Example 6 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class AntiCsrfAPI method handleApiOther.
@Override
public HttpMessage handleApiOther(HttpMessage msg, String name, JSONObject params) throws ApiException {
if (OTHER_GENERATE_FORM.equals(name)) {
String hrefIdStr = params.getString(OTHER_GENERATE_FORM_PARAM_HREFID);
if (hrefIdStr == null || hrefIdStr.length() == 0) {
throw new ApiException(ApiException.Type.MISSING_PARAMETER, OTHER_GENERATE_FORM_PARAM_HREFID);
}
int hrefId;
try {
hrefId = Integer.parseInt(hrefIdStr);
String response = extension.generateForm(hrefId);
if (response == null) {
throw new ApiException(ApiException.Type.HREF_NOT_FOUND, hrefIdStr);
}
// Get the charset from the original message
ExtensionHistory extHist = (ExtensionHistory) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME);
String charset = extHist.getHistoryReference(hrefId).getHttpMessage().getResponseHeader().getCharset();
if (charset == null || charset.length() == 0) {
charset = "";
} else {
charset = " charset=" + charset;
}
msg.setResponseHeader(API.getDefaultResponseHeader("text/html; " + charset, response.length()));
msg.setResponseBody(response);
} catch (NumberFormatException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, OTHER_GENERATE_FORM_PARAM_HREFID);
} catch (ApiException e) {
throw e;
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
} else {
throw new ApiException(ApiException.Type.BAD_OTHER, name);
}
return msg;
}
Also used :
ExtensionHistory(org.parosproxy.paros.extension.history.ExtensionHistory)
ApiException(org.zaproxy.zap.extension.api.ApiException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 7 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class ForcedUserAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
log.debug("handleApiAction " + name + " " + params.toString());
Context context;
switch(name) {
case ACTION_SET_FORCED_USER:
context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
int userId = ApiUtils.getIntParam(params, PARAM_USER_ID);
try {
extension.setForcedUser(context.getIndex(), userId);
} catch (IllegalStateException ex) {
throw new ApiException(Type.USER_NOT_FOUND);
}
context.save();
return ApiResponseElement.OK;
case ACTION_SET_FORCED_USER_MODE_ENABLED:
if (!params.containsKey(PARAM_MODE_ENABLED))
throw new ApiException(Type.MISSING_PARAMETER, PARAM_MODE_ENABLED);
boolean newModeStatus;
try {
newModeStatus = params.getBoolean(PARAM_MODE_ENABLED);
} catch (JSONException ex) {
throw new ApiException(Type.ILLEGAL_PARAMETER, PARAM_MODE_ENABLED);
}
extension.setForcedUserModeEnabled(newModeStatus);
return ApiResponseElement.OK;
default:
throw new ApiException(Type.BAD_ACTION);
}
}
Also used :
Context(org.zaproxy.zap.model.Context)
JSONException(net.sf.json.JSONException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 8 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class BreakAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
if (ACTION_BREAK.equals(name)) {
String type = params.getString(PARAM_TYPE).toLowerCase();
if (type.equals(VALUE_TYPE_HTTP_ALL)) {
extension.setBreakAllRequests(params.getBoolean(PARAM_STATE));
extension.setBreakAllResponses(params.getBoolean(PARAM_STATE));
} else if (type.equals(VALUE_TYPE_HTTP_REQUESTS)) {
extension.setBreakAllRequests(params.getBoolean(PARAM_STATE));
} else if (type.equals(VALUE_TYPE_HTTP_RESPONSES)) {
extension.setBreakAllResponses(params.getBoolean(PARAM_STATE));
} else {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_TYPE + " not in [" + VALUE_TYPE_HTTP_ALL + "," + VALUE_TYPE_HTTP_REQUESTS + "," + VALUE_TYPE_HTTP_RESPONSES + "]");
}
} else if (ACTION_BREAK_ON_ID.equals(name)) {
extension.setBreakOnId(params.getString(PARAM_KEY), params.getString(PARAM_STATE).toLowerCase().equals("on"));
} else if (ACTION_CONTINUE.equals(name)) {
extension.getBreakpointManagementInterface().cont();
} else if (ACTION_STEP.equals(name)) {
extension.getBreakpointManagementInterface().step();
} else if (ACTION_DROP.equals(name)) {
extension.getBreakpointManagementInterface().drop();
} else if (ACTION_SET_HTTP_MESSAGE.equals(name)) {
if (extension.getBreakpointManagementInterface().getMessage() == null) {
// We've not got an intercepted message
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
String header = params.getString(PARAM_HTTP_HEADER);
String body = this.getParam(params, PARAM_HTTP_BODY, "");
if (header.indexOf(HttpHeader.CRLF) < 0) {
if (header.indexOf("\\n") >= 0) {
// Makes it easier to use via API UI
header = header.replace("\\r", "\r").replace("\\n", "\n");
}
}
Message msg = extension.getBreakpointManagementInterface().getMessage();
if (msg instanceof HttpMessage) {
HttpMessage httpMsg = (HttpMessage) msg;
if (extension.getBreakpointManagementInterface().isRequest()) {
try {
httpMsg.setRequestHeader(header);
httpMsg.setRequestBody(body);
extension.getBreakpointManagementInterface().setMessage(httpMsg, true);
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
} else {
try {
httpMsg.setResponseHeader(header);
httpMsg.setResponseBody(body);
extension.getBreakpointManagementInterface().setMessage(httpMsg, false);
} catch (HttpMalformedHeaderException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
}
}
} else if (ACTION_ADD_HTTP_BREAK_POINT.equals(name)) {
try {
extension.addHttpBreakpoint(params.getString(PARAM_STRING), params.getString(PARAM_LOCATION), params.getString(PARAM_MATCH), params.getBoolean(PARAM_INVERSE), params.getBoolean(PARAM_IGNORECASE));
} catch (Exception e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
} else if (ACTION_REM_HTTP_BREAK_POINT.equals(name)) {
try {
extension.removeHttpBreakpoint(params.getString(PARAM_STRING), params.getString(PARAM_LOCATION), params.getString(PARAM_MATCH), params.getBoolean(PARAM_INVERSE), params.getBoolean(PARAM_IGNORECASE));
} catch (Exception e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage());
}
} else {
throw new ApiException(ApiException.Type.BAD_ACTION);
}
return ApiResponseElement.OK;
}
Also used :
Message(org.zaproxy.zap.extension.httppanel.Message)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
ApiException(org.zaproxy.zap.extension.api.ApiException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 9 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class AutoUpdateAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result;
if (VIEW_LATEST_VERSION_NUMBER.equals(name)) {
result = new ApiResponseElement(name, this.getLatestVersionNumber());
} else if (VIEW_IS_LATEST_VERSION.equals(name)) {
result = new ApiResponseElement(name, Boolean.toString(this.isLatestVersion()));
} else if (VIEW_INSTALLED_ADDONS.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
for (AddOn ao : extension.getInstalledAddOns()) {
resultList.addItem(addonToSet(ao));
}
result = resultList;
} else if (VIEW_NEW_ADDONS.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
for (AddOn ao : extension.getNewAddOns()) {
resultList.addItem(addonToSet(ao));
}
result = resultList;
} else if (VIEW_UPDATED_ADDONS.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
for (AddOn ao : extension.getUpdatedAddOns()) {
resultList.addItem(addonToSet(ao));
}
result = resultList;
} else if (VIEW_MARKETPLACE_ADDONS.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
for (AddOn ao : extension.getMarketplaceAddOns()) {
resultList.addItem(addonToSet(ao));
}
result = resultList;
} else {
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
Also used :
AddOn(org.zaproxy.zap.control.AddOn)
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
ApiResponse(org.zaproxy.zap.extension.api.ApiResponse)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 10 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class AutoUpdateAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
log.debug("handleApiAction " + name + " " + params.toString());
if (ACTION_DOWNLOAD_LATEST_RELEASE.equals(name)) {
if (this.downloadLatestRelease()) {
return ApiResponseElement.OK;
} else {
return ApiResponseElement.FAIL;
}
} else if (ACTION_INSTALL_ADDON.equals(name)) {
String id = params.getString(PARAM_ID);
AddOn ao = extension.getAddOn(id);
if (ao == null) {
throw new ApiException(Type.DOES_NOT_EXIST);
} else {
List<String> l = new ArrayList<String>();
l.add(id);
String errorMessages = extension.installAddOns(l);
if (errorMessages.length() == 0) {
return ApiResponseElement.OK;
} else {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, errorMessages);
}
}
} else if (ACTION_UNINSTALL_ADDON.equals(name)) {
String id = params.getString(PARAM_ID);
AddOn ao = extension.getLocalVersionInfo().getAddOn(id);
if (ao == null) {
throw new ApiException(Type.DOES_NOT_EXIST);
} else {
List<String> l = new ArrayList<String>();
l.add(id);
String errorMessages = extension.uninstallAddOns(l);
if (errorMessages.length() == 0) {
return ApiResponseElement.OK;
} else {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, errorMessages);
}
}
} else {
throw new ApiException(ApiException.Type.BAD_ACTION);
}
}
Also used :
AddOn(org.zaproxy.zap.control.AddOn)
ArrayList(java.util.ArrayList)
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
ArrayList(java.util.ArrayList)
List(java.util.List)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Aggregations
ApiException (org.zaproxy.zap.extension.api.ApiException)44
Context (org.zaproxy.zap.model.Context)18
ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)12
ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)12
JSONObject (net.sf.json.JSONObject)11
DatabaseException (org.parosproxy.paros.db.DatabaseException)10
User (org.zaproxy.zap.users.User)9
ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)8
HashMap (java.util.HashMap)7
PatternSyntaxException (java.util.regex.PatternSyntaxException)6
JSONException (net.sf.json.JSONException)6
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)6
ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)6
GenericScanner2 (org.zaproxy.zap.model.GenericScanner2)6
ArrayList (java.util.ArrayList)5
ConfigurationException (org.apache.commons.configuration.ConfigurationException)5
ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)5
URIException (org.apache.commons.httpclient.URIException)4
Plugin (org.parosproxy.paros.core.scanner.Plugin)4
Session (org.parosproxy.paros.model.Session)4
