Examples with ApiException org.zaproxy.zap.extension.api.ApiException used on opensource projects

Search in sources :

Example 11 with ApiException

use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.

the class AuthorizationAPI method handleApiAction.

@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
    log.debug("handleApiAction " + name + " " + params.toString());
    Context context;
    switch(name) {
        case ACTION_SET_AUTHORIZATION_METHOD:
            context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
            String headerRegex = params.optString(PARAM_HEADER_REGEX, null);
            String bodyRegex = params.optString(PARAM_BODY_REGEX, null);
            LogicalOperator logicalOperator = ApiUtils.getOptionalEnumParam(params, PARAM_LOGICAL_OPERATOR, LogicalOperator.class);
            if (logicalOperator == null) {
                logicalOperator = LogicalOperator.AND;
            }
            int statusCode = params.optInt(PARAM_STATUS_CODE, BasicAuthorizationDetectionMethod.NO_STATUS_CODE);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Setting basic authorization detection to: %s / %s / %d / %s", headerRegex, bodyRegex, statusCode, logicalOperator));
            }
            BasicAuthorizationDetectionMethod method = new BasicAuthorizationDetectionMethod(statusCode, headerRegex, bodyRegex, logicalOperator);
            context.setAuthorizationDetectionMethod(method);
            return ApiResponseElement.OK;
        default:
            throw new ApiException(Type.BAD_ACTION);
    }
}
Also used : Context(org.zaproxy.zap.model.Context) LogicalOperator(org.zaproxy.zap.extension.authorization.BasicAuthorizationDetectionMethod.LogicalOperator) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 12 with ApiException

use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.

the class AuthenticationAPI method handleApiAction.

@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
    log.debug("handleApiAction " + name + " " + params.toString());
    Context context;
    switch(name) {
        case ACTION_SET_LOGGED_IN_INDICATOR:
            String loggedInIndicator = params.getString(PARAM_LOGGED_IN_INDICATOR);
            if (loggedInIndicator == null || loggedInIndicator.isEmpty())
                throw new ApiException(Type.MISSING_PARAMETER, PARAM_LOGGED_IN_INDICATOR);
            context = getContext(params);
            context.getAuthenticationMethod().setLoggedInIndicatorPattern(loggedInIndicator);
            context.save();
            return ApiResponseElement.OK;
        case ACTION_SET_LOGGED_OUT_INDICATOR:
            String loggedOutIndicator = params.getString(PARAM_LOGGED_OUT_INDICATOR);
            if (loggedOutIndicator == null || loggedOutIndicator.isEmpty())
                throw new ApiException(Type.MISSING_PARAMETER, PARAM_LOGGED_OUT_INDICATOR);
            context = getContext(params);
            context.getAuthenticationMethod().setLoggedOutIndicatorPattern(loggedOutIndicator);
            context.save();
            return ApiResponseElement.OK;
        case ACTION_SET_METHOD:
            // Prepare the params
            JSONObject actionParams;
            if (params.has(PARAM_METHOD_CONFIG_PARAMS))
                actionParams = API.getParams(params.getString(PARAM_METHOD_CONFIG_PARAMS));
            else
                actionParams = new JSONObject();
            context = getContext(params);
            actionParams.put(PARAM_CONTEXT_ID, context.getIndex());
            // Run the method
            getSetMethodActionImplementor(params).handleAction(actionParams);
            context.save();
            return ApiResponseElement.OK;
        default:
            throw new ApiException(Type.BAD_ACTION);
    }
}
Also used : Context(org.zaproxy.zap.model.Context) JSONObject(net.sf.json.JSONObject) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 13 with ApiException

use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.

the class FormBasedAuthenticationMethodType method getSetMethodForContextApiAction.

@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
    return new ApiDynamicActionImplementor(API_METHOD_NAME, new String[] { PARAM_LOGIN_URL }, new String[] { PARAM_LOGIN_REQUEST_DATA }) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, AuthenticationAPI.PARAM_CONTEXT_ID);
            String loginUrl = ApiUtils.getNonEmptyStringParam(params, PARAM_LOGIN_URL);
            try {
                new URL(loginUrl);
            } catch (Exception ex) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_LOGIN_URL);
            }
            String postData = "";
            if (params.containsKey(PARAM_LOGIN_REQUEST_DATA)) {
                postData = params.getString(PARAM_LOGIN_REQUEST_DATA);
            }
            // Set the method
            FormBasedAuthenticationMethod method = createAuthenticationMethod(context.getIndex());
            try {
                method.setLoginRequest(loginUrl, postData);
            } catch (Exception e) {
                throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
            }
            if (!context.getAuthenticationMethod().isSameType(method))
                apiChangedAuthenticationMethodForContext(context.getIndex());
            context.setAuthenticationMethod(method);
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) PopupMenuItemContext(org.zaproxy.zap.view.popup.PopupMenuItemContext) RecordContext(org.parosproxy.paros.db.RecordContext) JSONObject(net.sf.json.JSONObject) URL(java.net.URL) URIException(org.apache.commons.httpclient.URIException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) ApiException(org.zaproxy.zap.extension.api.ApiException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) IOException(java.io.IOException) DatabaseException(org.parosproxy.paros.db.DatabaseException) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 14 with ApiException

use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.

the class HttpAuthenticationMethodType method getSetMethodForContextApiAction.

@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
    return new ApiDynamicActionImplementor(API_METHOD_NAME, new String[] { PARAM_HOSTNAME, PARAM_REALM }, new String[] { PARAM_PORT }) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, AuthenticationAPI.PARAM_CONTEXT_ID);
            HttpAuthenticationMethod method = createAuthenticationMethod(context.getIndex());
            method.hostname = ApiUtils.getNonEmptyStringParam(params, PARAM_HOSTNAME);
            try {
                new URI(method.hostname);
            } catch (Exception ex) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_HOSTNAME);
            }
            if (params.containsKey(PARAM_REALM))
                method.realm = params.getString(PARAM_REALM);
            if (params.containsKey(PARAM_PORT))
                try {
                    String portString = params.getString(PARAM_PORT);
                    method.port = Integer.parseInt(portString);
                } catch (Exception ex) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_PORT);
                }
            if (!context.getAuthenticationMethod().isSameType(method))
                apiChangedAuthenticationMethodForContext(context.getIndex());
            context.setAuthenticationMethod(method);
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) RecordContext(org.parosproxy.paros.db.RecordContext) JSONObject(net.sf.json.JSONObject) URI(java.net.URI) ApiException(org.zaproxy.zap.extension.api.ApiException) DatabaseException(org.parosproxy.paros.db.DatabaseException) UnknownHostException(java.net.UnknownHostException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 15 with ApiException

use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.

the class ScriptBasedAuthenticationMethodType method getSetMethodForContextApiAction.

@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
    return new ApiDynamicActionImplementor(API_METHOD_NAME, new String[] { PARAM_SCRIPT_NAME }, new String[] { PARAM_SCRIPT_CONFIG_PARAMS }) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, AuthenticationAPI.PARAM_CONTEXT_ID);
            String scriptName = ApiUtils.getNonEmptyStringParam(params, PARAM_SCRIPT_NAME);
            // Prepare the method
            ScriptBasedAuthenticationMethod method = createAuthenticationMethod(context.getIndex());
            // Load the script and make sure it exists and follows the required interface
            ScriptWrapper script = getScriptsExtension().getScript(scriptName);
            if (script == null) {
                log.error("Unable to find script while loading Script Based Authentication Method for name: " + scriptName);
                throw new ApiException(ApiException.Type.SCRIPT_NOT_FOUND, scriptName);
            } else
                log.info("Loaded script for API:" + script.getName());
            method.script = script;
            // Check script interface and make sure we load the credentials parameter names
            AuthenticationScript s = getScriptInterfaceV2(script);
            if (s == null) {
                s = getScriptInterface(script);
            }
            if (s == null) {
                log.error("Unable to load Script Based Authentication method. The script " + script.getName() + " does not properly implement the Authentication Script interface.");
                throw new ApiException(ApiException.Type.BAD_SCRIPT_FORMAT, "Does not follow Authentication script interface");
            }
            try {
                if (s instanceof AuthenticationScriptV2) {
                    AuthenticationScriptV2 sV2 = (AuthenticationScriptV2) s;
                    method.setLoggedInIndicatorPattern(sV2.getLoggedInIndicator());
                    method.setLoggedOutIndicatorPattern(sV2.getLoggedOutIndicator());
                }
                method.credentialsParamNames = s.getCredentialsParamsNames();
                // Load config param names + values and make sure all of the required ones
                // are there
                String[] requiredParams = s.getRequiredParamsNames();
                String[] optionalParams = s.getOptionalParamsNames();
                if (log.isDebugEnabled()) {
                    log.debug("Loaded authentication script - required parameters: " + Arrays.toString(requiredParams) + " - optional parameters: " + Arrays.toString(optionalParams));
                }
                Map<String, String> paramValues = new HashMap<String, String>();
                for (String rp : requiredParams) {
                    // If one of the required parameters is not present, it will throw
                    // an exception
                    String val = ApiUtils.getNonEmptyStringParam(params, rp);
                    paramValues.put(rp, val);
                }
                for (String op : optionalParams) paramValues.put(op, ApiUtils.getOptionalStringParam(params, op));
                method.paramValues = paramValues;
                if (log.isDebugEnabled())
                    log.debug("Loaded authentication script parameters:" + paramValues);
            } catch (ApiException e) {
                throw e;
            } catch (Exception e) {
                getScriptsExtension().handleScriptException(script, e);
                log.error("Unable to load Script Based Authentication method. The script " + script.getName() + " contains errors.");
                throw new ApiException(ApiException.Type.BAD_SCRIPT_FORMAT, e.getMessage());
            }
            // accordingly
            if (!context.getAuthenticationMethod().isSameType(method))
                apiChangedAuthenticationMethodForContext(context.getIndex());
            context.setAuthenticationMethod(method);
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) RecordContext(org.parosproxy.paros.db.RecordContext) HashMap(java.util.HashMap) ScriptException(javax.script.ScriptException) ApiException(org.zaproxy.zap.extension.api.ApiException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) DatabaseException(org.parosproxy.paros.db.DatabaseException) JSONObject(net.sf.json.JSONObject) ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper) ApiException(org.zaproxy.zap.extension.api.ApiException)

Aggregations

ApiException (org.zaproxy.zap.extension.api.ApiException)44 Context (org.zaproxy.zap.model.Context)18 ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)12 ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)12 JSONObject (net.sf.json.JSONObject)11 DatabaseException (org.parosproxy.paros.db.DatabaseException)10 User (org.zaproxy.zap.users.User)9 ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)8 HashMap (java.util.HashMap)7 PatternSyntaxException (java.util.regex.PatternSyntaxException)6 JSONException (net.sf.json.JSONException)6 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)6 ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)6 GenericScanner2 (org.zaproxy.zap.model.GenericScanner2)6 ArrayList (java.util.ArrayList)5 ConfigurationException (org.apache.commons.configuration.ConfigurationException)5 ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)5 URIException (org.apache.commons.httpclient.URIException)4 Plugin (org.parosproxy.paros.core.scanner.Plugin)4 Session (org.parosproxy.paros.model.Session)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial