hide the second tab bar by default, but maybe then the check should compare value to 2 not 1?

[thypon]

I remember an edge case where only the Raw tab was showing, but nothing else. In that case, the tabs were unnecessary, and the height could have changed. This was due to manual changes to the JSON when editing. If it's not for compatibility, I would not change stuff that is already working.

[execveat]

Ok, I will retest various combos of Java + Jython and check whether this change is indeed needed.

[execveat]

The thing that breaks is InQL standalone mode (jython -m inql).