use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.
the class ExtensionAntiCSRF method registerAntiCsrfToken.
public void registerAntiCsrfToken(AntiCsrfToken token) {
log.debug("registerAntiCsrfToken " + token.getMsg().getRequestHeader().getURI().toString() + " " + token.getValue());
synchronized (valueToToken) {
try {
HistoryReference hRef = token.getMsg().getHistoryRef();
if (hRef == null) {
hRef = new HistoryReference(getModel().getSession(), HistoryReference.TYPE_TEMPORARY, token.getMsg());
token.getMsg().setHistoryRef(null);
}
token.setHistoryReferenceId(hRef.getHistoryId());
valueToToken.put(encoder.getURLEncode(token.getValue()), token);
} catch (HttpMalformedHeaderException | DatabaseException e) {
log.error("Failed to persist the message: ", e);
}
}
}
use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.
the class ExtensionAntiCSRF method sessionChanged.
@Override
public void sessionChanged(Session session) {
if (session == null) {
// Closedown
return;
}
synchronized (valueToToken) {
valueToToken.clear();
}
// search for tokens...
try {
List<Integer> list = getModel().getDb().getTableHistory().getHistoryIdsOfHistType(session.getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER);
HistoryFilter filter = new HistoryFilter();
filter.setTags(Arrays.asList(new String[] { TAG }));
AntiCsrfDetectScanner antiCsrfDetectScanner = new AntiCsrfDetectScanner(this);
for (Integer i : list) {
HistoryReference hRef = historyReferenceFactory.createHistoryReference(i.intValue());
if (filter.matches(hRef)) {
HttpMessage msg = hRef.getHttpMessage();
String response = msg.getResponseHeader().toString() + msg.getResponseBody().toString();
Source src = new Source(response);
if (msg.isResponseFromTargetHost()) {
antiCsrfDetectScanner.scanHttpResponseReceive(msg, hRef.getHistoryId(), src);
}
}
}
} catch (DatabaseException | HttpMalformedHeaderException e) {
log.error(e.getMessage(), e);
}
}
use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.
the class SqlTableTag method insert.
/* (non-Javadoc)
* @see org.parosproxy.paros.db.paros.TableTag#insert(long, java.lang.String)
*/
@Override
public synchronized RecordTag insert(long historyId, String tag) throws DatabaseException {
SqlPreparedStatementWrapper psInsertTag = null;
try {
psInsertTag = DbSQL.getSingleton().getPreparedStatement("tag.ps.insert");
psInsertTag.getPs().setLong(1, historyId);
psInsertTag.getPs().setString(2, tag);
psInsertTag.getPs().executeUpdate();
try (ResultSet rs = psInsertTag.getLastInsertedId()) {
rs.next();
long id = rs.getLong(1);
return read(id);
}
} catch (SQLException e) {
throw new DatabaseException(e);
} finally {
DbSQL.getSingleton().releasePreparedStatement(psInsertTag);
}
}
use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.
the class SqlTableTag method deleteTagsForHistoryID.
/* (non-Javadoc)
* @see org.parosproxy.paros.db.paros.TableTag#deleteTagsForHistoryID(long)
*/
@Override
public void deleteTagsForHistoryID(long historyId) throws DatabaseException {
SqlPreparedStatementWrapper psDeleteTagsForHistoryId = null;
try {
psDeleteTagsForHistoryId = DbSQL.getSingleton().getPreparedStatement("tag.ps.deletetagsforhid");
psDeleteTagsForHistoryId.getPs().setLong(1, historyId);
psDeleteTagsForHistoryId.getPs().execute();
} catch (SQLException e) {
throw new DatabaseException(e);
} finally {
DbSQL.getSingleton().releasePreparedStatement(psDeleteTagsForHistoryId);
}
}
use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.
the class ExtensionAlert method getAllAlerts.
public List<Alert> getAllAlerts() {
List<Alert> allAlerts = new ArrayList<>();
TableAlert tableAlert = getModel().getDb().getTableAlert();
Vector<Integer> v;
try {
// TODO this doesnt work, but should be used when its fixed :/
//v = tableAlert.getAlertListBySession(Model.getSingleton().getSession().getSessionId());
v = tableAlert.getAlertList();
for (int i = 0; i < v.size(); i++) {
int alertId = v.get(i).intValue();
RecordAlert recAlert = tableAlert.read(alertId);
Alert alert = new Alert(recAlert);
if (alert.getHistoryRef() != null) {
// Only use the alert if it has a history reference.
if (!allAlerts.contains(alert)) {
allAlerts.add(alert);
}
}
}
} catch (DatabaseException e) {
logger.error(e.getMessage(), e);
}
return allAlerts;
}
Aggregations