Example 36 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class SessionManagementAPI method getContext.
/**
* Gets the context from the parameters or throws a Missing Parameter exception, if any problems
* occured.
*
* @param params the params
* @return the context
* @throws ApiException the api exception
*/
private Context getContext(JSONObject params) throws ApiException {
int contextId = getContextId(params);
Context context = Model.getSingleton().getSession().getContext(contextId);
if (context == null)
throw new ApiException(Type.CONTEXT_NOT_FOUND, PARAM_CONTEXT_ID);
return context;
}
Also used :
Context(org.zaproxy.zap.model.Context)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 37 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class SearchAPI method handleApiView.
@Override
public ApiResponse handleApiView(final String name, JSONObject params) throws ApiException {
final ApiResponseList result = new ApiResponseList(name);
ExtensionSearch.Type searchType;
SearchViewResponseType responseType;
switch(name) {
case VIEW_URLS_BY_URL_REGEX:
searchType = ExtensionSearch.Type.URL;
responseType = SearchViewResponseType.URL;
break;
case VIEW_MESSAGES_BY_URL_REGEX:
searchType = ExtensionSearch.Type.URL;
responseType = SearchViewResponseType.MESSAGE;
break;
case VIEW_URLS_BY_REQUEST_REGEX:
searchType = ExtensionSearch.Type.Request;
responseType = SearchViewResponseType.URL;
break;
case VIEW_MESSAGES_BY_REQUEST_REGEX:
searchType = ExtensionSearch.Type.Request;
responseType = SearchViewResponseType.MESSAGE;
break;
case VIEW_URLS_BY_RESPONSE_REGEX:
searchType = ExtensionSearch.Type.Response;
responseType = SearchViewResponseType.URL;
break;
case VIEW_MESSAGES_BY_RESPONSE_REGEX:
searchType = ExtensionSearch.Type.Response;
responseType = SearchViewResponseType.MESSAGE;
break;
case VIEW_URLS_BY_HEADER_REGEX:
searchType = ExtensionSearch.Type.Header;
responseType = SearchViewResponseType.URL;
break;
case VIEW_MESSAGES_BY_HEADER_REGEX:
searchType = ExtensionSearch.Type.Header;
responseType = SearchViewResponseType.MESSAGE;
break;
default:
throw new ApiException(ApiException.Type.BAD_VIEW);
}
validateRegex(params);
try {
SearchResultsProcessor processor;
if (SearchViewResponseType.MESSAGE == responseType) {
processor = new SearchResultsProcessor() {
@Override
public void processRecordHistory(RecordHistory recordHistory) {
result.addItem(ApiResponseConversionUtils.httpMessageToSet(recordHistory.getHistoryId(), recordHistory.getHistoryType(), recordHistory.getHttpMessage()));
}
};
} else {
processor = new SearchResultsProcessor() {
@Override
public void processRecordHistory(RecordHistory recordHistory) {
final HttpMessage msg = recordHistory.getHttpMessage();
Map<String, String> map = new HashMap<>();
map.put("id", String.valueOf(recordHistory.getHistoryId()));
map.put("type", String.valueOf(recordHistory.getHistoryType()));
map.put("method", msg.getRequestHeader().getMethod());
map.put("url", msg.getRequestHeader().getURI().toString());
map.put("code", String.valueOf(msg.getResponseHeader().getStatusCode()));
map.put("time", String.valueOf(msg.getTimeElapsedMillis()));
result.addItem(new ApiResponseSet<String>(name, map));
}
};
}
search(params, searchType, processor);
} catch (Exception e) {
log.error(e.getMessage(), e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
return result;
}
Also used :
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
ApiResponseSet(org.zaproxy.zap.extension.api.ApiResponseSet)
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
RecordHistory(org.parosproxy.paros.db.RecordHistory)
HashMap(java.util.HashMap)
Map(java.util.Map)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 38 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class SearchAPI method handleApiOther.
@Override
public HttpMessage handleApiOther(HttpMessage msg, String name, JSONObject params) throws ApiException {
byte[] responseBody = {};
ExtensionSearch.Type searchType;
switch(name) {
case OTHER_HAR_BY_URL_REGEX:
searchType = ExtensionSearch.Type.URL;
break;
case OTHER_HAR_BY_REQUEST_REGEX:
searchType = ExtensionSearch.Type.Request;
break;
case OTHER_HAR_BY_RESPONSE_REGEX:
searchType = ExtensionSearch.Type.Response;
break;
case OTHER_HAR_BY_HEADER_REGEX:
searchType = ExtensionSearch.Type.Header;
break;
default:
throw new ApiException(ApiException.Type.BAD_OTHER);
}
validateRegex(params);
try {
final HarEntries entries = new HarEntries();
search(params, searchType, new SearchResultsProcessor() {
@Override
public void processRecordHistory(RecordHistory recordHistory) {
entries.addEntry(HarUtils.createHarEntry(recordHistory.getHttpMessage()));
}
});
HarLog harLog = HarUtils.createZapHarLog();
harLog.setEntries(entries);
responseBody = HarUtils.harLogToByteArray(harLog);
} catch (Exception e) {
log.error(e.getMessage(), e);
ApiException apiException = new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
responseBody = apiException.toString(API.Format.JSON, incErrorDetails()).getBytes(StandardCharsets.UTF_8);
}
try {
msg.setResponseHeader(API.getDefaultResponseHeader("application/json; charset=UTF-8", responseBody.length));
} catch (HttpMalformedHeaderException e) {
log.error("Failed to create response header: " + e.getMessage(), e);
}
msg.setResponseBody(responseBody);
return msg;
}
Also used :
HarEntries(edu.umass.cs.benchlab.har.HarEntries)
HarLog(edu.umass.cs.benchlab.har.HarLog)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
RecordHistory(org.parosproxy.paros.db.RecordHistory)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 39 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class HttpSessionsAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
if (log.isDebugEnabled()) {
log.debug("Request for handleApiView: " + name + " (params: " + params.toString() + ")");
}
HttpSessionsSite site;
switch(name) {
case VIEW_SITES:
// Get all sites with sessions
ApiResponseList responseSites = new ApiResponseList(name);
for (String s : extension.getSites()) {
responseSites.addItem(new ApiResponseElement("site", s));
}
return responseSites;
case VIEW_SESSIONS:
// Get existing sessions
site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), false);
if (site == null) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
}
ApiResponseList response = new ApiResponseList(name);
String vsName = getParam(params, VIEW_PARAM_SESSION, "");
// If a session name was not provided
if (vsName == null || vsName.isEmpty()) {
Set<HttpSession> sessions = site.getHttpSessions();
if (log.isDebugEnabled()) {
log.debug("API View for sessions for " + ApiUtils.getAuthority(params.getString(VIEW_PARAM_SITE)) + ": " + site);
}
// Build the response
for (HttpSession session : sessions) {
// Dont include 'null' sessions
if (session.getTokenValuesUnmodifiableMap().size() > 0) {
response.addItem(createSessionResponse(session));
}
}
} else // If a session name was provided
{
HttpSession session = site.getHttpSession(vsName);
if (session != null) {
response.addItem(createSessionResponse(session));
}
}
return response;
case VIEW_ACTIVE_SESSION:
// Get existing sessions
site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), false);
if (site == null) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
}
if (log.isDebugEnabled()) {
log.debug("API View for active session for " + ApiUtils.getAuthority(params.getString(VIEW_PARAM_SITE)) + ": " + site);
}
if (site.getActiveSession() != null) {
return new ApiResponseElement("active_session", site.getActiveSession().getName());
} else {
return new ApiResponseElement("active_session", "");
}
case VIEW_SESSION_TOKENS:
final String siteName = ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE));
// Check if the site exists
if (extension.getHttpSessionsSite(siteName, false) == null) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
}
// Get session tokens
HttpSessionTokensSet sessionTokens = extension.getHttpSessionTokensSet(siteName);
ApiResponseList responseST = new ApiResponseList("session_tokens");
if (sessionTokens != null) {
Set<String> tokens = sessionTokens.getTokensSet();
// Build response list
if (tokens != null) {
for (String token : tokens) {
responseST.addItem(new ApiResponseElement("token", token));
}
}
}
return responseST;
default:
throw new ApiException(ApiException.Type.BAD_VIEW);
}
}
Also used :
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 40 with ApiException
use of org.zaproxy.zap.extension.api.ApiException in project zaproxy by zaproxy.
the class ParamsAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
if (VIEW_PARAMS.equals(name)) {
ApiResponseList result = new ApiResponseList("Parameters");
if (params.containsKey(VIEW_PARAMS_PARAM_SITE)) {
String paramSite = params.getString(VIEW_PARAMS_PARAM_SITE);
if (!paramSite.isEmpty()) {
String site = ApiUtils.getAuthority(paramSite);
if (!extension.hasSite(site)) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST, paramSite);
}
if (extension.hasParameters(site)) {
result.addItem(createSiteParamStatsResponse(extension.getSiteParameters(site)));
}
return result;
}
}
Collection<SiteParameters> siteParams = extension.getAllSiteParameters();
for (SiteParameters siteParam : siteParams) {
result.addItem(createSiteParamStatsResponse(siteParam));
}
return result;
} else {
throw new ApiException(ApiException.Type.BAD_VIEW);
}
}
Also used :
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Aggregations
ApiException (org.zaproxy.zap.extension.api.ApiException)44
Context (org.zaproxy.zap.model.Context)18
ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)12
ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)12
JSONObject (net.sf.json.JSONObject)11
DatabaseException (org.parosproxy.paros.db.DatabaseException)10
User (org.zaproxy.zap.users.User)9
ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)8
HashMap (java.util.HashMap)7
PatternSyntaxException (java.util.regex.PatternSyntaxException)6
JSONException (net.sf.json.JSONException)6
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)6
ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)6
GenericScanner2 (org.zaproxy.zap.model.GenericScanner2)6
ArrayList (java.util.ArrayList)5
ConfigurationException (org.apache.commons.configuration.ConfigurationException)5
ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)5
URIException (org.apache.commons.httpclient.URIException)4
Plugin (org.parosproxy.paros.core.scanner.Plugin)4
Session (org.parosproxy.paros.model.Session)4
