Examples with HistoryReference - org.parosproxy.paros.model.HistoryReference

Example 1 with HistoryReference

use of org.parosproxy.paros.model.HistoryReference in project zaproxy by zaproxy.

the class ActiveScan method notifyNewMessage.

@Override
public void notifyNewMessage(final HttpMessage msg) {
    HistoryReference hRef = msg.getHistoryRef();
    if (hRef == null) {
        try {
            hRef = new HistoryReference(Model.getSingleton().getSession(), HistoryReference.TYPE_SCANNER_TEMPORARY, msg);
            msg.setHistoryRef(null);
            hRefs.add(Integer.valueOf(hRef.getHistoryId()));
        } catch (HttpMalformedHeaderException | DatabaseException e) {
            log.error(e.getMessage(), e);
        }
    } else {
        hRefs.add(Integer.valueOf(hRef.getHistoryId()));
    }
    this.rcTotals.incResponseCodeCount(msg.getResponseHeader().getStatusCode());
    if (hRef != null && this.rcTotals.getTotal() <= this.maxResultsToList) {
        // Very large lists significantly impact the UI responsiveness
        // limiting them makes large scans _much_ quicker
        addHistoryReference(hRef);
    }
}

Also used : HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 2 with HistoryReference

use of org.parosproxy.paros.model.HistoryReference in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method registerAntiCsrfToken.

public void registerAntiCsrfToken(AntiCsrfToken token) {
    log.debug("registerAntiCsrfToken " + token.getMsg().getRequestHeader().getURI().toString() + " " + token.getValue());
    synchronized (valueToToken) {
        try {
            HistoryReference hRef = token.getMsg().getHistoryRef();
            if (hRef == null) {
                hRef = new HistoryReference(getModel().getSession(), HistoryReference.TYPE_TEMPORARY, token.getMsg());
                token.getMsg().setHistoryRef(null);
            }
            token.setHistoryReferenceId(hRef.getHistoryId());
            valueToToken.put(encoder.getURLEncode(token.getValue()), token);
        } catch (HttpMalformedHeaderException | DatabaseException e) {
            log.error("Failed to persist the message: ", e);
        }
    }
}

Example 3 with HistoryReference

use of org.parosproxy.paros.model.HistoryReference in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method sessionChanged.

@Override
public void sessionChanged(Session session) {
    if (session == null) {
        // Closedown
        return;
    }
    synchronized (valueToToken) {
        valueToToken.clear();
    }
    // search for tokens...
    try {
        List<Integer> list = getModel().getDb().getTableHistory().getHistoryIdsOfHistType(session.getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER);
        HistoryFilter filter = new HistoryFilter();
        filter.setTags(Arrays.asList(new String[] { TAG }));
        AntiCsrfDetectScanner antiCsrfDetectScanner = new AntiCsrfDetectScanner(this);
        for (Integer i : list) {
            HistoryReference hRef = historyReferenceFactory.createHistoryReference(i.intValue());
            if (filter.matches(hRef)) {
                HttpMessage msg = hRef.getHttpMessage();
                String response = msg.getResponseHeader().toString() + msg.getResponseBody().toString();
                Source src = new Source(response);
                if (msg.isResponseFromTargetHost()) {
                    antiCsrfDetectScanner.scanHttpResponseReceive(msg, hRef.getHistoryId(), src);
                }
            }
        }
    } catch (DatabaseException | HttpMalformedHeaderException e) {
        log.error(e.getMessage(), e);
    }
}

Also used : HistoryFilter(org.parosproxy.paros.extension.history.HistoryFilter) HistoryReference(org.parosproxy.paros.model.HistoryReference) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException) Source(net.htmlparser.jericho.Source)

Example 4 with HistoryReference

use of org.parosproxy.paros.model.HistoryReference in project zaproxy by zaproxy.

the class ExtensionAntiCSRF method generateForm.

public String generateForm(int hrefId) throws Exception {
    ExtensionHistory extHist = (ExtensionHistory) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME);
    if (extHist != null) {
        HistoryReference hr = extHist.getHistoryReference(hrefId);
        if (hr == null) {
            return null;
        }
        HttpMessage msg = hr.getHttpMessage();
        StringBuilder sb = new StringBuilder(300);
        sb.append("<html>\n");
        sb.append("<body>\n");
        sb.append("<h3>");
        sb.append(msg.getRequestHeader().getURI());
        sb.append("</h3>");
        sb.append("<form id=\"f1\" method=\"POST\" action=\"" + hr.getURI() + "\">\n");
        sb.append("<table>\n");
        TreeSet<HtmlParameter> params = msg.getFormParams();
        // Let the message be GC'ed as it's no longer needed.
        msg = null;
        Iterator<HtmlParameter> iter = params.iterator();
        while (iter.hasNext()) {
            HtmlParameter htmlParam = iter.next();
            String name = URLDecoder.decode(htmlParam.getName(), "UTF-8");
            String value = URLDecoder.decode(htmlParam.getValue(), "UTF-8");
            sb.append("<tr><td>\n");
            sb.append(name);
            sb.append("<td>");
            sb.append("<input name=\"");
            sb.append(name);
            sb.append("\" value=\"");
            sb.append(value);
            sb.append("\" size=\"100\">");
            sb.append("</tr>\n");
        }
        sb.append("</table>\n");
        sb.append("<input id=\"submit\" type=\"submit\" value=\"Submit\"/>\n");
        sb.append("</form>\n");
        sb.append("</body>\n");
        sb.append("</html>\n");
        return sb.toString();
    }
    return null;
}

Also used : HistoryReference(org.parosproxy.paros.model.HistoryReference) ExtensionHistory(org.parosproxy.paros.extension.history.ExtensionHistory) HtmlParameter(org.parosproxy.paros.network.HtmlParameter) HttpMessage(org.parosproxy.paros.network.HttpMessage)

Example 5 with HistoryReference

use of org.parosproxy.paros.model.HistoryReference in project zaproxy by zaproxy.

the class AlertPanel method recreateLinkWithSitesTreeModel.

/**
     * Recreates the {@code linkWithSitesTreeModel} with the alerts of the given {@code siteNode}.
     * <p>
     * If the given {@code siteNode} doesn't contain any alerts the resulting model will only contain the root node, otherwise
     * the model will contain the root node and the alerts returned by the method {@code SiteNode#getAlerts()} although if the
     * node has an HistoryReference only the alerts whose URI is equal to the URI returned by the method
     * {@code HistoryReference#getURI()} will be included.
     * </p>
     * <p>
     * After a call to this method the number of total alerts will be recalculated by calling the method
     * {@code ExtensionAlert#recalcAlerts()}.
     * </p>
     * 
     * @param siteNode the "Sites" tree node that will be used to recreate the alerts tree model.
     * @throws IllegalArgumentException if {@code siteNode} is {@code null}.
     * @see #linkWithSitesTreeModel
     * @see #setLinkWithSitesTreeSelection
     * @see Alert
     * @see ExtensionAlert#recalcAlerts()
     * @see HistoryReference
     * @see SiteNode#getAlerts()
     */
private void recreateLinkWithSitesTreeModel(SiteNode siteNode) {
    if (siteNode == null) {
        throw new IllegalArgumentException("Parameter siteNode must not be null.");
    }
    ((AlertNode) getLinkWithSitesTreeModel().getRoot()).removeAllChildren();
    if (siteNode.isRoot()) {
        getLinkWithSitesTreeModel().reload();
        extension.recalcAlerts();
        return;
    }
    String uri = null;
    HistoryReference historyReference = siteNode.getHistoryReference();
    if (historyReference != null) {
        uri = historyReference.getURI().toString();
    }
    for (Alert alert : siteNode.getAlerts()) {
        // Just show ones for this node
        if (uri != null && !alert.getUri().equals(uri)) {
            continue;
        }
        getLinkWithSitesTreeModel().addPath(alert);
    }
    getLinkWithSitesTreeModel().reload();
    expandRootChildNodes();
    extension.recalcAlerts();
}

Also used : HistoryReference(org.parosproxy.paros.model.HistoryReference) Alert(org.parosproxy.paros.core.scanner.Alert)

Aggregations

HistoryReference (org.parosproxy.paros.model.HistoryReference)36 DatabaseException (org.parosproxy.paros.db.DatabaseException)11 SiteNode (org.parosproxy.paros.model.SiteNode)10 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)7 ArrayList (java.util.ArrayList)6 Alert (org.parosproxy.paros.core.scanner.Alert)6 HttpMessage (org.parosproxy.paros.network.HttpMessage)6 JTree (javax.swing.JTree)5 ExtensionHistory (org.parosproxy.paros.extension.history.ExtensionHistory)5 TreePath (javax.swing.tree.TreePath)4 IOException (java.io.IOException)3 TreeSet (java.util.TreeSet)3 Session (org.parosproxy.paros.model.Session)3 SiteMap (org.parosproxy.paros.model.SiteMap)3 Component (java.awt.Component)2 MalformedURLException (java.net.MalformedURLException)2 DefaultMutableTreeNode (javax.swing.tree.DefaultMutableTreeNode)2 URIException (org.apache.commons.httpclient.URIException)2 Event (org.zaproxy.zap.eventBus.Event)2 AlertNode (org.zaproxy.zap.extension.alert.AlertNode)2