use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class VariantCookieUnitTest method shouldNotInjectCookieModificationsIfPositionOfCookieDoesNotExist.
@Test
void shouldNotInjectCookieModificationsIfPositionOfCookieDoesNotExist() {
// Given
VariantCookie variantCookie = new VariantCookie();
HttpMessage message = createMessageWithCookies("a=b; c=d");
variantCookie.setMessage(message);
// When
variantCookie.setParameter(message, cookie("c", "d", 3), "y", "z");
// Then
assertThat(message, containsCookieHeader("a=b; c=d"));
}
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class VariantCookieUnitTest method shouldInjectCookieModificationOnMalformedHeader.
@Test
void shouldInjectCookieModificationOnMalformedHeader() {
// Given
VariantCookie variantCookie = new VariantCookie();
HttpMessage message = createMessageWithCookies("a; =b; =d; e=;");
variantCookie.setMessage(message);
// When
String injectedCookie = variantCookie.setParameter(message, cookie(null, "b", 1), "y", "z");
// Then
assertThat(injectedCookie, is(equalTo("y=z")));
assertThat(message, containsCookieHeader("a; y=z; d; e="));
}
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class VariantCookieUnitTest method shouldExtractParametersFromMalformedCookieHeaders.
@Test
void shouldExtractParametersFromMalformedCookieHeaders() {
// Given
VariantCookie variantCookie = new VariantCookie();
HttpMessage messageWithCookies = createMessageWithCookies("a=;=d; e", "g; =j;l=", "n=\"", "=\"");
// When
variantCookie.setMessage(messageWithCookies);
// Then
assertThat(variantCookie.getParamList().size(), is(equalTo(8)));
assertThat(variantCookie.getParamList(), contains(cookie("a", "", 0), cookie("", "d", 1), cookie(null, "e", 2), cookie(null, "g", 3), cookie("", "j", 4), cookie("l", "", 5), cookie("n", "\"", 6), cookie("", "\"", 7)));
}
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class ProxyThread method processHttp.
protected void processHttp(HttpRequestHeader requestHeader, boolean isSecure) throws IOException {
HttpRequestBody reqBody = // ZAP: Replaced the class HttpBody with the class HttpRequestBody.
null;
boolean isFirstRequest = true;
HttpMessage msg = null;
// reduce socket timeout after first read
inSocket.setSoTimeout(2500);
do {
if (isFirstRequest) {
isFirstRequest = false;
} else {
try {
requestHeader = httpIn.readRequestHeader(isSecure);
requestHeader.setSenderAddress(inSocket.getInetAddress());
} catch (SocketTimeoutException e) {
// ZAP: Log the exception
if (log.isDebugEnabled()) {
log.debug("Timed out while reading a new HTTP request.");
}
return;
}
}
if (parentServer.isEnableApi()) {
msg = API.getInstance().handleApiRequest(requestHeader, httpIn, httpOut, isRecursive(requestHeader));
if (msg != null) {
if (msg.getRequestHeader().isEmpty()) {
return;
}
ZapGetMethod method = new ZapGetMethod();
method.setUpgradedSocket(inSocket);
method.setUpgradedInputStream(httpIn);
keepSocketOpen = notifyPersistentConnectionListener(msg, inSocket, method);
return;
}
}
msg = new HttpMessage();
msg.setRequestHeader(requestHeader);
if (msg.getRequestHeader().getContentLength() > 0) {
reqBody = httpIn.readRequestBody(// ZAP: Changed to call the method readRequestBody.
requestHeader);
msg.setRequestBody(reqBody);
}
if (proxyParam.isRemoveUnsupportedEncodings()) {
removeUnsupportedEncodings(msg);
}
if (isProcessCache(msg)) {
continue;
}
if (parentServer.isSerialize()) {
semaphore = semaphoreSingleton;
} else {
semaphore = this;
}
boolean send = true;
boolean excluded = parentServer.excludeUrl(msg.getRequestHeader().getURI());
synchronized (semaphore) {
if (!excluded) {
if (notifyOverrideListenersRequestSend(msg)) {
send = false;
} else if (!notifyListenerRequestSend(msg)) {
// One of the listeners has told us to drop the request
return;
}
}
try {
// getHttpSender().sendAndReceive(msg, httpOut, buffer);
if (excluded) {
getHttpSender().sendAndReceive(msg, EXCLUDED_REQ_CONFIG);
} else if (send) {
if (msg.getResponseHeader().isEmpty()) {
// Normally the response is empty.
// The only reason it wont be is if a script or other ext has
// deliberately 'hijacked' this request
// We dont jsut set send=false as this then means it wont appear in the
// History tab
getHttpSender().sendAndReceive(msg);
}
if (proxyParam.isAlwaysDecodeGzip()) {
decodeResponseIfNeeded(msg);
}
if (!notifyOverrideListenersResponseReceived(msg)) {
if (!notifyListenerResponseReceive(msg)) {
// One of the listeners has told us to drop the response
return;
}
}
}
// notifyWrittenToForwardProxy();
} catch (HttpException e) {
// System.out.println("HttpException");
throw e;
} catch (SocketTimeoutException e) {
String message = Constant.messages.getString("proxy.error.readtimeout", msg.getRequestHeader().getURI(), connectionParam.getTimeoutInSecs());
log.warn(message);
setErrorResponse(msg, GATEWAY_TIMEOUT_RESPONSE_STATUS, message);
if (!excluded) {
notifyListenerResponseReceive(msg);
}
} catch (IOException e) {
setErrorResponse(msg, BAD_GATEWAY_RESPONSE_STATUS, e);
if (!excluded) {
notifyListenerResponseReceive(msg);
}
// throw e;
}
try {
writeHttpResponse(msg, httpOut);
} catch (IOException e) {
StringBuilder strBuilder = new StringBuilder(200);
strBuilder.append("Failed to write/forward the HTTP response to the client: ");
strBuilder.append(e.getClass().getName());
if (e.getMessage() != null) {
strBuilder.append(": ").append(e.getMessage());
}
log.warn(strBuilder.toString());
}
}
// release semaphore
ZapGetMethod method = (ZapGetMethod) msg.getUserObject();
keepSocketOpen = notifyPersistentConnectionListener(msg, inSocket, method);
if (keepSocketOpen) {
// do not wait for close
break;
}
} while (!isConnectionClose(msg) && !inSocket.isClosed());
}
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class ProxyThread method isProcessCache.
protected boolean isProcessCache(HttpMessage msg) throws IOException {
if (!parentServer.isEnableCacheProcessing()) {
return false;
}
if (parentServer.getCacheProcessingList().isEmpty()) {
return false;
}
CacheProcessingItem item = parentServer.getCacheProcessingList().get(0);
if (msg.equals(item.message)) {
HttpMessage newMsg = item.message.cloneAll();
msg.setResponseHeader(newMsg.getResponseHeader());
msg.setResponseBody(newMsg.getResponseBody());
writeHttpResponse(msg, httpOut);
return true;
} else {
try {
RecordHistory history = Model.getSingleton().getDb().getTableHistory().getHistoryCache(item.reference, msg);
if (history == null) {
return false;
}
msg.setResponseHeader(history.getHttpMessage().getResponseHeader());
msg.setResponseBody(history.getHttpMessage().getResponseBody());
writeHttpResponse(msg, httpOut);
return true;
} catch (Exception e) {
return true;
}
}
// return false;
}
Aggregations