use of org.parosproxy.paros.core.scanner.Alert in project zaproxy by zaproxy.
the class HistoryFilter method matches.
public boolean matches(HistoryReference historyRef) {
try {
if (methodList.size() > 0 && !methodList.contains(historyRef.getMethod())) {
return false;
}
if (codeList.size() > 0 && !codeList.contains(Integer.valueOf(historyRef.getStatusCode()))) {
return false;
}
boolean foundTag = false;
if (tagList.size() > 0) {
for (String tag : historyRef.getTags()) {
if (tagList.contains(tag)) {
foundTag = true;
break;
}
}
if (!foundTag) {
return false;
}
}
boolean foundAlert = false;
if (riskList.size() > 0 || confidenceList.size() > 0) {
for (Alert alert : historyRef.getAlerts()) {
if ((riskList.size() == 0 || riskList.contains(Alert.MSG_RISK[alert.getRisk()])) && (confidenceList.size() == 0 || confidenceList.contains(Alert.MSG_CONFIDENCE[alert.getConfidence()]))) {
foundAlert = true;
break;
}
}
if (!foundAlert) {
return false;
}
}
if (note != null && !note.equals(NOTES_IGNORE)) {
String noteStr = historyRef.getHttpMessage().getNote();
boolean notePresent = noteStr != null && noteStr.length() > 0;
if (note.equals(NOTES_PRESENT) != notePresent) {
return false;
}
}
String url = historyRef.getURI().toString();
if (this.urlExcPatternList != null && this.urlExcPatternList.size() > 0) {
for (Pattern p : this.urlExcPatternList) {
if (p.matcher(url).matches()) {
return false;
}
}
}
if (this.urlIncPatternList != null && this.urlIncPatternList.size() > 0) {
// URL include patterns work slightly differently
// If any are supplied then one must match for the record to be included
boolean matched = false;
for (Pattern p : this.urlIncPatternList) {
if (p.matcher(url).matches()) {
matched = true;
break;
}
}
if (!matched) {
return false;
}
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
return true;
}
use of org.parosproxy.paros.core.scanner.Alert in project zaproxy by zaproxy.
the class ScriptsPassiveScanner method raiseAlert.
public void raiseAlert(int risk, int confidence, String name, String description, String uri, String param, String attack, String otherInfo, String solution, String evidence, int cweId, int wascId, HttpMessage msg) {
Alert alert = new Alert(getPluginId(), risk, confidence, name);
alert.setDetail(description, msg.getRequestHeader().getURI().toString(), param, attack, otherInfo, solution, null, evidence, cweId, wascId, // Left out reference to match ScriptsActiveScanner
msg);
this.parent.raiseAlert(currentHRefId, alert);
}
use of org.parosproxy.paros.core.scanner.Alert in project zaproxy by zaproxy.
the class ExtensionAlertUnitTest method newAlert.
private Alert newAlert(int pluginId) {
Alert alert = new Alert(pluginId);
alert.setName(ORIGINAL_NAME);
alert.setDescription(ORIGINAL_DESC);
alert.setSolution(ORIGINAL_SOLN);
alert.setOtherInfo(ORIGINAL_OTHER);
alert.setReference(ORIGINAL_REF);
return alert;
}
use of org.parosproxy.paros.core.scanner.Alert in project zaproxy by zaproxy.
the class ExtensionAlertUnitTest method shouldPrependAlertRefCorrectly.
@Test
public void shouldPrependAlertRefCorrectly() {
extAlert.setAlertOverrideProperty("1.reference", "-" + NEW_REF);
Alert alert1 = newAlert(1);
extAlert.applyOverrides(alert1);
// When/Then
assertEquals(ORIGINAL_NAME, alert1.getName());
assertEquals(ORIGINAL_DESC, alert1.getDescription());
assertEquals(ORIGINAL_SOLN, alert1.getSolution());
assertEquals(ORIGINAL_OTHER, alert1.getOtherInfo());
assertEquals(NEW_REF + ORIGINAL_REF, alert1.getReference());
// Check other alerts are not affected
Alert alert2 = newAlert(2);
extAlert.applyOverrides(alert2);
// When/Then
assertEquals(ORIGINAL_NAME, alert2.getName());
assertEquals(ORIGINAL_DESC, alert2.getDescription());
assertEquals(ORIGINAL_SOLN, alert2.getSolution());
assertEquals(ORIGINAL_OTHER, alert2.getOtherInfo());
assertEquals(ORIGINAL_REF, alert2.getReference());
}
use of org.parosproxy.paros.core.scanner.Alert in project zaproxy by zaproxy.
the class ExtensionAlertUnitTest method shouldReplaceAlertOtherCorrectly.
@Test
public void shouldReplaceAlertOtherCorrectly() {
extAlert.setAlertOverrideProperty("1.otherInfo", NEW_OTHER);
Alert alert1 = newAlert(1);
extAlert.applyOverrides(alert1);
// When/Then
assertEquals(ORIGINAL_NAME, alert1.getName());
assertEquals(ORIGINAL_DESC, alert1.getDescription());
assertEquals(ORIGINAL_SOLN, alert1.getSolution());
assertEquals(NEW_OTHER, alert1.getOtherInfo());
assertEquals(ORIGINAL_REF, alert1.getReference());
// Check other alerts are not affected
Alert alert2 = newAlert(2);
extAlert.applyOverrides(alert2);
// When/Then
assertEquals(ORIGINAL_NAME, alert2.getName());
assertEquals(ORIGINAL_DESC, alert2.getDescription());
assertEquals(ORIGINAL_SOLN, alert2.getSolution());
assertEquals(ORIGINAL_OTHER, alert2.getOtherInfo());
assertEquals(ORIGINAL_REF, alert2.getReference());
}
Aggregations