Search in sources :

Example 1 with ScannerParam

use of org.parosproxy.paros.core.scanner.ScannerParam in project zaproxy by zaproxy.

the class ApiGeneratorUtils method getAllImplementors.

/**
 * Return all of the available ApiImplementors. If you implement a new ApiImplementor then you
 * must add it to this class.
 *
 * @return all of the available ApiImplementors.
 */
public static List<ApiImplementor> getAllImplementors() {
    List<ApiImplementor> imps = new ArrayList<>();
    ApiImplementor api;
    imps.add(new AlertAPI(null));
    api = new AntiCsrfAPI(null);
    api.addApiOptions(new AntiCsrfParam());
    imps.add(api);
    imps.add(new PassiveScanAPI(null));
    imps.add(new SearchAPI(null));
    api = new AutoUpdateAPI(null);
    api.addApiOptions(new OptionsParamCheckForUpdates());
    imps.add(api);
    api = new SpiderAPI(null);
    api.addApiOptions(new SpiderParam());
    imps.add(api);
    api = new CoreAPI(new ConnectionParam());
    imps.add(api);
    imps.add(new ParamsAPI(null));
    api = new ActiveScanAPI(null);
    api.addApiOptions(new ScannerParam());
    imps.add(api);
    imps.add(new ContextAPI());
    imps.add(new HttpSessionsAPI(null));
    imps.add(new BreakAPI(null));
    imps.add(new AuthenticationAPI(null));
    imps.add(new AuthorizationAPI());
    imps.add(new RuleConfigAPI(null));
    imps.add(new SessionManagementAPI(null));
    imps.add(new UsersAPI(null));
    imps.add(new ForcedUserAPI(null));
    imps.add(new ScriptAPI(null));
    api = new StatsAPI(null);
    api.addApiOptions(new StatsParam());
    imps.add(api);
    return imps;
}
Also used : AntiCsrfAPI(org.zaproxy.zap.extension.anticsrf.AntiCsrfAPI) AuthorizationAPI(org.zaproxy.zap.extension.authorization.AuthorizationAPI) StatsParam(org.zaproxy.zap.extension.stats.StatsParam) ArrayList(java.util.ArrayList) PassiveScanAPI(org.zaproxy.zap.extension.pscan.PassiveScanAPI) SpiderParam(org.zaproxy.zap.spider.SpiderParam) BreakAPI(org.zaproxy.zap.extension.brk.BreakAPI) AuthenticationAPI(org.zaproxy.zap.extension.authentication.AuthenticationAPI) UsersAPI(org.zaproxy.zap.extension.users.UsersAPI) ForcedUserAPI(org.zaproxy.zap.extension.forceduser.ForcedUserAPI) HttpSessionsAPI(org.zaproxy.zap.extension.httpsessions.HttpSessionsAPI) SearchAPI(org.zaproxy.zap.extension.search.SearchAPI) OptionsParamCheckForUpdates(org.zaproxy.zap.extension.autoupdate.OptionsParamCheckForUpdates) AlertAPI(org.zaproxy.zap.extension.alert.AlertAPI) SpiderAPI(org.zaproxy.zap.extension.spider.SpiderAPI) RuleConfigAPI(org.zaproxy.zap.extension.ruleconfig.RuleConfigAPI) SessionManagementAPI(org.zaproxy.zap.extension.sessions.SessionManagementAPI) ParamsAPI(org.zaproxy.zap.extension.params.ParamsAPI) StatsAPI(org.zaproxy.zap.extension.stats.StatsAPI) ActiveScanAPI(org.zaproxy.zap.extension.ascan.ActiveScanAPI) AntiCsrfParam(org.zaproxy.zap.extension.anticsrf.AntiCsrfParam) AutoUpdateAPI(org.zaproxy.zap.extension.autoupdate.AutoUpdateAPI) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam) ScriptAPI(org.zaproxy.zap.extension.script.ScriptAPI) ConnectionParam(org.parosproxy.paros.network.ConnectionParam)

Example 2 with ScannerParam

use of org.parosproxy.paros.core.scanner.ScannerParam in project zaproxy by zaproxy.

the class VariantFactoryUnitTest method shouldReturnDefaultVariants.

@Test
void shouldReturnDefaultVariants() {
    // Given
    ScannerParam scanOptions = new ScannerParam();
    HttpMessage message = new HttpMessage();
    // When
    List<Variant> variants = factory.createVariants(scanOptions, message);
    // Then
    assertThat(variants.size(), is(equalTo(10)));
    assertThat(variants.get(0).getClass(), is(equalTo(VariantURLQuery.class)));
    assertThat(variants.get(1).getClass(), is(equalTo(VariantODataIdQuery.class)));
    assertThat(variants.get(2).getClass(), is(equalTo(VariantODataFilterQuery.class)));
    assertThat(variants.get(3).getClass(), is(equalTo(VariantDdnPath.class)));
    assertThat(variants.get(4).getClass(), is(equalTo(VariantFormQuery.class)));
    assertThat(variants.get(5).getClass(), is(equalTo(VariantMultipartFormParameters.class)));
    assertThat(variants.get(6).getClass(), is(equalTo(VariantXMLQuery.class)));
    assertThat(variants.get(7).getClass(), is(equalTo(VariantJSONQuery.class)));
    assertThat(variants.get(8).getClass(), is(equalTo(VariantGWTQuery.class)));
    assertThat(variants.get(9).getClass(), is(equalTo(VariantDirectWebRemotingQuery.class)));
}
Also used : Variant(org.parosproxy.paros.core.scanner.Variant) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam) HttpMessage(org.parosproxy.paros.network.HttpMessage) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 3 with ScannerParam

use of org.parosproxy.paros.core.scanner.ScannerParam in project zaproxy by zaproxy.

the class VariantFactoryUnitTest method shouldReturnAllVariantsWhenSet.

@Test
void shouldReturnAllVariantsWhenSet() throws Exception {
    // Given
    ScannerParam scanOptions = Mockito.mock(ScannerParam.class, withSettings().lenient());
    Mockito.when(scanOptions.getConfig()).thenReturn(new ZapXmlConfiguration());
    Mockito.when(scanOptions.getTargetParamsInjectable()).thenReturn(-1);
    Mockito.when(scanOptions.getTargetParamsEnabledRPC()).thenReturn(-1);
    HttpMessage message = new HttpMessage(new URI("https://www.example.com/path?query", true));
    // When
    List<Variant> variants = factory.createVariants(scanOptions, message);
    // Then
    assertThat(variants.size(), is(equalTo(13)));
    assertThat(variants.get(0).getClass(), is(equalTo(VariantURLQuery.class)));
    assertThat(variants.get(1).getClass(), is(equalTo(VariantODataIdQuery.class)));
    assertThat(variants.get(2).getClass(), is(equalTo(VariantODataFilterQuery.class)));
    assertThat(variants.get(3).getClass(), is(equalTo(VariantFormQuery.class)));
    assertThat(variants.get(4).getClass(), is(equalTo(VariantMultipartFormParameters.class)));
    assertThat(variants.get(5).getClass(), is(equalTo(VariantXMLQuery.class)));
    assertThat(variants.get(6).getClass(), is(equalTo(VariantJSONQuery.class)));
    assertThat(variants.get(7).getClass(), is(equalTo(VariantGWTQuery.class)));
    assertThat(variants.get(8).getClass(), is(equalTo(VariantDirectWebRemotingQuery.class)));
    assertThat(variants.get(9).getClass(), is(equalTo(VariantHeader.class)));
    assertThat(variants.get(10).getClass(), is(equalTo(VariantURLPath.class)));
    assertThat(variants.get(11).getClass(), is(equalTo(VariantCookie.class)));
    assertThat(variants.get(12).getClass(), is(equalTo(VariantUserDefined.class)));
}
Also used : Variant(org.parosproxy.paros.core.scanner.Variant) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) HttpMessage(org.parosproxy.paros.network.HttpMessage) URI(org.apache.commons.httpclient.URI) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 4 with ScannerParam

use of org.parosproxy.paros.core.scanner.ScannerParam in project zaproxy by zaproxy.

the class OptionsScannerPanel method saveParam.

@Override
public void saveParam(Object obj) throws Exception {
    OptionsParam options = (OptionsParam) obj;
    ScannerParam param = options.getParamSet(ScannerParam.class);
    param.setHostPerScan(getSliderHostPerScan().getValue());
    param.setThreadPerHost(getSliderThreadsPerHost().getValue());
    param.setDelayInMs(getDelayInMs());
    param.setMaxResultsToList(this.getSpinnerMaxResultsList().getValue());
    param.setMaxRuleDurationInMins(this.getSpinnerMaxRuleDuration().getValue());
    param.setMaxScanDurationInMins(this.getSpinnerMaxScanDuration().getValue());
    param.setInjectPluginIdInHeader(getChkInjectPluginIdInHeader().isSelected());
    param.setHandleAntiCSRFTokens(getChkHandleAntiCSRFTokens().isSelected());
    param.setPromptInAttackMode(getChkPromptInAttackMode().isSelected());
    param.setRescanInAttackMode(getChkRescanInAttackMode().isSelected());
    param.setDefaultPolicy((String) this.getDefaultAscanPolicyPulldown().getSelectedItem());
    param.setAttackPolicy((String) this.getDefaultAttackPolicyPulldown().getSelectedItem());
    param.setAllowAttackOnStart(this.getAllowAttackModeOnStart().isSelected());
    param.setMaxChartTimeInMins(this.getSpinnerMaxChartTime().getValue());
}
Also used : OptionsParam(org.parosproxy.paros.model.OptionsParam) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam)

Example 5 with ScannerParam

use of org.parosproxy.paros.core.scanner.ScannerParam in project zaproxy by zaproxy.

the class OptionsScannerPanel method initParam.

@Override
public void initParam(Object obj) {
    OptionsParam options = (OptionsParam) obj;
    ScannerParam param = options.getParamSet(ScannerParam.class);
    getSliderHostPerScan().setValue(param.getHostPerScan());
    getSliderThreadsPerHost().setValue(param.getThreadPerHost());
    getSpinnerDelayInMs().setValue(param.getDelayInMs());
    getSpinnerMaxResultsList().setValue(param.getMaxResultsToList());
    getSpinnerMaxRuleDuration().setValue(param.getMaxRuleDurationInMins());
    getSpinnerMaxScanDuration().setValue(param.getMaxScanDurationInMins());
    getChkInjectPluginIdInHeader().setSelected(param.isInjectPluginIdInHeader());
    getChkHandleAntiCSRFTokens().setSelected(param.getHandleAntiCSRFTokens());
    getChkPromptInAttackMode().setSelected(param.isPromptInAttackMode());
    getChkRescanInAttackMode().setSelected(param.isRescanInAttackMode());
    getChkRescanInAttackMode().setEnabled(!getChkPromptInAttackMode().isSelected());
    initPolicyPulldowns();
    getDefaultAscanPolicyPulldown().setSelectedItem(param.getDefaultPolicy());
    getDefaultAttackPolicyPulldown().setSelectedItem(param.getAttackPolicy());
    getAllowAttackModeOnStart().setSelected(param.isAllowAttackOnStart());
    getSpinnerMaxChartTime().setValue(param.getMaxChartTimeInMins());
}
Also used : OptionsParam(org.parosproxy.paros.model.OptionsParam) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam)

Aggregations

ScannerParam (org.parosproxy.paros.core.scanner.ScannerParam)11 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)5 Variant (org.parosproxy.paros.core.scanner.Variant)5 HttpMessage (org.parosproxy.paros.network.HttpMessage)5 Test (org.junit.jupiter.api.Test)4 OptionsParam (org.parosproxy.paros.model.OptionsParam)4 WithConfigsTest (org.zaproxy.zap.WithConfigsTest)4 ArrayList (java.util.ArrayList)2 ZapXmlConfiguration (org.zaproxy.zap.utils.ZapXmlConfiguration)2 URI (org.apache.commons.httpclient.URI)1 ValueSource (org.junit.jupiter.params.provider.ValueSource)1 Alert (org.parosproxy.paros.core.scanner.Alert)1 VariantJSONQuery (org.parosproxy.paros.core.scanner.VariantJSONQuery)1 Session (org.parosproxy.paros.model.Session)1 ConnectionParam (org.parosproxy.paros.network.ConnectionParam)1 AlertAPI (org.zaproxy.zap.extension.alert.AlertAPI)1 ExtensionAlert (org.zaproxy.zap.extension.alert.ExtensionAlert)1 AntiCsrfAPI (org.zaproxy.zap.extension.anticsrf.AntiCsrfAPI)1 AntiCsrfParam (org.zaproxy.zap.extension.anticsrf.AntiCsrfParam)1 ActiveScanAPI (org.zaproxy.zap.extension.ascan.ActiveScanAPI)1