Example 76 with HttpMessage
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class Session method open.
protected void open(String fileName) throws DatabaseException, IOException, Exception {
// TODO extract into db specific classes??
if (Database.DB_TYPE_HSQLDB.equals(model.getDb().getType())) {
configuration = new ZapXmlConfiguration(new File(fileName));
sessionId = configuration.getLong(SESSION_ID);
sessionName = configuration.getString(SESSION_NAME, "");
sessionDesc = configuration.getString(SESSION_DESC, "");
} else {
this.setSessionId(Long.parseLong(fileName));
}
model.getDb().close(false, isCleanUpRequired());
model.getDb().open(fileName);
this.fileName = fileName;
if (View.isInitialised()) {
// Detach the siteTree model from the Sites tree, to reduce notification changes to the
// UI while loading
View.getSingleton().getSiteTreePanel().getTreeSite().setModel(new SiteMap(null, null));
}
if (!Constant.isLowMemoryOptionSet()) {
SiteNode newRoot = new SiteNode(siteTree, -1, Constant.messages.getString("tab.sites"));
siteTree.setRoot(newRoot);
}
// update history reference
List<Integer> list = model.getDb().getTableHistory().getHistoryIdsOfHistType(getSessionId(), HistoryReference.TYPE_PROXIED, HistoryReference.TYPE_ZAP_USER);
HistoryReference historyRef = null;
discardContexts();
// Load the session urls
this.setExcludeFromProxyRegexs(sessionUrlListToStingList(model.getDb().getTableSessionUrl().getUrlsForType(RecordSessionUrl.TYPE_EXCLUDE_FROM_PROXY)));
this.setExcludeFromScanRegexs(sessionUrlListToStingList(model.getDb().getTableSessionUrl().getUrlsForType(RecordSessionUrl.TYPE_EXCLUDE_FROM_SCAN)));
this.setExcludeFromSpiderRegexs(sessionUrlListToStingList(model.getDb().getTableSessionUrl().getUrlsForType(RecordSessionUrl.TYPE_EXCLUDE_FROM_SPIDER)));
for (int i = 0; i < list.size(); i++) {
// ZAP: Removed unnecessary cast.
int historyId = list.get(i);
try {
historyRef = new HistoryReference(historyId);
if (View.isInitialised()) {
final HistoryReference hRef = historyRef;
final HttpMessage msg = historyRef.getHttpMessage();
EventQueue.invokeAndWait(new Runnable() {
@Override
public void run() {
SiteNode sn = getSiteTree().addPath(hRef, msg);
if (sn != null) {
sn.setIncludedInScope(isIncludedInScope(sn), false);
sn.setExcludedFromScope(isExcludedFromScope(sn), false);
}
}
});
} else {
SiteNode sn = getSiteTree().addPath(historyRef);
if (sn != null) {
sn.setIncludedInScope(this.isIncludedInScope(sn), false);
sn.setExcludedFromScope(this.isExcludedFromScope(sn), false);
}
}
// ZAP: Load alerts from db
historyRef.loadAlerts();
if (i % 100 == 99)
Thread.yield();
} catch (Exception e) {
// ZAP: Log exceptions
log.warn(e.getMessage(), e);
}
}
// update siteTree reference
list = model.getDb().getTableHistory().getHistoryIdsOfHistType(getSessionId(), HistoryReference.TYPE_SPIDER, HistoryReference.TYPE_BRUTE_FORCE, HistoryReference.TYPE_SPIDER_AJAX, HistoryReference.TYPE_SCANNER);
for (int i = 0; i < list.size(); i++) {
// ZAP: Removed unnecessary cast.
int historyId = list.get(i);
try {
historyRef = new HistoryReference(historyId);
if (View.isInitialised()) {
final HistoryReference hRef = historyRef;
final HttpMessage msg = historyRef.getHttpMessage();
EventQueue.invokeAndWait(new Runnable() {
@Override
public void run() {
getSiteTree().addPath(hRef, msg);
}
});
} else {
getSiteTree().addPath(historyRef);
}
historyRef.loadAlerts();
if (i % 100 == 99)
Thread.yield();
} catch (Exception e) {
// ZAP: Log exceptions
log.warn(e.getMessage(), e);
}
}
List<RecordContext> contextData = model.getDb().getTableContext().getAllData();
for (RecordContext data : contextData) {
Context ctx = this.getContext(data.getContextId());
if (ctx == null) {
ctx = new Context(this, data.getContextId());
this.addContext(ctx);
if (nextContextId <= data.getContextId()) {
nextContextId = data.getContextId() + 1;
}
}
switch(data.getType()) {
case RecordContext.TYPE_NAME:
ctx.setName(data.getData());
if (View.isInitialised() && !ctx.getName().equals(String.valueOf(ctx.getId()))) {
View.getSingleton().renameContext(ctx);
}
break;
case RecordContext.TYPE_DESCRIPTION:
ctx.setDescription(data.getData());
break;
case RecordContext.TYPE_INCLUDE:
ctx.addIncludeInContextRegex(data.getData());
break;
case RecordContext.TYPE_EXCLUDE:
ctx.addExcludeFromContextRegex(data.getData());
break;
case RecordContext.TYPE_IN_SCOPE:
ctx.setInScope(Boolean.parseBoolean(data.getData()));
break;
case RecordContext.TYPE_INCLUDE_TECH:
ctx.getTechSet().include(new Tech(data.getData()));
break;
case RecordContext.TYPE_EXCLUDE_TECH:
ctx.getTechSet().exclude(new Tech(data.getData()));
break;
}
}
for (Context ctx : contexts) {
try {
// Set up the URL parameter parser
List<String> strs = this.getContextDataStrings(ctx.getId(), RecordContext.TYPE_URL_PARSER_CLASSNAME);
if (strs.size() == 1) {
Class<?> c = ExtensionFactory.getAddOnLoader().loadClass(strs.get(0));
if (c == null) {
log.error("Failed to load URL parser for context " + ctx.getId() + " : " + strs.get(0));
} else {
ParameterParser parser = (ParameterParser) c.getConstructor().newInstance();
strs = this.getContextDataStrings(ctx.getId(), RecordContext.TYPE_URL_PARSER_CONFIG);
if (strs.size() == 1) {
parser.init(strs.get(0));
}
parser.setContext(ctx);
ctx.setUrlParamParser(parser);
}
}
} catch (Exception e) {
log.error("Failed to load URL parser for context " + ctx.getId(), e);
}
try {
// Set up the URL parameter parser
List<String> strs = this.getContextDataStrings(ctx.getId(), RecordContext.TYPE_POST_PARSER_CLASSNAME);
if (strs.size() == 1) {
Class<?> c = ExtensionFactory.getAddOnLoader().loadClass(strs.get(0));
if (c == null) {
log.error("Failed to load POST parser for context " + ctx.getId() + " : " + strs.get(0));
} else {
ParameterParser parser = (ParameterParser) c.getConstructor().newInstance();
strs = this.getContextDataStrings(ctx.getId(), RecordContext.TYPE_POST_PARSER_CONFIG);
if (strs.size() == 1) {
parser.init(strs.get(0));
}
parser.setContext(ctx);
ctx.setPostParamParser(parser);
}
}
} catch (Exception e) {
log.error("Failed to load POST parser for context " + ctx.getId(), e);
}
try {
// Set up the Data Driven Nodes
List<String> strs = this.getContextDataStrings(ctx.getId(), RecordContext.TYPE_DATA_DRIVEN_NODES);
for (String str : strs) {
ctx.addDataDrivenNodes(new StructuralNodeModifier(str));
}
} catch (Exception e) {
log.error("Failed to load data driven nodes for context " + ctx.getId(), e);
}
ctx.restructureSiteTree();
}
if (View.isInitialised()) {
View.getSingleton().getSiteTreePanel().getTreeSite().setModel(siteTree);
View.getSingleton().getSiteTreePanel().expandRoot();
}
this.refreshScope();
Stats.clearAll();
System.gc();
}
Also used :
Context(org.zaproxy.zap.model.Context)
RecordContext(org.parosproxy.paros.db.RecordContext)
StandardParameterParser(org.zaproxy.zap.model.StandardParameterParser)
ParameterParser(org.zaproxy.zap.model.ParameterParser)
StructuralNodeModifier(org.zaproxy.zap.model.StructuralNodeModifier)
RecordContext(org.parosproxy.paros.db.RecordContext)
URIException(org.apache.commons.httpclient.URIException)
InvalidParameterException(java.security.InvalidParameterException)
IllegalContextNameException(org.zaproxy.zap.model.IllegalContextNameException)
IOException(java.io.IOException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
ConfigurationException(org.apache.commons.configuration.ConfigurationException)
Tech(org.zaproxy.zap.model.Tech)
ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
File(java.io.File)
Example 77 with HttpMessage
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class HistoryReference method toString.
@Override
public String toString() {
if (display != null) {
return display;
}
HttpMessage msg = null;
try {
msg = getHttpMessage();
display = getDisplay(msg);
} catch (HttpMalformedHeaderException | DatabaseException e1) {
display = "";
}
return display;
}
Also used :
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Example 78 with HttpMessage
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class HttpPanelSender method handleSendMessage.
@Override
public void handleSendMessage(Message aMessage) throws IllegalArgumentException, IOException {
final HttpMessage httpMessage = (HttpMessage) aMessage;
// Reset the user before sending (e.g. Forced User mode sets the user, if needed).
httpMessage.setRequestingUser(null);
if (getButtonFixContentLength().isSelected()) {
HttpPanelViewModelUtils.updateRequestContentLength(httpMessage);
}
try {
final ModeRedirectionValidator redirectionValidator = new ModeRedirectionValidator();
boolean followRedirects = getButtonFollowRedirects().isSelected();
if (extAntiCSRF != null && getButtonUseCsrf().isSelected()) {
extAntiCSRF.regenerateAntiCsrfToken(httpMessage, getDelegate()::sendAndReceive);
}
if (followRedirects) {
getDelegate().sendAndReceive(httpMessage, HttpRequestConfig.builder().setRedirectionValidator(redirectionValidator).build());
} else {
getDelegate().sendAndReceive(httpMessage, false);
}
EventQueue.invokeAndWait(new Runnable() {
@Override
public void run() {
if (!httpMessage.getResponseHeader().isEmpty()) {
// Indicate UI new response arrived
responsePanel.updateContent();
if (!followRedirects) {
persistAndShowMessage(httpMessage);
} else if (!redirectionValidator.isRequestValid()) {
View.getSingleton().showWarningDialog(responsePanel, Constant.messages.getString("manReq.outofscope.redirection.warning", redirectionValidator.getInvalidRedirection()));
}
}
}
});
ZapGetMethod method = (ZapGetMethod) httpMessage.getUserObject();
notifyPersistentConnectionListener(httpMessage, null, method);
} catch (final HttpMalformedHeaderException mhe) {
throw new IllegalArgumentException("Malformed header error.", mhe);
} catch (final UnknownHostException uhe) {
throw new IOException("Error forwarding to an Unknown host: " + uhe.getMessage(), uhe);
} catch (final SSLException sslEx) {
throw sslEx;
} catch (final IOException ioe) {
throw new IOException("IO error in sending request: " + ioe.getClass() + ": " + ioe.getMessage(), ioe);
} catch (final Exception e) {
logger.error(e.getMessage(), e);
}
}
Also used :
ZapGetMethod(org.zaproxy.zap.ZapGetMethod)
UnknownHostException(java.net.UnknownHostException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
IOException(java.io.IOException)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
SSLException(javax.net.ssl.SSLException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
IOException(java.io.IOException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
UnknownHostException(java.net.UnknownHostException)
SSLException(javax.net.ssl.SSLException)
Example 79 with HttpMessage
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class SiteNodeStringComparator method createReference.
private HistoryReference createReference(TreeNode[] path, HistoryReference baseRef, HttpMessage base) throws HttpMalformedHeaderException, DatabaseException, URIException, NullPointerException {
StringBuilder sb = new StringBuilder();
String nodeName;
String uriPath = baseRef.getURI().getPath();
if (uriPath == null) {
uriPath = "";
}
String[] origPath = uriPath.split("/");
for (int i = 1; i < path.length; i++) {
// ZAP Cope with error counts in the node names
nodeName = ((SiteNode) path[i]).getNodeName();
if (((SiteNode) path[i]).isDataDriven()) {
// Retrieve original name..
if (origPath.length > i - 1) {
log.debug("Replace Data Driven element " + nodeName + " with " + origPath[i - 1]);
sb.append(origPath[i - 1]);
} else {
log.error("Failed to determine original node name for element " + i + nodeName + " original request: " + baseRef.getURI().toString());
sb.append(nodeName);
}
} else {
sb.append(nodeName);
}
if (i < path.length - 1) {
sb.append('/');
}
}
HttpMessage newMsg = base.cloneRequest();
// ZAP: Prevents a possible URIException, because the passed string is not escaped.
URI uri = new URI(sb.toString(), false);
newMsg.getRequestHeader().setURI(uri);
newMsg.getRequestHeader().setMethod(HttpRequestHeader.GET);
newMsg.getRequestBody().setBody("");
newMsg.getRequestHeader().setHeader(HttpHeader.CONTENT_TYPE, null);
newMsg.getRequestHeader().setHeader(HttpHeader.CONTENT_LENGTH, null);
// HistoryReference historyRef = new HistoryReference(model.getSession(),
// baseRef.getHistoryType(), newMsg);
HistoryReference historyRef = new HistoryReference(model.getSession(), HistoryReference.TYPE_TEMPORARY, newMsg);
return historyRef;
}
Also used :
HttpMessage(org.parosproxy.paros.network.HttpMessage)
URI(org.apache.commons.httpclient.URI)
Example 80 with HttpMessage
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class SiteNodeStringComparator method pollPath.
/**
* Return the a HttpMessage of the same type under the tree path.
*
* @param msg
* @return null = not found
*/
public synchronized HttpMessage pollPath(HttpMessage msg) {
SiteNode resultNode = null;
URI uri = msg.getRequestHeader().getURI();
SiteNode parent = getRoot();
String folder;
try {
String host = getHostName(uri);
// no host yet
parent = findChild(parent, host);
if (parent == null) {
return null;
}
List<String> path = SessionStructure.getTreePath(model, msg);
if (path.isEmpty()) {
// Its a top level node
resultNode = parent;
}
for (int i = 0; i < path.size(); i++) {
folder = path.get(i);
if (folder != null && !folder.equals("")) {
if (i == path.size() - 1) {
String leafName = SessionStructure.getLeafName(model, folder, msg);
resultNode = findChild(parent, leafName);
} else {
parent = findChild(parent, folder);
if (parent == null) {
return null;
}
}
}
}
} catch (URIException e) {
// ZAP: Added error
log.error(e.getMessage(), e);
}
if (resultNode == null || resultNode.getHistoryReference() == null) {
return null;
}
HttpMessage nodeMsg = null;
try {
nodeMsg = resultNode.getHistoryReference().getHttpMessage();
} catch (Exception e) {
// ZAP: Added error
log.error(e.getMessage(), e);
}
return nodeMsg;
}
Also used :
URIException(org.apache.commons.httpclient.URIException)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
URI(org.apache.commons.httpclient.URI)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
InvalidParameterException(java.security.InvalidParameterException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Aggregations
HttpMessage (org.parosproxy.paros.network.HttpMessage)460
Test (org.junit.jupiter.api.Test)360
Source (net.htmlparser.jericho.Source)86
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)86
WithConfigsTest (org.zaproxy.zap.WithConfigsTest)57
CustomPage (org.zaproxy.zap.extension.custompages.CustomPage)48
SpiderParam (org.zaproxy.zap.spider.SpiderParam)36
URI (org.apache.commons.httpclient.URI)34
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)32
IOException (java.io.IOException)26
DatabaseException (org.parosproxy.paros.db.DatabaseException)26
ArrayList (java.util.ArrayList)24
HashMap (java.util.HashMap)17
FilterResult (org.zaproxy.zap.spider.filters.ParseFilter.FilterResult)17
HistoryReference (org.parosproxy.paros.model.HistoryReference)14
HttpRequestHeader (org.parosproxy.paros.network.HttpRequestHeader)14
AuthenticationState (org.zaproxy.zap.users.AuthenticationState)14
URIException (org.apache.commons.httpclient.URIException)13
User (org.zaproxy.zap.users.User)13
IHTTPSession (fi.iki.elonen.NanoHTTPD.IHTTPSession)11
