Example 1 with DomainMatcher
use of org.zaproxy.zap.network.DomainMatcher in project zaproxy by zaproxy.
the class CoreAPI method proxyChainExcludedDomainsToApiResponseList.
private ApiResponse proxyChainExcludedDomainsToApiResponseList(String name, List<DomainMatcher> domains, boolean excludeDisabled) {
ApiResponseList apiResponse = new ApiResponseList(name);
for (int i = 0; i < domains.size(); i++) {
DomainMatcher domain = domains.get(i);
if (!domain.isEnabled() && excludeDisabled) {
continue;
}
Map<String, Object> domainData = new HashMap<>();
domainData.put("idx", i);
domainData.put("value", domain.getValue());
domainData.put("regex", domain.isRegex());
domainData.put("enabled", domain.isEnabled());
apiResponse.addItem(new ApiResponseSet<Object>("domain", domainData));
}
return apiResponse;
}
Also used :
HashMap(java.util.HashMap)
JSONObject(net.sf.json.JSONObject)
DomainMatcher(org.zaproxy.zap.network.DomainMatcher)
Example 2 with DomainMatcher
use of org.zaproxy.zap.network.DomainMatcher in project zaproxy by zaproxy.
the class CoreAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
Session session = Model.getSingleton().getSession();
if (ACTION_ACCESS_URL.equals(name)) {
URI uri;
try {
uri = new URI(params.getString(PARAM_URL), true);
} catch (URIException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e);
}
HttpMessage request;
try {
request = new HttpMessage(new HttpRequestHeader(HttpRequestHeader.GET, uri, HttpHeader.HTTP11, Model.getSingleton().getOptionsParam().getConnectionParam()));
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e);
}
return sendHttpMessage(request, getParam(params, PARAM_FOLLOW_REDIRECTS, false), name);
} else if (ACTION_SHUTDOWN.equals(name)) {
Thread thread = new Thread() {
@Override
public void run() {
try {
// Give the API a chance to return
sleep(1000);
} catch (InterruptedException e) {
// Ignore
}
Control.getSingleton().shutdown(Model.getSingleton().getOptionsParam().getDatabaseParam().isCompactDatabase());
logger.info(Constant.PROGRAM_TITLE + " terminated.");
System.exit(0);
}
};
thread.start();
} else if (ACTION_SAVE_SESSION.equalsIgnoreCase(name)) {
// Ignore case for backwards compatibility
Path sessionPath = SessionUtils.getSessionPath(params.getString(PARAM_SESSION));
String filename = sessionPath.toAbsolutePath().toString();
final boolean overwrite = getParam(params, PARAM_OVERWRITE_SESSION, false);
boolean sameSession = false;
if (!session.isNewState()) {
try {
sameSession = Files.isSameFile(Paths.get(session.getFileName()), sessionPath);
} catch (IOException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
}
if (Files.exists(sessionPath) && (!overwrite || sameSession)) {
throw new ApiException(ApiException.Type.ALREADY_EXISTS, filename);
}
this.savingSession = true;
try {
Control.getSingleton().saveSession(filename, this);
} catch (Exception e) {
this.savingSession = false;
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
// Wait for notification that its worked ok
try {
while (this.savingSession) {
Thread.sleep(200);
}
} catch (InterruptedException e) {
// Probably not an error
logger.debug(e.getMessage(), e);
}
logger.debug("Can now return after saving session");
} else if (ACTION_SNAPSHOT_SESSION.equalsIgnoreCase(name)) {
// Ignore case for backwards compatibility
if (session.isNewState()) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
String fileName = session.getFileName();
if (fileName.endsWith(".session")) {
fileName = fileName.substring(0, fileName.length() - 8);
}
fileName += "-" + dateFormat.format(new Date()) + ".session";
this.savingSession = true;
try {
Control.getSingleton().snapshotSession(fileName, this);
} catch (Exception e) {
this.savingSession = false;
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
// Wait for notification that its worked ok
try {
while (this.savingSession) {
Thread.sleep(200);
}
} catch (InterruptedException e) {
// Probably not an error
logger.debug(e.getMessage(), e);
}
logger.debug("Can now return after saving session");
} else if (ACTION_LOAD_SESSION.equalsIgnoreCase(name)) {
// Ignore case for backwards compatibility
Path sessionPath = SessionUtils.getSessionPath(params.getString(PARAM_SESSION));
String filename = sessionPath.toAbsolutePath().toString();
if (!Files.exists(sessionPath)) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST, filename);
}
try {
Control.getSingleton().runCommandLineOpenSession(filename);
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
} else if (ACTION_NEW_SESSION.equalsIgnoreCase(name)) {
// Ignore case for backwards compatibility
String sessionName = null;
try {
sessionName = params.getString(PARAM_SESSION);
} catch (Exception e1) {
// Ignore
}
if (sessionName == null || sessionName.length() == 0) {
// Create a new 'unnamed' session
Control.getSingleton().discardSession();
try {
Control.getSingleton().newSession();
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
} else {
Path sessionPath = SessionUtils.getSessionPath(sessionName);
String filename = sessionPath.toAbsolutePath().toString();
final boolean overwrite = getParam(params, PARAM_OVERWRITE_SESSION, false);
if (Files.exists(sessionPath) && !overwrite) {
throw new ApiException(ApiException.Type.ALREADY_EXISTS, filename);
}
try {
Control.getSingleton().runCommandLineNewSession(filename);
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
}
} else if (ACTION_CLEAR_EXCLUDED_FROM_PROXY.equals(name)) {
try {
session.setExcludeFromProxyRegexs(new ArrayList<String>());
} catch (DatabaseException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
} else if (ACTION_EXCLUDE_FROM_PROXY.equals(name)) {
String regex = params.getString(PARAM_REGEX);
try {
session.addExcludeFromProxyRegex(regex);
} catch (DatabaseException e) {
logger.error(e.getMessage(), e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
} catch (PatternSyntaxException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REGEX);
}
} else if (ACTION_SET_HOME_DIRECTORY.equals(name)) {
File f = new File(params.getString(PARAM_DIR));
if (f.exists() && f.isDirectory()) {
Model.getSingleton().getOptionsParam().setUserDirectory(f);
} else {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_DIR);
}
} else if (ACTION_SET_MODE.equals(name)) {
try {
Mode mode = Mode.valueOf(params.getString(PARAM_MODE).toLowerCase());
if (View.isInitialised()) {
View.getSingleton().getMainFrame().getMainToolbarPanel().setMode(mode);
} else {
Control.getSingleton().setMode(mode);
}
} catch (Exception e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_MODE);
}
} else if (ACTION_GENERATE_ROOT_CA.equals(name)) {
ExtensionDynSSL extDyn = (ExtensionDynSSL) Control.getSingleton().getExtensionLoader().getExtension(ExtensionDynSSL.EXTENSION_ID);
if (extDyn != null) {
try {
extDyn.createNewRootCa();
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
}
} else if (ACTION_SEND_REQUEST.equals(name)) {
HttpMessage request;
try {
request = createRequest(params.getString(PARAM_REQUEST));
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REQUEST, e);
}
validateForCurrentMode(request);
return sendHttpMessage(request, getParam(params, PARAM_FOLLOW_REDIRECTS, false), name);
} else if (ACTION_DELETE_ALL_ALERTS.equals(name)) {
final ExtensionAlert extAlert = (ExtensionAlert) Control.getSingleton().getExtensionLoader().getExtension(ExtensionAlert.NAME);
if (extAlert != null) {
extAlert.deleteAllAlerts();
} else {
try {
Model.getSingleton().getDb().getTableAlert().deleteAllAlerts();
} catch (DatabaseException e) {
logger.error(e.getMessage(), e);
}
SiteNode rootNode = (SiteNode) Model.getSingleton().getSession().getSiteTree().getRoot();
rootNode.deleteAllAlerts();
removeHistoryReferenceAlerts(rootNode);
}
} else if (ACTION_COLLECT_GARBAGE.equals(name)) {
System.gc();
return ApiResponseElement.OK;
} else if (ACTION_DELETE_SITE_NODE.equals(name)) {
try {
String url = params.getString(PARAM_URL);
String method = getParam(params, PARAM_METHOD, "GET");
String postData = getParam(params, PARAM_POST_DATA, "");
URI uri = new URI(url, true);
SiteMap siteMap = session.getSiteTree();
SiteNode siteNode = siteMap.findNode(uri, method, postData);
if (siteNode == null) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_URL);
}
if (getExtHistory() != null) {
getExtHistory().purge(siteMap, siteNode);
}
return ApiResponseElement.OK;
} catch (URIException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e);
}
} else if (ACTION_ADD_PROXY_CHAIN_EXCLUDED_DOMAIN.equals(name)) {
try {
ConnectionParam connectionParam = Model.getSingleton().getOptionsParam().getConnectionParam();
String value = params.getString(PARAM_VALUE);
DomainMatcher domain;
if (getParam(params, PARAM_IS_REGEX, false)) {
domain = new DomainMatcher(DomainMatcher.createPattern(value));
} else {
domain = new DomainMatcher(value);
}
domain.setEnabled(getParam(params, PARAM_IS_ENABLED, true));
List<DomainMatcher> domains = new ArrayList<>(connectionParam.getProxyExcludedDomains());
domains.add(domain);
connectionParam.setProxyExcludedDomains(domains);
} catch (IllegalArgumentException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_VALUE, e);
}
} else if (ACTION_MODIFY_PROXY_CHAIN_EXCLUDED_DOMAIN.equals(name)) {
try {
ConnectionParam connectionParam = Model.getSingleton().getOptionsParam().getConnectionParam();
int idx = params.getInt(PARAM_IDX);
if (idx < 0 || idx >= connectionParam.getProxyExcludedDomains().size()) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
}
DomainMatcher oldDomain = connectionParam.getProxyExcludedDomains().get(idx);
String value = getParam(params, PARAM_VALUE, oldDomain.getValue());
if (value.isEmpty()) {
value = oldDomain.getValue();
}
DomainMatcher newDomain;
if (getParam(params, PARAM_IS_REGEX, oldDomain.isRegex())) {
newDomain = new DomainMatcher(DomainMatcher.createPattern(value));
} else {
newDomain = new DomainMatcher(value);
}
newDomain.setEnabled(getParam(params, PARAM_IS_ENABLED, oldDomain.isEnabled()));
if (!oldDomain.equals(newDomain)) {
List<DomainMatcher> domains = new ArrayList<>(connectionParam.getProxyExcludedDomains());
domains.set(idx, newDomain);
connectionParam.setProxyExcludedDomains(domains);
}
} catch (JSONException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
} catch (IllegalArgumentException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_VALUE, e);
}
} else if (ACTION_REMOVE_PROXY_CHAIN_EXCLUDED_DOMAIN.equals(name)) {
try {
ConnectionParam connectionParam = Model.getSingleton().getOptionsParam().getConnectionParam();
int idx = params.getInt(PARAM_IDX);
if (idx < 0 || idx >= connectionParam.getProxyExcludedDomains().size()) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
}
List<DomainMatcher> domains = new ArrayList<>(connectionParam.getProxyExcludedDomains());
domains.remove(idx);
connectionParam.setProxyExcludedDomains(domains);
} catch (JSONException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
}
} else if (ACTION_ENABLE_ALL_PROXY_CHAIN_EXCLUDED_DOMAINS.equals(name)) {
setProxyChainExcludedDomainsEnabled(true);
} else if (ACTION_DISABLE_ALL_PROXY_CHAIN_EXCLUDED_DOMAINS.equals(name)) {
setProxyChainExcludedDomainsEnabled(false);
} else {
throw new ApiException(ApiException.Type.BAD_ACTION);
}
return ApiResponseElement.OK;
}
Also used :
ArrayList(java.util.ArrayList)
ExtensionDynSSL(org.zaproxy.zap.extension.dynssl.ExtensionDynSSL)
HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader)
URI(org.apache.commons.httpclient.URI)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
SiteMap(org.parosproxy.paros.model.SiteMap)
List(java.util.List)
ArrayList(java.util.ArrayList)
DomainMatcher(org.zaproxy.zap.network.DomainMatcher)
ExtensionAlert(org.zaproxy.zap.extension.alert.ExtensionAlert)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
SiteNode(org.parosproxy.paros.model.SiteNode)
Path(java.nio.file.Path)
Mode(org.parosproxy.paros.control.Control.Mode)
JSONException(net.sf.json.JSONException)
IOException(java.io.IOException)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
JSONException(net.sf.json.JSONException)
IOException(java.io.IOException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Date(java.util.Date)
ConnectionParam(org.parosproxy.paros.network.ConnectionParam)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
File(java.io.File)
Session(org.parosproxy.paros.model.Session)
Example 3 with DomainMatcher
use of org.zaproxy.zap.network.DomainMatcher in project zaproxy by zaproxy.
the class OptionsParamApi method setPermittedAddresses.
/**
* Sets the client addresses that will be allowed to access the API.
*
* @param addrs the client addresses that will be allowed to access the API.
* @since TODO Add Version
*/
public void setPermittedAddresses(List<DomainMatcher> addrs) {
if (addrs == null || addrs.isEmpty()) {
((HierarchicalConfiguration) getConfig()).clearTree(ADDRESS_KEY);
this.permittedAddresses = Collections.emptyList();
this.permittedAddressesEnabled = Collections.emptyList();
return;
}
this.permittedAddresses = new ArrayList<>(addrs);
((HierarchicalConfiguration) getConfig()).clearTree(ADDRESS_KEY);
int size = addrs.size();
ArrayList<DomainMatcher> enabledAddrs = new ArrayList<>(size);
for (int i = 0; i < size; ++i) {
String elementBaseKey = ADDRESS_KEY + "(" + i + ").";
DomainMatcher addr = addrs.get(i);
getConfig().setProperty(elementBaseKey + ADDRESS_VALUE_KEY, addr.getValue());
getConfig().setProperty(elementBaseKey + ADDRESS_REGEX_KEY, Boolean.valueOf(addr.isRegex()));
getConfig().setProperty(elementBaseKey + ADDRESS_ENABLED_KEY, Boolean.valueOf(addr.isEnabled()));
if (addr.isEnabled()) {
enabledAddrs.add(addr);
}
}
enabledAddrs.trimToSize();
this.permittedAddressesEnabled = enabledAddrs;
}
Also used :
ArrayList(java.util.ArrayList)
HierarchicalConfiguration(org.apache.commons.configuration.HierarchicalConfiguration)
DomainMatcher(org.zaproxy.zap.network.DomainMatcher)
Example 4 with DomainMatcher
use of org.zaproxy.zap.network.DomainMatcher in project zaproxy by zaproxy.
the class ProxyExcludedDomainsTableModel method setExcludedDomains.
public void setExcludedDomains(List<DomainMatcher> excludedDomains) {
this.excludedDomains = new ArrayList<>(excludedDomains.size());
for (DomainMatcher excludedDomain : excludedDomains) {
this.excludedDomains.add(new DomainMatcher(excludedDomain));
}
fireTableDataChanged();
}
Also used :
DomainMatcher(org.zaproxy.zap.network.DomainMatcher)
Example 5 with DomainMatcher
use of org.zaproxy.zap.network.DomainMatcher in project zaproxy by zaproxy.
the class ConnectionParam method convertOldSkipNameOption.
private static List<DomainMatcher> convertOldSkipNameOption(String skipNames) {
if (skipNames == null || skipNames.isEmpty()) {
return Collections.emptyList();
}
ArrayList<DomainMatcher> excludedDomains = new ArrayList<>();
String[] names = skipNames.split(";");
for (String name : names) {
String excludedDomain = name.trim();
if (!excludedDomain.isEmpty()) {
if (excludedDomain.contains("*")) {
excludedDomain = excludedDomain.replace(".", "\\.").replace("*", ".*?");
try {
Pattern pattern = Pattern.compile(excludedDomain, Pattern.CASE_INSENSITIVE);
excludedDomains.add(new DomainMatcher(pattern));
} catch (IllegalArgumentException e) {
log.error("Failed to migrate the excluded domain name: " + name, e);
}
} else {
excludedDomains.add(new DomainMatcher(excludedDomain));
}
}
}
excludedDomains.trimToSize();
return excludedDomains;
}
Also used :
Pattern(java.util.regex.Pattern)
ArrayList(java.util.ArrayList)
DomainMatcher(org.zaproxy.zap.network.DomainMatcher)
Aggregations
DomainMatcher (org.zaproxy.zap.network.DomainMatcher)12
ArrayList (java.util.ArrayList)6
Pattern (java.util.regex.Pattern)5
HierarchicalConfiguration (org.apache.commons.configuration.HierarchicalConfiguration)4
ConnectionParam (org.parosproxy.paros.network.ConnectionParam)2
File (java.io.File)1
IOException (java.io.IOException)1
Path (java.nio.file.Path)1
Date (java.util.Date)1
HashMap (java.util.HashMap)1
List (java.util.List)1
PatternSyntaxException (java.util.regex.PatternSyntaxException)1
JSONException (net.sf.json.JSONException)1
JSONObject (net.sf.json.JSONObject)1
URI (org.apache.commons.httpclient.URI)1
URIException (org.apache.commons.httpclient.URIException)1
Mode (org.parosproxy.paros.control.Control.Mode)1
DatabaseException (org.parosproxy.paros.db.DatabaseException)1
Session (org.parosproxy.paros.model.Session)1
SiteMap (org.parosproxy.paros.model.SiteMap)1
