Example 31 with HttpMalformedHeaderException
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class PopupMenuAlertSetFalsePositive method performAction.
@Override
protected void performAction(Alert alert) {
Alert newAlert = alert.newInstance();
newAlert.setAlertId(alert.getAlertId());
newAlert.setConfidence(Alert.CONFIDENCE_FALSE_POSITIVE);
try {
getExtensionAlert().updateAlert(newAlert);
} catch (HttpMalformedHeaderException | DatabaseException e) {
LOGGER.error("Unable to update confidence for alert: " + alert.getAlertId(), e);
}
}
Also used :
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
Alert(org.parosproxy.paros.core.scanner.Alert)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Example 32 with HttpMalformedHeaderException
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class CoreAPI method processHttpMessages.
private void processHttpMessages(String baseUrl, int start, int count, Processor<RecordHistory> processor) throws ApiException {
try {
TableHistory tableHistory = Model.getSingleton().getDb().getTableHistory();
List<Integer> historyIds = tableHistory.getHistoryIds(Model.getSingleton().getSession().getSessionId());
PaginationConstraintsChecker pcc = new PaginationConstraintsChecker(start, count);
for (Integer id : historyIds) {
RecordHistory recHistory = tableHistory.read(id);
HttpMessage msg = recHistory.getHttpMessage();
if (msg.getRequestHeader().isImage() || msg.getResponseHeader().isImage()) {
continue;
}
if (baseUrl != null && !msg.getRequestHeader().getURI().toString().startsWith(baseUrl)) {
// Not subordinate to the specified URL
continue;
}
pcc.recordProcessed();
if (!pcc.hasPageStarted()) {
continue;
}
processor.process(recHistory);
if (pcc.hasPageEnded()) {
break;
}
}
} catch (HttpMalformedHeaderException | DatabaseException e) {
logger.error(e.getMessage(), e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
}
Also used :
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
TableHistory(org.parosproxy.paros.db.TableHistory)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
RecordHistory(org.parosproxy.paros.db.RecordHistory)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Example 33 with HttpMalformedHeaderException
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class ExtensionCallback method addCallbacksFromDatabaseIntoCallbackPanel.
private void addCallbacksFromDatabaseIntoCallbackPanel(Session session) {
if (session == null) {
return;
}
try {
List<Integer> historyIds = getModel().getDb().getTableHistory().getHistoryIdsOfHistType(session.getSessionId(), HistoryReference.TYPE_CALLBACK);
for (int historyId : historyIds) {
HistoryReference historyReference = new HistoryReference(historyId);
org.zaproxy.zap.extension.callback.ui.CallbackRequest request = org.zaproxy.zap.extension.callback.ui.CallbackRequest.create(historyReference);
getCallbackPanel().addCallbackRequest(request);
}
} catch (DatabaseException | HttpMalformedHeaderException e) {
LOGGER.error(e.getMessage(), e);
}
}
Also used :
HistoryReference(org.parosproxy.paros.model.HistoryReference)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Example 34 with HttpMalformedHeaderException
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class SearchAPI method handleApiOther.
@Override
public HttpMessage handleApiOther(HttpMessage msg, String name, JSONObject params) throws ApiException {
byte[] responseBody = {};
ExtensionSearch.Type searchType;
switch(name) {
case OTHER_HAR_BY_URL_REGEX:
searchType = ExtensionSearch.Type.URL;
break;
case OTHER_HAR_BY_REQUEST_REGEX:
searchType = ExtensionSearch.Type.Request;
break;
case OTHER_HAR_BY_RESPONSE_REGEX:
searchType = ExtensionSearch.Type.Response;
break;
case OTHER_HAR_BY_HEADER_REGEX:
searchType = ExtensionSearch.Type.Header;
break;
default:
throw new ApiException(ApiException.Type.BAD_OTHER);
}
validateRegex(params);
try {
final HarEntries entries = new HarEntries();
search(params, searchType, rh -> {
HarEntry entry = HarUtils.createHarEntry(rh.getHistoryId(), rh.getHistoryType(), rh.getHttpMessage());
entries.addEntry(entry);
});
HarLog harLog = HarUtils.createZapHarLog();
harLog.setEntries(entries);
responseBody = HarUtils.harLogToByteArray(harLog);
} catch (Exception e) {
log.error(e.getMessage(), e);
ApiException apiException = new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
}
try {
msg.setResponseHeader(API.getDefaultResponseHeader("application/json; charset=UTF-8", responseBody.length));
} catch (HttpMalformedHeaderException e) {
log.error("Failed to create response header: " + e.getMessage(), e);
}
msg.setResponseBody(responseBody);
return msg;
}
Also used :
HarEntry(edu.umass.cs.benchlab.har.HarEntry)
HarEntries(edu.umass.cs.benchlab.har.HarEntries)
HarLog(edu.umass.cs.benchlab.har.HarLog)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 35 with HttpMalformedHeaderException
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class ProxyThread method run.
@Override
@SuppressWarnings("deprecation")
public void run() {
proxyThreadList.add(thread);
boolean isSecure = false;
HttpRequestHeader firstHeader = null;
try {
BufferedInputStream bufferedInputStream = new BufferedInputStream(inSocket.getInputStream(), 2048);
inSocket = new CustomStreamsSocket(inSocket, bufferedInputStream, inSocket.getOutputStream());
if (isSslTlsHandshake(bufferedInputStream)) {
isSecure = true;
beginSSL(null);
}
httpIn = new HttpInputStream(inSocket);
httpOut = new HttpOutputStream(inSocket.getOutputStream());
firstHeader = httpIn.readRequestHeader(isSecure);
firstHeader.setSenderAddress(inSocket.getInetAddress());
if (firstHeader.getMethod().equalsIgnoreCase(HttpRequestHeader.CONNECT)) {
HttpMessage connectMsg = new HttpMessage(firstHeader);
connectMsg.setTimeSentMillis(System.currentTimeMillis());
try {
httpOut.write(CONNECT_HTTP_200);
httpOut.flush();
connectMsg.setResponseHeader(CONNECT_HTTP_200);
connectMsg.setTimeElapsedMillis((int) (System.currentTimeMillis() - connectMsg.getTimeSentMillis()));
notifyConnectMessage(connectMsg);
if (isSslTlsHandshake(bufferedInputStream)) {
isSecure = true;
beginSSL(firstHeader.getHostName());
}
firstHeader = httpIn.readRequestHeader(isSecure);
firstHeader.setSenderAddress(inSocket.getInetAddress());
processHttp(firstHeader, isSecure);
} catch (org.parosproxy.paros.security.MissingRootCertificateException e) {
// Unluckily Firefox and Internet Explorer will not show this message.
// We should find a way to let the browsers display this error message.
// May we can redirect to some kind of ZAP custom error page.
final HttpMessage errmsg = new HttpMessage(firstHeader);
setErrorResponse(errmsg, BAD_GATEWAY_RESPONSE_STATUS, e, "ZAP SSL Error");
writeHttpResponse(errmsg, httpOut);
throw new IOException(e);
}
} else {
processHttp(firstHeader, isSecure);
}
} catch (SocketTimeoutException e) {
// ZAP: Log the exception
if (firstHeader != null) {
if (HttpRequestHeader.CONNECT.equalsIgnoreCase(firstHeader.getMethod())) {
log.warn("Timeout reading (client) message after CONNECT to " + firstHeader.getURI());
} else {
log.warn("Timeout accessing " + firstHeader.getURI());
}
} else {
log.warn("Socket timeout while reading first message.");
if (log.isDebugEnabled()) {
log.debug(e, e);
}
}
} catch (HttpMalformedHeaderException e) {
log.warn("Malformed Header: ", e);
} catch (HttpException e) {
log.error(e.getMessage(), e);
} catch (IOException e) {
log.debug("IOException: ", e);
} finally {
proxyThreadList.remove(thread);
// ZAP: do only close if flag is false
if (!keepSocketOpen) {
disconnect();
}
}
}
Also used :
HttpOutputStream(org.parosproxy.paros.network.HttpOutputStream)
IOException(java.io.IOException)
HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader)
SocketTimeoutException(java.net.SocketTimeoutException)
BufferedInputStream(java.io.BufferedInputStream)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
HttpException(org.apache.commons.httpclient.HttpException)
HttpInputStream(org.parosproxy.paros.network.HttpInputStream)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
Aggregations
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)41
DatabaseException (org.parosproxy.paros.db.DatabaseException)24
HttpMessage (org.parosproxy.paros.network.HttpMessage)20
HistoryReference (org.parosproxy.paros.model.HistoryReference)10
IOException (java.io.IOException)8
URI (org.apache.commons.httpclient.URI)5
URIException (org.apache.commons.httpclient.URIException)5
RecordHistory (org.parosproxy.paros.db.RecordHistory)5
ApiException (org.zaproxy.zap.extension.api.ApiException)5
Matcher (java.util.regex.Matcher)4
ExtensionHistory (org.parosproxy.paros.extension.history.ExtensionHistory)4
Session (org.parosproxy.paros.model.Session)4
HttpRequestHeader (org.parosproxy.paros.network.HttpRequestHeader)4
InvalidMessageDataException (org.zaproxy.zap.extension.httppanel.InvalidMessageDataException)4
PatternSyntaxException (java.util.regex.PatternSyntaxException)3
TableHistory (org.parosproxy.paros.db.TableHistory)3
SiteNode (org.parosproxy.paros.model.SiteNode)3
SSLContextManager (ch.csnc.extension.httpclient.SSLContextManager)2
HarEntries (edu.umass.cs.benchlab.har.HarEntries)2
HarLog (edu.umass.cs.benchlab.har.HarLog)2
