Merge pull request #34 from SasanLabs/develop

Incorporating review comments

Author: preetkaran20

src/main/java/org/zaproxy/zap/extension/jwt/JWTActiveScanRule.java

@@ -16,12 +16,10 @@
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Locale;
 import org.apache.log4j.Logger;
 import org.parosproxy.paros.core.scanner.AbstractAppParamPlugin;
 import org.parosproxy.paros.core.scanner.Category;
 import org.parosproxy.paros.core.scanner.NameValuePair;
-import org.parosproxy.paros.network.HttpHeaderField;
 import org.parosproxy.paros.network.HttpMessage;
 import org.parosproxy.paros.network.HttpRequestHeader;
 import org.zaproxy.zap.extension.jwt.attacks.ClientSideAttack;
@@ -54,8 +52,6 @@ public class JWTActiveScanRule extends AbstractAppParamPlugin {
     private static final String SOLUTION = JWTI18n.getMessage("jwt.scanner.soln");
     private static final String REFERENCE = JWTI18n.getMessage("jwt.scanner.refs");
     private static final Logger LOGGER = Logger.getLogger(JWTActiveScanRule.class);
-    private static final String AUTHORIZATION_HEADER_KEY =
-            HttpRequestHeader.AUTHORIZATION.toLowerCase(Locale.ROOT);
     private int maxRequestCount;
 
     @Override
@@ -80,26 +76,21 @@ public void init() {
     }
 
     protected void scan(List<NameValuePair> nameValuePairs) {
-        if (nameValuePairs.isEmpty()
-                || nameValuePairs.get(0).getType() != NameValuePair.TYPE_HEADER) {
-            super.scan(nameValuePairs);
-        } else {
+        if (!nameValuePairs.isEmpty()
+                && nameValuePairs.get(0).getType() == NameValuePair.TYPE_HEADER) {
             nameValuePairs = new ArrayList<>(nameValuePairs);
-            List<HttpHeaderField> headerFields = getBaseMsg().getRequestHeader().getHeaders();
-            for (HttpHeaderField headerField : headerFields) {
-                if (AUTHORIZATION_HEADER_KEY.equals(
-                        headerField.getName().toLowerCase(Locale.ROOT))) {
-                    nameValuePairs.add(
-                            new NameValuePair(
-                                    NameValuePair.TYPE_HEADER,
-                                    headerField.getName(),
-                                    headerField.getValue(),
-                                    nameValuePairs.size()));
-                    break;
-                }
+            String authorizationHeaderValue =
+                    getBaseMsg().getRequestHeader().getHeader(HttpRequestHeader.AUTHORIZATION);
+            if (authorizationHeaderValue != null) {
+                nameValuePairs.add(
+                        new NameValuePair(
+                                NameValuePair.TYPE_HEADER,
+                                HttpRequestHeader.AUTHORIZATION,
+                                authorizationHeaderValue,
+                                nameValuePairs.size()));
             }
-            super.scan(nameValuePairs);
         }
+        super.scan(nameValuePairs);
     }
 
     @Override