Examples with NameValuePair org.parosproxy.paros.core.scanner.NameValuePair used on opensource projects

Search in sources :

Example 1 with NameValuePair

use of org.parosproxy.paros.core.scanner.NameValuePair in project zaproxy by zaproxy.

the class ScriptsActiveScannerUnitTest method param.

private static NameValuePair param(String name, String value) {
    NameValuePair nvp = mock(NameValuePair.class);
    given(nvp.getName()).willReturn(name);
    given(nvp.getValue()).willReturn(value);
    return nvp;
}
Also used : NameValuePair(org.parosproxy.paros.core.scanner.NameValuePair)

Example 2 with NameValuePair

use of org.parosproxy.paros.core.scanner.NameValuePair in project zaproxy by zaproxy.

the class ScriptsActiveScannerUnitTest method shouldStopScanningParamsWithActiveScriptWhenScanStopped.

@Test
@SuppressWarnings("unchecked")
void shouldStopScanningParamsWithActiveScriptWhenScanStopped() throws Exception {
    // Given
    ActiveScript script1 = mock(ActiveScript.class);
    doAnswer(stopScan()).when(script1).scan(any(), any(), any(), any());
    ScriptWrapper scriptWrapper1 = createScriptWrapper(script1, ActiveScript.class);
    ActiveScript script2 = mock(ActiveScript.class);
    ScriptWrapper scriptWrapper2 = createScriptWrapper(script2, ActiveScript.class);
    given(extensionScript.getScripts(SCRIPT_TYPE)).willReturn(asList(scriptWrapper1, scriptWrapper2));
    ScriptsCache<ActiveScript> scriptsCache = createScriptsCache(createCachedScript(script1, scriptWrapper1), createCachedScript(script2, scriptWrapper2));
    given(extensionScript.<ActiveScript>createScriptsCache(any())).willReturn(scriptsCache);
    given(parent.getScannerParam()).willReturn(mock(ScannerParam.class));
    String name1 = "Name1";
    String value1 = "Value1";
    NameValuePair param1 = param(name1, value1);
    String name2 = "Name2";
    String value2 = "Value2";
    NameValuePair param2 = param(name2, value2);
    Variant variant = mock(Variant.class);
    given(variant.getParamList()).willReturn(asList(param1, param2));
    VariantFactory variantFactory = mock(VariantFactory.class);
    given(variantFactory.createVariants(any(), any())).willReturn(asList(variant));
    given(model.getVariantFactory()).willReturn(variantFactory);
    ScriptsActiveScanner scriptsActiveScanner = new ScriptsActiveScanner();
    scriptsActiveScanner.init(message, parent);
    // When
    scriptsActiveScanner.scan();
    // Then
    verify(scriptsCache, times(1)).refresh();
    verify(scriptsCache, times(1)).getCachedScripts();
    verify(script1, times(1)).scan(scriptsActiveScanner, message, name1, value1);
    verify(script1, times(0)).scan(scriptsActiveScanner, message, name2, value2);
    verify(script2, times(0)).scan(any(), any(), any(), any());
}
Also used : Variant(org.parosproxy.paros.core.scanner.Variant) NameValuePair(org.parosproxy.paros.core.scanner.NameValuePair) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam) ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 3 with NameValuePair

use of org.parosproxy.paros.core.scanner.NameValuePair in project zaproxy by zaproxy.

the class ScriptsActiveScannerUnitTest method shouldHandleExceptionsThrownByActiveScript.

@Test
@SuppressWarnings("unchecked")
void shouldHandleExceptionsThrownByActiveScript() throws Exception {
    // Given
    ActiveScript script1 = mock(ActiveScript.class);
    ScriptWrapper scriptWrapper1 = createScriptWrapper(script1, ActiveScript.class);
    ActiveScript script2 = mock(ActiveScript.class);
    ScriptWrapper scriptWrapper2 = createScriptWrapper(script2, ActiveScript.class);
    given(extensionScript.getScripts(SCRIPT_TYPE)).willReturn(asList(scriptWrapper1, scriptWrapper2));
    ScriptsCache<ActiveScript> scriptsCache = createScriptsCache(createCachedScript(script1, scriptWrapper1), createCachedScript(script2, scriptWrapper2));
    given(extensionScript.<ActiveScript>createScriptsCache(any())).willReturn(scriptsCache);
    given(parent.getScannerParam()).willReturn(mock(ScannerParam.class));
    String name1 = "Name1";
    String value1 = "Value1";
    NameValuePair param1 = param(name1, value1);
    ScriptException exception = mock(ScriptException.class);
    doThrow(exception).when(script1).scan(any(), any(), eq(name1), eq(value1));
    String name2 = "Name2";
    String value2 = "Value2";
    NameValuePair param2 = param(name2, value2);
    Variant variant = mock(Variant.class);
    given(variant.getParamList()).willReturn(asList(param1, param2));
    VariantFactory variantFactory = mock(VariantFactory.class);
    given(variantFactory.createVariants(any(), any())).willReturn(asList(variant));
    given(model.getVariantFactory()).willReturn(variantFactory);
    ScriptsActiveScanner scriptsActiveScanner = new ScriptsActiveScanner();
    scriptsActiveScanner.init(message, parent);
    // When
    scriptsActiveScanner.scan();
    // Then
    verify(scriptsCache, times(2)).refresh();
    verify(scriptsCache, times(2)).getCachedScripts();
    verify(script1, times(1)).scan(scriptsActiveScanner, message, name1, value1);
    verify(extensionScript, times(1)).handleScriptException(scriptWrapper1, exception);
    verify(script2, times(1)).scan(scriptsActiveScanner, message, name1, value1);
    verify(script2, times(1)).scan(scriptsActiveScanner, message, name2, value2);
}
Also used : Variant(org.parosproxy.paros.core.scanner.Variant) NameValuePair(org.parosproxy.paros.core.scanner.NameValuePair) ScriptException(javax.script.ScriptException) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam) ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 4 with NameValuePair

use of org.parosproxy.paros.core.scanner.NameValuePair in project zaproxy by zaproxy.

the class ScriptsActiveScannerUnitTest method shouldScanParamsWithActiveScript.

@Test
@SuppressWarnings("unchecked")
void shouldScanParamsWithActiveScript() throws Exception {
    // Given
    ActiveScript script1 = mock(ActiveScript.class);
    ScriptWrapper scriptWrapper1 = createScriptWrapper(script1, ActiveScript.class);
    ActiveScript script2 = mock(ActiveScript.class);
    ScriptWrapper scriptWrapper2 = createScriptWrapper(script2, ActiveScript.class);
    given(extensionScript.getScripts(SCRIPT_TYPE)).willReturn(asList(scriptWrapper1, scriptWrapper2));
    ScriptsCache<ActiveScript> scriptsCache = createScriptsCache(createCachedScript(script1, scriptWrapper1), createCachedScript(script2, scriptWrapper2));
    given(extensionScript.<ActiveScript>createScriptsCache(any())).willReturn(scriptsCache);
    given(parent.getScannerParam()).willReturn(mock(ScannerParam.class));
    String name1 = "Name1";
    String value1 = "Value1";
    NameValuePair param1 = param(name1, value1);
    String name2 = "Name2";
    String value2 = "Value2";
    NameValuePair param2 = param(name2, value2);
    Variant variant = mock(Variant.class);
    given(variant.getParamList()).willReturn(asList(param1, param2));
    VariantFactory variantFactory = mock(VariantFactory.class);
    given(variantFactory.createVariants(any(), any())).willReturn(asList(variant));
    given(model.getVariantFactory()).willReturn(variantFactory);
    ScriptsActiveScanner scriptsActiveScanner = new ScriptsActiveScanner();
    scriptsActiveScanner.init(message, parent);
    // When
    scriptsActiveScanner.scan();
    // Then
    verify(scriptsCache, times(2)).refresh();
    verify(scriptsCache, times(2)).getCachedScripts();
    verify(script1, times(1)).scan(scriptsActiveScanner, message, name1, value1);
    verify(script1, times(1)).scan(scriptsActiveScanner, message, name2, value2);
    verify(script2, times(1)).scan(scriptsActiveScanner, message, name1, value1);
    verify(script2, times(1)).scan(scriptsActiveScanner, message, name2, value2);
}
Also used : Variant(org.parosproxy.paros.core.scanner.Variant) NameValuePair(org.parosproxy.paros.core.scanner.NameValuePair) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam) ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 5 with NameValuePair

use of org.parosproxy.paros.core.scanner.NameValuePair in project zaproxy by zaproxy.

the class ExtensionParams method onHttpRequestSend.

public boolean onHttpRequestSend(HttpMessage msg) {
    // Check we know the site
    String site = msg.getRequestHeader().getHostName() + ":" + msg.getRequestHeader().getHostPort();
    if (getView() != null) {
        this.getParamsPanel().addSite(site);
    }
    SiteParameters sps = this.siteParamsMap.get(site);
    if (sps == null) {
        sps = new SiteParameters(this, site);
        this.siteParamsMap.put(site, sps);
    }
    // Cookie Parameters
    TreeSet<HtmlParameter> params;
    Iterator<HtmlParameter> iter;
    try {
        params = msg.getRequestHeader().getCookieParams();
        iter = params.iterator();
        while (iter.hasNext()) {
            persist(sps.addParam(site, iter.next(), msg));
        }
    } catch (IllegalArgumentException e) {
        logger.warn("Failed to obtain the cookies: " + e.getMessage(), e);
    }
    // URL Parameters
    params = msg.getUrlParams();
    iter = params.iterator();
    while (iter.hasNext()) {
        persist(sps.addParam(site, iter.next(), msg));
    }
    // Form Parameters
    // TODO flag anti csrf url ones too?
    ExtensionAntiCSRF extAntiCSRF = Control.getSingleton().getExtensionLoader().getExtension(ExtensionAntiCSRF.class);
    params = msg.getFormParams();
    iter = params.iterator();
    HtmlParameter param;
    while (iter.hasNext()) {
        param = iter.next();
        if (extAntiCSRF != null && extAntiCSRF.isAntiCsrfToken(param.getName())) {
            param.addFlag(HtmlParameter.Flags.anticsrf.name());
        }
        persist(sps.addParam(site, param, msg));
    }
    VariantMultipartFormParameters params2 = new VariantMultipartFormParameters();
    params2.setMessage(msg);
    for (NameValuePair nvp : params2.getParamList()) {
        if (nvp.getType() == NameValuePair.TYPE_MULTIPART_DATA_PARAM || nvp.getType() == NameValuePair.TYPE_MULTIPART_DATA_FILE_NAME) {
            persist(sps.addParam(site, new HtmlParameter(HtmlParameter.Type.multipart, nvp.getName(), nvp.getValue()), msg));
        }
    }
    return true;
}
Also used : NameValuePair(org.parosproxy.paros.core.scanner.NameValuePair) ExtensionAntiCSRF(org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF) HtmlParameter(org.parosproxy.paros.network.HtmlParameter) VariantMultipartFormParameters(org.parosproxy.paros.core.scanner.VariantMultipartFormParameters)

Aggregations

NameValuePair (org.parosproxy.paros.core.scanner.NameValuePair)5 Test (org.junit.jupiter.api.Test)3 ScannerParam (org.parosproxy.paros.core.scanner.ScannerParam)3 Variant (org.parosproxy.paros.core.scanner.Variant)3 WithConfigsTest (org.zaproxy.zap.WithConfigsTest)3 ScriptWrapper (org.zaproxy.zap.extension.script.ScriptWrapper)3 ScriptException (javax.script.ScriptException)1 VariantMultipartFormParameters (org.parosproxy.paros.core.scanner.VariantMultipartFormParameters)1 HtmlParameter (org.parosproxy.paros.network.HtmlParameter)1 ExtensionAntiCSRF (org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial