Example 6 with ApiResponse
use of org.zaproxy.zap.extension.api.ApiResponse in project zaproxy by zaproxy.
the class UsernamePasswordAuthenticationCredentialsUnitTest method shouldApiResponseRepresentationReturnApiResponseWithValidNameAndJsonFormat.
@Test
void shouldApiResponseRepresentationReturnApiResponseWithValidNameAndJsonFormat() {
// Given/When
ApiResponse apiResponse = usernamePasswordAuthenticationCredentials.getApiResponseRepresentation();
JSON jsonRepresentation = apiResponse.toJSON();
// Then
assertThat(apiResponse, notNullValue());
assertThat(apiResponse.getName(), equalToIgnoringCase("credentials"));
assertThat(jsonRepresentation.toString(), allOf(containsString("username"), containsString(username), containsString("password"), containsString(password), containsString("type"), containsString("UsernamePasswordAuthenticationCredentials")));
}
Also used :
JSON(net.sf.json.JSON)
ApiResponse(org.zaproxy.zap.extension.api.ApiResponse)
Test(org.junit.jupiter.api.Test)
Example 7 with ApiResponse
use of org.zaproxy.zap.extension.api.ApiResponse in project zaproxy by zaproxy.
the class PassiveScanAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result;
switch(name) {
case VIEW_SCAN_ONLY_IN_SCOPE:
result = new ApiResponseElement(name, Boolean.toString(extension.getPassiveScanParam().isScanOnlyInScope()));
break;
case VIEW_RECORDS_TO_SCAN:
result = new ApiResponseElement(name, String.valueOf(extension.getRecordsToScan()));
break;
case VIEW_SCANNERS:
List<PluginPassiveScanner> scanners = extension.getPluginPassiveScanners();
ApiResponseList resultList = new ApiResponseList(name);
for (PluginPassiveScanner scanner : scanners) {
Map<String, String> map = new HashMap<>();
map.put("id", String.valueOf(scanner.getPluginId()));
map.put("name", scanner.getName());
map.put("enabled", String.valueOf(scanner.isEnabled()));
map.put("alertThreshold", scanner.getAlertThreshold(true).name());
map.put("quality", scanner.getStatus().toString());
resultList.addItem(new ApiResponseSet<>("scanner", map));
}
result = resultList;
break;
case VIEW_CURRENT_RULE:
Map<String, String> map = new HashMap<>();
map.put("name", extension.getCurrentRuleName());
map.put("url", extension.getCurrentUrl());
long time = extension.getCurrentRuleStartTime();
if (time > 0) {
time = System.currentTimeMillis() - time;
}
map.put("time", String.valueOf(time));
result = new ApiResponseSet<>(name, map);
break;
case VIEW_MAX_ALERTS_PER_RULE:
result = new ApiResponseElement(VIEW_MAX_ALERTS_PER_RULE, Integer.toString(extension.getPassiveScanParam().getMaxAlertsPerRule()));
break;
default:
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
Also used :
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
HashMap(java.util.HashMap)
ApiResponse(org.zaproxy.zap.extension.api.ApiResponse)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 8 with ApiResponse
use of org.zaproxy.zap.extension.api.ApiResponse in project zaproxy by zaproxy.
the class AntiCsrfAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result;
ApiResponseList resultList;
switch(name) {
case VIEW_TOKENS_NAMES:
resultList = new ApiResponseList(name);
for (String tokenName : extension.getParam().getTokensNames()) {
resultList.addItem(new ApiResponseElement(TOKEN_NAME, tokenName));
}
result = resultList;
break;
default:
throw new ApiException(Type.BAD_VIEW);
}
return result;
}
Also used :
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
ApiResponse(org.zaproxy.zap.extension.api.ApiResponse)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 9 with ApiResponse
use of org.zaproxy.zap.extension.api.ApiResponse in project zaproxy by zaproxy.
the class AlertAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result = null;
if (VIEW_ALERT.equals(name)) {
TableAlert tableAlert = Model.getSingleton().getDb().getTableAlert();
TableAlertTag tableAlertTag = Model.getSingleton().getDb().getTableAlertTag();
RecordAlert recordAlert;
Map<String, String> alertTags;
try {
recordAlert = tableAlert.read(this.getParam(params, PARAM_ID, -1));
alertTags = tableAlertTag.getTagsByAlertId(this.getParam(params, PARAM_ID, -1));
} catch (DatabaseException e) {
logger.error("Failed to read the alert from the session:", e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
if (recordAlert == null) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
Alert alert = new Alert(recordAlert);
alert.setTags(alertTags);
result = new ApiResponseElement(alertToSet(alert));
} else if (VIEW_ALERTS.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
processAlerts(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), getRiskId(params), new Processor<Alert>() {
@Override
public void process(Alert alert) {
resultList.addItem(alertToSet(alert));
}
});
result = resultList;
} else if (VIEW_NUMBER_OF_ALERTS.equals(name)) {
CounterProcessor<Alert> counter = new CounterProcessor<>();
processAlerts(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), getRiskId(params), counter);
result = new ApiResponseElement(name, Integer.toString(counter.getCount()));
} else if (VIEW_ALERTS_SUMMARY.equals(name)) {
final int[] riskSummary = { 0, 0, 0, 0 };
Processor<Alert> counter = new Processor<Alert>() {
@Override
public void process(Alert alert) {
riskSummary[alert.getRisk()]++;
}
};
processAlerts(this.getParam(params, PARAM_BASE_URL, (String) null), -1, -1, NO_RISK_ID, counter);
Map<String, Object> alertData = new HashMap<>();
for (int i = 0; i < riskSummary.length; i++) {
alertData.put(Alert.MSG_RISK[i], riskSummary[i]);
}
result = new ApiResponseSet<Object>("risk", alertData) {
@Override
public JSON toJSON() {
JSONObject response = new JSONObject();
response.put(name, super.toJSON());
return response;
}
};
} else if (VIEW_ALERTS_BY_RISK.equals(name)) {
String url = this.getParam(params, PARAM_URL, "");
boolean recurse = this.getParam(params, PARAM_RECURSE, false);
ApiResponseList resultList = new ApiResponseList(name);
result = resultList;
// 0 (RISK_INFO) -> 3 (RISK_HIGH)
ApiResponseList[] list = new ApiResponseList[4];
for (int i = 0; i < list.length; i++) {
list[i] = new ApiResponseList(Alert.MSG_RISK[i]);
}
AlertTreeModel model = extension.getTreeModel();
AlertNode root = (AlertNode) model.getRoot();
Enumeration<?> enumAllAlerts = root.children();
while (enumAllAlerts.hasMoreElements()) {
AlertNode child = (AlertNode) enumAllAlerts.nextElement();
Alert alert = child.getUserObject();
ApiResponseList alertList = filterAlertInstances(child, url, recurse);
if (alertList.getItems().size() > 0) {
list[alert.getRisk()].addItem(alertList);
}
}
Arrays.stream(list).forEach(resultList::addItem);
} else if (VIEW_ALERT_COUNTS_BY_RISK.equals(name)) {
String url = this.getParam(params, PARAM_URL, "");
boolean recurse = this.getParam(params, PARAM_RECURSE, false);
// 0 (RISK_INFO) -> 3 (RISK_HIGH)
int[] counts = new int[] { 0, 0, 0, 0 };
AlertTreeModel model = extension.getTreeModel();
AlertNode root = (AlertNode) model.getRoot();
Enumeration<?> enumAllAlerts = root.children();
while (enumAllAlerts.hasMoreElements()) {
AlertNode child = (AlertNode) enumAllAlerts.nextElement();
Alert alert = child.getUserObject();
ApiResponseList alertList = filterAlertInstances(child, url, recurse);
if (alertList.getItems().size() > 0) {
counts[alert.getRisk()] += 1;
}
}
Map<String, Integer> map = new HashMap<>();
map.put(Alert.MSG_RISK[Alert.RISK_HIGH], counts[Alert.RISK_HIGH]);
map.put(Alert.MSG_RISK[Alert.RISK_MEDIUM], counts[Alert.RISK_MEDIUM]);
map.put(Alert.MSG_RISK[Alert.RISK_LOW], counts[Alert.RISK_LOW]);
map.put(Alert.MSG_RISK[Alert.RISK_INFO], counts[Alert.RISK_INFO]);
result = new ApiResponseSet<>(name, map);
} else {
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
Also used :
ApiResponse(org.zaproxy.zap.extension.api.ApiResponse)
ApiResponseSet(org.zaproxy.zap.extension.api.ApiResponseSet)
TableAlertTag(org.zaproxy.zap.db.TableAlertTag)
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
Enumeration(java.util.Enumeration)
RecordAlert(org.parosproxy.paros.db.RecordAlert)
JSONObject(net.sf.json.JSONObject)
TableAlert(org.parosproxy.paros.db.TableAlert)
Alert(org.parosproxy.paros.core.scanner.Alert)
RecordAlert(org.parosproxy.paros.db.RecordAlert)
TableAlert(org.parosproxy.paros.db.TableAlert)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
HashMap(java.util.HashMap)
Map(java.util.Map)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 10 with ApiResponse
use of org.zaproxy.zap.extension.api.ApiResponse in project zaproxy by zaproxy.
the class RuleConfigAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result;
switch(name) {
case VIEW_RULE_CONFIG_VALUE:
RuleConfig rc = extension.getRuleConfig(params.getString(PARAM_KEY));
if (rc != null) {
result = new ApiResponseElement(name, rc.getValue());
} else {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_KEY);
}
break;
case VIEW_ALL_RULE_CONFIGS:
List<RuleConfig> allRules = extension.getAllRuleConfigs();
ApiResponseList resultList = new ApiResponseList(name);
for (RuleConfig rc2 : allRules) {
Map<String, String> map = new HashMap<>();
map.put("key", String.valueOf(rc2.getKey()));
map.put("defaultValue", rc2.getDefaultValue());
map.put("value", String.valueOf(rc2.getValue()));
if (Constant.messages.containsKey(rc2.getKey())) {
map.put("description", Constant.messages.getString(rc2.getKey()));
}
resultList.addItem(new ApiResponseSet<>("ruleConfig", map));
}
result = resultList;
break;
default:
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
Also used :
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
HashMap(java.util.HashMap)
ApiResponse(org.zaproxy.zap.extension.api.ApiResponse)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Aggregations
ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)10
ApiException (org.zaproxy.zap.extension.api.ApiException)9
ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)9
ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)8
HashMap (java.util.HashMap)6
DatabaseException (org.parosproxy.paros.db.DatabaseException)3
ApiResponseSet (org.zaproxy.zap.extension.api.ApiResponseSet)3
ArrayList (java.util.ArrayList)2
Enumeration (java.util.Enumeration)2
List (java.util.List)2
Map (java.util.Map)2
JSON (net.sf.json.JSON)2
JSONObject (net.sf.json.JSONObject)2
Alert (org.parosproxy.paros.core.scanner.Alert)2
RecordAlert (org.parosproxy.paros.db.RecordAlert)2
TableAlert (org.parosproxy.paros.db.TableAlert)2
Session (org.parosproxy.paros.model.Session)2
Arrays (java.util.Arrays)1
Date (java.util.Date)1
HashSet (java.util.HashSet)1
