Migrate JSON serialization to Jackson

Replaces Gson with Jackson for JSON serialization in Zest core classes.
* Introducing custom configuration for type handling, date formatting, and HTML-safe escaping
* Adds a new custom Jackson serializer modifier for Zest-specific serialization needs
* Updates dependencies
* Adapts tests and constructors for Jackson

This improves extensibility, consistency,
and future maintainability of serialization logic.

Signed-off-by: Umoxfo <[email protected]>

Author: Umoxfo

build.gradle

@@ -28,16 +28,18 @@ sourceSets.test.resources.srcDirs 'examples'
 dependencies {
     implementation (
              'org.apache.httpcomponents:httpclient:4.5.8',
-             'com.google.code.gson:gson:2.8.5',
              'org.seleniumhq.selenium:selenium-java:4.38.0',
              'org.seleniumhq.selenium:htmlunit3-driver:4.34.0',
              'net.htmlparser.jericho:jericho-html:3.1')
 
-    implementation(platform("com.fasterxml.jackson:jackson-bom:2.17.0"))
+    implementation(platform("com.fasterxml.jackson:jackson-bom:2.20.1"))
     implementation("com.fasterxml.jackson.core:jackson-core")
     implementation("com.fasterxml.jackson.core:jackson-databind")
+    implementation("com.fasterxml.jackson.core:jackson-annotations")
     implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml")
 
+    implementation("io.github.classgraph:classgraph:4.8.184")
+
     testImplementation("org.wiremock:wiremock:3.10.0")
     testImplementation("org.mockito:mockito-core:5.15.2")
     testImplementation("org.nanohttpd:nanohttpd-webserver:2.3.1")

src/main/java/org/zaproxy/zest/core/v1/ZestCookie.java

@@ -3,6 +3,11 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 package org.zaproxy.zest.core.v1;
 
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonGetter;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonSetter;
+
 import java.util.Date;
 import java.util.Objects;
 
@@ -18,8 +23,14 @@ public class ZestCookie {
     private Date expiry;
     private boolean secure;
 
+    @JsonCreator
     public ZestCookie(
-            String domain, String name, String value, String path, Date expiry, boolean secure) {
+        @JsonProperty("domain") String domain,
+        @JsonProperty("name") String name,
+        @JsonProperty("value") String value,
+        @JsonProperty("path") String path,
+        @JsonProperty("expiry")  Date expiry,
+        @JsonProperty("secure") boolean secure) {
         this.domain = domain;
         this.name = name;
         this.value = value;
@@ -60,10 +71,12 @@ public void setPath(String path) {
         this.path = path;
     }
 
+    @JsonGetter("expiry")
     public Date getExpiryDate() {
         return expiry;
     }
 
+    @JsonSetter("expiry")
     public void setExpiryDate(Date expiry) {
         this.expiry = expiry;
     }

src/main/java/org/zaproxy/zest/core/v1/ZestJSON.java

@@ -3,30 +3,29 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 package org.zaproxy.zest.core.v1;
 
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonDeserializationContext;
-import com.google.gson.JsonDeserializer;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonParseException;
-import com.google.gson.JsonPrimitive;
-import com.google.gson.JsonSerializationContext;
-import com.google.gson.JsonSerializer;
-import java.lang.reflect.Type;
-import java.time.Instant;
-import java.time.ZoneOffset;
-import java.time.format.DateTimeFormatter;
-import java.time.format.DateTimeParseException;
-import java.util.Arrays;
-import java.util.Date;
+import com.fasterxml.jackson.core.JsonFactory;
+import com.fasterxml.jackson.core.JsonFactoryBuilder;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.PrettyPrinter;
+import com.fasterxml.jackson.core.util.DefaultIndenter;
+import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
+import com.fasterxml.jackson.core.util.Separators;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.databind.json.JsonMapper;
+import org.zaproxy.zest.impl.jackson.HtmlSafeCharacterEscapes;
+import org.zaproxy.zest.impl.jackson.JacksonConfig;
 
 // TODO: Auto-generated Javadoc
-/** The Class ZestJSON. */
+
+/**
+ * The Class ZestJSON.
+ */
 public class ZestJSON {
 
-    /** The gson. */
-    private static Gson gson = null;
+    /**
+     * The object mapper.
+     */
+    private static JsonMapper jsonMapper = null;
 
     /**
      * To string.
@@ -35,7 +34,12 @@ public class ZestJSON {
      * @return the string
      */
     public static String toString(ZestElement element) {
-        return getGson().toJson(element);
+        try {
+            return getJsonMapper().writeValueAsString(element);
+        } catch (JsonProcessingException e) {
+            // GSON.toJson doesn't throw checked exceptions, maintain similar behavior
+            throw new RuntimeException("Failed to serialize ZestElement", e);
+        }
     }
 
     /**
@@ -45,97 +49,59 @@ public static String toString(ZestElement element) {
      * @return the zest element
      */
     public static ZestElement fromString(String str) {
-        ZestElement ze = getGson().fromJson(str, ZestElement.class);
-        if (ze != null && ze instanceof ZestStatement) {
-            ((ZestStatement) ze).init();
+        ZestElement ze;
+        try {
+            ze = getJsonMapper().readValue(str, ZestElement.class);
+        } catch (JsonProcessingException e) {
+            // GSON.fromJson throws JsonParseException (RuntimeException)
+            throw new RuntimeException("Failed to deserialize ZestElement", e);
         }
-        return ze;
-    }
 
-    /**
-     * Gets the gson.
-     *
-     * @return the gson
-     */
-    private static Gson getGson() {
-        if (gson == null) {
-            GsonBuilder builder = newDefaultGsonBuilder();
-            // Need to add all of the abstract classes
-            Arrays.asList(
-                            ZestAction.class,
-                            ZestAssignment.class,
-                            ZestAuthentication.class,
-                            ZestElement.class,
-                            ZestStatement.class,
-                            ZestExpressionElement.class,
-                            ZestLoop.class,
-                            ZestLoopState.class,
-                            ZestLoopTokenSet.class)
-                    .forEach(type -> builder.registerTypeAdapter(type, ZestTypeAdapter.INSTANCE));
-            gson = builder.create();
+        if (ze instanceof ZestStatement zs) {
+            zs.init();
         }
-        return gson;
-    }
 
-    private static GsonBuilder newDefaultGsonBuilder() {
-        return new GsonBuilder()
-                .registerTypeAdapter(Date.class, DateTypeAdapter.INSTANCE)
-                .setPrettyPrinting();
+        return ze;
     }
 
-    private static class ZestTypeAdapter
-            implements JsonDeserializer<ZestElement>, JsonSerializer<ZestElement> {
+    private static JsonMapper getJsonMapper() {
+        if (jsonMapper == null) {
+            JsonFactory factory = ((JsonFactoryBuilder) JsonFactory.builder())
+                .characterEscapes(HtmlSafeCharacterEscapes.instance())
+                .build();
 
-        static final ZestTypeAdapter INSTANCE = new ZestTypeAdapter();
+            JsonMapper.Builder builder = JsonMapper.builder(factory)
+                .defaultPrettyPrinter(createPrettyPrinter())
+                // Equivalent to setPrettyPrinting()
+                .enable(SerializationFeature.INDENT_OUTPUT);
 
-        private static final String ZEST_PACKAGE = ZestTypeAdapter.class.getPackage().getName();
-
-        @Override
-        public ZestElement deserialize(
-                JsonElement element, Type rawType, JsonDeserializationContext arg2) {
-            if (element instanceof JsonObject) {
-                String elementType = ((JsonObject) element).get("elementType").getAsString();
-
-                if (elementType.startsWith("Zest")) {
-                    try {
-                        Class<?> c = Class.forName(ZEST_PACKAGE + "." + elementType);
-                        return (ZestElement) getGson().fromJson(element, c);
-
-                    } catch (ClassNotFoundException e) {
-                        throw new JsonParseException(e);
-                    }
-                }
-            }
-            return null;
+            // Apply common Zest configuration and build
+            jsonMapper = JacksonConfig.configureCommonBuilder(builder).build();
         }
 
-        @Override
-        public JsonElement serialize(
-                ZestElement element, Type rawType, JsonSerializationContext context) {
-            return newDefaultGsonBuilder().create().toJsonTree(element);
-        }
+        return jsonMapper;
     }
 
-    private static class DateTypeAdapter implements JsonDeserializer<Date>, JsonSerializer<Date> {
-
-        static final DateTypeAdapter INSTANCE = new DateTypeAdapter();
-
-        private static final DateTimeFormatter FORMAT = DateTimeFormatter.ISO_DATE_TIME;
-
-        @Override
-        public JsonElement serialize(Date src, Type typeOfSrc, JsonSerializationContext context) {
-            return new JsonPrimitive(FORMAT.format(src.toInstant().atOffset(ZoneOffset.UTC)));
-        }
-
-        @Override
-        public Date deserialize(
-                JsonElement json, Type typeOfT, JsonDeserializationContext context) {
-            String value = json.getAsJsonPrimitive().getAsString();
-            try {
-                return new Date(FORMAT.parse(value, Instant::from).toEpochMilli());
-            } catch (DateTimeParseException e) {
-                throw new JsonParseException("Failed to parse the date: " + value, e);
-            }
-        }
+    public static DefaultPrettyPrinter createPrettyPrinter() {
+        Separators separator = PrettyPrinter.DEFAULT_SEPARATORS;
+        separator = new Separators(
+            Separators.DEFAULT_ROOT_VALUE_SEPARATOR,
+            separator.getObjectFieldValueSeparator(),
+            Separators.Spacing.AFTER,
+            separator.getObjectEntrySeparator(),
+            Separators.Spacing.NONE,
+            "",
+            separator.getArrayValueSeparator(),
+            Separators.Spacing.NONE,
+            ""
+        );
+
+        DefaultPrettyPrinter prettyPrinter = new DefaultPrettyPrinter(separator);
+
+        var indenter = DefaultIndenter.SYSTEM_LINEFEED_INSTANCE.withLinefeed("\n");
+        prettyPrinter.indentArraysWith(indenter);
+        prettyPrinter.indentObjectsWith(indenter);
+
+        return prettyPrinter;
     }
 }

src/main/java/org/zaproxy/zest/core/v1/ZestLoopTokenFileSet.java

@@ -3,6 +3,10 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 package org.zaproxy.zest.core.v1;
 
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonGetter;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.util.Collections;
@@ -28,7 +32,8 @@ public class ZestLoopTokenFileSet extends ZestElement implements ZestLoopTokenSe
      * @param pathToFile the path to file
      * @throws FileNotFoundException the file not found exception
      */
-    public ZestLoopTokenFileSet(String pathToFile) throws FileNotFoundException {
+    @JsonCreator
+    public ZestLoopTokenFileSet(@JsonProperty("pathToFile") String pathToFile) throws FileNotFoundException {
         super();
         this.pathToFile = pathToFile;
         this.convertedSet = this.getConvertedSet(new File(pathToFile));
@@ -105,6 +110,7 @@ public File getFile() {
         return new File(pathToFile);
     }
 
+    @JsonGetter("pathToFile")
     public String getFilePath() {
         return this.pathToFile;
     }

src/main/java/org/zaproxy/zest/core/v1/ZestResponse.java

@@ -3,6 +3,9 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 package org.zaproxy.zest.core.v1;
 
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
 import java.net.URL;
 
 /** The Class ZestResponse. */
@@ -32,8 +35,13 @@ public class ZestResponse extends ZestElement {
      * @param statusCode the status code
      * @param responseTimeInMs the response time in ms
      */
+    @JsonCreator
     public ZestResponse(
-            URL url, String headers, String body, int statusCode, long responseTimeInMs) {
+        @JsonProperty("url") URL url,
+        @JsonProperty("headers") String headers,
+        @JsonProperty("body") String body,
+        @JsonProperty("statusCode") int statusCode,
+        @JsonProperty("responseTimeInMs") long responseTimeInMs) {
         this.url = url;
         this.headers = headers;
         this.body = body;

src/main/java/org/zaproxy/zest/core/v1/ZestStatement.java

@@ -3,6 +3,8 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 package org.zaproxy.zest.core.v1;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
 import java.net.MalformedURLException;
 
 /** The base abstract class that all Zest statements must extend. */
@@ -177,6 +179,7 @@ public void setEnabled(boolean enabled) {
      *
      * @return true, if is passive
      */
+    @JsonIgnore
     public abstract boolean isPassive();
 
     /* Useful when debuging ;)