use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class AlertViewPanel method getAlert.
public Alert getAlert() {
if (!editable && originalAlert != null) {
Alert alert = originalAlert.newInstance();
alert.setAlertId(originalAlert.getAlertId());
alert.setName((String) alertEditName.getSelectedItem());
alert.setParam((String) alertEditParam.getSelectedItem());
alert.setRiskConfidence(alertEditRisk.getSelectedIndex(), alertEditConfidence.getSelectedIndex());
alert.setDescription(alertDescription.getText());
alert.setOtherInfo(alertOtherInfo.getText());
alert.setSolution(alertSolution.getText());
alert.setReference(alertReference.getText());
alert.setEvidence(alertEvidence.getText());
alert.setCweId(alertEditCweId.getValue());
alert.setWascId(alertEditWascId.getValue());
alert.setHistoryRef(historyRef);
return alert;
}
Alert alert = new Alert(-1, alertEditRisk.getSelectedIndex(), alertEditConfidence.getSelectedIndex(), (String) alertEditName.getSelectedItem());
alert.setHistoryRef(historyRef);
if (originalAlert != null) {
alert.setAlertId(originalAlert.getAlertId());
alert.setSource(originalAlert.getSource());
}
String uri = null;
HttpMessage msg = null;
if (httpMessage != null) {
uri = httpMessage.getRequestHeader().getURI().toString();
msg = httpMessage;
} else if (historyRef != null) {
try {
uri = historyRef.getURI().toString();
msg = historyRef.getHttpMessage();
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
} else if (originalAlert != null) {
uri = originalAlert.getUri();
msg = originalAlert.getMessage();
}
alert.setDetail(alertDescription.getText(), uri, (String) alertEditParam.getSelectedItem(), alertEditAttack.getText(), alertOtherInfo.getText(), alertSolution.getText(), alertReference.getText(), alertEditEvidence.getText(), alertEditCweId.getValue(), alertEditWascId.getValue(), msg);
return alert;
}
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class ExtensionAutoUpdate method getRemoteConfigurationUrl.
private ZapXmlConfiguration getRemoteConfigurationUrl(String url) throws IOException, ConfigurationException, InvalidCfuUrlException {
HttpMessage msg = new HttpMessage(new URI(url, true), Model.getSingleton().getOptionsParam().getConnectionParam());
getHttpSender().sendAndReceive(msg, true);
if (msg.getResponseHeader().getStatusCode() != HttpStatusCode.OK) {
throw new IOException();
}
if (!msg.getRequestHeader().isSecure()) {
// Only access the cfu page over https
throw new InvalidCfuUrlException(msg.getRequestHeader().getURI().toString());
}
ZapXmlConfiguration config = new ZapXmlConfiguration();
config.setDelimiterParsingDisabled(true);
config.load(new StringReader(msg.getResponseBody().toString()));
// Save version file so we can report new addons next time
File f = new File(Constant.FOLDER_LOCAL_PLUGIN, VERSION_FILE_NAME);
FileWriter out = null;
try {
out = new FileWriter(f);
out.write(msg.getResponseBody().toString());
} catch (Exception e) {
logger.error(e.getMessage(), e);
} finally {
try {
if (out != null) {
out.close();
}
} catch (IOException e) {
// Ignore
}
}
return config;
}
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class BreakAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
if (ACTION_BREAK.equals(name)) {
String type = params.getString(PARAM_TYPE).toLowerCase();
if (type.equals(VALUE_TYPE_HTTP_ALL)) {
extension.setBreakAllRequests(params.getBoolean(PARAM_STATE));
extension.setBreakAllResponses(params.getBoolean(PARAM_STATE));
} else if (type.equals(VALUE_TYPE_HTTP_REQUESTS)) {
extension.setBreakAllRequests(params.getBoolean(PARAM_STATE));
} else if (type.equals(VALUE_TYPE_HTTP_RESPONSES)) {
extension.setBreakAllResponses(params.getBoolean(PARAM_STATE));
} else {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_TYPE + " not in [" + VALUE_TYPE_HTTP_ALL + "," + VALUE_TYPE_HTTP_REQUESTS + "," + VALUE_TYPE_HTTP_RESPONSES + "]");
}
} else if (ACTION_BREAK_ON_ID.equals(name)) {
extension.setBreakOnId(params.getString(PARAM_KEY), params.getString(PARAM_STATE).toLowerCase().equals("on"));
} else if (ACTION_CONTINUE.equals(name)) {
extension.getBreakpointManagementInterface().cont();
} else if (ACTION_STEP.equals(name)) {
extension.getBreakpointManagementInterface().step();
} else if (ACTION_DROP.equals(name)) {
extension.getBreakpointManagementInterface().drop();
} else if (ACTION_SET_HTTP_MESSAGE.equals(name)) {
if (extension.getBreakpointManagementInterface().getMessage() == null) {
// We've not got an intercepted message
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
String header = params.getString(PARAM_HTTP_HEADER);
String body = this.getParam(params, PARAM_HTTP_BODY, "");
if (header.indexOf(HttpHeader.CRLF) < 0) {
if (header.indexOf("\\n") >= 0) {
// Makes it easier to use via API UI
header = header.replace("\\r", "\r").replace("\\n", "\n");
}
}
Message msg = extension.getBreakpointManagementInterface().getMessage();
if (msg instanceof HttpMessage) {
HttpMessage httpMsg = (HttpMessage) msg;
if (extension.getBreakpointManagementInterface().isRequest()) {
try {
httpMsg.setRequestHeader(header);
httpMsg.setRequestBody(body);
extension.getBreakpointManagementInterface().setMessage(httpMsg, true);
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
} else {
try {
httpMsg.setResponseHeader(header);
httpMsg.setResponseBody(body);
extension.getBreakpointManagementInterface().setMessage(httpMsg, false);
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
}
}
} else if (ACTION_ADD_HTTP_BREAK_POINT.equals(name)) {
try {
extension.addHttpBreakpoint(params.getString(PARAM_STRING), params.getString(PARAM_LOCATION), params.getString(PARAM_MATCH), params.getBoolean(PARAM_INVERSE), params.getBoolean(PARAM_IGNORECASE));
} catch (Exception e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
} else if (ACTION_REM_HTTP_BREAK_POINT.equals(name)) {
try {
extension.removeHttpBreakpoint(params.getString(PARAM_STRING), params.getString(PARAM_LOCATION), params.getString(PARAM_MATCH), params.getBoolean(PARAM_INVERSE), params.getBoolean(PARAM_IGNORECASE));
} catch (Exception e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
} else {
throw new ApiException(ApiException.Type.BAD_ACTION);
}
return ApiResponseElement.OK;
}
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class HttpBreakpointManagementDaemonImpl method setMessage.
@Override
public void setMessage(Message msg, boolean isRequest) {
if (msg instanceof HttpMessage) {
switch(Control.getSingleton().getMode()) {
case safe:
throw new IllegalStateException("Not allowed in safe mode");
case protect:
if (!msg.isInScope()) {
throw new IllegalStateException("Not allowed in protected mode for out of scope message");
}
break;
case standard:
break;
case attack:
break;
}
HttpMessage httpMsg = (HttpMessage) msg;
if (this.msg == null) {
this.msg = httpMsg;
this.request = isRequest;
} else {
if (isRequest) {
this.msg.setRequestHeader(httpMsg.getRequestHeader());
this.msg.setRequestBody(httpMsg.getRequestBody());
} else {
this.msg.setResponseHeader(httpMsg.getResponseHeader());
this.msg.setResponseBody(httpMsg.getResponseBody());
}
}
} else {
throw new IllegalArgumentException("Not an HttpMessage");
}
}
use of org.parosproxy.paros.network.HttpMessage in project zaproxy by zaproxy.
the class HttpBreakpointMessage method match.
@Override
public boolean match(Message aMessage, boolean isRequest, boolean onlyIfInScope) {
if (aMessage instanceof HttpMessage) {
HttpMessage messge = (HttpMessage) aMessage;
try {
String uri = messge.getRequestHeader().getURI().toString();
if (onlyIfInScope) {
if (!Model.getSingleton().getSession().isInScope(uri)) {
return false;
}
}
String src = null;
switch(location) {
case url:
src = uri;
break;
case request_header:
if (!isRequest) {
return false;
}
src = messge.getRequestHeader().toString();
break;
case request_body:
if (!isRequest) {
return false;
}
src = messge.getRequestBody().toString();
break;
case response_header:
if (isRequest) {
return false;
}
src = messge.getResponseHeader().toString();
break;
case response_body:
if (isRequest) {
return false;
}
src = messge.getResponseBody().toString();
break;
}
boolean res;
if (Match.contains.equals(this.match)) {
if (ignoreCase) {
res = src.toLowerCase().contains(string.toLowerCase());
} else {
res = src.contains(string);
}
} else {
res = pattern.matcher(src).find();
}
if (inverse) {
return !res;
} else {
return res;
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
}
return false;
}
Aggregations