Search in sources :

Example 61 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class PopupExcludeFromScanMenu method performAction.

@Override
public void performAction(SiteNode sn) {
    try {
        Session session = Model.getSingleton().getSession();
        session.getExcludeFromScanRegexs().add(new StructuralSiteNode(sn).getRegexPattern());
    } catch (DatabaseException e) {
    // Ignore
    }
}
Also used : StructuralSiteNode(org.zaproxy.zap.model.StructuralSiteNode) DatabaseException(org.parosproxy.paros.db.DatabaseException) Session(org.parosproxy.paros.model.Session)

Example 62 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class SearchThread method search.

private void search() {
    Session session = Model.getSingleton().getSession();
    Pattern pattern = Pattern.compile(filter, Pattern.MULTILINE | Pattern.CASE_INSENSITIVE);
    Matcher matcher = null;
    try {
        if (Type.Custom.equals(reqType)) {
            if (searchers != null && customSearcherName != null) {
                HttpSearcher searcher = searchers.get(customSearcherName);
                if (searcher != null) {
                    List<SearchResult> results;
                    if (pcc.hasMaximumMatches()) {
                        results = searcher.search(pattern, inverse, pcc.getMaximumMatches());
                    } else {
                        results = searcher.search(pattern, inverse);
                    }
                    for (SearchResult sr : results) {
                        searchListenner.addSearchResult(sr);
                    }
                }
            }
            return;
        }
        List<Integer> list = Model.getSingleton().getDb().getTableHistory().getHistoryIdsOfHistType(session.getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER, HistoryReference.TYPE_SPIDER, HistoryReference.TYPE_SPIDER_AJAX);
        int last = list.size();
        int currentRecordId = 0;
        for (int index = 0; index < last; index++) {
            if (stopSearch) {
                break;
            }
            int historyId = list.get(index).intValue();
            try {
                currentRecordId = index;
                // Create the href to ensure the msg is set up correctly
                HistoryReference href = new HistoryReference(historyId);
                HttpMessage message = href.getHttpMessage();
                if (searchJustInScope && !session.isInScope(message.getRequestHeader().getURI().toString())) {
                    // Not in scope, so ignore
                    continue;
                }
                if (this.baseUrl != null && !message.getRequestHeader().getURI().toString().startsWith(baseUrl)) {
                    // doesnt start with the specified baseurl
                    continue;
                }
                if (Type.URL.equals(reqType)) {
                    // URL
                    String url = message.getRequestHeader().getURI().toString();
                    matcher = pattern.matcher(url);
                    if (inverse && !pcc.allMatchesProcessed()) {
                        if (!matcher.find()) {
                            notifyInverseMatchFound(currentRecordId, message, SearchMatch.Location.REQUEST_HEAD);
                        }
                    } else {
                        int urlStartPos = message.getRequestHeader().getPrimeHeader().indexOf(url);
                        while (matcher.find() && !pcc.allMatchesProcessed()) {
                            notifyMatchFound(currentRecordId, matcher.group(), message, SearchMatch.Location.REQUEST_HEAD, urlStartPos + matcher.start(), urlStartPos + matcher.end());
                            if (!searchAllOccurrences) {
                                break;
                            }
                        }
                    }
                }
                if (Type.Header.equals(reqType)) {
                    // Header
                    // Request header
                    matcher = pattern.matcher(message.getRequestHeader().toString());
                    if (inverse && !pcc.allMatchesProcessed()) {
                        if (!matcher.find()) {
                            notifyInverseMatchFound(currentRecordId, message, SearchMatch.Location.REQUEST_HEAD);
                        }
                    } else {
                        while (matcher.find() && !pcc.allMatchesProcessed()) {
                            notifyMatchFound(currentRecordId, matcher.group(), message, SearchMatch.Location.REQUEST_HEAD, matcher.start(), matcher.end());
                            if (!searchAllOccurrences) {
                                break;
                            }
                        }
                    }
                    // Response header
                    matcher = pattern.matcher(message.getResponseHeader().toString());
                    if (inverse && !pcc.allMatchesProcessed()) {
                        if (!matcher.find()) {
                            notifyInverseMatchFound(currentRecordId, message, SearchMatch.Location.RESPONSE_HEAD);
                        }
                    } else {
                        while (matcher.find() && !pcc.allMatchesProcessed()) {
                            notifyMatchFound(currentRecordId, matcher.group(), message, SearchMatch.Location.RESPONSE_HEAD, matcher.start(), matcher.end());
                            if (!searchAllOccurrences) {
                                break;
                            }
                        }
                    }
                }
                if (Type.Request.equals(reqType) || Type.All.equals(reqType)) {
                    if (inverse && !pcc.allMatchesProcessed()) {
                        // Check for no matches in either Request Header or Body 
                        if (!pattern.matcher(message.getRequestHeader().toString()).find() && !pattern.matcher(message.getRequestBody().toString()).find()) {
                            notifyInverseMatchFound(currentRecordId, message, SearchMatch.Location.REQUEST_HEAD);
                        }
                    } else {
                        // Request Header 
                        matcher = pattern.matcher(message.getRequestHeader().toString());
                        while (matcher.find() && !pcc.allMatchesProcessed()) {
                            notifyMatchFound(currentRecordId, matcher.group(), message, SearchMatch.Location.REQUEST_HEAD, matcher.start(), matcher.end());
                            if (!searchAllOccurrences) {
                                break;
                            }
                        }
                        // Request Body
                        matcher = pattern.matcher(message.getRequestBody().toString());
                        while (matcher.find() && !pcc.allMatchesProcessed()) {
                            notifyMatchFound(currentRecordId, matcher.group(), message, SearchMatch.Location.REQUEST_BODY, matcher.start(), matcher.end());
                            if (!searchAllOccurrences) {
                                break;
                            }
                        }
                    }
                }
                if (Type.Response.equals(reqType) || Type.All.equals(reqType)) {
                    if (inverse && !pcc.allMatchesProcessed()) {
                        // Check for no matches in either Response Header or Body 
                        if (!pattern.matcher(message.getResponseHeader().toString()).find() && !pattern.matcher(message.getResponseBody().toString()).find()) {
                            notifyInverseMatchFound(currentRecordId, message, SearchMatch.Location.RESPONSE_HEAD);
                        }
                    } else {
                        // Response header
                        matcher = pattern.matcher(message.getResponseHeader().toString());
                        while (matcher.find() && !pcc.allMatchesProcessed()) {
                            notifyMatchFound(currentRecordId, matcher.group(), message, SearchMatch.Location.RESPONSE_HEAD, matcher.start(), matcher.end());
                            if (!searchAllOccurrences) {
                                break;
                            }
                        }
                        // Response body
                        matcher = pattern.matcher(message.getResponseBody().toString());
                        while (matcher.find() && !pcc.allMatchesProcessed()) {
                            notifyMatchFound(currentRecordId, matcher.group(), message, SearchMatch.Location.RESPONSE_BODY, matcher.start(), matcher.end());
                            if (!searchAllOccurrences) {
                                break;
                            }
                        }
                    }
                }
            } catch (HttpMalformedHeaderException e1) {
                log.error(e1.getMessage(), e1);
            }
            if (pcc.hasPageEnded()) {
                break;
            }
        }
    } catch (DatabaseException e) {
        log.error(e.getMessage(), e);
    }
}
Also used : Pattern(java.util.regex.Pattern) Matcher(java.util.regex.Matcher) HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException) Session(org.parosproxy.paros.model.Session)

Example 63 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class ContextCreateDialog method save.

@Override
public void save() {
    Context ctx = Model.getSingleton().getSession().getNewContext(this.getStringValue(NAME_FIELD));
    ctx.setDescription(this.getStringValue(DESC_FIELD));
    ctx.setInScope(this.getBoolValue(IN_SCOPE_FIELD));
    if (topNode != null) {
        try {
            ctx.addIncludeInContextRegex(new StructuralSiteNode(topNode).getRegexPattern());
        } catch (DatabaseException e) {
        // Ignore
        }
    }
    Model.getSingleton().getSession().saveContext(ctx);
}
Also used : Context(org.zaproxy.zap.model.Context) StructuralSiteNode(org.zaproxy.zap.model.StructuralSiteNode) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 64 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class ExtensionParams method persist.

private void persist(HtmlParameterStats param) {
    try {
        if (param.getId() < 0) {
            // Its a new one
            RecordParam rp = Model.getSingleton().getDb().getTableParam().insert(param.getSite(), param.getType().name(), param.getName(), param.getTimesUsed(), setToString(param.getFlags()), setToString(param.getValues()));
            param.setId(rp.getParamId());
        } else {
            // Its an existing one
            Model.getSingleton().getDb().getTableParam().update(param.getId(), param.getTimesUsed(), setToString(param.getFlags()), setToString(param.getValues()));
        }
    } catch (DatabaseException e) {
        logger.error(e.getMessage(), e);
    }
}
Also used : RecordParam(org.parosproxy.paros.db.RecordParam) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 65 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class ExtensionParams method sessionChangedEventHandler.

private void sessionChangedEventHandler(Session session) {
    // Clear all scans
    siteParamsMap = new HashMap<>();
    if (getView() != null) {
        this.getParamsPanel().reset();
    }
    if (session == null) {
        // Closedown
        return;
    }
    // Repopulate
    SiteNode root = (SiteNode) session.getSiteTree().getRoot();
    @SuppressWarnings("unchecked") Enumeration<SiteNode> en = root.children();
    while (en.hasMoreElements()) {
        String site = en.nextElement().getNodeName();
        if (site.indexOf("//") >= 0) {
            site = site.substring(site.indexOf("//") + 2);
        }
        if (getView() != null) {
            this.getParamsPanel().addSite(site);
        }
    }
    try {
        List<RecordParam> params = Model.getSingleton().getDb().getTableParam().getAll();
        for (RecordParam param : params) {
            SiteParameters sps = this.getSiteParameters(param.getSite());
            sps.addParam(param.getSite(), param);
        }
    } catch (DatabaseException e) {
        logger.error(e.getMessage(), e);
    }
}
Also used : RecordParam(org.parosproxy.paros.db.RecordParam) DatabaseException(org.parosproxy.paros.db.DatabaseException) SiteNode(org.parosproxy.paros.model.SiteNode)

Aggregations

DatabaseException (org.parosproxy.paros.db.DatabaseException)153 SQLException (java.sql.SQLException)113 ResultSet (java.sql.ResultSet)61 ArrayList (java.util.ArrayList)28 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)19 PreparedStatement (java.sql.PreparedStatement)11 Session (org.parosproxy.paros.model.Session)11 HttpMessage (org.parosproxy.paros.network.HttpMessage)11 RecordHistory (org.parosproxy.paros.db.RecordHistory)9 RecordAlert (org.parosproxy.paros.db.RecordAlert)7 RecordContext (org.parosproxy.paros.db.RecordContext)7 Vector (java.util.Vector)6 URIException (org.apache.commons.httpclient.URIException)6 IOException (java.io.IOException)5 TableHistory (org.parosproxy.paros.db.TableHistory)5 HistoryReference (org.parosproxy.paros.model.HistoryReference)5 StructuralSiteNode (org.zaproxy.zap.model.StructuralSiteNode)5 Matcher (java.util.regex.Matcher)4 PatternSyntaxException (java.util.regex.PatternSyntaxException)4 JSONException (net.sf.json.JSONException)4