Search in sources :

Example 6 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method registerAntiCsrfToken.

public void registerAntiCsrfToken(AntiCsrfToken token) {
    log.debug("registerAntiCsrfToken " + token.getMsg().getRequestHeader().getURI().toString() + " " + token.getValue());
    synchronized (valueToToken) {
        try {
            HistoryReference hRef = token.getMsg().getHistoryRef();
            if (hRef == null) {
                hRef = new HistoryReference(getModel().getSession(), HistoryReference.TYPE_TEMPORARY, token.getMsg());
                token.getMsg().setHistoryRef(null);
            }
            token.setHistoryReferenceId(hRef.getHistoryId());
            valueToToken.put(encoder.getURLEncode(token.getValue()), token);
        } catch (HttpMalformedHeaderException | DatabaseException e) {
            log.error("Failed to persist the message: ", e);
        }
    }
}
Also used : HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 7 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method sessionChanged.

@Override
public void sessionChanged(Session session) {
    if (session == null) {
        // Closedown
        return;
    }
    synchronized (valueToToken) {
        valueToToken.clear();
    }
    // search for tokens...
    try {
        List<Integer> list = getModel().getDb().getTableHistory().getHistoryIdsOfHistType(session.getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER);
        HistoryFilter filter = new HistoryFilter();
        filter.setTags(Arrays.asList(new String[] { TAG }));
        AntiCsrfDetectScanner antiCsrfDetectScanner = new AntiCsrfDetectScanner(this);
        for (Integer i : list) {
            HistoryReference hRef = historyReferenceFactory.createHistoryReference(i.intValue());
            if (filter.matches(hRef)) {
                HttpMessage msg = hRef.getHttpMessage();
                String response = msg.getResponseHeader().toString() + msg.getResponseBody().toString();
                Source src = new Source(response);
                if (msg.isResponseFromTargetHost()) {
                    antiCsrfDetectScanner.scanHttpResponseReceive(msg, hRef.getHistoryId(), src);
                }
            }
        }
    } catch (DatabaseException | HttpMalformedHeaderException e) {
        log.error(e.getMessage(), e);
    }
}
Also used : HistoryFilter(org.parosproxy.paros.extension.history.HistoryFilter) HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException) Source(net.htmlparser.jericho.Source)

Example 8 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class SqlTableTag method insert.

/* (non-Javadoc)
	 * @see org.parosproxy.paros.db.paros.TableTag#insert(long, java.lang.String)
	 */
@Override
public synchronized RecordTag insert(long historyId, String tag) throws DatabaseException {
    SqlPreparedStatementWrapper psInsertTag = null;
    try {
        psInsertTag = DbSQL.getSingleton().getPreparedStatement("tag.ps.insert");
        psInsertTag.getPs().setLong(1, historyId);
        psInsertTag.getPs().setString(2, tag);
        psInsertTag.getPs().executeUpdate();
        try (ResultSet rs = psInsertTag.getLastInsertedId()) {
            rs.next();
            long id = rs.getLong(1);
            return read(id);
        }
    } catch (SQLException e) {
        throw new DatabaseException(e);
    } finally {
        DbSQL.getSingleton().releasePreparedStatement(psInsertTag);
    }
}
Also used : SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 9 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class SqlTableTag method deleteTagsForHistoryID.

/* (non-Javadoc)
	 * @see org.parosproxy.paros.db.paros.TableTag#deleteTagsForHistoryID(long)
	 */
@Override
public void deleteTagsForHistoryID(long historyId) throws DatabaseException {
    SqlPreparedStatementWrapper psDeleteTagsForHistoryId = null;
    try {
        psDeleteTagsForHistoryId = DbSQL.getSingleton().getPreparedStatement("tag.ps.deletetagsforhid");
        psDeleteTagsForHistoryId.getPs().setLong(1, historyId);
        psDeleteTagsForHistoryId.getPs().execute();
    } catch (SQLException e) {
        throw new DatabaseException(e);
    } finally {
        DbSQL.getSingleton().releasePreparedStatement(psDeleteTagsForHistoryId);
    }
}
Also used : SQLException(java.sql.SQLException) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 10 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class ExtensionAlert method getAllAlerts.

public List<Alert> getAllAlerts() {
    List<Alert> allAlerts = new ArrayList<>();
    TableAlert tableAlert = getModel().getDb().getTableAlert();
    Vector<Integer> v;
    try {
        // TODO this doesnt work, but should be used when its fixed :/
        //v = tableAlert.getAlertListBySession(Model.getSingleton().getSession().getSessionId());
        v = tableAlert.getAlertList();
        for (int i = 0; i < v.size(); i++) {
            int alertId = v.get(i).intValue();
            RecordAlert recAlert = tableAlert.read(alertId);
            Alert alert = new Alert(recAlert);
            if (alert.getHistoryRef() != null) {
                // Only use the alert if it has a history reference.
                if (!allAlerts.contains(alert)) {
                    allAlerts.add(alert);
                }
            }
        }
    } catch (DatabaseException e) {
        logger.error(e.getMessage(), e);
    }
    return allAlerts;
}
Also used : TableAlert(org.parosproxy.paros.db.TableAlert) ArrayList(java.util.ArrayList) Alert(org.parosproxy.paros.core.scanner.Alert) RecordAlert(org.parosproxy.paros.db.RecordAlert) TableAlert(org.parosproxy.paros.db.TableAlert) DatabaseException(org.parosproxy.paros.db.DatabaseException) RecordAlert(org.parosproxy.paros.db.RecordAlert)

Aggregations

DatabaseException (org.parosproxy.paros.db.DatabaseException)153 SQLException (java.sql.SQLException)113 ResultSet (java.sql.ResultSet)61 ArrayList (java.util.ArrayList)28 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)19 PreparedStatement (java.sql.PreparedStatement)11 Session (org.parosproxy.paros.model.Session)11 HttpMessage (org.parosproxy.paros.network.HttpMessage)11 RecordHistory (org.parosproxy.paros.db.RecordHistory)9 RecordAlert (org.parosproxy.paros.db.RecordAlert)7 RecordContext (org.parosproxy.paros.db.RecordContext)7 Vector (java.util.Vector)6 URIException (org.apache.commons.httpclient.URIException)6 IOException (java.io.IOException)5 TableHistory (org.parosproxy.paros.db.TableHistory)5 HistoryReference (org.parosproxy.paros.model.HistoryReference)5 StructuralSiteNode (org.zaproxy.zap.model.StructuralSiteNode)5 Matcher (java.util.regex.Matcher)4 PatternSyntaxException (java.util.regex.PatternSyntaxException)4 JSONException (net.sf.json.JSONException)4