Example 46 with URIException
use of org.apache.commons.httpclient.URIException in project zaproxy by zaproxy.
the class CoreAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result = null;
Model model = Model.getSingleton();
Session session = model.getSession();
if (VIEW_HOSTS.equals(name)) {
result = new ApiResponseList(name);
SiteNode root = session.getSiteTree().getRoot();
@SuppressWarnings("unchecked") Enumeration<TreeNode> en = root.children();
while (en.hasMoreElements()) {
String site = ((SiteNode) en.nextElement()).getNodeName();
if (site.indexOf("//") >= 0) {
site = site.substring(site.indexOf("//") + 2);
}
if (site.indexOf(":") >= 0) {
site = site.substring(0, site.indexOf(":"));
}
((ApiResponseList) result).addItem(new ApiResponseElement("host", site));
}
} else if (VIEW_SITES.equals(name)) {
ApiResponseList sitesList = new ApiResponseList(name);
StructuralNode root = SessionStructure.getRootNode(model);
if (root != null) {
for (Iterator<StructuralNode> it = root.getChildIterator(); it.hasNext(); ) {
sitesList.addItem(new ApiResponseElement("site", it.next().getName()));
}
}
result = sitesList;
} else if (VIEW_URLS.equals(name)) {
result = new ApiResponseList(name);
SiteNode root = session.getSiteTree().getRoot();
addUrlsToList(getParam(params, PARAM_BASE_URL, ""), root, new HashSet<>(), (ApiResponseList) result);
} else if (VIEW_CHILD_NODES.equals(name)) {
StructuralNode node;
String url = this.getParam(params, PARAM_URL, "");
if (url.trim().length() == 0) {
node = SessionStructure.getRootNode(model);
} else {
try {
node = SessionStructure.find(Model.getSingleton(), new URI(url, false), null, null);
} catch (URIException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e);
} catch (DatabaseException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e);
}
}
if (node == null) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_URL);
}
result = new ApiResponseList(name);
Iterator<StructuralNode> iter = node.getChildIterator();
while (iter.hasNext()) {
((ApiResponseList) result).addItem(structuralNodeToResponse(iter.next()));
}
} else if (VIEW_ALERT.equals(name)) {
return API.getInstance().getImplementors().get(AlertAPI.PREFIX).handleApiView(name, params);
} else if (VIEW_ALERTS.equals(name)) {
return API.getInstance().getImplementors().get(AlertAPI.PREFIX).handleApiView(name, params);
} else if (VIEW_NUMBER_OF_ALERTS.equals(name)) {
return API.getInstance().getImplementors().get(AlertAPI.PREFIX).handleApiView(name, params);
} else if (VIEW_ALERTS_SUMMARY.equals(name)) {
return API.getInstance().getImplementors().get(AlertAPI.PREFIX).handleApiView(name, params);
} else if (VIEW_MESSAGE.equals(name)) {
TableHistory tableHistory = Model.getSingleton().getDb().getTableHistory();
RecordHistory recordHistory = getRecordHistory(tableHistory, getParam(params, PARAM_ID, -1));
result = new ApiResponseElement(ApiResponseConversionUtils.httpMessageToSet(recordHistory.getHistoryId(), recordHistory.getHistoryType(), recordHistory.getHttpMessage()));
} else if (VIEW_MESSAGES.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
processHttpMessages(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), new Processor<RecordHistory>() {
@Override
public void process(RecordHistory recordHistory) {
resultList.addItem(ApiResponseConversionUtils.httpMessageToSet(recordHistory.getHistoryId(), recordHistory.getHistoryType(), recordHistory.getHttpMessage()));
}
});
result = resultList;
} else if (VIEW_NUMBER_OF_MESSAGES.equals(name)) {
CounterProcessor<RecordHistory> counter = new CounterProcessor<>();
processHttpMessages(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), counter);
result = new ApiResponseElement(name, Integer.toString(counter.getCount()));
} else if (VIEW_MESSAGES_BY_ID.equals(name)) {
ApiResponseList resultList = new ApiResponseList(name);
TableHistory tableHistory = Model.getSingleton().getDb().getTableHistory();
for (Integer id : getIds(params)) {
RecordHistory recordHistory = getRecordHistory(tableHistory, id);
resultList.addItem(ApiResponseConversionUtils.httpMessageToSet(recordHistory.getHistoryId(), recordHistory.getHistoryType(), recordHistory.getHttpMessage()));
}
result = resultList;
} else if (VIEW_MODE.equals(name)) {
result = new ApiResponseElement(name, Control.getSingleton().getMode().name());
} else if (VIEW_VERSION.equals(name)) {
result = new ApiResponseElement(name, Constant.PROGRAM_VERSION);
} else if (VIEW_EXCLUDED_FROM_PROXY.equals(name)) {
result = new ApiResponseList(name);
List<String> regexs = session.getExcludeFromProxyRegexs();
for (String regex : regexs) {
((ApiResponseList) result).addItem(new ApiResponseElement("regex", regex));
}
} else if (VIEW_HOME_DIRECTORY.equals(name)) {
result = new ApiResponseElement(name, Model.getSingleton().getOptionsParam().getUserDirectory().getAbsolutePath());
} else if (VIEW_SESSION_LOCATION.equals(name)) {
result = new ApiResponseElement(name, session.getFileName());
} else if (VIEW_PROXY_CHAIN_EXCLUDED_DOMAINS.equals(name) || VIEW_OPTION_PROXY_EXCLUDED_DOMAINS.equals(name) || VIEW_OPTION_PROXY_CHAIN_SKIP_NAME.equals(name)) {
result = proxyChainExcludedDomainsToApiResponseList(name, Model.getSingleton().getOptionsParam().getConnectionParam().getProxyExcludedDomains(), false);
} else if (VIEW_OPTION_PROXY_EXCLUDED_DOMAINS_ENABLED.equals(name)) {
result = proxyChainExcludedDomainsToApiResponseList(name, Model.getSingleton().getOptionsParam().getConnectionParam().getProxyExcludedDomains(), true);
} else if (VIEW_ZAP_HOME_PATH.equals(name)) {
result = new ApiResponseElement(name, Constant.getZapHome());
} else if (VIEW_OPTION_MAXIMUM_ALERT_INSTANCES.equals(name)) {
result = new ApiResponseElement(name, String.valueOf(getAlertParam(ApiException.Type.BAD_VIEW).getMaximumInstances()));
} else if (VIEW_OPTION_MERGE_RELATED_ALERTS.equals(name)) {
result = new ApiResponseElement(name, String.valueOf(getAlertParam(ApiException.Type.BAD_VIEW).isMergeRelatedIssues()));
} else if (VIEW_OPTION_ALERT_OVERRIDES_FILE_PATH.equals(name)) {
result = new ApiResponseElement(name, getAlertParam(ApiException.Type.BAD_VIEW).getOverridesFilename());
} else {
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
Also used :
StructuralNode(org.zaproxy.zap.model.StructuralNode)
URI(org.apache.commons.httpclient.URI)
URIException(org.apache.commons.httpclient.URIException)
TreeNode(javax.swing.tree.TreeNode)
Model(org.parosproxy.paros.model.Model)
Iterator(java.util.Iterator)
TableHistory(org.parosproxy.paros.db.TableHistory)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
RecordHistory(org.parosproxy.paros.db.RecordHistory)
Session(org.parosproxy.paros.model.Session)
SiteNode(org.parosproxy.paros.model.SiteNode)
Example 47 with URIException
use of org.apache.commons.httpclient.URIException in project zaproxy by zaproxy.
the class Analyser method isFileExist.
public boolean isFileExist(HttpMessage msg) {
if (msg.getResponseHeader().isEmpty()) {
return false;
}
// RFC
if (msg.getResponseHeader().getStatusCode() == HttpStatusCode.NOT_FOUND) {
return false;
}
// ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient
URI uri = null;
String sUri = null;
try {
uri = (URI) msg.getRequestHeader().getURI().clone();
// strip off last part of path - use folder only
uri.setQuery(null);
String path = uri.getPath();
path = path.replaceAll("/[^/]*$", "");
uri.setPath(path);
} catch (Exception e) {
} finally {
if (uri != null) {
sUri = uri.toString();
}
}
// get sample with same relative path position when possible.
// if not exist, use the host only
// ZAP: Removed unnecessary cast.
SampleResponse sample = mapVisited.get(sUri);
if (sample == null) {
try {
uri.setPath(null);
} catch (URIException e2) {
}
String sHostOnly = uri.toString();
// ZAP: Removed unnecessary cast.
sample = mapVisited.get(sHostOnly);
}
// check if any analysed result.
if (sample == null) {
if (msg.getResponseHeader().getStatusCode() == HttpStatusCode.OK) {
// no analysed result to confirm, assume file exist and return
return true;
} else {
return false;
}
}
// check for redirect response. If redirect to same location, then file does not exist
if (HttpStatusCode.isRedirection(msg.getResponseHeader().getStatusCode())) {
try {
if (sample.getMessage().getResponseHeader().getStatusCode() == msg.getResponseHeader().getStatusCode()) {
String location = msg.getResponseHeader().getHeader(HttpHeader.LOCATION);
if (location != null && location.equals(sample.getMessage().getResponseHeader().getHeader(HttpHeader.LOCATION))) {
return false;
}
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
return true;
}
// Not success code
if (msg.getResponseHeader().getStatusCode() != HttpStatusCode.OK) {
return false;
}
// remain only OK response here
// nothing more to determine. Check for possible not found page pattern.
Matcher matcher = patternNotFound.matcher(msg.getResponseBody().toString());
if (matcher.find()) {
return false;
}
// static response
String body = msg.getResponseBody().toString().replaceAll(p_REMOVE_HEADER, "");
if (sample.getErrorPageType() == SampleResponse.ERROR_PAGE_STATIC) {
try {
if (sample.getMessage().getResponseBody().toString().equals(body)) {
return false;
}
} catch (HttpMalformedHeaderException | DatabaseException e) {
logger.error("Failed to read the message: " + e.getMessage(), e);
}
return true;
}
uri = msg.getRequestHeader().getURI();
try {
if (sample.getErrorPageType() == SampleResponse.ERROR_PAGE_DYNAMIC_BUT_DETERMINISTIC) {
body = msg.getResponseBody().toString().replaceAll(getPathRegex(uri), "").replaceAll("\\s[012]\\d:[0-5]\\d:[0-5]\\d\\s", "");
// ZAP: FindBugs fix - added call to HttpBody.toString()
if (sample.getMessage().getResponseBody().toString().equals(body)) {
return false;
}
return true;
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
return true;
}
Also used :
URIException(org.apache.commons.httpclient.URIException)
Matcher(java.util.regex.Matcher)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
URI(org.apache.commons.httpclient.URI)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
IOException(java.io.IOException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
HttpException(org.apache.commons.httpclient.HttpException)
Example 48 with URIException
use of org.apache.commons.httpclient.URIException in project zaproxy by zaproxy.
the class VariantURLPath method setParameter.
private String setParameter(HttpMessage msg, NameValuePair originalPair, String name, String value, boolean escaped) {
try {
URI uri = msg.getRequestHeader().getURI();
int position = originalPair.getPosition();
if (position < segments.length) {
String encodedValue = escaped ? value : encode(value);
String originalValue = segments[position];
segments[position] = encodedValue;
String path = StringUtils.join(segments, "/");
segments[position] = originalValue;
try {
uri.setEscapedPath(path);
} catch (URIException e) {
// Looks like it wasn't escaped after all
uri.setPath(path);
}
}
} catch (URIException e) {
LOGGER.error(e.getMessage(), e);
}
return value;
}
Also used :
URIException(org.apache.commons.httpclient.URIException)
URI(org.apache.commons.httpclient.URI)
Example 49 with URIException
use of org.apache.commons.httpclient.URIException in project zaproxy by zaproxy.
the class ManualHttpRequestEditorDialog method setDefaultMessage.
@Override
public void setDefaultMessage() {
HttpMessage msg = new HttpMessage();
try {
URI uri = new URI("http://www.any_domain_name.org/path", true);
msg.setRequestHeader(new HttpRequestHeader(HttpRequestHeader.GET, uri, HttpHeader.HTTP11));
setMessage(msg);
} catch (HttpMalformedHeaderException e) {
logger.error(e.getMessage(), e);
} catch (URIException e) {
logger.error(e.getMessage(), e);
}
}
Also used :
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader)
URI(org.apache.commons.httpclient.URI)
Example 50 with URIException
use of org.apache.commons.httpclient.URIException in project zaproxy by zaproxy.
the class SpiderController method resourceFound.
@Override
public void resourceFound(SpiderResourceFound resourceFound) {
log.debug("New {} resource found: {}", resourceFound.getMethod(), resourceFound.getUri());
// Create the uri
URI uriV = createURI(resourceFound.getUri());
if (uriV == null) {
return;
}
// Check if the resource was processed already
String resourceIdentifier = "";
try {
resourceIdentifier = buildCanonicalResourceIdentifier(uriV, resourceFound);
} catch (URIException e) {
return;
}
synchronized (visitedResources) {
if (visitedResources.contains(resourceIdentifier)) {
log.debug("Resource already visited: {}", resourceIdentifier.trim());
return;
} else {
visitedResources.add(resourceIdentifier);
}
}
// Check if any of the filters disallows this uri
for (FetchFilter f : fetchFilters) {
FetchStatus s = f.checkFilter(uriV);
if (s != FetchStatus.VALID) {
log.debug("URI: " + uriV + " was filtered by a filter with reason: " + s);
spider.notifyListenersFoundURI(resourceFound.getUri(), resourceFound.getMethod(), s);
return;
}
}
// Check if resource should be ignored and not fetched
if (resourceFound.isShouldIgnore()) {
log.debug("URI: " + uriV + " is valid, but will not be fetched, by parser recommendation.");
spider.notifyListenersFoundURI(resourceFound.getUri(), resourceFound.getMethod(), FetchStatus.VALID);
return;
}
spider.notifyListenersFoundURI(resourceFound.getUri(), resourceFound.getMethod(), FetchStatus.VALID);
// Submit the task
SpiderTask task = new SpiderTask(spider, resourceFound, uriV);
spider.submitTask(task);
}
Also used :
URIException(org.apache.commons.httpclient.URIException)
FetchFilter(org.zaproxy.zap.spider.filters.FetchFilter)
URI(org.apache.commons.httpclient.URI)
FetchStatus(org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus)
Aggregations
URIException (org.apache.commons.httpclient.URIException)52
URI (org.apache.commons.httpclient.URI)31
IOException (java.io.IOException)9
HttpMethod (org.apache.commons.httpclient.HttpMethod)8
Header (org.apache.commons.httpclient.Header)7
HttpClient (org.apache.commons.httpclient.HttpClient)6
ArrayList (java.util.ArrayList)5
Matcher (java.util.regex.Matcher)5
EntityEnclosingMethod (org.apache.commons.httpclient.methods.EntityEnclosingMethod)5
GetMethod (org.apache.commons.httpclient.methods.GetMethod)5
DatabaseException (org.parosproxy.paros.db.DatabaseException)5
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)4
BufferedReader (java.io.BufferedReader)3
File (java.io.File)3
InputStreamReader (java.io.InputStreamReader)3
PatternSyntaxException (java.util.regex.PatternSyntaxException)3
HttpException (org.apache.commons.httpclient.HttpException)3
HttpMessage (org.parosproxy.paros.network.HttpMessage)3
InvalidParameterException (java.security.InvalidParameterException)2
HashMap (java.util.HashMap)2
