Example 36 with HttpMalformedHeaderException
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class Analyser method isFileExist.
public boolean isFileExist(HttpMessage msg) {
if (msg.getResponseHeader().isEmpty()) {
return false;
}
// RFC
if (msg.getResponseHeader().getStatusCode() == HttpStatusCode.NOT_FOUND) {
return false;
}
// ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient
URI uri = null;
String sUri = null;
try {
uri = (URI) msg.getRequestHeader().getURI().clone();
// strip off last part of path - use folder only
uri.setQuery(null);
String path = uri.getPath();
path = path.replaceAll("/[^/]*$", "");
uri.setPath(path);
} catch (Exception e) {
} finally {
if (uri != null) {
sUri = uri.toString();
}
}
// get sample with same relative path position when possible.
// if not exist, use the host only
// ZAP: Removed unnecessary cast.
SampleResponse sample = mapVisited.get(sUri);
if (sample == null) {
try {
uri.setPath(null);
} catch (URIException e2) {
}
String sHostOnly = uri.toString();
// ZAP: Removed unnecessary cast.
sample = mapVisited.get(sHostOnly);
}
// check if any analysed result.
if (sample == null) {
if (msg.getResponseHeader().getStatusCode() == HttpStatusCode.OK) {
// no analysed result to confirm, assume file exist and return
return true;
} else {
return false;
}
}
// check for redirect response. If redirect to same location, then file does not exist
if (HttpStatusCode.isRedirection(msg.getResponseHeader().getStatusCode())) {
try {
if (sample.getMessage().getResponseHeader().getStatusCode() == msg.getResponseHeader().getStatusCode()) {
String location = msg.getResponseHeader().getHeader(HttpHeader.LOCATION);
if (location != null && location.equals(sample.getMessage().getResponseHeader().getHeader(HttpHeader.LOCATION))) {
return false;
}
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
return true;
}
// Not success code
if (msg.getResponseHeader().getStatusCode() != HttpStatusCode.OK) {
return false;
}
// remain only OK response here
// nothing more to determine. Check for possible not found page pattern.
Matcher matcher = patternNotFound.matcher(msg.getResponseBody().toString());
if (matcher.find()) {
return false;
}
// static response
String body = msg.getResponseBody().toString().replaceAll(p_REMOVE_HEADER, "");
if (sample.getErrorPageType() == SampleResponse.ERROR_PAGE_STATIC) {
try {
if (sample.getMessage().getResponseBody().toString().equals(body)) {
return false;
}
} catch (HttpMalformedHeaderException | DatabaseException e) {
logger.error("Failed to read the message: " + e.getMessage(), e);
}
return true;
}
uri = msg.getRequestHeader().getURI();
try {
if (sample.getErrorPageType() == SampleResponse.ERROR_PAGE_DYNAMIC_BUT_DETERMINISTIC) {
body = msg.getResponseBody().toString().replaceAll(getPathRegex(uri), "").replaceAll("\\s[012]\\d:[0-5]\\d:[0-5]\\d\\s", "");
// ZAP: FindBugs fix - added call to HttpBody.toString()
if (sample.getMessage().getResponseBody().toString().equals(body)) {
return false;
}
return true;
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
return true;
}
Also used :
URIException(org.apache.commons.httpclient.URIException)
Matcher(java.util.regex.Matcher)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
URI(org.apache.commons.httpclient.URI)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
IOException(java.io.IOException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
HttpException(org.apache.commons.httpclient.HttpException)
Example 37 with HttpMalformedHeaderException
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class ManualHttpRequestEditorDialog method setDefaultMessage.
@Override
public void setDefaultMessage() {
HttpMessage msg = new HttpMessage();
try {
URI uri = new URI("http://www.any_domain_name.org/path", true);
msg.setRequestHeader(new HttpRequestHeader(HttpRequestHeader.GET, uri, HttpHeader.HTTP11));
setMessage(msg);
} catch (HttpMalformedHeaderException e) {
logger.error(e.getMessage(), e);
} catch (URIException e) {
logger.error(e.getMessage(), e);
}
}
Also used :
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader)
URI(org.apache.commons.httpclient.URI)
Example 38 with HttpMalformedHeaderException
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class ParosTableHistory method getHistoryCache.
@Override
public RecordHistory getHistoryCache(HistoryReference ref, HttpMessage reqMsg) throws DatabaseException, HttpMalformedHeaderException {
try {
// get the cache from provided reference.
// naturally, the obtained cache should be AFTER AND NEARBY to the given reference.
// - historyId up to historyId+200
// - match sessionId
// - history type can be MANUEL or hidden (hidden is used by images not explicitly
// stored in history)
// - match URI
PreparedStatement psReadCache = null;
if (isExistStatusCode) {
// psReadCache = getConnection().prepareStatement("SELECT TOP 1 * FROM
// HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ?
// AND " + HISTORYID + " <= ? AND SESSIONID = ? AND (HISTTYPE = " +
// HistoryReference.TYPE_MANUAL + " OR HISTTYPE = " + HistoryReference.TYPE_HIDDEN +
// ") AND STATUSCODE != 304");
psReadCache = getConnection().prepareStatement("SELECT TOP 1 * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ? AND " + HISTORYID + " <= ? AND SESSIONID = ? AND STATUSCODE != 304");
} else {
// psReadCache = getConnection().prepareStatement("SELECT * FROM HISTORY
// WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ? AND " +
// HISTORYID + " <= ? AND SESSIONID = ? AND (HISTTYPE = " +
// HistoryReference.TYPE_MANUAL + " OR HISTTYPE = " + HistoryReference.TYPE_HIDDEN +
// ")");
psReadCache = getConnection().prepareStatement("SELECT * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ? AND " + HISTORYID + " <= ? AND SESSIONID = ?)");
}
psReadCache.setString(1, reqMsg.getRequestHeader().getURI().toString());
psReadCache.setString(2, reqMsg.getRequestHeader().getMethod());
if (bodiesAsBytes) {
psReadCache.setBytes(3, reqMsg.getRequestBody().getBytes());
} else {
psReadCache.setString(3, new String(reqMsg.getRequestBody().getBytes()));
}
psReadCache.setInt(4, ref.getHistoryId());
psReadCache.setInt(5, ref.getHistoryId() + 200);
psReadCache.setLong(6, ref.getSessionId());
ResultSet rs = psReadCache.executeQuery();
RecordHistory rec = null;
try {
do {
rec = build(rs);
// and the result should NOT be NOT_MODIFIED for rendering by browser
if (rec != null && rec.getHttpMessage().equals(reqMsg) && rec.getHttpMessage().getResponseHeader().getStatusCode() != HttpStatusCode.NOT_MODIFIED) {
return rec;
}
} while (rec != null);
} finally {
try {
rs.close();
psReadCache.close();
} catch (Exception e) {
// ZAP: Log exceptions
log.warn(e.getMessage(), e);
}
}
if (isExistStatusCode) {
// psReadCache = getConnection().prepareStatement("SELECT TOP 1 * FROM
// HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND SESSIONID = ? AND
// STATUSCODE != 304 AND (HISTTYPE = " + HistoryReference.TYPE_MANUAL + " OR
// HISTTYPE = " + HistoryReference.TYPE_HIDDEN + ")");
psReadCache = getConnection().prepareStatement("SELECT TOP 1 * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND SESSIONID = ? AND STATUSCODE != 304");
} else {
// psReadCache = getConnection().prepareStatement("SELECT * FROM HISTORY
// WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND SESSIONID = ? AND (HISTTYPE = "
// + HistoryReference.TYPE_MANUAL + " OR HISTTYPE = " + HistoryReference.TYPE_HIDDEN
// + ")");
psReadCache = getConnection().prepareStatement("SELECT * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND SESSIONID = ?");
}
psReadCache.setString(1, reqMsg.getRequestHeader().getURI().toString());
psReadCache.setString(2, reqMsg.getRequestHeader().getMethod());
if (bodiesAsBytes) {
psReadCache.setBytes(3, reqMsg.getRequestBody().getBytes());
} else {
psReadCache.setString(3, new String(reqMsg.getRequestBody().getBytes()));
}
psReadCache.setLong(4, ref.getSessionId());
rs = psReadCache.executeQuery();
rec = null;
try {
do {
rec = build(rs);
if (rec != null && rec.getHttpMessage().equals(reqMsg) && rec.getHttpMessage().getResponseHeader().getStatusCode() != HttpStatusCode.NOT_MODIFIED) {
return rec;
}
} while (rec != null);
} finally {
try {
rs.close();
psReadCache.close();
} catch (Exception e) {
// ZAP: Log exceptions
log.warn(e.getMessage(), e);
}
}
return null;
} catch (SQLException e) {
throw new DatabaseException(e);
}
}
Also used :
SQLException(java.sql.SQLException)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
RecordHistory(org.parosproxy.paros.db.RecordHistory)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
SQLException(java.sql.SQLException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Example 39 with HttpMalformedHeaderException
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class SqlTableHistory method getHistoryCache.
@Override
public RecordHistory getHistoryCache(HistoryReference ref, HttpMessage reqMsg) throws DatabaseException, HttpMalformedHeaderException {
try {
// get the cache from provided reference.
// naturally, the obtained cache should be AFTER AND NEARBY to the given reference.
// - historyId up to historyId+200
// - match sessionId
// - history type can be MANUEL or hidden (hidden is used by images not explicitly
// stored in history)
// - match URI
PreparedStatement psReadCache = null;
// TODO
if (isExistStatusCode) {
// psReadCache = getConnection().prepareStatement("SELECT TOP 1 * FROM
// HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ?
// AND " + HISTORYID + " <= ? AND SESSIONID = ? AND (HISTTYPE = " +
// HistoryReference.TYPE_MANUAL + " OR HISTTYPE = " + HistoryReference.TYPE_HIDDEN +
// ") AND STATUSCODE != 304");
psReadCache = getConnection().prepareStatement("SELECT TOP 1 * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ? AND " + HISTORYID + " <= ? AND SESSIONID = ? AND STATUSCODE != 304");
} else {
// psReadCache = getConnection().prepareStatement("SELECT * FROM HISTORY
// WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ? AND " +
// HISTORYID + " <= ? AND SESSIONID = ? AND (HISTTYPE = " +
// HistoryReference.TYPE_MANUAL + " OR HISTTYPE = " + HistoryReference.TYPE_HIDDEN +
// ")");
psReadCache = getConnection().prepareStatement("SELECT * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND " + HISTORYID + " >= ? AND " + HISTORYID + " <= ? AND SESSIONID = ?)");
}
psReadCache.setString(1, reqMsg.getRequestHeader().getURI().toString());
psReadCache.setString(2, reqMsg.getRequestHeader().getMethod());
if (bodiesAsBytes) {
psReadCache.setBytes(3, reqMsg.getRequestBody().getBytes());
} else {
psReadCache.setString(3, new String(reqMsg.getRequestBody().getBytes()));
}
psReadCache.setInt(4, ref.getHistoryId());
psReadCache.setInt(5, ref.getHistoryId() + 200);
psReadCache.setLong(6, ref.getSessionId());
ResultSet rs = psReadCache.executeQuery();
RecordHistory rec = null;
try {
do {
rec = build(rs);
// and the result should NOT be NOT_MODIFIED for rendering by browser
if (rec != null && rec.getHttpMessage().equals(reqMsg) && rec.getHttpMessage().getResponseHeader().getStatusCode() != HttpStatusCode.NOT_MODIFIED) {
return rec;
}
} while (rec != null);
} finally {
try {
rs.close();
psReadCache.close();
} catch (Exception e) {
// ZAP: Log exceptions
log.warn(e.getMessage(), e);
}
}
// TODO
if (isExistStatusCode) {
psReadCache = getConnection().prepareStatement("SELECT TOP 1 * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND SESSIONID = ? AND STATUSCODE != 304");
} else {
psReadCache = getConnection().prepareStatement("SELECT * FROM HISTORY WHERE URI = ? AND METHOD = ? AND REQBODY = ? AND SESSIONID = ?");
}
psReadCache.setString(1, reqMsg.getRequestHeader().getURI().toString());
psReadCache.setString(2, reqMsg.getRequestHeader().getMethod());
if (bodiesAsBytes) {
psReadCache.setBytes(3, reqMsg.getRequestBody().getBytes());
} else {
psReadCache.setString(3, new String(reqMsg.getRequestBody().getBytes()));
}
psReadCache.setLong(4, ref.getSessionId());
rs = psReadCache.executeQuery();
rec = null;
try {
do {
rec = build(rs);
if (rec != null && rec.getHttpMessage().equals(reqMsg) && rec.getHttpMessage().getResponseHeader().getStatusCode() != HttpStatusCode.NOT_MODIFIED) {
return rec;
}
} while (rec != null);
} finally {
try {
rs.close();
psReadCache.close();
} catch (Exception e) {
// ZAP: Log exceptions
log.warn(e.getMessage(), e);
}
}
return null;
} catch (SQLException e) {
throw new DatabaseException(e);
}
}
Also used :
SQLException(java.sql.SQLException)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
RecordHistory(org.parosproxy.paros.db.RecordHistory)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
SQLException(java.sql.SQLException)
Example 40 with HttpMalformedHeaderException
use of org.parosproxy.paros.network.HttpMalformedHeaderException in project zaproxy by zaproxy.
the class SiteMapUnitTest method createHistoryReference.
private static HistoryReference createHistoryReference(String uri, String method) {
URI requestUri = createUri(uri);
HistoryReference historyReference = mock(HistoryReference.class);
given(historyReference.getURI()).willReturn(requestUri);
try {
HttpMessage httpMessage = new HttpMessage(requestUri);
given(historyReference.getHttpMessage()).willReturn(httpMessage);
} catch (HttpMalformedHeaderException | DatabaseException e) {
throw new RuntimeException(e);
}
return historyReference;
}
Also used :
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
URI(org.apache.commons.httpclient.URI)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Aggregations
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)41
DatabaseException (org.parosproxy.paros.db.DatabaseException)24
HttpMessage (org.parosproxy.paros.network.HttpMessage)20
HistoryReference (org.parosproxy.paros.model.HistoryReference)10
IOException (java.io.IOException)8
URI (org.apache.commons.httpclient.URI)5
URIException (org.apache.commons.httpclient.URIException)5
RecordHistory (org.parosproxy.paros.db.RecordHistory)5
ApiException (org.zaproxy.zap.extension.api.ApiException)5
Matcher (java.util.regex.Matcher)4
ExtensionHistory (org.parosproxy.paros.extension.history.ExtensionHistory)4
Session (org.parosproxy.paros.model.Session)4
HttpRequestHeader (org.parosproxy.paros.network.HttpRequestHeader)4
InvalidMessageDataException (org.zaproxy.zap.extension.httppanel.InvalidMessageDataException)4
PatternSyntaxException (java.util.regex.PatternSyntaxException)3
TableHistory (org.parosproxy.paros.db.TableHistory)3
SiteNode (org.parosproxy.paros.model.SiteNode)3
SSLContextManager (ch.csnc.extension.httpclient.SSLContextManager)2
HarEntries (edu.umass.cs.benchlab.har.HarEntries)2
HarLog (edu.umass.cs.benchlab.har.HarLog)2
