Search in sources :

Example 6 with ApiResponseElement

use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.

the class ScriptAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    if (VIEW_SCRIPTS.equals(name)) {
        ApiResponseList result = new ApiResponseList(name);
        for (ScriptType type : extension.getScriptTypes()) {
            for (ScriptWrapper script : extension.getScripts(type)) {
                Map<String, String> map = new HashMap<>();
                map.put("name", script.getName());
                map.put("type", script.getTypeName());
                map.put("engine", script.getEngineName());
                map.put("description", script.getDescription());
                map.put("error", Boolean.toString(script.isError()));
                if (script.isError()) {
                    map.put("lastError", script.getLastErrorDetails());
                }
                if (type.isEnableable()) {
                    map.put("enabled", Boolean.toString(script.isEnabled()));
                }
                result.addItem(new ApiResponseSet<>("Script", map));
            }
        }
        return result;
    } else if (VIEW_ENGINES.equals(name)) {
        ApiResponseList result = new ApiResponseList(name);
        for (String engine : extension.getScriptingEngines()) {
            result.addItem(new ApiResponseElement("engine", engine));
        }
        return result;
    } else if (VIEW_TYPES.equals(name)) {
        ApiResponseList result = new ApiResponseList(name);
        for (ScriptType type : extension.getScriptTypes()) {
            Map<String, String> data = new HashMap<>();
            data.put("name", type.getName());
            data.put("uiName", Constant.messages.getString(type.getI18nKey()));
            String descKey = type.getI18nKey() + ".desc";
            String description = Constant.messages.containsKey(descKey) ? Constant.messages.getString(descKey) : "";
            data.put("description", description);
            data.put("enableable", String.valueOf(type.isEnableable()));
            if (type.isEnableable()) {
                data.put("enabledByDefault", String.valueOf(type.isEnabledByDefault()));
            }
            result.addItem(new ApiResponseSet<>("type", data));
        }
        return result;
    } else if (VIEW_GLOBAL_VAR.equals(name)) {
        String value = ScriptVars.getGlobalVar(params.getString(PARAM_VAR_KEY));
        validateVarValue(value);
        return new ApiResponseElement(name, value);
    } else if (VIEW_GLOBAL_CUSTOM_VAR.equals(name)) {
        Object value = ScriptVars.getGlobalCustomVar(params.getString(PARAM_VAR_KEY));
        validateVarValue(value);
        return new ApiResponseElement(name, value.toString());
    } else if (VIEW_GLOBAL_VARS.equals(name)) {
        return new ScriptVarsResponse(name, ScriptVars.getGlobalVars());
    } else if (VIEW_GLOBAL_CUSTOM_VARS.equals(name)) {
        return new ScriptVarsResponse(name, convertCustomVars(ScriptVars.getGlobalCustomVars()));
    } else if (VIEW_SCRIPT_VAR.equals(name)) {
        String value = ScriptVars.getScriptVar(getAndValidateScriptName(params), params.getString(PARAM_VAR_KEY));
        validateVarValue(value);
        return new ApiResponseElement(name, value);
    } else if (VIEW_SCRIPT_CUSTOM_VAR.equals(name)) {
        Object value = ScriptVars.getScriptCustomVar(getAndValidateScriptName(params), params.getString(PARAM_VAR_KEY));
        validateVarValue(value);
        return new ApiResponseElement(name, value.toString());
    } else if (VIEW_SCRIPT_VARS.equals(name)) {
        return new ScriptVarsResponse(name, ScriptVars.getScriptVars(getAndValidateScriptName(params)));
    } else if (VIEW_SCRIPT_CUSTOM_VARS.equals(name)) {
        return new ScriptVarsResponse(name, convertCustomVars(ScriptVars.getScriptCustomVars(getAndValidateScriptName(params))));
    } else {
        throw new ApiException(ApiException.Type.BAD_VIEW);
    }
}
Also used : ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) HashMap(java.util.HashMap) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) JSONObject(net.sf.json.JSONObject) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 7 with ApiResponseElement

use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.

the class ActiveScanAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    ApiResponse result;
    ActiveScan activeScan = null;
    ScanPolicy policy;
    int categoryId;
    switch(name) {
        case VIEW_STATUS:
            activeScan = getActiveScan(params);
            int progress = 0;
            if (activeScan.isStopped()) {
                progress = 100;
            } else {
                progress = activeScan.getProgress();
            }
            result = new ApiResponseElement(name, String.valueOf(progress));
            break;
        case VIEW_SCANS:
            ApiResponseList resultList = new ApiResponseList(name);
            for (ActiveScan scan : controller.getAllScans()) {
                Map<String, String> map = new HashMap<>();
                map.put("id", Integer.toString(scan.getScanId()));
                map.put("progress", Integer.toString(scan.getProgress()));
                map.put("state", scan.getState().name());
                map.put("reqCount", Integer.toString(scan.getTotalRequests()));
                map.put("alertCount", Integer.toString(scan.getAlertsIds().size()));
                map.put("newAlertCount", Integer.toString(scan.getTotalNewAlerts()));
                resultList.addItem(new ApiResponseSet<>("scan", map));
            }
            result = resultList;
            break;
        case VIEW_SCAN_PROGRESS:
            resultList = new ApiResponseList(name);
            activeScan = getActiveScan(params);
            for (HostProcess hp : activeScan.getHostProcesses()) {
                ApiResponseList hpList = new ApiResponseList("HostProcess");
                resultList.addItem(new ApiResponseElement("id", hp.getHostAndPort()));
                for (Plugin plugin : hp.getCompleted()) {
                    long timeTaken = plugin.getTimeFinished().getTime() - plugin.getTimeStarted().getTime();
                    int reqs = hp.getPluginRequestCount(plugin.getId());
                    int alertCount = hp.getPluginStats(plugin.getId()).getAlertCount();
                    hpList.addItem(createPluginProgressEntry(plugin, getStatus(hp, plugin, "Complete"), timeTaken, reqs, alertCount));
                }
                for (Plugin plugin : hp.getRunning()) {
                    int pc = hp.getTestCurrentCount(plugin) * 100 / hp.getTestTotalCount();
                    // enumerated at the beginning.
                    if (pc >= 100) {
                        pc = 99;
                    }
                    long timeTaken = new Date().getTime() - plugin.getTimeStarted().getTime();
                    int reqs = hp.getPluginRequestCount(plugin.getId());
                    int alertCount = hp.getPluginStats(plugin.getId()).getAlertCount();
                    hpList.addItem(createPluginProgressEntry(plugin, pc + "%", timeTaken, reqs, alertCount));
                }
                for (Plugin plugin : hp.getPending()) {
                    hpList.addItem(createPluginProgressEntry(plugin, getStatus(hp, plugin, "Pending"), 0, 0, 0));
                }
                resultList.addItem(hpList);
            }
            result = resultList;
            break;
        case VIEW_MESSAGES_IDS:
            resultList = new ApiResponseList(name);
            activeScan = getActiveScan(params);
            synchronized (activeScan.getMessagesIds()) {
                for (Integer id : activeScan.getMessagesIds()) {
                    resultList.addItem(new ApiResponseElement("id", id.toString()));
                }
            }
            result = resultList;
            break;
        case VIEW_ALERTS_IDS:
            resultList = new ApiResponseList(name);
            activeScan = getActiveScan(params);
            synchronized (activeScan.getAlertsIds()) {
                for (Integer id : activeScan.getAlertsIds()) {
                    resultList.addItem(new ApiResponseElement("id", id.toString()));
                }
            }
            result = resultList;
            break;
        case VIEW_EXCLUDED_FROM_SCAN:
            result = new ApiResponseList(name);
            Session session = Model.getSingleton().getSession();
            List<String> regexs = session.getExcludeFromScanRegexs();
            for (String regex : regexs) {
                ((ApiResponseList) result).addItem(new ApiResponseElement("regex", regex));
            }
            break;
        case VIEW_SCANNERS:
            policy = getScanPolicyFromParams(params);
            List<Plugin> scanners = policy.getPluginFactory().getAllPlugin();
            categoryId = getParam(params, PARAM_CATEGORY_ID, -1);
            if (categoryId != -1 && !hasPolicyWithId(categoryId)) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_CATEGORY_ID);
            }
            resultList = new ApiResponseList(name);
            for (Plugin scanner : scanners) {
                if (categoryId == -1 || categoryId == scanner.getCategory()) {
                    resultList.addItem(new ScannerApiResponse(policy, scanner));
                }
            }
            result = resultList;
            break;
        case VIEW_POLICIES:
            policy = getScanPolicyFromParams(params);
            String[] policies = Category.getAllNames();
            resultList = new ApiResponseList(name);
            for (String pluginName : policies) {
                categoryId = Category.getCategory(pluginName);
                Plugin.AttackStrength attackStrength = getPolicyAttackStrength(policy, categoryId);
                Plugin.AlertThreshold alertThreshold = getPolicyAlertThreshold(policy, categoryId);
                Map<String, String> map = new HashMap<>();
                map.put("id", String.valueOf(categoryId));
                map.put("name", pluginName);
                map.put("attackStrength", attackStrength == null ? "" : String.valueOf(attackStrength));
                map.put("alertThreshold", alertThreshold == null ? "" : String.valueOf(alertThreshold));
                map.put("enabled", String.valueOf(isPolicyEnabled(policy, categoryId)));
                resultList.addItem(new ApiResponseSet<>("policy", map));
            }
            result = resultList;
            break;
        case VIEW_SCAN_POLICY_NAMES:
            resultList = new ApiResponseList(name);
            for (String policyName : controller.getPolicyManager().getAllPolicyNames()) {
                resultList.addItem(new ApiResponseElement("policy", policyName));
            }
            result = resultList;
            break;
        case VIEW_ATTACK_MODE_QUEUE:
            result = new ApiResponseElement(name, String.valueOf(controller.getAttackModeStackSize()));
            break;
        case VIEW_OPTION_EXCLUDED_PARAM_LIST:
        case VIEW_EXCLUDED_PARAMS:
            resultList = new ApiResponseList(name);
            List<ScannerParamFilter> excludedParams = controller.getScannerParam().getExcludedParamList();
            for (int i = 0; i < excludedParams.size(); i++) {
                resultList.addItem(new ExcludedParamApiResponse(excludedParams.get(i), i));
            }
            result = resultList;
            break;
        case VIEW_EXCLUDED_PARAM_TYPES:
            resultList = new ApiResponseList(name);
            for (Entry<Integer, String> type : ScannerParamFilter.getTypes().entrySet()) {
                Map<String, String> typeData = new HashMap<>();
                typeData.put("id", Integer.toString(type.getKey()));
                typeData.put("name", type.getValue());
                resultList.addItem(new ApiResponseSet<>("type", typeData));
            }
            result = resultList;
            break;
        default:
            throw new ApiException(ApiException.Type.BAD_VIEW);
    }
    return result;
}
Also used : AlertThreshold(org.parosproxy.paros.core.scanner.Plugin.AlertThreshold) HashMap(java.util.HashMap) ScannerParamFilter(org.parosproxy.paros.core.scanner.ScannerParamFilter) ApiResponse(org.zaproxy.zap.extension.api.ApiResponse) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) Date(java.util.Date) HostProcess(org.parosproxy.paros.core.scanner.HostProcess) Plugin(org.parosproxy.paros.core.scanner.Plugin) Session(org.parosproxy.paros.model.Session) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 8 with ApiResponseElement

use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.

the class ActiveScanAPI method createPluginProgressEntry.

private static ApiResponseList createPluginProgressEntry(Plugin plugin, String status, long timeTaken, int requestCount, int alertCount) {
    ApiResponseList pList = new ApiResponseList("Plugin");
    pList.addItem(new ApiResponseElement("name", plugin.getName()));
    pList.addItem(new ApiResponseElement("id", Integer.toString(plugin.getId())));
    pList.addItem(new ApiResponseElement("quality", plugin.getStatus().toString()));
    pList.addItem(new ApiResponseElement("status", status));
    pList.addItem(new ApiResponseElement("timeInMs", Long.toString(timeTaken)));
    pList.addItem(new ApiResponseElement("reqCount", Integer.toString(requestCount)));
    pList.addItem(new ApiResponseElement("alertCount", Integer.toString(alertCount)));
    return pList;
}
Also used : ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)

Example 9 with ApiResponseElement

use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.

the class ActiveScanAPI method handleApiAction.

@SuppressWarnings({ "fallthrough" })
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
    log.debug("handleApiAction " + name + " " + params.toString());
    ScanPolicy policy;
    int policyId;
    User user = null;
    Context context = null;
    try {
        switch(name) {
            case ACTION_SCAN_AS_USER:
                // These are not mandatory parameters on purpose, to keep the same order
                // of the parameters while having PARAM_URL as (now) optional.
                validateParamExists(params, PARAM_CONTEXT_ID);
                validateParamExists(params, PARAM_USER_ID);
                int userID = ApiUtils.getIntParam(params, PARAM_USER_ID);
                ExtensionUserManagement usersExtension = Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.class);
                if (usersExtension == null) {
                    throw new ApiException(Type.NO_IMPLEMENTOR, ExtensionUserManagement.NAME);
                }
                context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
                user = usersExtension.getContextUserAuthManager(context.getId()).getUserById(userID);
                if (user == null) {
                    throw new ApiException(Type.USER_NOT_FOUND, PARAM_USER_ID);
                }
            // $FALL-THROUGH$
            case ACTION_SCAN:
                String url = ApiUtils.getOptionalStringParam(params, PARAM_URL);
                if (context == null && params.has(PARAM_CONTEXT_ID) && !params.getString(PARAM_CONTEXT_ID).isEmpty()) {
                    context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
                }
                boolean scanJustInScope = context != null ? false : this.getParam(params, PARAM_JUST_IN_SCOPE, false);
                String policyName = null;
                policy = null;
                try {
                    policyName = params.getString(PARAM_SCAN_POLICY_NAME);
                } catch (Exception e1) {
                // Ignore
                }
                try {
                    if (policyName != null && policyName.length() > 0) {
                        // Not specified, use the default one
                        log.debug("handleApiAction scan policy =" + policyName);
                        policy = controller.getPolicyManager().getPolicy(policyName);
                    }
                } catch (ConfigurationException e) {
                    throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_SCAN_POLICY_NAME);
                }
                String method = this.getParam(params, PARAM_METHOD, HttpRequestHeader.GET);
                if (method.trim().length() == 0) {
                    method = HttpRequestHeader.GET;
                }
                if (!Arrays.asList(HttpRequestHeader.METHODS).contains(method)) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_METHOD);
                }
                int scanId = scanURL(url, user, this.getParam(params, PARAM_RECURSE, true), scanJustInScope, method, this.getParam(params, PARAM_POST_DATA, ""), policy, context);
                return new ApiResponseElement(name, Integer.toString(scanId));
            case ACTION_PAUSE_SCAN:
                getActiveScan(params).pauseScan();
                break;
            case ACTION_RESUME_SCAN:
                getActiveScan(params).resumeScan();
                break;
            case ACTION_STOP_SCAN:
                getActiveScan(params).stopScan();
                break;
            case ACTION_REMOVE_SCAN:
                ActiveScan activeScan = controller.removeScan(params.getInt(PARAM_SCAN_ID));
                if (activeScan == null) {
                    throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_SCAN_ID);
                }
                break;
            case ACTION_PAUSE_ALL_SCANS:
                controller.pauseAllScans();
                break;
            case ACTION_RESUME_ALL_SCANS:
                controller.resumeAllScans();
                break;
            case ACTION_STOP_ALL_SCANS:
                controller.stopAllScans();
                break;
            case ACTION_REMOVE_ALL_SCANS:
                controller.removeAllScans();
                break;
            case ACTION_CLEAR_EXCLUDED_FROM_SCAN:
                try {
                    Session session = Model.getSingleton().getSession();
                    session.setExcludeFromScanRegexs(new ArrayList<>());
                } catch (DatabaseException e) {
                    log.error(e.getMessage(), e);
                    throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
                }
                break;
            case ACTION_EXCLUDE_FROM_SCAN:
                String regex = params.getString(PARAM_REGEX);
                try {
                    Session session = Model.getSingleton().getSession();
                    session.addExcludeFromScanRegexs(regex);
                } catch (DatabaseException e) {
                    log.error(e.getMessage(), e);
                    throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
                } catch (PatternSyntaxException e) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REGEX);
                }
                break;
            case ACTION_ENABLE_ALL_SCANNERS:
                policy = getScanPolicyFromParams(params);
                policy.getPluginFactory().setAllPluginEnabled(true);
                policy.save();
                break;
            case ACTION_DISABLE_ALL_SCANNERS:
                policy = getScanPolicyFromParams(params);
                policy.getPluginFactory().setAllPluginEnabled(false);
                policy.save();
                break;
            case ACTION_ENABLE_SCANNERS:
                policy = getScanPolicyFromParams(params);
                setScannersEnabled(policy, getParam(params, PARAM_IDS, "").split(","), true);
                policy.save();
                break;
            case ACTION_DISABLE_SCANNERS:
                policy = getScanPolicyFromParams(params);
                setScannersEnabled(policy, getParam(params, PARAM_IDS, "").split(","), false);
                policy.save();
                break;
            case ACTION_SET_ENABLED_POLICIES:
                policy = getScanPolicyFromParams(params);
                setEnabledPolicies(policy, getParam(params, PARAM_IDS, "").split(","));
                policy.save();
                break;
            case ACTION_SET_POLICY_ATTACK_STRENGTH:
                policyId = getPolicyIdFromParamId(params);
                policy = getScanPolicyFromParams(params);
                Plugin.AttackStrength attackStrength = getAttackStrengthFromParamAttack(params);
                for (Plugin scanner : policy.getPluginFactory().getAllPlugin()) {
                    if (scanner.getCategory() == policyId) {
                        scanner.setAttackStrength(attackStrength);
                    }
                }
                policy.save();
                break;
            case ACTION_SET_POLICY_ALERT_THRESHOLD:
                policyId = getPolicyIdFromParamId(params);
                policy = getScanPolicyFromParams(params);
                Plugin.AlertThreshold alertThreshold1 = getAlertThresholdFromParamAlertThreshold(params);
                for (Plugin scanner : policy.getPluginFactory().getAllPlugin()) {
                    if (scanner.getCategory() == policyId) {
                        scanner.setAlertThreshold(alertThreshold1);
                    }
                }
                policy.save();
                break;
            case ACTION_SET_SCANNER_ATTACK_STRENGTH:
                policy = getScanPolicyFromParams(params);
                Plugin scanner = getScannerFromParamId(policy, params);
                scanner.setAttackStrength(getAttackStrengthFromParamAttack(params));
                policy.save();
                break;
            case ACTION_SET_SCANNER_ALERT_THRESHOLD:
                policy = getScanPolicyFromParams(params);
                AlertThreshold alertThreshold2 = getAlertThresholdFromParamAlertThreshold(params);
                getScannerFromParamId(policy, params).setAlertThreshold(alertThreshold2);
                policy.save();
                break;
            case ACTION_ADD_SCAN_POLICY:
                String newPolicyName = params.getString(PARAM_SCAN_POLICY_NAME);
                if (controller.getPolicyManager().getAllPolicyNames().contains(newPolicyName)) {
                    throw new ApiException(ApiException.Type.ALREADY_EXISTS, PARAM_SCAN_POLICY_NAME);
                }
                if (!controller.getPolicyManager().isLegalPolicyName(newPolicyName)) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_SCAN_POLICY_NAME);
                }
                policy = controller.getPolicyManager().getTemplatePolicy();
                policy.setName(newPolicyName);
                setAlertThreshold(policy, params);
                setAttackStrength(policy, params);
                controller.getPolicyManager().savePolicy(policy);
                break;
            case ACTION_REMOVE_SCAN_POLICY:
                // Check it exists
                policy = getScanPolicyFromParams(params);
                if (controller.getPolicyManager().getAllPolicyNames().size() == 1) {
                    // Dont remove the last one
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, "You are not allowed to remove the last scan policy");
                }
                controller.getPolicyManager().deletePolicy(policy.getName());
                break;
            case ACTION_UPDATE_SCAN_POLICY:
                policy = getScanPolicyFromParams(params);
                if (!isParamsChanged(policy, params)) {
                    break;
                }
                updateAlertThreshold(policy, params);
                updateAttackStrength(policy, params);
                controller.getPolicyManager().savePolicy(policy);
                break;
            case ACTION_IMPORT_SCAN_POLICY:
                File file = new File(params.getString(PARAM_PATH));
                if (!file.exists()) {
                    throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_PATH);
                }
                if (!file.isFile()) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_PATH);
                }
                ScanPolicy scanPolicy;
                try {
                    scanPolicy = new ScanPolicy(new ZapXmlConfiguration(file));
                } catch (IllegalArgumentException | ConfigurationException e) {
                    throw new ApiException(ApiException.Type.BAD_EXTERNAL_DATA, file.toString(), e);
                }
                String scanPolicyName = scanPolicy.getName();
                if (scanPolicyName.isEmpty()) {
                    scanPolicyName = file.getName();
                }
                if (controller.getPolicyManager().getAllPolicyNames().contains(scanPolicyName)) {
                    throw new ApiException(ApiException.Type.ALREADY_EXISTS, scanPolicyName);
                }
                if (!controller.getPolicyManager().isLegalPolicyName(scanPolicyName)) {
                    throw new ApiException(ApiException.Type.BAD_EXTERNAL_DATA, scanPolicyName);
                }
                try {
                    controller.getPolicyManager().savePolicy(scanPolicy);
                } catch (ConfigurationException e) {
                    throw new ApiException(ApiException.Type.INTERNAL_ERROR, e);
                }
                break;
            case ACTION_ADD_EXCLUDED_PARAM:
                int type = getParam(params, PARAM_TYPE, NameValuePair.TYPE_UNDEFINED);
                if (!ScannerParamFilter.getTypes().containsKey(type)) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_TYPE);
                }
                url = getParam(params, PARAM_URL, "*");
                if (url.isEmpty()) {
                    url = "*";
                }
                ScannerParamFilter excludedParam = new ScannerParamFilter(params.getString(PARAM_NAME), type, url);
                List<ScannerParamFilter> excludedParams = new ArrayList<>(controller.getScannerParam().getExcludedParamList());
                excludedParams.add(excludedParam);
                controller.getScannerParam().setExcludedParamList(excludedParams);
                break;
            case ACTION_MODIFY_EXCLUDED_PARAM:
                try {
                    int idx = params.getInt(PARAM_IDX);
                    if (idx < 0 || idx >= controller.getScannerParam().getExcludedParamList().size()) {
                        throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
                    }
                    ScannerParamFilter oldExcludedParam = controller.getScannerParam().getExcludedParamList().get(idx);
                    String epName = getParam(params, PARAM_NAME, oldExcludedParam.getParamName());
                    if (epName.isEmpty()) {
                        epName = oldExcludedParam.getParamName();
                    }
                    type = getParam(params, PARAM_TYPE, oldExcludedParam.getType());
                    if (!ScannerParamFilter.getTypes().containsKey(type)) {
                        throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_TYPE);
                    }
                    url = getParam(params, PARAM_URL, oldExcludedParam.getWildcardedUrl());
                    if (url.isEmpty()) {
                        url = "*";
                    }
                    ScannerParamFilter newExcludedParam = new ScannerParamFilter(epName, type, url);
                    if (oldExcludedParam.equals(newExcludedParam)) {
                        break;
                    }
                    excludedParams = new ArrayList<>(controller.getScannerParam().getExcludedParamList());
                    excludedParams.set(idx, newExcludedParam);
                    controller.getScannerParam().setExcludedParamList(excludedParams);
                } catch (JSONException e) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
                }
                break;
            case ACTION_REMOVE_EXCLUDED_PARAM:
                try {
                    int idx = params.getInt(PARAM_IDX);
                    if (idx < 0 || idx >= controller.getScannerParam().getExcludedParamList().size()) {
                        throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
                    }
                    excludedParams = new ArrayList<>(controller.getScannerParam().getExcludedParamList());
                    excludedParams.remove(idx);
                    controller.getScannerParam().setExcludedParamList(excludedParams);
                } catch (JSONException e) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
                }
                break;
            case ACTION_SKIP_SCANNER:
                int pluginId = getParam(params, PARAM_SCANNER_ID, -1);
                if (pluginId == -1) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_SCANNER_ID);
                }
                String reason = Constant.messages.getString("ascan.progress.label.skipped.reason.user");
                getActiveScan(params).getHostProcesses().forEach(hp -> hp.pluginSkipped(pluginId, reason));
                break;
            default:
                throw new ApiException(ApiException.Type.BAD_ACTION);
        }
    } catch (ConfigurationException e) {
        throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
    }
    return ApiResponseElement.OK;
}
Also used : AlertThreshold(org.parosproxy.paros.core.scanner.Plugin.AlertThreshold) User(org.zaproxy.zap.users.User) ScannerParamFilter(org.parosproxy.paros.core.scanner.ScannerParamFilter) ArrayList(java.util.ArrayList) ConfigurationException(org.apache.commons.configuration.ConfigurationException) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) PatternSyntaxException(java.util.regex.PatternSyntaxException) Context(org.zaproxy.zap.model.Context) JSONException(net.sf.json.JSONException) URIException(org.apache.commons.httpclient.URIException) PatternSyntaxException(java.util.regex.PatternSyntaxException) ApiException(org.zaproxy.zap.extension.api.ApiException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) JSONException(net.sf.json.JSONException) DatabaseException(org.parosproxy.paros.db.DatabaseException) AlertThreshold(org.parosproxy.paros.core.scanner.Plugin.AlertThreshold) ExtensionUserManagement(org.zaproxy.zap.extension.users.ExtensionUserManagement) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) DatabaseException(org.parosproxy.paros.db.DatabaseException) File(java.io.File) ApiException(org.zaproxy.zap.extension.api.ApiException) Session(org.parosproxy.paros.model.Session) Plugin(org.parosproxy.paros.core.scanner.Plugin)

Example 10 with ApiResponseElement

use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.

the class HttpSessionsAPI method createSessionResponse.

private ApiResponseList createSessionResponse(HttpSession session) {
    ApiResponseList sessionResult = new ApiResponseList("session");
    sessionResult.addItem(new ApiResponseElement("name", session.getName()));
    sessionResult.addItem(new TokenValuesResponseSet(session.getTokenValuesUnmodifiableMap()));
    sessionResult.addItem(new ApiResponseElement("messages_matched", Integer.toString(session.getMessagesMatched())));
    return sessionResult;
}
Also used : ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)

Aggregations

ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)18 ApiException (org.zaproxy.zap.extension.api.ApiException)15 ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)13 HashMap (java.util.HashMap)9 ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)8 JSONObject (net.sf.json.JSONObject)5 DatabaseException (org.parosproxy.paros.db.DatabaseException)5 ArrayList (java.util.ArrayList)4 Session (org.parosproxy.paros.model.Session)4 Context (org.zaproxy.zap.model.Context)4 User (org.zaproxy.zap.users.User)4 JSONException (net.sf.json.JSONException)3 HttpMessage (org.parosproxy.paros.network.HttpMessage)3 ApiResponseSet (org.zaproxy.zap.extension.api.ApiResponseSet)3 Enumeration (java.util.Enumeration)2 List (java.util.List)2 Map (java.util.Map)2 PatternSyntaxException (java.util.regex.PatternSyntaxException)2 Alert (org.parosproxy.paros.core.scanner.Alert)2 Plugin (org.parosproxy.paros.core.scanner.Plugin)2