Search in sources :

Example 41 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method sessionChanged.

@Override
public void sessionChanged(Session session) {
    if (session == null) {
        // Closedown
        return;
    }
    synchronized (valueToToken) {
        valueToToken.clear();
    }
    // search for tokens...
    try {
        List<Integer> list = getModel().getDb().getTableHistory().getHistoryIdsOfHistType(session.getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER);
        HistoryFilter filter = new HistoryFilter();
        filter.setTags(Arrays.asList(new String[] { TAG }));
        AntiCsrfDetectScanner antiCsrfDetectScanner = new AntiCsrfDetectScanner(this);
        for (Integer i : list) {
            HistoryReference hRef = historyReferenceFactory.createHistoryReference(i.intValue());
            if (filter.matches(hRef)) {
                HttpMessage msg = hRef.getHttpMessage();
                String response = msg.getResponseHeader().toString() + msg.getResponseBody().toString();
                Source src = new Source(response);
                if (msg.isResponseFromTargetHost()) {
                    antiCsrfDetectScanner.scanHttpResponseReceive(msg, hRef.getHistoryId(), src);
                }
            }
        }
    } catch (DatabaseException | HttpMalformedHeaderException e) {
        log.error(e.getMessage(), e);
    }
}
Also used : HistoryFilter(org.parosproxy.paros.extension.history.HistoryFilter) HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException) Source(net.htmlparser.jericho.Source)

Example 42 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class SqlTableTag method insert.

/* (non-Javadoc)
	 * @see org.parosproxy.paros.db.paros.TableTag#insert(long, java.lang.String)
	 */
@Override
public synchronized RecordTag insert(long historyId, String tag) throws DatabaseException {
    SqlPreparedStatementWrapper psInsertTag = null;
    try {
        psInsertTag = DbSQL.getSingleton().getPreparedStatement("tag.ps.insert");
        psInsertTag.getPs().setLong(1, historyId);
        psInsertTag.getPs().setString(2, tag);
        psInsertTag.getPs().executeUpdate();
        try (ResultSet rs = psInsertTag.getLastInsertedId()) {
            rs.next();
            long id = rs.getLong(1);
            return read(id);
        }
    } catch (SQLException e) {
        throw new DatabaseException(e);
    } finally {
        DbSQL.getSingleton().releasePreparedStatement(psInsertTag);
    }
}
Also used : SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 43 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class SqlTableTag method deleteTagsForHistoryID.

/* (non-Javadoc)
	 * @see org.parosproxy.paros.db.paros.TableTag#deleteTagsForHistoryID(long)
	 */
@Override
public void deleteTagsForHistoryID(long historyId) throws DatabaseException {
    SqlPreparedStatementWrapper psDeleteTagsForHistoryId = null;
    try {
        psDeleteTagsForHistoryId = DbSQL.getSingleton().getPreparedStatement("tag.ps.deletetagsforhid");
        psDeleteTagsForHistoryId.getPs().setLong(1, historyId);
        psDeleteTagsForHistoryId.getPs().execute();
    } catch (SQLException e) {
        throw new DatabaseException(e);
    } finally {
        DbSQL.getSingleton().releasePreparedStatement(psDeleteTagsForHistoryId);
    }
}
Also used : SQLException(java.sql.SQLException) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 44 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class ExtensionAlert method getAllAlerts.

public List<Alert> getAllAlerts() {
    List<Alert> allAlerts = new ArrayList<>();
    TableAlert tableAlert = getModel().getDb().getTableAlert();
    Vector<Integer> v;
    try {
        // TODO this doesnt work, but should be used when its fixed :/
        //v = tableAlert.getAlertListBySession(Model.getSingleton().getSession().getSessionId());
        v = tableAlert.getAlertList();
        for (int i = 0; i < v.size(); i++) {
            int alertId = v.get(i).intValue();
            RecordAlert recAlert = tableAlert.read(alertId);
            Alert alert = new Alert(recAlert);
            if (alert.getHistoryRef() != null) {
                // Only use the alert if it has a history reference.
                if (!allAlerts.contains(alert)) {
                    allAlerts.add(alert);
                }
            }
        }
    } catch (DatabaseException e) {
        logger.error(e.getMessage(), e);
    }
    return allAlerts;
}
Also used : TableAlert(org.parosproxy.paros.db.TableAlert) ArrayList(java.util.ArrayList) Alert(org.parosproxy.paros.core.scanner.Alert) RecordAlert(org.parosproxy.paros.db.RecordAlert) TableAlert(org.parosproxy.paros.db.TableAlert) DatabaseException(org.parosproxy.paros.db.DatabaseException) RecordAlert(org.parosproxy.paros.db.RecordAlert)

Example 45 with DatabaseException

use of org.parosproxy.paros.db.DatabaseException in project zaproxy by zaproxy.

the class ExtensionAlert method deleteHistoryReferenceAlerts.

public void deleteHistoryReferenceAlerts(HistoryReference hRef) {
    List<Alert> alerts = hRef.getAlerts();
    SiteMap siteTree = this.getModel().getSession().getSiteTree();
    synchronized (this.getTreeModel()) {
        for (int i = 0; i < alerts.size(); i++) {
            Alert alert = alerts.get(i);
            this.getTreeModel().deletePath(alert);
            this.getFilteredTreeModel().deletePath(alert);
            try {
                getModel().getDb().getTableAlert().deleteAlert(alert.getAlertId());
            } catch (DatabaseException e) {
                logger.error("Failed to delete alert with ID: " + alert.getAlertId(), e);
            }
        }
        SiteNode node = hRef.getSiteNode();
        if (node == null) {
            node = siteTree.findNode(hRef.getURI(), hRef.getMethod(), hRef.getRequestBody());
        }
        if (node != null) {
            node.deleteAlerts(alerts);
        }
        alerts.clear();
        this.recalcAlerts();
    }
    hrefs.remove(Integer.valueOf(hRef.getHistoryId()));
}
Also used : SiteMap(org.parosproxy.paros.model.SiteMap) Alert(org.parosproxy.paros.core.scanner.Alert) RecordAlert(org.parosproxy.paros.db.RecordAlert) TableAlert(org.parosproxy.paros.db.TableAlert) DatabaseException(org.parosproxy.paros.db.DatabaseException) SiteNode(org.parosproxy.paros.model.SiteNode)

Aggregations

DatabaseException (org.parosproxy.paros.db.DatabaseException)153 SQLException (java.sql.SQLException)113 ResultSet (java.sql.ResultSet)61 ArrayList (java.util.ArrayList)28 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)19 PreparedStatement (java.sql.PreparedStatement)11 Session (org.parosproxy.paros.model.Session)11 HttpMessage (org.parosproxy.paros.network.HttpMessage)11 RecordHistory (org.parosproxy.paros.db.RecordHistory)9 RecordAlert (org.parosproxy.paros.db.RecordAlert)7 RecordContext (org.parosproxy.paros.db.RecordContext)7 Vector (java.util.Vector)6 URIException (org.apache.commons.httpclient.URIException)6 IOException (java.io.IOException)5 TableHistory (org.parosproxy.paros.db.TableHistory)5 HistoryReference (org.parosproxy.paros.model.HistoryReference)5 StructuralSiteNode (org.zaproxy.zap.model.StructuralSiteNode)5 Matcher (java.util.regex.Matcher)4 PatternSyntaxException (java.util.regex.PatternSyntaxException)4 JSONException (net.sf.json.JSONException)4