Search in sources :

Example 1 with AuthPollFrequencyUnits

use of org.zaproxy.zap.authentication.AuthenticationMethod.AuthPollFrequencyUnits in project zaproxy by zaproxy.

the class ContextAPI method buildResponseFromContext.

/**
 * Builds the response describing an Context.
 *
 * @param c the context
 * @return the api response
 */
private ApiResponse buildResponseFromContext(Context c) {
    Map<String, String> fields = new HashMap<>();
    fields.put("name", c.getName());
    fields.put("id", Integer.toString(c.getId()));
    fields.put("description", c.getDescription());
    fields.put("inScope", Boolean.toString(c.isInScope()));
    fields.put("excludeRegexs", jsonEncodeList(c.getExcludeFromContextRegexs()));
    fields.put("includeRegexs", jsonEncodeList(c.getIncludeInContextRegexs()));
    AuthenticationMethod authenticationMethod = c.getAuthenticationMethod();
    if (authenticationMethod != null) {
        Pattern pattern = authenticationMethod.getLoggedInIndicatorPattern();
        fields.put("loggedInPattern", pattern == null ? "" : pattern.toString());
        pattern = authenticationMethod.getLoggedOutIndicatorPattern();
        fields.put("loggedOutPattern", pattern == null ? "" : pattern.toString());
        AuthenticationMethodType type = authenticationMethod.getType();
        fields.put("authType", type == null ? "" : type.getName());
        AuthCheckingStrategy strategy = authenticationMethod.getAuthCheckingStrategy();
        fields.put(PARAM_CHECKING_STRATEGRY, strategy == null ? "" : strategy.name());
        if (AuthCheckingStrategy.POLL_URL.equals(strategy)) {
            fields.put(PARAM_POLL_URL, authenticationMethod.getPollUrl());
            fields.put(PARAM_POLL_DATA, authenticationMethod.getPollData());
            fields.put(PARAM_POLL_HEADERS, authenticationMethod.getPollData());
            fields.put(PARAM_POLL_FREQ, Integer.toString(authenticationMethod.getPollFrequency()));
            AuthPollFrequencyUnits units = authenticationMethod.getPollFrequencyUnits();
            fields.put(PARAM_POLL_FREQ_UNITS, units == null ? "" : units.name());
        }
    }
    AuthorizationDetectionMethod authorizationDetectionMethod = c.getAuthorizationDetectionMethod();
    if (authorizationDetectionMethod != null) {
        fields.put("authenticationDetectionMethodId", String.valueOf(authorizationDetectionMethod.getMethodUniqueIdentifier()));
    }
    fields.put("urlParameterParserClass", c.getUrlParamParser().getClass().getCanonicalName());
    fields.put("urlParameterParserConfig", c.getUrlParamParser().getConfig());
    fields.put("postParameterParserClass", c.getPostParamParser().getClass().getCanonicalName());
    fields.put("postParameterParserConfig", c.getPostParamParser().getConfig());
    return new ApiResponseSet<>("context", fields);
}
Also used : AuthorizationDetectionMethod(org.zaproxy.zap.extension.authorization.AuthorizationDetectionMethod) Pattern(java.util.regex.Pattern) AuthenticationMethodType(org.zaproxy.zap.authentication.AuthenticationMethodType) HashMap(java.util.HashMap) AuthPollFrequencyUnits(org.zaproxy.zap.authentication.AuthenticationMethod.AuthPollFrequencyUnits) AuthCheckingStrategy(org.zaproxy.zap.authentication.AuthenticationMethod.AuthCheckingStrategy) AuthenticationMethod(org.zaproxy.zap.authentication.AuthenticationMethod)

Example 2 with AuthPollFrequencyUnits

use of org.zaproxy.zap.authentication.AuthenticationMethod.AuthPollFrequencyUnits in project zaproxy by zaproxy.

the class ContextAPI method handleApiAction.

@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
    log.debug("handleApiAction " + name + " " + params.toString());
    Context context;
    TechSet techSet;
    String[] techNames;
    String filename;
    File f;
    switch(name) {
        case ACTION_EXCLUDE_FROM_CONTEXT_REGEX:
            try {
                addExcludeToContext(getContext(params), params.getString(REGEX_PARAM));
            } catch (IllegalArgumentException e) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, REGEX_PARAM, e);
            }
            break;
        case ACTION_INCLUDE_IN_CONTEXT_REGEX:
            try {
                addIncludeToContext(getContext(params), params.getString(REGEX_PARAM));
            } catch (IllegalArgumentException e) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, REGEX_PARAM, e);
            }
            break;
        case ACTION_SET_CONTEXT_REGEXS:
            context = getContext(params);
            JSONArray incRegexs;
            JSONArray excRegexs;
            try {
                incRegexs = JSONArray.fromObject(params.get(INC_REGEXS_PARAM));
                context.setIncludeInContextRegexs(JsonUtil.toStringList(incRegexs));
            } catch (JSONException e1) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, INC_REGEXS_PARAM);
            }
            try {
                excRegexs = JSONArray.fromObject(params.get(EXC_REGEXS_PARAM));
                context.setExcludeFromContextRegexs(JsonUtil.toStringList(excRegexs));
            } catch (Exception e1) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, EXC_REGEXS_PARAM);
            }
            Model.getSingleton().getSession().saveContext(context);
            break;
        case ACTION_SET_CONTEXT_CHECKING_STRATEGY:
            context = getContext(params);
            AuthCheckingStrategy checkingStrategy;
            try {
                checkingStrategy = AuthCheckingStrategy.valueOf(params.getString(PARAM_CHECKING_STRATEGRY));
            } catch (Exception e1) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_CHECKING_STRATEGRY);
            }
            if (AuthCheckingStrategy.POLL_URL.equals(checkingStrategy)) {
                AuthPollFrequencyUnits units;
                try {
                    units = AuthPollFrequencyUnits.valueOf(params.getString(PARAM_POLL_FREQ_UNITS));
                } catch (Exception e) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_POLL_FREQ_UNITS);
                }
                int freq;
                String pollUrl = params.getString(PARAM_POLL_URL);
                String pollData = params.getString(PARAM_POLL_DATA);
                String pollHeaders = params.getString(PARAM_POLL_HEADERS);
                if (pollUrl == null || pollUrl.isEmpty()) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_POLL_URL);
                }
                try {
                    new URI(pollUrl, true);
                } catch (Exception e) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_POLL_URL);
                }
                try {
                    freq = params.getInt(PARAM_POLL_FREQ);
                } catch (Exception e) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_POLL_FREQ);
                }
                if (freq <= 0) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_POLL_FREQ);
                }
                context.getAuthenticationMethod().setPollUrl(pollUrl);
                context.getAuthenticationMethod().setPollData(pollData);
                context.getAuthenticationMethod().setPollHeaders(pollHeaders);
                context.getAuthenticationMethod().setPollFrequency(freq);
                context.getAuthenticationMethod().setPollFrequencyUnits(units);
            }
            context.getAuthenticationMethod().setAuthCheckingStrategy(checkingStrategy);
            Model.getSingleton().getSession().saveContext(context);
            break;
        case ACTION_NEW_CONTEXT:
            String contextName = params.getString(CONTEXT_NAME);
            try {
                context = Model.getSingleton().getSession().getNewContext(contextName);
            } catch (IllegalContextNameException e) {
                throw new ApiException(ApiException.Type.ALREADY_EXISTS, contextName, e);
            }
            Model.getSingleton().getSession().saveContext(context);
            return new ApiResponseElement(CONTEXT_ID, String.valueOf(context.getId()));
        case ACTION_REMOVE_CONTEXT:
            context = getContext(params);
            Model.getSingleton().getSession().deleteContext(context);
            break;
        case ACTION_SET_CONTEXT_IN_SCOPE:
            context = getContext(params);
            context.setInScope(params.getBoolean(IN_SCOPE));
            Model.getSingleton().getSession().saveContext(context);
            break;
        case ACTION_IMPORT_CONTEXT:
            filename = params.getString(CONTEXT_FILE_PARAM);
            f = new File(filename);
            if (!f.exists()) {
                // Try relative to the contexts dir
                f = new File(Constant.getContextsDir(), filename);
            }
            if (!f.exists()) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, f.getAbsolutePath());
            } else {
                try {
                    context = Model.getSingleton().getSession().importContext(f);
                } catch (IllegalContextNameException e) {
                    throw new ApiException(ApiException.Type.BAD_EXTERNAL_DATA, e);
                } catch (Exception e) {
                    log.error(e.getMessage(), e);
                    throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
                }
            }
            return new ApiResponseElement(CONTEXT_ID, String.valueOf(context.getId()));
        case ACTION_EXPORT_CONTEXT:
            filename = params.getString(CONTEXT_FILE_PARAM);
            context = getContext(params);
            f = new File(filename);
            if (!f.getAbsolutePath().equals(filename)) {
                // Not an absolute filename, use one relative to the contexts dir
                f = new File(Constant.getContextsDir(), filename);
            }
            if (!f.getParentFile().canWrite()) {
                // Cant write to the parent dir so not looking good
                throw new ApiException(ApiException.Type.NO_ACCESS, f.getAbsolutePath());
            } else {
                try {
                    Model.getSingleton().getSession().exportContext(context, f);
                } catch (Exception e) {
                    throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
                }
            }
            break;
        case ACTION_INCLUDE_TECHS:
            context = getContext(params);
            techSet = context.getTechSet();
            techNames = getParam(params, PARAM_TECH_NAMES, "").split(",");
            for (String techName : techNames) {
                techSet.include(getTech(techName));
            }
            context.save();
            break;
        case ACTION_INCLUDE_ALL_TECHS:
            context = getContext(params);
            techSet = new TechSet(Tech.getAll());
            context.setTechSet(techSet);
            context.save();
            break;
        case ACTION_EXCLUDE_TECHS:
            context = getContext(params);
            techSet = context.getTechSet();
            techNames = getParam(params, PARAM_TECH_NAMES, "").split(",");
            for (String techName : techNames) {
                techSet.exclude(getTech(techName));
            }
            context.save();
            break;
        case ACTION_EXCLUDE_ALL_TECHS:
            context = getContext(params);
            techSet = context.getTechSet();
            for (Tech tech : Tech.getAll()) {
                techSet.exclude(tech);
            }
            context.save();
            break;
        default:
            throw new ApiException(Type.BAD_ACTION);
    }
    return ApiResponseElement.OK;
}
Also used : Context(org.zaproxy.zap.model.Context) TechSet(org.zaproxy.zap.model.TechSet) AuthPollFrequencyUnits(org.zaproxy.zap.authentication.AuthenticationMethod.AuthPollFrequencyUnits) JSONArray(net.sf.json.JSONArray) AuthCheckingStrategy(org.zaproxy.zap.authentication.AuthenticationMethod.AuthCheckingStrategy) JSONException(net.sf.json.JSONException) URI(org.apache.commons.httpclient.URI) JSONException(net.sf.json.JSONException) IllegalContextNameException(org.zaproxy.zap.model.IllegalContextNameException) Tech(org.zaproxy.zap.model.Tech) IllegalContextNameException(org.zaproxy.zap.model.IllegalContextNameException) File(java.io.File)

Example 3 with AuthPollFrequencyUnits

use of org.zaproxy.zap.authentication.AuthenticationMethod.AuthPollFrequencyUnits in project zaproxy by zaproxy.

the class ExtensionAuthentication method importContextData.

@Override
public void importContextData(Context ctx, Configuration config) throws ConfigurationException {
    int typeId = config.getInt(AuthenticationMethod.CONTEXT_CONFIG_AUTH_TYPE, NO_AUTH_METHOD);
    if (typeId == NO_AUTH_METHOD) {
        return;
    }
    AuthenticationMethodType authMethodType = getAuthenticationMethodTypeForIdentifier(typeId);
    if (authMethodType == null) {
        log.warn("No authentication method type found for ID: " + typeId);
        return;
    }
    ctx.setAuthenticationMethod(authMethodType.createAuthenticationMethod(ctx.getId()));
    AuthenticationMethod method = ctx.getAuthenticationMethod();
    AuthCheckingStrategy strategy = AuthCheckingStrategy.valueOf(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_STRATEGY, AuthCheckingStrategy.EACH_RESP.name()));
    method.setAuthCheckingStrategy(strategy);
    method.setPollUrl(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_URL, ""));
    method.setPollData(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_DATA, ""));
    method.setPollHeaders(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_HEADERS, ""));
    method.setPollFrequency(config.getInt(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_FREQ, AuthenticationMethod.DEFAULT_POLL_FREQUENCY));
    AuthPollFrequencyUnits units = AuthPollFrequencyUnits.valueOf(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_UNITS, AuthPollFrequencyUnits.REQUESTS.name()));
    method.setPollFrequencyUnits(units);
    method.setLoggedInIndicatorPattern(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDIN, ""));
    method.setLoggedOutIndicatorPattern(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDOUT, ""));
    method.getType().importData(config, method);
}
Also used : HttpAuthenticationMethodType(org.zaproxy.zap.authentication.HttpAuthenticationMethodType) JsonBasedAuthenticationMethodType(org.zaproxy.zap.authentication.JsonBasedAuthenticationMethodType) FormBasedAuthenticationMethodType(org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType) ScriptBasedAuthenticationMethodType(org.zaproxy.zap.authentication.ScriptBasedAuthenticationMethodType) ManualAuthenticationMethodType(org.zaproxy.zap.authentication.ManualAuthenticationMethodType) AuthenticationMethodType(org.zaproxy.zap.authentication.AuthenticationMethodType) AuthPollFrequencyUnits(org.zaproxy.zap.authentication.AuthenticationMethod.AuthPollFrequencyUnits) AuthCheckingStrategy(org.zaproxy.zap.authentication.AuthenticationMethod.AuthCheckingStrategy) AuthenticationMethod(org.zaproxy.zap.authentication.AuthenticationMethod) FormBasedAuthenticationMethod(org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType.FormBasedAuthenticationMethod)

Aggregations

AuthCheckingStrategy (org.zaproxy.zap.authentication.AuthenticationMethod.AuthCheckingStrategy)3 AuthPollFrequencyUnits (org.zaproxy.zap.authentication.AuthenticationMethod.AuthPollFrequencyUnits)3 AuthenticationMethod (org.zaproxy.zap.authentication.AuthenticationMethod)2 AuthenticationMethodType (org.zaproxy.zap.authentication.AuthenticationMethodType)2 File (java.io.File)1 HashMap (java.util.HashMap)1 Pattern (java.util.regex.Pattern)1 JSONArray (net.sf.json.JSONArray)1 JSONException (net.sf.json.JSONException)1 URI (org.apache.commons.httpclient.URI)1 FormBasedAuthenticationMethodType (org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType)1 FormBasedAuthenticationMethod (org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType.FormBasedAuthenticationMethod)1 HttpAuthenticationMethodType (org.zaproxy.zap.authentication.HttpAuthenticationMethodType)1 JsonBasedAuthenticationMethodType (org.zaproxy.zap.authentication.JsonBasedAuthenticationMethodType)1 ManualAuthenticationMethodType (org.zaproxy.zap.authentication.ManualAuthenticationMethodType)1 ScriptBasedAuthenticationMethodType (org.zaproxy.zap.authentication.ScriptBasedAuthenticationMethodType)1 AuthorizationDetectionMethod (org.zaproxy.zap.extension.authorization.AuthorizationDetectionMethod)1 Context (org.zaproxy.zap.model.Context)1 IllegalContextNameException (org.zaproxy.zap.model.IllegalContextNameException)1 Tech (org.zaproxy.zap.model.Tech)1