use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class FilterReplaceResponseHeader method onHttpResponseReceive.
@Override
public void onHttpResponseReceive(HttpMessage msg) {
if (getPattern() == null) {
return;
} else if (msg.getResponseHeader().isEmpty()) {
return;
}
Matcher matcher = getPattern().matcher(msg.getResponseHeader().toString());
String result = matcher.replaceAll(getReplaceText());
try {
msg.getResponseHeader().setMessage(result);
} catch (HttpMalformedHeaderException e) {
}
}
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class ExtensionAntiCSRF method registerAntiCsrfToken.
public void registerAntiCsrfToken(AntiCsrfToken token) {
log.debug("registerAntiCsrfToken " + token.getMsg().getRequestHeader().getURI().toString() + " " + token.getValue());
synchronized (valueToToken) {
try {
HistoryReference hRef = token.getMsg().getHistoryRef();
if (hRef == null) {
hRef = new HistoryReference(getModel().getSession(), HistoryReference.TYPE_TEMPORARY, token.getMsg());
token.getMsg().setHistoryRef(null);
}
token.setHistoryReferenceId(hRef.getHistoryId());
valueToToken.put(getURLEncode(token.getValue()), token);
} catch (HttpMalformedHeaderException | DatabaseException e) {
log.error("Failed to persist the message: ", e);
}
}
}
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class ExtensionAntiCSRF method sessionChanged.
@Override
public void sessionChanged(Session session) {
if (session == null) {
// Closedown
return;
}
synchronized (valueToToken) {
valueToToken.clear();
}
// search for tokens...
try {
List<Integer> list = getModel().getDb().getTableHistory().getHistoryIdsOfHistType(session.getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER);
HistoryFilter filter = new HistoryFilter();
filter.setTags(Arrays.asList(new String[] { TAG }));
AntiCsrfDetectScanner antiCsrfDetectScanner = new AntiCsrfDetectScanner(this);
for (Integer i : list) {
HistoryReference hRef = historyReferenceFactory.createHistoryReference(i);
if (filter.matches(hRef)) {
HttpMessage msg = hRef.getHttpMessage();
Source src = new Source(msg.getResponseBody().toString());
if (msg.isResponseFromTargetHost()) {
antiCsrfDetectScanner.scanHttpResponseReceive(msg, hRef.getHistoryId(), src);
}
}
}
} catch (DatabaseException | HttpMalformedHeaderException e) {
log.error(e.getMessage(), e);
}
}
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class AntiCsrfAPI method handleApiOther.
@Override
public HttpMessage handleApiOther(HttpMessage msg, String name, JSONObject params) throws ApiException {
if (OTHER_GENERATE_FORM.equals(name)) {
String hrefIdStr = params.getString(OTHER_GENERATE_FORM_PARAM_HREFID);
if (hrefIdStr == null || hrefIdStr.length() == 0) {
throw new ApiException(ApiException.Type.MISSING_PARAMETER, OTHER_GENERATE_FORM_PARAM_HREFID);
}
int hrefId;
try {
hrefId = Integer.parseInt(hrefIdStr);
} catch (NumberFormatException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, OTHER_GENERATE_FORM_PARAM_HREFID, e);
}
try {
HttpMessage originalMessage = new HistoryReference(hrefId, true).getHttpMessage();
String response = extension.generateForm(originalMessage);
// Get the charset from the original message
String charset = originalMessage.getResponseHeader().getCharset();
if (charset == null || charset.length() == 0) {
charset = "";
} else {
charset = " charset=" + charset;
}
msg.setResponseHeader(API.getDefaultResponseHeader("text/html; " + charset));
msg.setResponseBody(response);
msg.getResponseHeader().setContentLength(msg.getResponseBody().length());
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.HREF_NOT_FOUND, hrefIdStr, e);
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e);
}
} else {
throw new ApiException(ApiException.Type.BAD_OTHER, name);
}
return msg;
}
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class HostProcess method filterNode.
private boolean filterNode(StructuralNode node) {
for (ScanFilter scanFilter : parentScanner.getScanFilters()) {
try {
FilterResult filterResult = scanFilter.isFiltered(node);
if (filterResult.isFiltered()) {
try {
HttpMessage msg = node.getHistoryReference().getHttpMessage();
parentScanner.notifyFilteredMessage(msg, filterResult.getReason());
} catch (HttpMalformedHeaderException | DatabaseException e) {
log.warn("Error while getting httpmessage from history reference: " + e.getMessage(), e);
}
if (log.isDebugEnabled()) {
log.debug("Ignoring filtered node: " + node.getName() + " Reason: " + filterResult.getReason());
}
return true;
}
} catch (Exception ex) {
log.error(ex.getMessage(), ex);
}
}
return false;
}
Aggregations