Example 1 with SiteMap
use of org.parosproxy.paros.model.SiteMap in project zaproxy by zaproxy.
the class CoreAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
Session session = Model.getSingleton().getSession();
if (ACTION_ACCESS_URL.equals(name)) {
URI uri;
try {
uri = new URI(params.getString(PARAM_URL), true);
} catch (URIException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e);
}
HttpMessage request;
try {
request = new HttpMessage(new HttpRequestHeader(HttpRequestHeader.GET, uri, HttpHeader.HTTP11, Model.getSingleton().getOptionsParam().getConnectionParam()));
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e);
}
return sendHttpMessage(request, getParam(params, PARAM_FOLLOW_REDIRECTS, false), name);
} else if (ACTION_SHUTDOWN.equals(name)) {
Thread thread = new Thread() {
@Override
public void run() {
try {
// Give the API a chance to return
sleep(1000);
} catch (InterruptedException e) {
// Ignore
}
Control.getSingleton().shutdown(Model.getSingleton().getOptionsParam().getDatabaseParam().isCompactDatabase());
logger.info(Constant.PROGRAM_TITLE + " terminated.");
System.exit(0);
}
};
thread.start();
} else if (ACTION_SAVE_SESSION.equalsIgnoreCase(name)) {
// Ignore case for backwards compatibility
Path sessionPath = SessionUtils.getSessionPath(params.getString(PARAM_SESSION));
String filename = sessionPath.toAbsolutePath().toString();
final boolean overwrite = getParam(params, PARAM_OVERWRITE_SESSION, false);
boolean sameSession = false;
if (!session.isNewState()) {
try {
sameSession = Files.isSameFile(Paths.get(session.getFileName()), sessionPath);
} catch (IOException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
}
if (Files.exists(sessionPath) && (!overwrite || sameSession)) {
throw new ApiException(ApiException.Type.ALREADY_EXISTS, filename);
}
this.savingSession = true;
try {
Control.getSingleton().saveSession(filename, this);
} catch (Exception e) {
this.savingSession = false;
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
// Wait for notification that its worked ok
try {
while (this.savingSession) {
Thread.sleep(200);
}
} catch (InterruptedException e) {
// Probably not an error
logger.debug(e.getMessage(), e);
}
logger.debug("Can now return after saving session");
} else if (ACTION_SNAPSHOT_SESSION.equalsIgnoreCase(name)) {
// Ignore case for backwards compatibility
if (session.isNewState()) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
String fileName = session.getFileName();
if (fileName.endsWith(".session")) {
fileName = fileName.substring(0, fileName.length() - 8);
}
fileName += "-" + dateFormat.format(new Date()) + ".session";
this.savingSession = true;
try {
Control.getSingleton().snapshotSession(fileName, this);
} catch (Exception e) {
this.savingSession = false;
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
// Wait for notification that its worked ok
try {
while (this.savingSession) {
Thread.sleep(200);
}
} catch (InterruptedException e) {
// Probably not an error
logger.debug(e.getMessage(), e);
}
logger.debug("Can now return after saving session");
} else if (ACTION_LOAD_SESSION.equalsIgnoreCase(name)) {
// Ignore case for backwards compatibility
Path sessionPath = SessionUtils.getSessionPath(params.getString(PARAM_SESSION));
String filename = sessionPath.toAbsolutePath().toString();
if (!Files.exists(sessionPath)) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST, filename);
}
try {
Control.getSingleton().runCommandLineOpenSession(filename);
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
} else if (ACTION_NEW_SESSION.equalsIgnoreCase(name)) {
// Ignore case for backwards compatibility
String sessionName = null;
try {
sessionName = params.getString(PARAM_SESSION);
} catch (Exception e1) {
// Ignore
}
if (sessionName == null || sessionName.length() == 0) {
// Create a new 'unnamed' session
Control.getSingleton().discardSession();
try {
Control.getSingleton().newSession();
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
} else {
Path sessionPath = SessionUtils.getSessionPath(sessionName);
String filename = sessionPath.toAbsolutePath().toString();
final boolean overwrite = getParam(params, PARAM_OVERWRITE_SESSION, false);
if (Files.exists(sessionPath) && !overwrite) {
throw new ApiException(ApiException.Type.ALREADY_EXISTS, filename);
}
try {
Control.getSingleton().runCommandLineNewSession(filename);
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
}
} else if (ACTION_CLEAR_EXCLUDED_FROM_PROXY.equals(name)) {
try {
session.setExcludeFromProxyRegexs(new ArrayList<String>());
} catch (DatabaseException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
} else if (ACTION_EXCLUDE_FROM_PROXY.equals(name)) {
String regex = params.getString(PARAM_REGEX);
try {
session.addExcludeFromProxyRegex(regex);
} catch (DatabaseException e) {
logger.error(e.getMessage(), e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
} catch (PatternSyntaxException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REGEX);
}
} else if (ACTION_SET_HOME_DIRECTORY.equals(name)) {
File f = new File(params.getString(PARAM_DIR));
if (f.exists() && f.isDirectory()) {
Model.getSingleton().getOptionsParam().setUserDirectory(f);
} else {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_DIR);
}
} else if (ACTION_SET_MODE.equals(name)) {
try {
Mode mode = Mode.valueOf(params.getString(PARAM_MODE).toLowerCase());
if (View.isInitialised()) {
View.getSingleton().getMainFrame().getMainToolbarPanel().setMode(mode);
} else {
Control.getSingleton().setMode(mode);
}
} catch (Exception e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_MODE);
}
} else if (ACTION_GENERATE_ROOT_CA.equals(name)) {
ExtensionDynSSL extDyn = (ExtensionDynSSL) Control.getSingleton().getExtensionLoader().getExtension(ExtensionDynSSL.EXTENSION_ID);
if (extDyn != null) {
try {
extDyn.createNewRootCa();
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
}
} else if (ACTION_SEND_REQUEST.equals(name)) {
HttpMessage request;
try {
request = createRequest(params.getString(PARAM_REQUEST));
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REQUEST, e);
}
validateForCurrentMode(request);
return sendHttpMessage(request, getParam(params, PARAM_FOLLOW_REDIRECTS, false), name);
} else if (ACTION_DELETE_ALL_ALERTS.equals(name)) {
final ExtensionAlert extAlert = (ExtensionAlert) Control.getSingleton().getExtensionLoader().getExtension(ExtensionAlert.NAME);
if (extAlert != null) {
extAlert.deleteAllAlerts();
} else {
try {
Model.getSingleton().getDb().getTableAlert().deleteAllAlerts();
} catch (DatabaseException e) {
logger.error(e.getMessage(), e);
}
SiteNode rootNode = (SiteNode) Model.getSingleton().getSession().getSiteTree().getRoot();
rootNode.deleteAllAlerts();
removeHistoryReferenceAlerts(rootNode);
}
} else if (ACTION_COLLECT_GARBAGE.equals(name)) {
System.gc();
return ApiResponseElement.OK;
} else if (ACTION_DELETE_SITE_NODE.equals(name)) {
try {
String url = params.getString(PARAM_URL);
String method = getParam(params, PARAM_METHOD, "GET");
String postData = getParam(params, PARAM_POST_DATA, "");
URI uri = new URI(url, true);
SiteMap siteMap = session.getSiteTree();
SiteNode siteNode = siteMap.findNode(uri, method, postData);
if (siteNode == null) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_URL);
}
if (getExtHistory() != null) {
getExtHistory().purge(siteMap, siteNode);
}
return ApiResponseElement.OK;
} catch (URIException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e);
}
} else if (ACTION_ADD_PROXY_CHAIN_EXCLUDED_DOMAIN.equals(name)) {
try {
ConnectionParam connectionParam = Model.getSingleton().getOptionsParam().getConnectionParam();
String value = params.getString(PARAM_VALUE);
DomainMatcher domain;
if (getParam(params, PARAM_IS_REGEX, false)) {
domain = new DomainMatcher(DomainMatcher.createPattern(value));
} else {
domain = new DomainMatcher(value);
}
domain.setEnabled(getParam(params, PARAM_IS_ENABLED, true));
List<DomainMatcher> domains = new ArrayList<>(connectionParam.getProxyExcludedDomains());
domains.add(domain);
connectionParam.setProxyExcludedDomains(domains);
} catch (IllegalArgumentException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_VALUE, e);
}
} else if (ACTION_MODIFY_PROXY_CHAIN_EXCLUDED_DOMAIN.equals(name)) {
try {
ConnectionParam connectionParam = Model.getSingleton().getOptionsParam().getConnectionParam();
int idx = params.getInt(PARAM_IDX);
if (idx < 0 || idx >= connectionParam.getProxyExcludedDomains().size()) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
}
DomainMatcher oldDomain = connectionParam.getProxyExcludedDomains().get(idx);
String value = getParam(params, PARAM_VALUE, oldDomain.getValue());
if (value.isEmpty()) {
value = oldDomain.getValue();
}
DomainMatcher newDomain;
if (getParam(params, PARAM_IS_REGEX, oldDomain.isRegex())) {
newDomain = new DomainMatcher(DomainMatcher.createPattern(value));
} else {
newDomain = new DomainMatcher(value);
}
newDomain.setEnabled(getParam(params, PARAM_IS_ENABLED, oldDomain.isEnabled()));
if (!oldDomain.equals(newDomain)) {
List<DomainMatcher> domains = new ArrayList<>(connectionParam.getProxyExcludedDomains());
domains.set(idx, newDomain);
connectionParam.setProxyExcludedDomains(domains);
}
} catch (JSONException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
} catch (IllegalArgumentException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_VALUE, e);
}
} else if (ACTION_REMOVE_PROXY_CHAIN_EXCLUDED_DOMAIN.equals(name)) {
try {
ConnectionParam connectionParam = Model.getSingleton().getOptionsParam().getConnectionParam();
int idx = params.getInt(PARAM_IDX);
if (idx < 0 || idx >= connectionParam.getProxyExcludedDomains().size()) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
}
List<DomainMatcher> domains = new ArrayList<>(connectionParam.getProxyExcludedDomains());
domains.remove(idx);
connectionParam.setProxyExcludedDomains(domains);
} catch (JSONException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
}
} else if (ACTION_ENABLE_ALL_PROXY_CHAIN_EXCLUDED_DOMAINS.equals(name)) {
setProxyChainExcludedDomainsEnabled(true);
} else if (ACTION_DISABLE_ALL_PROXY_CHAIN_EXCLUDED_DOMAINS.equals(name)) {
setProxyChainExcludedDomainsEnabled(false);
} else {
throw new ApiException(ApiException.Type.BAD_ACTION);
}
return ApiResponseElement.OK;
}
Also used :
ArrayList(java.util.ArrayList)
ExtensionDynSSL(org.zaproxy.zap.extension.dynssl.ExtensionDynSSL)
HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader)
URI(org.apache.commons.httpclient.URI)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
SiteMap(org.parosproxy.paros.model.SiteMap)
List(java.util.List)
ArrayList(java.util.ArrayList)
DomainMatcher(org.zaproxy.zap.network.DomainMatcher)
ExtensionAlert(org.zaproxy.zap.extension.alert.ExtensionAlert)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
SiteNode(org.parosproxy.paros.model.SiteNode)
Path(java.nio.file.Path)
Mode(org.parosproxy.paros.control.Control.Mode)
JSONException(net.sf.json.JSONException)
IOException(java.io.IOException)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
JSONException(net.sf.json.JSONException)
IOException(java.io.IOException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Date(java.util.Date)
ConnectionParam(org.parosproxy.paros.network.ConnectionParam)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
File(java.io.File)
Session(org.parosproxy.paros.model.Session)
Example 2 with SiteMap
use of org.parosproxy.paros.model.SiteMap in project zaproxy by zaproxy.
the class ExtensionAlert method deleteHistoryReferenceAlerts.
public void deleteHistoryReferenceAlerts(HistoryReference hRef) {
List<Alert> alerts = hRef.getAlerts();
SiteMap siteTree = this.getModel().getSession().getSiteTree();
synchronized (this.getTreeModel()) {
for (int i = 0; i < alerts.size(); i++) {
Alert alert = alerts.get(i);
this.getTreeModel().deletePath(alert);
this.getFilteredTreeModel().deletePath(alert);
try {
getModel().getDb().getTableAlert().deleteAlert(alert.getAlertId());
} catch (DatabaseException e) {
logger.error("Failed to delete alert with ID: " + alert.getAlertId(), e);
}
}
SiteNode node = hRef.getSiteNode();
if (node == null) {
node = siteTree.findNode(hRef.getURI(), hRef.getMethod(), hRef.getRequestBody());
}
if (node != null) {
node.deleteAlerts(alerts);
}
alerts.clear();
this.recalcAlerts();
}
hrefs.remove(Integer.valueOf(hRef.getHistoryId()));
}
Also used :
SiteMap(org.parosproxy.paros.model.SiteMap)
Alert(org.parosproxy.paros.core.scanner.Alert)
RecordAlert(org.parosproxy.paros.db.RecordAlert)
TableAlert(org.parosproxy.paros.db.TableAlert)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
SiteNode(org.parosproxy.paros.model.SiteNode)
Example 3 with SiteMap
use of org.parosproxy.paros.model.SiteMap in project zaproxy by zaproxy.
the class ExtensionAlert method deleteAllAlerts.
public void deleteAllAlerts() {
try {
getModel().getDb().getTableAlert().deleteAllAlerts();
} catch (DatabaseException e) {
logger.error(e.getMessage(), e);
}
SiteMap siteTree = this.getModel().getSession().getSiteTree();
((SiteNode) siteTree.getRoot()).deleteAllAlerts();
for (HistoryReference href : hrefs.values()) {
href.deleteAllAlerts();
}
ZAP.getEventBus().publishSyncEvent(AlertEventPublisher.getPublisher(), new Event(AlertEventPublisher.getPublisher(), AlertEventPublisher.ALL_ALERTS_REMOVED_EVENT, null));
hrefs = new HashMap<>();
treeModel = null;
filteredTreeModel = null;
setTreeModel(getTreeModel());
}
Also used :
HistoryReference(org.parosproxy.paros.model.HistoryReference)
SiteMap(org.parosproxy.paros.model.SiteMap)
Event(org.zaproxy.zap.eventBus.Event)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
SiteNode(org.parosproxy.paros.model.SiteNode)
Example 4 with SiteMap
use of org.parosproxy.paros.model.SiteMap in project zaproxy by zaproxy.
the class ReportLastScan method siteXML.
private void siteXML(StringBuilder report) {
SiteMap siteMap = Model.getSingleton().getSession().getSiteTree();
SiteNode root = (SiteNode) siteMap.getRoot();
int siteNumber = root.getChildCount();
for (int i = 0; i < siteNumber; i++) {
SiteNode site = (SiteNode) root.getChildAt(i);
String siteName = ScanPanel.cleanSiteName(site, true);
String[] hostAndPort = siteName.split(":");
boolean isSSL = (site.getNodeName().startsWith("https"));
String siteStart = "<site name=\"" + XMLStringUtil.escapeControlChrs(site.getNodeName()) + "\"" + " host=\"" + XMLStringUtil.escapeControlChrs(hostAndPort[0]) + "\"" + " port=\"" + XMLStringUtil.escapeControlChrs(hostAndPort[1]) + "\"" + " ssl=\"" + String.valueOf(isSSL) + "\"" + ">";
StringBuilder extensionsXML = getExtensionsXML(site);
String siteEnd = "</site>";
report.append(siteStart);
report.append(extensionsXML);
report.append(siteEnd);
}
}Example 5 with SiteMap
use of org.parosproxy.paros.model.SiteMap in project zaproxy by zaproxy.
the class SiteMapPanel method setFilter.
private void setFilter() {
SiteTreeFilter filter = new SiteTreeFilter(getFilterPlusDialog().getFilter());
filter.setInScope(scopeButton.isSelected());
((SiteMap) treeSite.getModel()).setFilter(filter);
((DefaultTreeModel) treeSite.getModel()).nodeStructureChanged((SiteNode) treeSite.getModel().getRoot());
getFilterStatus().setText(filter.toShortString());
getFilterStatus().setToolTipText(filter.toLongString());
expandRoot();
// Remove any out of scope contexts too
this.reloadContextTree();
}
Also used :
SiteTreeFilter(org.zaproxy.zap.view.SiteTreeFilter)
SiteMap(org.parosproxy.paros.model.SiteMap)
DefaultTreeModel(javax.swing.tree.DefaultTreeModel)
Aggregations
SiteMap (org.parosproxy.paros.model.SiteMap)10
SiteNode (org.parosproxy.paros.model.SiteNode)7
DatabaseException (org.parosproxy.paros.db.DatabaseException)4
HistoryReference (org.parosproxy.paros.model.HistoryReference)3
PatternSyntaxException (java.util.regex.PatternSyntaxException)2
Alert (org.parosproxy.paros.core.scanner.Alert)2
RecordAlert (org.parosproxy.paros.db.RecordAlert)2
TableAlert (org.parosproxy.paros.db.TableAlert)2
ExtensionHistory (org.parosproxy.paros.extension.history.ExtensionHistory)2
Session (org.parosproxy.paros.model.Session)2
ExtensionAlert (org.zaproxy.zap.extension.alert.ExtensionAlert)2
File (java.io.File)1
IOException (java.io.IOException)1
Path (java.nio.file.Path)1
ArrayList (java.util.ArrayList)1
Date (java.util.Date)1
List (java.util.List)1
DefaultTreeModel (javax.swing.tree.DefaultTreeModel)1
JSONException (net.sf.json.JSONException)1
URI (org.apache.commons.httpclient.URI)1
