Example 91 with URI
use of org.apache.commons.httpclient.URI in project zaproxy by zaproxy.
the class SpiderDialog method save.
@Override
public void save() {
List<Object> contextSpecificObjects = new ArrayList<>();
URI startUri = null;
try {
// Always include the startUri, this has the side effect
// of handling URLs that have not been accessed
startUri = new URI(this.getStringValue(FIELD_START), true);
} catch (Exception e1) {
// Ignore - will have been checked in validateParams
}
if (this.getBoolValue(FIELD_ADVANCED)) {
// Set the advanced options
spiderParam.setMaxDepth(this.getIntValue(FIELD_MAX_DEPTH));
spiderParam.setMaxDuration(this.getIntValue(FIELD_MAX_DURATION));
spiderParam.setMaxChildren(this.getIntValue(FIELD_MAX_CHILDREN));
spiderParam.setSendRefererHeader(this.getBoolValue(FIELD_SEND_REFERER));
spiderParam.setProcessForm(this.getBoolValue(FIELD_PROCESS_FORMS));
spiderParam.setPostForm(this.getBoolValue(FIELD_POST_FORMS));
spiderParam.setParseComments(this.getBoolValue(FIELD_PARSE_COMMENTS));
spiderParam.setParseRobotsTxt(this.getBoolValue(FIELD_PARSE_ROBOTS));
spiderParam.setParseSitemapXml(this.getBoolValue(FIELD_PARSE_SITEMAP));
spiderParam.setParseSVNEntries(this.getBoolValue(FIELD_PARSE_SVN));
spiderParam.setParseGit(this.getBoolValue(FIELD_PARSE_GIT));
spiderParam.setHandleODataParametersVisited(this.getBoolValue(FIELD_HANDLE_ODATA));
spiderParam.setThreadCount(extension.getSpiderParam().getThreadCount());
contextSpecificObjects.add(spiderParam);
}
if (startUri != null) {
contextSpecificObjects.add(startUri);
if (getBoolValue(FIELD_SUBTREE_ONLY)) {
contextSpecificObjects.add(new HttpPrefixFetchFilter(startUri));
}
}
if (target == null || !this.getStringValue(FIELD_START).equals(getTargetText(target))) {
// Clear the target as it doesnt match the value entered manually
target = new Target((StructuralNode) null);
}
// Save the adv option permanently for next time
extension.getSpiderParam().setShowAdvancedDialog(this.getBoolValue(FIELD_ADVANCED));
target.setRecurse(this.getBoolValue(FIELD_RECURSE));
if (target.getContext() == null && getSelectedContext() != null) {
target.setContext(getSelectedContext());
}
subtreeOnlyPreviousCheckedState = getBoolValue(FIELD_SUBTREE_ONLY);
this.extension.startScan(target, getSelectedUser(), contextSpecificObjects.toArray());
}
Also used :
StructuralNode(org.zaproxy.zap.model.StructuralNode)
Target(org.zaproxy.zap.model.Target)
HttpPrefixFetchFilter(org.zaproxy.zap.spider.filters.HttpPrefixFetchFilter)
ArrayList(java.util.ArrayList)
URI(org.apache.commons.httpclient.URI)
Example 92 with URI
use of org.apache.commons.httpclient.URI in project zaproxy by zaproxy.
the class SpiderDialog method validateFields.
@Override
public String validateFields() {
if (Control.Mode.safe == Control.getSingleton().getMode()) {
// The dialogue shouldn't be shown when in safe mode but if it is warn.
return Constant.messages.getString("spider.custom.notSafe.error");
}
if (this.isEmptyField(FIELD_START)) {
return Constant.messages.getString("spider.custom.nostart.error");
}
boolean noStartUri = true;
if (!getStringValue(FIELD_START).equals(getTargetText(target))) {
String url = this.getStringValue(FIELD_START);
try {
// Need both constructors as they catch slightly different issues ;)
new URI(url, true);
new URL(url);
} catch (Exception e) {
return Constant.messages.getString("spider.custom.nostart.error");
}
if (Control.getSingleton().getMode() == Control.Mode.protect) {
if (!extension.isTargetUriInScope(url)) {
return Constant.messages.getString("spider.custom.targetNotInScope.error", url);
}
}
noStartUri = false;
}
if (this.target != null) {
if (!this.target.isValid()) {
return Constant.messages.getString("spider.custom.nostart.error");
}
if (Control.getSingleton().getMode() == Control.Mode.protect) {
String uri = extension.getTargetUriOutOfScope(target);
if (uri != null) {
return Constant.messages.getString("spider.custom.targetNotInScope.error", uri);
}
}
List<StructuralNode> nodes = target.getStartNodes();
if (nodes != null) {
for (StructuralNode node : nodes) {
if (node instanceof StructuralSiteNode) {
noStartUri = false;
break;
}
}
}
}
if (getBoolValue(FIELD_SUBTREE_ONLY) && noStartUri) {
return Constant.messages.getString("spider.custom.noStartSubtreeOnly.error");
}
return null;
}
Also used :
StructuralSiteNode(org.zaproxy.zap.model.StructuralSiteNode)
StructuralNode(org.zaproxy.zap.model.StructuralNode)
URI(org.apache.commons.httpclient.URI)
URL(java.net.URL)
Example 93 with URI
use of org.apache.commons.httpclient.URI in project zaproxy by zaproxy.
the class SpiderScanController method startScan.
@Override
public int startScan(String name, Target target, User user, Object[] contextSpecificObjects) {
spiderScansLock.lock();
try {
int id = this.scanIdCounter++;
SpiderParam spiderParams = extension.getSpiderParam();
List<SpiderParser> customSpiderParsers = new ArrayList<SpiderParser>();
List<FetchFilter> customFetchFilters = new ArrayList<FetchFilter>();
List<ParseFilter> customParseFilters = new ArrayList<ParseFilter>();
URI startUri = null;
if (contextSpecificObjects != null) {
for (Object obj : contextSpecificObjects) {
if (obj instanceof SpiderParam) {
log.debug("Setting custom spider params");
spiderParams = (SpiderParam) obj;
} else if (obj instanceof SpiderParser) {
customSpiderParsers.add((SpiderParser) obj);
} else if (obj instanceof FetchFilter) {
customFetchFilters.add((FetchFilter) obj);
} else if (obj instanceof ParseFilter) {
customParseFilters.add((ParseFilter) obj);
} else if (obj instanceof URI) {
startUri = (URI) obj;
} else {
log.error("Unexpected contextSpecificObject: " + obj.getClass().getCanonicalName());
}
}
}
if (spiderParams.getMaxChildren() > 0) {
// Add the filters to filter on maximum number of children
MaxChildrenFetchFilter maxChildrenFetchFilter = new MaxChildrenFetchFilter();
maxChildrenFetchFilter.setMaxChildren(spiderParams.getMaxChildren());
maxChildrenFetchFilter.setModel(extension.getModel());
MaxChildrenParseFilter maxChildrenParseFilter = new MaxChildrenParseFilter();
maxChildrenParseFilter.setMaxChildren(spiderParams.getMaxChildren());
maxChildrenParseFilter.setModel(extension.getModel());
customFetchFilters.add(maxChildrenFetchFilter);
customParseFilters.add(maxChildrenParseFilter);
}
SpiderScan scan = new SpiderScan(extension, spiderParams, target, startUri, user, id, name);
scan.setCustomSpiderParsers(customSpiderParsers);
scan.setCustomFetchFilters(customFetchFilters);
scan.setCustomParseFilters(customParseFilters);
this.spiderScanMap.put(id, scan);
this.spiderScanList.add(scan);
scan.start();
return id;
} finally {
spiderScansLock.unlock();
}
}
Also used :
MaxChildrenParseFilter(org.zaproxy.zap.spider.filters.MaxChildrenParseFilter)
ParseFilter(org.zaproxy.zap.spider.filters.ParseFilter)
MaxChildrenParseFilter(org.zaproxy.zap.spider.filters.MaxChildrenParseFilter)
MaxChildrenFetchFilter(org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter)
ArrayList(java.util.ArrayList)
SpiderParam(org.zaproxy.zap.spider.SpiderParam)
SpiderParser(org.zaproxy.zap.spider.parser.SpiderParser)
URI(org.apache.commons.httpclient.URI)
FetchFilter(org.zaproxy.zap.spider.filters.FetchFilter)
MaxChildrenFetchFilter(org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter)
Example 94 with URI
use of org.apache.commons.httpclient.URI in project zaproxy by zaproxy.
the class ManualHttpRequestEditorDialog method setDefaultMessage.
@Override
public void setDefaultMessage() {
HttpMessage msg = new HttpMessage();
try {
URI uri = new URI("http://www.any_domain_name.org/path", true);
msg.setRequestHeader(new HttpRequestHeader(HttpRequestHeader.GET, uri, HttpHeader.HTTP10, Model.getSingleton().getOptionsParam().getConnectionParam()));
setMessage(msg);
} catch (HttpMalformedHeaderException e) {
logger.error(e.getMessage(), e);
} catch (URIException e) {
logger.error(e.getMessage(), e);
}
}
Also used :
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader)
URI(org.apache.commons.httpclient.URI)
Example 95 with URI
use of org.apache.commons.httpclient.URI in project zaproxy by zaproxy.
the class SiteNodeStringComparator method addPath.
/**
* Add the HistoryReference with the corresponding HttpMessage into the SiteMap.
* This method saves the msg to be read from the reference table. Use
* this method if the HttpMessage is known.
* Note that this method must only be called on the EventDispatchThread
* @param msg
* @return
*/
public SiteNode addPath(HistoryReference ref, HttpMessage msg) {
if (Constant.isLowMemoryOptionSet()) {
throw new InvalidParameterException("SiteMap should not be accessed when the low memory option is set");
}
if (View.isInitialised() && Constant.isDevBuild() && !EventQueue.isDispatchThread()) {
// In developer mode log an error if we're not on the EDT
// Adding to the site tree on GUI ('initial') threads causes problems
log.error("SiteMap.addPath not on EDT " + Thread.currentThread().getName(), new Exception());
}
URI uri = msg.getRequestHeader().getURI();
log.debug("addPath " + uri.toString());
SiteNode parent = (SiteNode) getRoot();
SiteNode leaf = null;
String folder = "";
try {
String host = getHostName(uri);
// add host
parent = findAndAddChild(parent, host, ref, msg);
List<String> path = model.getSession().getTreePath(msg);
for (int i = 0; i < path.size(); i++) {
folder = path.get(i);
if (folder != null && !folder.equals("")) {
if (i == path.size() - 1) {
leaf = findAndAddLeaf(parent, folder, ref, msg);
ref.setSiteNode(leaf);
} else {
parent = findAndAddChild(parent, folder, ref, msg);
}
}
}
if (leaf == null) {
// No leaf found, which means the parent was really the leaf
// The parent will have been added with a 'blank' href, so replace it with the real one
parent.setHistoryReference(ref);
leaf = parent;
}
} catch (Exception e) {
// ZAP: Added error
log.error("Exception adding " + uri.toString() + " " + e.getMessage(), e);
}
if (hrefMap.get(ref.getHistoryId()) == null) {
hrefMap.put(ref.getHistoryId(), leaf);
}
return leaf;
}
Also used :
InvalidParameterException(java.security.InvalidParameterException)
URI(org.apache.commons.httpclient.URI)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
InvalidParameterException(java.security.InvalidParameterException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Aggregations
URI (org.apache.commons.httpclient.URI)129
Test (org.junit.Test)72
FetchStatus (org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus)33
URIException (org.apache.commons.httpclient.URIException)28
HttpMessage (org.parosproxy.paros.network.HttpMessage)10
ArrayList (java.util.ArrayList)9
HttpRequestHeader (org.parosproxy.paros.network.HttpRequestHeader)8
DatabaseException (org.parosproxy.paros.db.DatabaseException)7
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)6
HandleParametersOption (org.zaproxy.zap.spider.SpiderParam.HandleParametersOption)6
IOException (java.io.IOException)5
Header (org.apache.commons.httpclient.Header)4
InvalidParameterException (java.security.InvalidParameterException)3
Matcher (java.util.regex.Matcher)3
Pattern (java.util.regex.Pattern)3
PatternSyntaxException (java.util.regex.PatternSyntaxException)3
JSONException (net.sf.json.JSONException)3
StructuralNode (org.zaproxy.zap.model.StructuralNode)3
File (java.io.File)2
List (java.util.List)2
