Example 6 with Element
use of net.htmlparser.jericho.Element in project CFLint by cflint.
the class CFLint method process.
private void process(final CFScriptStatement expression, Context context) {
if (expression == null) {
return;
}
if (expression != null && expression.getToken() != null) {
List<Object> checkItem = Arrays.asList(expression, expression.getToken());
if (processed.contains(checkItem)) {
System.err.println("Attempt to process expression twice aborted. This may be a parsing bug in " + context.getFilename() + " : " + (expression.getToken() != null ? expression.getToken().getLine() : ""));
return;
}
processed.add(checkItem);
}
final Element elem = context.getElement();
try {
if (expression instanceof CFCompoundStatement) {
scanExpression(expression, context, elem);
for (final CFScriptStatement statement : ((CFCompoundStatement) expression).getStatements()) {
process(statement, context);
}
} else if (expression instanceof CFExpressionStatement) {
scanExpression(expression, context, elem);
process(((CFExpressionStatement) expression).getExpression(), elem, context);
} else if (expression instanceof CFPropertyStatement) {
try {
//TODO fix this to use getPropertyName() when it is available and not null.
Field field = CFPropertyStatement.class.getDeclaredField("propertyName");
field.setAccessible(true);
CFExpression value = (CFExpression) field.get(expression);
if (value == null) {
for (Entry<CFIdentifier, CFExpression> entry : ((CFPropertyStatement) expression).getAttributes().entrySet()) {
if ("name".equals(entry.getKey().getName())) {
value = entry.getValue();
}
}
}
String name = value.Decompile(0);
handler.addVariable(name.substring(1, name.length() - 1));
} catch (Exception e) {
e.printStackTrace();
}
scanExpression(expression, context, elem);
// for(CFExpression expr: ((CFPropertyStatement) expression).decomposeExpression()){
// process(expr, elem, context);
// }
} else if (expression instanceof CFCompDeclStatement) {
CFCompDeclStatement compDeclStatement = (CFCompDeclStatement) expression;
final Context componentContext = context.subContext(null);
componentContext.setInComponent(true);
componentContext.setContextType(ContextType.Component);
for (Entry<CFExpression, CFExpression> entry : compDeclStatement.getAttributes().entrySet()) {
if (entry.getKey() != null && entry.getKey().Decompile(0).equalsIgnoreCase("name")) {
componentContext.setComponentName(entry.getValue().Decompile(0));
}
}
// componentContext.setComponentName(compDeclStatement.get); //
// TODO
// Register any overrides from multi-line comments.
registerRuleOverrides(componentContext, expression.getToken());
// do startComponent notifications
doStructureStart(elem, componentContext, expression.getClass());
scanExpression(compDeclStatement, componentContext, elem);
// process the component declaration
if (compDeclStatement.getBody() instanceof CFCompoundStatement) {
//Process property expressions first
for (CFScriptStatement subscript : compDeclStatement.getBody().decomposeScript()) {
if (subscript instanceof CFPropertyStatement) {
process(subscript, componentContext);
}
}
for (CFScriptStatement subscript : compDeclStatement.getBody().decomposeScript()) {
if (!(subscript instanceof CFPropertyStatement)) {
process(subscript, componentContext);
}
}
} else {
process(compDeclStatement.getBody(), componentContext);
}
// do endComponent notifications
for (final CFLintStructureListener structurePlugin : getStructureListeners(extensions)) {
try {
structurePlugin.endComponent(componentContext, bugs);
for (final ContextMessage message : componentContext.getMessages()) {
reportRule(elem, null, componentContext, (CFLintScanner) structurePlugin, message);
}
componentContext.getMessages().clear();
} catch (final Exception e) {
printException(e);
fireCFLintException(e, PARSE_ERROR, context.getFilename(), null, null, null, null);
}
}
} else if (expression instanceof CFForStatement) {
scanExpression(expression, context, elem);
process(((CFForStatement) expression).getInit(), elem, context);
process(((CFForStatement) expression).getCond(), elem, context);
process(((CFForStatement) expression).getNext(), elem, context);
process(((CFForStatement) expression).getBody(), context);
} else if (expression instanceof CFForInStatement) {
scanExpression(expression, context, elem);
process(((CFForInStatement) expression).getVariable(), elem, context);
process(((CFForInStatement) expression).getStructure(), elem, context);
process(((CFForInStatement) expression).getBody(), context);
} else if (expression instanceof CFIfStatement) {
scanExpression(expression, context, elem);
final CFIfStatement cfif = (CFIfStatement) expression;
process(cfif.getCond(), elem, context);
process(cfif.getThenStatement(), context);
process(cfif.getElseStatement(), context);
} else if (expression instanceof CFSwitchStatement) {
scanExpression(expression, context, elem);
final CFSwitchStatement cfswitch = (CFSwitchStatement) expression;
process(cfswitch.getVariable(), elem, context);
for (CFCase _case : cfswitch.getCases()) {
process(_case, context);
}
} else if (expression instanceof CFCase) {
scanExpression(expression, context, elem);
final CFCase cfcase = (CFCase) expression;
for (CFScriptStatement cfstatement : cfcase.getStatements()) {
process(cfstatement, context);
}
} else if (expression instanceof CFTryCatchStatement) {
scanExpression(expression, context, elem);
final CFTryCatchStatement cftry = (CFTryCatchStatement) expression;
process(cftry.getBody(), context);
for (CFCatchStatement stmt : cftry.getCatchStatements()) {
process(stmt.getCatchBody(), context);
}
process(cftry.getFinallyStatement(), context);
} else if (expression instanceof CFReturnStatement) {
scanExpression(expression, context, elem);
final CFReturnStatement cfreturn = (CFReturnStatement) expression;
final CFExpression subExpression = cfreturn.getExpression();
process(subExpression, elem, context);
} else if (expression instanceof CFFuncDeclStatement) {
final CFFuncDeclStatement function = (CFFuncDeclStatement) expression;
final Context functionContext = context.subContext(null);
functionContext.setContextType(ContextType.Function);
functionContext.setFunctionInfo(function);
registerRuleOverrides(functionContext, function.getToken());
handler.push("function");
for (final CFFunctionParameter param : function.getFormals()) {
handler.addArgument(param.getName());
}
doStructureStart(elem, functionContext, CFFuncDeclStatement.class);
scanExpression(expression, functionContext, elem);
Context functionBodyContext = functionContext.subContext(null);
process(function.getBody(), functionBodyContext);
for (final CFLintStructureListener structurePlugin : getStructureListeners(extensions)) {
try {
structurePlugin.endFunction(functionContext, bugs);
for (final ContextMessage message : functionContext.getMessages()) {
reportRule(elem, null, functionContext, (CFLintScanner) structurePlugin, message);
}
functionContext.getMessages().clear();
} catch (final Exception e) {
printException(e);
fireCFLintException(e, PARSE_ERROR, context.getFilename(), null, null, null, null);
}
}
handler.pop();
} else {
scanExpression(expression, context, elem);
}
} catch (final StackOverflowError soe) {
System.err.println("Stack overflow in " + context.getFilename());
final int line = context.startLine();
fireCFLintException(soe, PARSE_ERROR, context.getFilename(), line, 1, "", "Stack overflow on " + expression.getClass());
}
// Process any messages added by downstream parsing.
for (final ContextMessage message : context.getMessages()) {
reportRule(elem, null, context, message.getSource(), message);
}
context.getMessages().clear();
}
Also used :
CFFuncDeclStatement(cfml.parsing.cfscript.script.CFFuncDeclStatement)
CFReturnStatement(cfml.parsing.cfscript.script.CFReturnStatement)
Element(net.htmlparser.jericho.Element)
CFFunctionParameter(cfml.parsing.cfscript.script.CFFunctionParameter)
CFPropertyStatement(cfml.parsing.cfscript.script.CFPropertyStatement)
CFIdentifier(cfml.parsing.cfscript.CFIdentifier)
CFExpression(cfml.parsing.cfscript.CFExpression)
CFForStatement(cfml.parsing.cfscript.script.CFForStatement)
Field(java.lang.reflect.Field)
Entry(java.util.Map.Entry)
Context(com.cflint.plugins.Context)
CFCompoundStatement(cfml.parsing.cfscript.script.CFCompoundStatement)
CFLintScanner(com.cflint.plugins.CFLintScanner)
CFCompDeclStatement(cfml.parsing.cfscript.script.CFCompDeclStatement)
RecognitionException(org.antlr.runtime.RecognitionException)
ParseException(cfml.parsing.reporting.ParseException)
IOException(java.io.IOException)
CFIfStatement(cfml.parsing.cfscript.script.CFIfStatement)
CFTryCatchStatement(cfml.parsing.cfscript.script.CFTryCatchStatement)
CFForInStatement(cfml.parsing.cfscript.script.CFForInStatement)
ContextMessage(com.cflint.plugins.Context.ContextMessage)
CFScriptStatement(cfml.parsing.cfscript.script.CFScriptStatement)
CFSwitchStatement(cfml.parsing.cfscript.script.CFSwitchStatement)
CFCatchStatement(cfml.parsing.cfscript.script.CFCatchStatement)
CFCase(cfml.parsing.cfscript.script.CFCase)
CFExpressionStatement(cfml.parsing.cfscript.script.CFExpressionStatement)
CFLintStructureListener(com.cflint.plugins.CFLintStructureListener)
Example 7 with Element
use of net.htmlparser.jericho.Element in project CFLint by cflint.
the class NestedCFOutput method element.
@Override
public void element(final Element element, final Context context, final BugList bugs) {
if (element.getName().equals(CFOUTPUT)) {
final Element parent = CFTool.getNamedParent(element, CFOUTPUT);
if (parent != null) {
if (parent.getAttributeValue("group") == null && anyContainingCFOutputHasQuery(parent)) {
element.getSource().getRow(element.getBegin());
element.getSource().getColumn(element.getBegin());
context.addMessage("NESTED_CFOUTPUT", "");
}
}
}
}
Also used :
Element(net.htmlparser.jericho.Element)
Example 8 with Element
use of net.htmlparser.jericho.Element in project zaproxy by zaproxy.
the class ExtensionAntiCSRF method getTokenValue.
public String getTokenValue(HttpMessage tokenMsg, String tokenName) {
String response = tokenMsg.getResponseHeader().toString() + tokenMsg.getResponseBody().toString();
Source source = new Source(response);
List<Element> formElements = source.getAllElements(HTMLElementName.FORM);
if (formElements != null && formElements.size() > 0) {
for (Element formElement : formElements) {
List<Element> inputElements = formElement.getAllElements(HTMLElementName.INPUT);
if (inputElements != null && inputElements.size() > 0) {
// Loop through all of the INPUT elements
for (Element inputElement : inputElements) {
String id = inputElement.getAttributeValue("ID");
if (id != null && id.equalsIgnoreCase(tokenName)) {
return inputElement.getAttributeValue("VALUE");
}
String name = inputElement.getAttributeValue("NAME");
if (name != null && name.equalsIgnoreCase(tokenName)) {
return inputElement.getAttributeValue("VALUE");
}
}
}
}
}
return null;
}Example 9 with Element
use of net.htmlparser.jericho.Element in project zaproxy by zaproxy.
the class SpiderHtmlFormParser method parseResource.
@Override
public boolean parseResource(HttpMessage message, Source source, int depth) {
log.debug("Parsing an HTML message for forms...");
// If form processing is disabled, don't parse anything
if (!param.isProcessForm()) {
return false;
}
// Prepare the source, if not provided
if (source == null) {
source = new Source(message.getResponseBody().toString());
}
// Get the context (base url)
String baseURL = message.getRequestHeader().getURI().toString();
uri = message.getRequestHeader().getURI();
// Try to see if there's any BASE tag that could change the base URL
Element base = source.getFirstElement(HTMLElementName.BASE);
if (base != null) {
if (log.isDebugEnabled()) {
log.debug("Base tag was found in HTML: " + base.getDebugInfo());
}
String href = base.getAttributeValue("href");
if (href != null && !href.isEmpty()) {
baseURL = URLCanonicalizer.getCanonicalURL(href, baseURL);
}
}
// Go through the forms
List<Element> forms = source.getAllElements(HTMLElementName.FORM);
for (Element form : forms) {
//Clear the attributes for each form and store their key and values
envAttributes.clear();
for (Attribute att : form.getAttributes()) {
envAttributes.put(att.getKey(), att.getValue());
}
// Get method and action
String method = form.getAttributeValue("method");
String action = form.getAttributeValue("action");
log.debug("Found new form with method: '" + method + "' and action: " + action);
// If no action, skip the form
if (action == null) {
log.debug("No form 'action' defined. Using base URL: " + baseURL);
action = baseURL;
}
// If POSTing forms is not enabled, skip processing of forms with POST method
if (!param.isPostForm() && method != null && method.trim().equalsIgnoreCase(METHOD_POST)) {
log.debug("Skipping form with POST method because of user settings.");
continue;
}
// Clear the fragment, if any, as it does not have any relevance for the server
if (action.contains("#")) {
int fs = action.lastIndexOf("#");
action = action.substring(0, fs);
}
url = URLCanonicalizer.getCanonicalURL(action, baseURL);
FormData formData = prepareFormDataSet(form.getFormFields());
// Process the case of a POST method
if (method != null && method.trim().equalsIgnoreCase(METHOD_POST)) {
// Build the absolute canonical URL
String fullURL = URLCanonicalizer.getCanonicalURL(action, baseURL);
if (fullURL == null) {
return false;
}
log.debug("Canonical URL constructed using '" + action + "': " + fullURL);
/*
* Ignore encoding, as we will not POST files anyway, so using
* "application/x-www-form-urlencoded" is adequate
*/
// String encoding = form.getAttributeValue("enctype");
// if (encoding != null && encoding.equals("multipart/form-data"))
String baseRequestBody = buildEncodedUrlQuery(formData.getFields());
if (formData.getSubmitFields().isEmpty()) {
notifyPostResourceFound(message, depth, fullURL, baseRequestBody);
continue;
}
for (HtmlParameter submitField : formData.getSubmitFields()) {
notifyPostResourceFound(message, depth, fullURL, appendEncodedUrlQueryParameter(baseRequestBody, submitField));
}
} else // Process anything else as a GET method
{
// Process the final URL
if (action.contains("?")) {
if (action.endsWith("?")) {
processGetForm(message, depth, action, baseURL, formData);
} else {
processGetForm(message, depth, action + "&", baseURL, formData);
}
} else {
processGetForm(message, depth, action + "?", baseURL, formData);
}
}
}
return false;
}
Also used :
Attribute(net.htmlparser.jericho.Attribute)
Element(net.htmlparser.jericho.Element)
HtmlParameter(org.parosproxy.paros.network.HtmlParameter)
Source(net.htmlparser.jericho.Source)
Example 10 with Element
use of net.htmlparser.jericho.Element in project CFLint by cflint.
the class CFLint method process.
public void process(final String src, final String filename) throws ParseException, IOException {
fireStartedProcessing(filename);
final CFMLSource cfmlSource = new CFMLSource(src != null && src.contains("<!---") ? CommentReformatting.wrap(src) : src);
final ParserTag firstTag = getFirstTagQuietly(cfmlSource);
final List<Element> elements = new ArrayList<Element>();
if (firstTag != null) {
elements.addAll(cfmlSource.getChildElements());
}
if (src.contains("component") && (elements.isEmpty() || elements.get(0).getBegin() > src.indexOf("component"))) {
// Check if pure cfscript
final CFScriptStatement scriptStatement = cfmlParser.parseScript(src);
Context context = new Context(filename, null, null, false, handler, scriptStatement.getTokens());
process(scriptStatement, context);
} else {
processStack(elements, " ", filename, null);
}
fireFinishedProcessing(filename);
}
Also used :
Context(com.cflint.plugins.Context)
CFMLSource(cfml.parsing.CFMLSource)
CFScriptStatement(cfml.parsing.cfscript.script.CFScriptStatement)
ParserTag(cfml.parsing.ParserTag)
Element(net.htmlparser.jericho.Element)
ArrayList(java.util.ArrayList)
Aggregations
Element (net.htmlparser.jericho.Element)12
Context (com.cflint.plugins.Context)4
ArrayList (java.util.ArrayList)3
Matcher (java.util.regex.Matcher)3
Source (net.htmlparser.jericho.Source)3
CFScriptStatement (cfml.parsing.cfscript.script.CFScriptStatement)2
Attribute (net.htmlparser.jericho.Attribute)2
CFMLSource (cfml.parsing.CFMLSource)1
ParserTag (cfml.parsing.ParserTag)1
CFExpression (cfml.parsing.cfscript.CFExpression)1
CFIdentifier (cfml.parsing.cfscript.CFIdentifier)1
CFCase (cfml.parsing.cfscript.script.CFCase)1
CFCatchStatement (cfml.parsing.cfscript.script.CFCatchStatement)1
CFCompDeclStatement (cfml.parsing.cfscript.script.CFCompDeclStatement)1
CFCompoundStatement (cfml.parsing.cfscript.script.CFCompoundStatement)1
CFExpressionStatement (cfml.parsing.cfscript.script.CFExpressionStatement)1
CFForInStatement (cfml.parsing.cfscript.script.CFForInStatement)1
CFForStatement (cfml.parsing.cfscript.script.CFForStatement)1
CFFuncDeclStatement (cfml.parsing.cfscript.script.CFFuncDeclStatement)1
CFFunctionParameter (cfml.parsing.cfscript.script.CFFunctionParameter)1
