Example 6 with RecordHistory
use of org.parosproxy.paros.db.RecordHistory in project zaproxy by zaproxy.
the class ExtensionCompare method buildHistoryMap.
private void buildHistoryMap(TableHistory th, Map<String, String> map) throws DatabaseException, HttpMalformedHeaderException {
// Get the first session id
RecordHistory rh = null;
for (int i = 0; i < 100; i++) {
rh = th.read(i);
if (rh != null) {
break;
}
}
if (rh == null) {
return;
}
List<Integer> hIds = th.getHistoryIdsOfHistType(rh.getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER);
for (Integer hId : hIds) {
RecordHistory recH = th.read(hId);
URI uri = recH.getHttpMessage().getRequestHeader().getURI();
String mapKey = recH.getHttpMessage().getRequestHeader().getMethod() + " " + uri.toString();
// TODO Optionally strip off params?
if (mapKey.indexOf("?") > -1) {
mapKey = mapKey.substring(0, mapKey.indexOf("?"));
}
String val = map.get(mapKey);
String code = recH.getHttpMessage().getResponseHeader().getStatusCode() + " ";
if (val == null) {
map.put(mapKey, code);
} else if (val.indexOf(code) < 0) {
map.put(mapKey, val + code);
}
}
}
Also used :
RecordHistory(org.parosproxy.paros.db.RecordHistory)
URI(org.apache.commons.httpclient.URI)
Example 7 with RecordHistory
use of org.parosproxy.paros.db.RecordHistory in project zaproxy by zaproxy.
the class ParosTableHistory method build.
private RecordHistory build(ResultSet rs) throws HttpMalformedHeaderException, SQLException {
RecordHistory history = null;
try {
if (rs.next()) {
byte[] reqBody;
byte[] resBody;
if (bodiesAsBytes) {
reqBody = rs.getBytes(REQBODY);
resBody = rs.getBytes(RESBODY);
} else {
reqBody = rs.getString(REQBODY).getBytes();
resBody = rs.getString(RESBODY).getBytes();
}
history = new RecordHistory(rs.getInt(HISTORYID), rs.getInt(HISTTYPE), rs.getLong(SESSIONID), rs.getLong(TIMESENTMILLIS), rs.getInt(TIMEELAPSEDMILLIS), rs.getString(REQHEADER), reqBody, rs.getString(RESHEADER), resBody, rs.getString(TAG), // ZAP: Added note
rs.getString(NOTE), rs.getBoolean(RESPONSE_FROM_TARGET_HOST));
}
} finally {
rs.close();
}
return history;
}
Also used :
RecordHistory(org.parosproxy.paros.db.RecordHistory)
Example 8 with RecordHistory
use of org.parosproxy.paros.db.RecordHistory in project zaproxy by zaproxy.
the class ParosTableHistory method getHistoryCache.
@Override
public RecordHistory getHistoryCache(HistoryReference ref, HttpMessage reqMsg) throws DatabaseException, HttpMalformedHeaderException {
try {
// get the cache from provided reference.
// naturally, the obtained cache should be AFTER AND NEARBY to the given reference.
// - historyId up to historyId+200
// - match sessionId
// - history type can be MANUEL or hidden (hidden is used by images not explicitly stored in history)
// - match URI
PreparedStatement psReadCache = null;
if (isExistStatusCode) {
// psReadCache = getConnection().prepareStatement("SELECT TOP 1 * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ? AND " + HISTORYID + " <= ? AND SESSIONID = ? AND (HISTTYPE = " + HistoryReference.TYPE_MANUAL + " OR HISTTYPE = " + HistoryReference.TYPE_HIDDEN + ") AND STATUSCODE != 304");
psReadCache = getConnection().prepareStatement("SELECT TOP 1 * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ? AND " + HISTORYID + " <= ? AND SESSIONID = ? AND STATUSCODE != 304");
} else {
// psReadCache = getConnection().prepareStatement("SELECT * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ? AND " + HISTORYID + " <= ? AND SESSIONID = ? AND (HISTTYPE = " + HistoryReference.TYPE_MANUAL + " OR HISTTYPE = " + HistoryReference.TYPE_HIDDEN + ")");
psReadCache = getConnection().prepareStatement("SELECT * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ? AND " + HISTORYID + " <= ? AND SESSIONID = ?)");
}
psReadCache.setString(1, reqMsg.getRequestHeader().getURI().toString());
psReadCache.setString(2, reqMsg.getRequestHeader().getMethod());
if (bodiesAsBytes) {
psReadCache.setBytes(3, reqMsg.getRequestBody().getBytes());
} else {
psReadCache.setString(3, new String(reqMsg.getRequestBody().getBytes()));
}
psReadCache.setInt(4, ref.getHistoryId());
psReadCache.setInt(5, ref.getHistoryId() + 200);
psReadCache.setLong(6, ref.getSessionId());
ResultSet rs = psReadCache.executeQuery();
RecordHistory rec = null;
try {
do {
rec = build(rs);
// and the result should NOT be NOT_MODIFIED for rendering by browser
if (rec != null && rec.getHttpMessage().equals(reqMsg) && rec.getHttpMessage().getResponseHeader().getStatusCode() != HttpStatusCode.NOT_MODIFIED) {
return rec;
}
} while (rec != null);
} finally {
try {
rs.close();
psReadCache.close();
} catch (Exception e) {
// ZAP: Log exceptions
log.warn(e.getMessage(), e);
}
}
if (isExistStatusCode) {
// psReadCache = getConnection().prepareStatement("SELECT TOP 1 * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND SESSIONID = ? AND STATUSCODE != 304 AND (HISTTYPE = " + HistoryReference.TYPE_MANUAL + " OR HISTTYPE = " + HistoryReference.TYPE_HIDDEN + ")");
psReadCache = getConnection().prepareStatement("SELECT TOP 1 * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND SESSIONID = ? AND STATUSCODE != 304");
} else {
// psReadCache = getConnection().prepareStatement("SELECT * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND SESSIONID = ? AND (HISTTYPE = " + HistoryReference.TYPE_MANUAL + " OR HISTTYPE = " + HistoryReference.TYPE_HIDDEN + ")");
psReadCache = getConnection().prepareStatement("SELECT * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND SESSIONID = ?");
}
psReadCache.setString(1, reqMsg.getRequestHeader().getURI().toString());
psReadCache.setString(2, reqMsg.getRequestHeader().getMethod());
if (bodiesAsBytes) {
psReadCache.setBytes(3, reqMsg.getRequestBody().getBytes());
} else {
psReadCache.setString(3, new String(reqMsg.getRequestBody().getBytes()));
}
psReadCache.setLong(4, ref.getSessionId());
rs = psReadCache.executeQuery();
rec = null;
try {
do {
rec = build(rs);
if (rec != null && rec.getHttpMessage().equals(reqMsg) && rec.getHttpMessage().getResponseHeader().getStatusCode() != HttpStatusCode.NOT_MODIFIED) {
return rec;
}
} while (rec != null);
} finally {
try {
rs.close();
psReadCache.close();
} catch (Exception e) {
// ZAP: Log exceptions
log.warn(e.getMessage(), e);
}
}
return null;
} catch (SQLException e) {
throw new DatabaseException(e);
}
}
Also used :
SQLException(java.sql.SQLException)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
RecordHistory(org.parosproxy.paros.db.RecordHistory)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
SQLException(java.sql.SQLException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Example 9 with RecordHistory
use of org.parosproxy.paros.db.RecordHistory in project zaproxy by zaproxy.
the class CoreAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result = null;
Session session = Model.getSingleton().getSession();
if (VIEW_HOSTS.equals(name)) {
result = new ApiResponseList(name);
SiteNode root = (SiteNode) session.getSiteTree().getRoot();
@SuppressWarnings("unchecked") Enumeration<SiteNode> en = root.children();
while (en.hasMoreElements()) {
String site = en.nextElement().getNodeName();
if (site.indexOf("//") >= 0) {
site = site.substring(site.indexOf("//") + 2);
}
if (site.indexOf(":") >= 0) {
site = site.substring(0, site.indexOf(":"));
}
((ApiResponseList) result).addItem(new ApiResponseElement("host", site));
}
} else if (VIEW_SITES.equals(name)) {
result = new ApiResponseList(name);
SiteNode root = (SiteNode) session.getSiteTree().getRoot();
@SuppressWarnings("unchecked") Enumeration<SiteNode> en = root.children();
while (en.hasMoreElements()) {
((ApiResponseList) result).addItem(new ApiResponseElement("site", en.nextElement().getNodeName()));
}
} else if (VIEW_URLS.equals(name)) {
result = new ApiResponseList(name);
SiteNode root = (SiteNode) session.getSiteTree().getRoot();
this.getURLs(root, (ApiResponseList) result);
} else if (VIEW_ALERT.equals(name)) {
TableAlert tableAlert = Model.getSingleton().getDb().getTableAlert();
RecordAlert recordAlert;
try {
recordAlert = tableAlert.read(this.getParam(params, PARAM_ID, -1));
} catch (DatabaseException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
if (recordAlert == null) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
result = new ApiResponseElement(alertToSet(new Alert(recordAlert)));
} else if (VIEW_ALERTS.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
processAlerts(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), new Processor<Alert>() {
@Override
public void process(Alert alert) {
resultList.addItem(alertToSet(alert));
}
});
result = resultList;
} else if (VIEW_NUMBER_OF_ALERTS.equals(name)) {
CounterProcessor<Alert> counter = new CounterProcessor<>();
processAlerts(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), counter);
result = new ApiResponseElement(name, Integer.toString(counter.getCount()));
} else if (VIEW_MESSAGE.equals(name)) {
TableHistory tableHistory = Model.getSingleton().getDb().getTableHistory();
RecordHistory recordHistory;
try {
recordHistory = tableHistory.read(this.getParam(params, PARAM_ID, -1));
} catch (HttpMalformedHeaderException | DatabaseException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
if (recordHistory == null || recordHistory.getHistoryType() == HistoryReference.TYPE_TEMPORARY) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
result = new ApiResponseElement(ApiResponseConversionUtils.httpMessageToSet(recordHistory.getHistoryId(), recordHistory.getHistoryType(), recordHistory.getHttpMessage()));
} else if (VIEW_MESSAGES.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
processHttpMessages(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), new Processor<RecordHistory>() {
@Override
public void process(RecordHistory recordHistory) {
resultList.addItem(ApiResponseConversionUtils.httpMessageToSet(recordHistory.getHistoryId(), recordHistory.getHistoryType(), recordHistory.getHttpMessage()));
}
});
result = resultList;
} else if (VIEW_NUMBER_OF_MESSAGES.equals(name)) {
CounterProcessor<RecordHistory> counter = new CounterProcessor<>();
processHttpMessages(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), counter);
result = new ApiResponseElement(name, Integer.toString(counter.getCount()));
} else if (VIEW_MODE.equals(name)) {
result = new ApiResponseElement(name, Control.getSingleton().getMode().name());
} else if (VIEW_VERSION.equals(name)) {
result = new ApiResponseElement(name, Constant.PROGRAM_VERSION);
} else if (VIEW_EXCLUDED_FROM_PROXY.equals(name)) {
result = new ApiResponseList(name);
List<String> regexs = session.getExcludeFromProxyRegexs();
for (String regex : regexs) {
((ApiResponseList) result).addItem(new ApiResponseElement("regex", regex));
}
} else if (VIEW_HOME_DIRECTORY.equals(name)) {
result = new ApiResponseElement(name, Model.getSingleton().getOptionsParam().getUserDirectory().getAbsolutePath());
} else if (VIEW_SESSION_LOCATION.equals(name)) {
result = new ApiResponseElement(name, session.getFileName());
} else if (VIEW_PROXY_CHAIN_EXCLUDED_DOMAINS.equals(name) || VIEW_OPTION_PROXY_EXCLUDED_DOMAINS.equals(name) || VIEW_OPTION_PROXY_CHAIN_SKIP_NAME.equals(name)) {
result = proxyChainExcludedDomainsToApiResponseList(name, Model.getSingleton().getOptionsParam().getConnectionParam().getProxyExcludedDomains(), false);
} else if (VIEW_OPTION_PROXY_EXCLUDED_DOMAINS_ENABLED.equals(name)) {
result = proxyChainExcludedDomainsToApiResponseList(name, Model.getSingleton().getOptionsParam().getConnectionParam().getProxyExcludedDomains(), true);
} else {
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
Also used :
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
List(java.util.List)
ArrayList(java.util.ArrayList)
RecordHistory(org.parosproxy.paros.db.RecordHistory)
SiteNode(org.parosproxy.paros.model.SiteNode)
Enumeration(java.util.Enumeration)
RecordAlert(org.parosproxy.paros.db.RecordAlert)
TableAlert(org.parosproxy.paros.db.TableAlert)
Alert(org.parosproxy.paros.core.scanner.Alert)
RecordAlert(org.parosproxy.paros.db.RecordAlert)
ExtensionAlert(org.zaproxy.zap.extension.alert.ExtensionAlert)
TableAlert(org.parosproxy.paros.db.TableAlert)
TableHistory(org.parosproxy.paros.db.TableHistory)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Session(org.parosproxy.paros.model.Session)
Example 10 with RecordHistory
use of org.parosproxy.paros.db.RecordHistory in project zaproxy by zaproxy.
the class CoreAPI method processHttpMessages.
private void processHttpMessages(String baseUrl, int start, int count, Processor<RecordHistory> processor) throws ApiException {
try {
TableHistory tableHistory = Model.getSingleton().getDb().getTableHistory();
List<Integer> historyIds = tableHistory.getHistoryIdsExceptOfHistType(Model.getSingleton().getSession().getSessionId(), HistoryReference.TYPE_TEMPORARY);
PaginationConstraintsChecker pcc = new PaginationConstraintsChecker(start, count);
for (Integer id : historyIds) {
RecordHistory recHistory = tableHistory.read(id.intValue());
HttpMessage msg = recHistory.getHttpMessage();
if (msg.getRequestHeader().isImage() || msg.getResponseHeader().isImage()) {
continue;
}
if (baseUrl != null && !msg.getRequestHeader().getURI().toString().startsWith(baseUrl)) {
// Not subordinate to the specified URL
continue;
}
pcc.recordProcessed();
if (!pcc.hasPageStarted()) {
continue;
}
processor.process(recHistory);
if (pcc.hasPageEnded()) {
break;
}
}
} catch (HttpMalformedHeaderException | DatabaseException e) {
logger.error(e.getMessage(), e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
}
Also used :
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
TableHistory(org.parosproxy.paros.db.TableHistory)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
RecordHistory(org.parosproxy.paros.db.RecordHistory)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Aggregations
RecordHistory (org.parosproxy.paros.db.RecordHistory)15
DatabaseException (org.parosproxy.paros.db.DatabaseException)11
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)9
SQLException (java.sql.SQLException)5
ResultSet (java.sql.ResultSet)4
TableHistory (org.parosproxy.paros.db.TableHistory)4
HttpMessage (org.parosproxy.paros.network.HttpMessage)4
PatternSyntaxException (java.util.regex.PatternSyntaxException)3
ApiException (org.zaproxy.zap.extension.api.ApiException)3
HarEntries (edu.umass.cs.benchlab.har.HarEntries)2
HarLog (edu.umass.cs.benchlab.har.HarLog)2
IOException (java.io.IOException)2
PreparedStatement (java.sql.PreparedStatement)2
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
List (java.util.List)2
Session (org.parosproxy.paros.model.Session)2
ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)2
ApiResponseSet (org.zaproxy.zap.extension.api.ApiResponseSet)2
StringWriter (java.io.StringWriter)1
