Search in sources :

Example 56 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class CustomScanDialog method populateRequestField.

private void populateRequestField(SiteNode node) {
    try {
        if (node == null || node.getHistoryReference() == null || node.getHistoryReference().getHttpMessage() == null) {
            this.getRequestField().setText("");
        } else {
            // Populate the custom vectors http pane
            HttpMessage msg = node.getHistoryReference().getHttpMessage();
            String header = msg.getRequestHeader().toString();
            StringBuilder sb = new StringBuilder();
            sb.append(header);
            this.headerLength = header.length();
            // Ignore <METHOD> http(s)://host:port/
            this.urlPathStart = header.indexOf("/", header.indexOf("://") + 2) + 1;
            sb.append(msg.getRequestBody().toString());
            this.getRequestField().setText(sb.toString());
            // Only set the recurse option if the node has children, and disable it otherwise
            JCheckBox recurseChk = (JCheckBox) this.getField(FIELD_RECURSE);
            recurseChk.setEnabled(node.getChildCount() > 0);
            recurseChk.setSelected(node.getChildCount() > 0);
        }
        this.setFieldStates();
    } catch (HttpMalformedHeaderException | DatabaseException e) {
        // 
        this.getRequestField().setText("");
    }
}
Also used : JCheckBox(javax.swing.JCheckBox) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 57 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class SqlTableAlert method deleteAlert.

/* (non-Javadoc)
	 * @see org.parosproxy.paros.db.paros.TableAlert#deleteAlert(int)
	 */
@Override
public void deleteAlert(int alertId) throws DatabaseException {
    SqlPreparedStatementWrapper psDeleteAlert = null;
    try {
        psDeleteAlert = DbSQL.getSingleton().getPreparedStatement("alert.ps.delete");
        psDeleteAlert.getPs().setInt(1, alertId);
        psDeleteAlert.getPs().execute();
    } catch (SQLException e) {
        throw new DatabaseException(e);
    } finally {
        DbSQL.getSingleton().releasePreparedStatement(psDeleteAlert);
    }
}
Also used : SQLException(java.sql.SQLException) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 58 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class SpiderAPI method handleApiAction.

@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
    log.debug("Request for handleApiAction: " + name + " (params: " + params.toString() + ")");
    GenericScanner2 scan;
    int maxChildren = -1;
    Context context = null;
    switch(name) {
        case ACTION_START_SCAN:
            // The action is to start a new Scan
            String url = ApiUtils.getOptionalStringParam(params, PARAM_URL);
            if (params.containsKey(PARAM_MAX_CHILDREN)) {
                String maxChildrenStr = params.getString(PARAM_MAX_CHILDREN);
                if (maxChildrenStr != null && maxChildrenStr.length() > 0) {
                    try {
                        maxChildren = Integer.parseInt(maxChildrenStr);
                    } catch (NumberFormatException e) {
                        throw new ApiException(Type.ILLEGAL_PARAMETER, PARAM_MAX_CHILDREN);
                    }
                }
            }
            if (params.containsKey(PARAM_CONTEXT_NAME)) {
                String contextName = params.getString(PARAM_CONTEXT_NAME);
                if (!contextName.isEmpty()) {
                    context = ApiUtils.getContextByName(contextName);
                }
            }
            int scanId = scanURL(url, null, maxChildren, this.getParam(params, PARAM_RECURSE, true), context, getParam(params, PARAM_SUBTREE_ONLY, false));
            return new ApiResponseElement(name, Integer.toString(scanId));
        case ACTION_START_SCAN_AS_USER:
            // The action is to start a new Scan from the perspective of a user
            String urlUserScan = ApiUtils.getOptionalStringParam(params, PARAM_URL);
            int userID = ApiUtils.getIntParam(params, PARAM_USER_ID);
            ExtensionUserManagement usersExtension = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME);
            if (usersExtension == null) {
                throw new ApiException(Type.NO_IMPLEMENTOR, ExtensionUserManagement.NAME);
            }
            context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
            User user = usersExtension.getContextUserAuthManager(context.getIndex()).getUserById(userID);
            if (user == null) {
                throw new ApiException(Type.USER_NOT_FOUND, PARAM_USER_ID);
            }
            if (params.containsKey(PARAM_MAX_CHILDREN)) {
                String maxChildrenStr = params.getString(PARAM_MAX_CHILDREN);
                if (maxChildrenStr != null && maxChildrenStr.length() > 0) {
                    try {
                        maxChildren = Integer.parseInt(maxChildrenStr);
                    } catch (NumberFormatException e) {
                        throw new ApiException(Type.ILLEGAL_PARAMETER, PARAM_MAX_CHILDREN);
                    }
                }
            }
            scanId = scanURL(urlUserScan, user, maxChildren, this.getParam(params, PARAM_RECURSE, true), context, getParam(params, PARAM_SUBTREE_ONLY, false));
            return new ApiResponseElement(name, Integer.toString(scanId));
        case ACTION_PAUSE_SCAN:
            scan = getSpiderScan(params);
            if (scan == null) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_SCAN_ID);
            }
            extension.pauseScan(scan.getScanId());
            break;
        case ACTION_RESUME_SCAN:
            scan = getSpiderScan(params);
            if (scan == null) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_SCAN_ID);
            }
            extension.resumeScan(scan.getScanId());
            break;
        case ACTION_STOP_SCAN:
            // The action is to stop a pending scan
            scan = getSpiderScan(params);
            if (scan == null) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_SCAN_ID);
            }
            extension.stopScan(scan.getScanId());
            break;
        case ACTION_REMOVE_SCAN:
            // Note that we're removing the scan with this call, not just getting it ;)
            scan = getSpiderScan(params);
            if (scan == null) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_SCAN_ID);
            }
            extension.removeScan(scan.getScanId());
            break;
        case ACTION_PAUSE_ALL_SCANS:
            extension.pauseAllScans();
            break;
        case ACTION_RESUME_ALL_SCANS:
            extension.resumeAllScans();
            break;
        case ACTION_STOP_ALL_SCANS:
            extension.stopAllScans();
            break;
        case ACTION_REMOVE_ALL_SCANS:
            extension.removeAllScans();
            break;
        case ACTION_CLEAR_EXCLUDED_FROM_SCAN:
            try {
                Session session = Model.getSingleton().getSession();
                session.setExcludeFromSpiderRegexs(new ArrayList<String>());
            } catch (DatabaseException e) {
                throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
            }
            break;
        case ACTION_EXCLUDE_FROM_SCAN:
            String regex = params.getString(PARAM_REGEX);
            try {
                Session session = Model.getSingleton().getSession();
                session.addExcludeFromSpiderRegex(regex);
            } catch (DatabaseException e) {
                throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
            } catch (PatternSyntaxException e) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REGEX);
            }
            break;
        case ACTION_ADD_DOMAIN_ALWAYS_IN_SCOPE:
            try {
                String value = params.getString(PARAM_VALUE);
                DomainAlwaysInScopeMatcher domainAlwaysInScope;
                if (getParam(params, PARAM_IS_REGEX, false)) {
                    domainAlwaysInScope = new DomainAlwaysInScopeMatcher(DomainAlwaysInScopeMatcher.createPattern(value));
                } else {
                    domainAlwaysInScope = new DomainAlwaysInScopeMatcher(value);
                }
                domainAlwaysInScope.setEnabled(getParam(params, PARAM_IS_ENABLED, true));
                List<DomainAlwaysInScopeMatcher> domainsAlwaysInScope = new ArrayList<>(extension.getSpiderParam().getDomainsAlwaysInScope());
                domainsAlwaysInScope.add(domainAlwaysInScope);
                extension.getSpiderParam().setDomainsAlwaysInScope(domainsAlwaysInScope);
            } catch (IllegalArgumentException e) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_VALUE, e);
            }
            break;
        case ACTION_MODIFY_DOMAIN_ALWAYS_IN_SCOPE:
            try {
                int idx = params.getInt(PARAM_IDX);
                if (idx < 0 || idx >= extension.getSpiderParam().getDomainsAlwaysInScope().size()) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
                }
                DomainAlwaysInScopeMatcher oldDomain = extension.getSpiderParam().getDomainsAlwaysInScope().get(idx);
                String value = getParam(params, PARAM_VALUE, oldDomain.getValue());
                if (value.isEmpty()) {
                    value = oldDomain.getValue();
                }
                DomainAlwaysInScopeMatcher newDomain;
                if (getParam(params, PARAM_IS_REGEX, oldDomain.isRegex())) {
                    newDomain = new DomainAlwaysInScopeMatcher(DomainAlwaysInScopeMatcher.createPattern(value));
                } else {
                    newDomain = new DomainAlwaysInScopeMatcher(value);
                }
                newDomain.setEnabled(getParam(params, PARAM_IS_ENABLED, oldDomain.isEnabled()));
                if (oldDomain.equals(newDomain)) {
                    break;
                }
                List<DomainAlwaysInScopeMatcher> domainsAlwaysInScope = new ArrayList<>(extension.getSpiderParam().getDomainsAlwaysInScope());
                domainsAlwaysInScope.set(idx, newDomain);
                extension.getSpiderParam().setDomainsAlwaysInScope(domainsAlwaysInScope);
            } catch (JSONException e) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
            } catch (IllegalArgumentException e) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_VALUE, e);
            }
            break;
        case ACTION_REMOVE_DOMAIN_ALWAYS_IN_SCOPE:
            try {
                int idx = params.getInt(PARAM_IDX);
                if (idx < 0 || idx >= extension.getSpiderParam().getDomainsAlwaysInScope().size()) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
                }
                List<DomainAlwaysInScopeMatcher> domainsAlwaysInScope = new ArrayList<>(extension.getSpiderParam().getDomainsAlwaysInScope());
                domainsAlwaysInScope.remove(idx);
                extension.getSpiderParam().setDomainsAlwaysInScope(domainsAlwaysInScope);
            } catch (JSONException e) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
            }
            break;
        case ACTION_ENABLE_ALL_DOMAINS_ALWAYS_IN_SCOPE:
            setDomainsAlwaysInScopeEnabled(true);
            break;
        case ACTION_DISABLE_ALL_DOMAINS_ALWAYS_IN_SCOPE:
            setDomainsAlwaysInScopeEnabled(false);
            break;
        default:
            throw new ApiException(ApiException.Type.BAD_ACTION);
    }
    return ApiResponseElement.OK;
}
Also used : Context(org.zaproxy.zap.model.Context) User(org.zaproxy.zap.users.User) ArrayList(java.util.ArrayList) JSONException(net.sf.json.JSONException) DomainAlwaysInScopeMatcher(org.zaproxy.zap.spider.DomainAlwaysInScopeMatcher) ExtensionUserManagement(org.zaproxy.zap.extension.users.ExtensionUserManagement) GenericScanner2(org.zaproxy.zap.model.GenericScanner2) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) DatabaseException(org.parosproxy.paros.db.DatabaseException) ApiException(org.zaproxy.zap.extension.api.ApiException) Session(org.parosproxy.paros.model.Session) PatternSyntaxException(java.util.regex.PatternSyntaxException)

Example 59 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class SpiderAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    ApiResponse result;
    if (VIEW_STATUS.equals(name)) {
        SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
        int progress = 0;
        if (scan != null) {
            if (scan.isStopped()) {
                progress = 100;
            } else {
                progress = scan.getProgress();
            }
        }
        result = new ApiResponseElement(name, Integer.toString(progress));
    } else if (VIEW_RESULTS.equals(name)) {
        result = new ApiResponseList(name);
        SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
        if (scan != null) {
            synchronized (scan.getResults()) {
                for (String s : scan.getResults()) {
                    ((ApiResponseList) result).addItem(new ApiResponseElement("url", s));
                }
            }
        }
    } else if (VIEW_FULL_RESULTS.equals(name)) {
        ApiResponseList resultUrls = new ApiResponseList(name);
        SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
        ApiResponseList resultList = new ApiResponseList("urlsInScope");
        synchronized (scan.getResourcesFound()) {
            for (SpiderResource sr : scan.getResourcesFound()) {
                Map<String, String> map = new HashMap<>();
                map.put("messageId", Integer.toString(sr.getHistoryId()));
                map.put("method", sr.getMethod());
                map.put("url", sr.getUri());
                map.put("statusCode", Integer.toString(sr.getStatusCode()));
                map.put("statusReason", sr.getStatusReason());
                resultList.addItem(new ApiResponseSet<String>("resource", map));
            }
        }
        resultUrls.addItem(resultList);
        resultList = new ApiResponseList("urlsOutOfScope");
        synchronized (scan.getResultsOutOfScope()) {
            for (String url : scan.getResultsOutOfScope()) {
                resultList.addItem(new ApiResponseElement("url", url));
            }
        }
        resultUrls.addItem(resultList);
        result = resultUrls;
    } else if (VIEW_EXCLUDED_FROM_SCAN.equals(name)) {
        result = new ApiResponseList(name);
        Session session = Model.getSingleton().getSession();
        List<String> regexs = session.getExcludeFromSpiderRegexs();
        for (String regex : regexs) {
            ((ApiResponseList) result).addItem(new ApiResponseElement("regex", regex));
        }
    } else if (VIEW_SCANS.equals(name)) {
        ApiResponseList resultList = new ApiResponseList(name);
        for (GenericScanner2 scan : extension.getAllScans()) {
            SpiderScan spiderScan = (SpiderScan) scan;
            Map<String, String> map = new HashMap<>();
            map.put("id", Integer.toString(spiderScan.getScanId()));
            map.put("progress", Integer.toString(spiderScan.getProgress()));
            map.put("state", spiderScan.getState());
            resultList.addItem(new ApiResponseSet<String>("scan", map));
        }
        result = resultList;
    } else if (VIEW_ALL_URLS.equals(name)) {
        ApiResponseList resultUrls = new ApiResponseList(name);
        Set<String> urlSet = new HashSet<String>();
        TableHistory tableHistory = extension.getModel().getDb().getTableHistory();
        List<Integer> ids = Collections.emptyList();
        try {
            ids = tableHistory.getHistoryIdsOfHistType(extension.getModel().getSession().getSessionId(), HistoryReference.TYPE_SPIDER, HistoryReference.TYPE_SPIDER_TASK);
        } catch (DatabaseException e) {
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
        }
        String url;
        for (Integer id : ids) {
            try {
                RecordHistory rh = tableHistory.read(id.intValue());
                if (rh != null) {
                    url = rh.getHttpMessage().getRequestHeader().getURI().toString();
                    if (urlSet.add(url)) {
                        resultUrls.addItem(new ApiResponseElement("url", url));
                    }
                }
            } catch (HttpMalformedHeaderException | DatabaseException e) {
                throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
            }
        }
        result = resultUrls;
    } else if (VIEW_DOMAINS_ALWAYS_IN_SCOPE.equals(name) || VIEW_OPTION_DOMAINS_ALWAYS_IN_SCOPE.equals(name)) {
        result = domainMatchersToApiResponseList(name, extension.getSpiderParam().getDomainsAlwaysInScope(), false);
    } else if (VIEW_OPTION_DOMAINS_ALWAYS_IN_SCOPE_ENABLED.equals(name)) {
        result = domainMatchersToApiResponseList(name, extension.getSpiderParam().getDomainsAlwaysInScope(), true);
    } else {
        throw new ApiException(ApiException.Type.BAD_VIEW);
    }
    return result;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) ApiResponseSet(org.zaproxy.zap.extension.api.ApiResponseSet) HashMap(java.util.HashMap) ApiResponse(org.zaproxy.zap.extension.api.ApiResponse) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) GenericScanner2(org.zaproxy.zap.model.GenericScanner2) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ArrayList(java.util.ArrayList) List(java.util.List) TableHistory(org.parosproxy.paros.db.TableHistory) DatabaseException(org.parosproxy.paros.db.DatabaseException) RecordHistory(org.parosproxy.paros.db.RecordHistory) Session(org.parosproxy.paros.model.Session) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 60 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class PopupExcludeFromProxyMenu method performAction.

@Override
public void performAction(SiteNode sn) {
    try {
        Session session = Model.getSingleton().getSession();
        session.getExcludeFromProxyRegexs().add(new StructuralSiteNode(sn).getRegexPattern());
        SiteMap map = (SiteMap) View.getSingleton().getSiteTreePanel().getTreeSite().getModel();
        ExtensionHistory extHistory = Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.class);
        if (extHistory != null) {
            extHistory.purge(map, sn);
        }
    } catch (DatabaseException e) {
    // Ignore
    }
}
Also used : StructuralSiteNode(org.zaproxy.zap.model.StructuralSiteNode) SiteMap(org.parosproxy.paros.model.SiteMap) ExtensionHistory(org.parosproxy.paros.extension.history.ExtensionHistory) DatabaseException(org.parosproxy.paros.db.DatabaseException) Session(org.parosproxy.paros.model.Session)

Aggregations

DatabaseException (org.parosproxy.paros.db.DatabaseException)153 SQLException (java.sql.SQLException)113 ResultSet (java.sql.ResultSet)61 ArrayList (java.util.ArrayList)28 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)19 PreparedStatement (java.sql.PreparedStatement)11 Session (org.parosproxy.paros.model.Session)11 HttpMessage (org.parosproxy.paros.network.HttpMessage)11 RecordHistory (org.parosproxy.paros.db.RecordHistory)9 RecordAlert (org.parosproxy.paros.db.RecordAlert)7 RecordContext (org.parosproxy.paros.db.RecordContext)7 Vector (java.util.Vector)6 URIException (org.apache.commons.httpclient.URIException)6 IOException (java.io.IOException)5 TableHistory (org.parosproxy.paros.db.TableHistory)5 HistoryReference (org.parosproxy.paros.model.HistoryReference)5 StructuralSiteNode (org.zaproxy.zap.model.StructuralSiteNode)5 Matcher (java.util.regex.Matcher)4 PatternSyntaxException (java.util.regex.PatternSyntaxException)4 JSONException (net.sf.json.JSONException)4