Example 11 with ApiResponseElement
use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.
the class ForcedUserAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
log.debug("handleApiView " + name + " " + params.toString());
switch(name) {
case VIEW_GET_FORCED_USER:
Context context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
User forcedUser = extension.getForcedUser(context.getId());
if (forcedUser != null)
return new ApiResponseElement("forcedUserId", Integer.toString(forcedUser.getId()));
else
return new ApiResponseElement("forcedUserId", "");
case VIEW_IS_FORCED_USER_MODE_ENABLED:
return new ApiResponseElement("forcedModeEnabled", Boolean.toString(extension.isForcedUserModeEnabled()));
default:
throw new ApiException(Type.BAD_VIEW);
}
}
Also used :
Context(org.zaproxy.zap.model.Context)
User(org.zaproxy.zap.users.User)
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 12 with ApiResponseElement
use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.
the class AntiCsrfAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result;
ApiResponseList resultList;
switch(name) {
case VIEW_TOKENS_NAMES:
resultList = new ApiResponseList(name);
for (String tokenName : extension.getParam().getTokensNames()) {
resultList.addItem(new ApiResponseElement(TOKEN_NAME, tokenName));
}
result = resultList;
break;
default:
throw new ApiException(Type.BAD_VIEW);
}
return result;
}
Also used :
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
ApiResponse(org.zaproxy.zap.extension.api.ApiResponse)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 13 with ApiResponseElement
use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.
the class RuleConfigAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result;
switch(name) {
case VIEW_RULE_CONFIG_VALUE:
RuleConfig rc = extension.getRuleConfig(params.getString(PARAM_KEY));
if (rc != null) {
result = new ApiResponseElement(name, rc.getValue());
} else {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_KEY);
}
break;
case VIEW_ALL_RULE_CONFIGS:
List<RuleConfig> allRules = extension.getAllRuleConfigs();
ApiResponseList resultList = new ApiResponseList(name);
for (RuleConfig rc2 : allRules) {
Map<String, String> map = new HashMap<>();
map.put("key", String.valueOf(rc2.getKey()));
map.put("defaultValue", rc2.getDefaultValue());
map.put("value", String.valueOf(rc2.getValue()));
if (Constant.messages.containsKey(rc2.getKey())) {
map.put("description", Constant.messages.getString(rc2.getKey()));
}
resultList.addItem(new ApiResponseSet<>("ruleConfig", map));
}
result = resultList;
break;
default:
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
Also used :
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
HashMap(java.util.HashMap)
ApiResponse(org.zaproxy.zap.extension.api.ApiResponse)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 14 with ApiResponseElement
use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.
the class PassiveScanAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result;
switch(name) {
case VIEW_SCAN_ONLY_IN_SCOPE:
result = new ApiResponseElement(name, Boolean.toString(extension.getPassiveScanParam().isScanOnlyInScope()));
break;
case VIEW_RECORDS_TO_SCAN:
result = new ApiResponseElement(name, String.valueOf(extension.getRecordsToScan()));
break;
case VIEW_SCANNERS:
List<PluginPassiveScanner> scanners = extension.getPluginPassiveScanners();
ApiResponseList resultList = new ApiResponseList(name);
for (PluginPassiveScanner scanner : scanners) {
Map<String, String> map = new HashMap<>();
map.put("id", String.valueOf(scanner.getPluginId()));
map.put("name", scanner.getName());
map.put("enabled", String.valueOf(scanner.isEnabled()));
map.put("alertThreshold", scanner.getAlertThreshold(true).name());
map.put("quality", scanner.getStatus().toString());
resultList.addItem(new ApiResponseSet<>("scanner", map));
}
result = resultList;
break;
case VIEW_CURRENT_RULE:
Map<String, String> map = new HashMap<>();
map.put("name", extension.getCurrentRuleName());
map.put("url", extension.getCurrentUrl());
long time = extension.getCurrentRuleStartTime();
if (time > 0) {
time = System.currentTimeMillis() - time;
}
map.put("time", String.valueOf(time));
result = new ApiResponseSet<>(name, map);
break;
case VIEW_MAX_ALERTS_PER_RULE:
result = new ApiResponseElement(VIEW_MAX_ALERTS_PER_RULE, Integer.toString(extension.getPassiveScanParam().getMaxAlertsPerRule()));
break;
default:
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
Also used :
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
HashMap(java.util.HashMap)
ApiResponse(org.zaproxy.zap.extension.api.ApiResponse)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 15 with ApiResponseElement
use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.
the class AlertAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result = null;
if (VIEW_ALERT.equals(name)) {
TableAlert tableAlert = Model.getSingleton().getDb().getTableAlert();
TableAlertTag tableAlertTag = Model.getSingleton().getDb().getTableAlertTag();
RecordAlert recordAlert;
Map<String, String> alertTags;
try {
recordAlert = tableAlert.read(this.getParam(params, PARAM_ID, -1));
alertTags = tableAlertTag.getTagsByAlertId(this.getParam(params, PARAM_ID, -1));
} catch (DatabaseException e) {
logger.error("Failed to read the alert from the session:", e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
if (recordAlert == null) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
}
Alert alert = new Alert(recordAlert);
alert.setTags(alertTags);
result = new ApiResponseElement(alertToSet(alert));
} else if (VIEW_ALERTS.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
processAlerts(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), getRiskId(params), new Processor<Alert>() {
@Override
public void process(Alert alert) {
resultList.addItem(alertToSet(alert));
}
});
result = resultList;
} else if (VIEW_NUMBER_OF_ALERTS.equals(name)) {
CounterProcessor<Alert> counter = new CounterProcessor<>();
processAlerts(this.getParam(params, PARAM_BASE_URL, (String) null), this.getParam(params, PARAM_START, -1), this.getParam(params, PARAM_COUNT, -1), getRiskId(params), counter);
result = new ApiResponseElement(name, Integer.toString(counter.getCount()));
} else if (VIEW_ALERTS_SUMMARY.equals(name)) {
final int[] riskSummary = { 0, 0, 0, 0 };
Processor<Alert> counter = new Processor<Alert>() {
@Override
public void process(Alert alert) {
riskSummary[alert.getRisk()]++;
}
};
processAlerts(this.getParam(params, PARAM_BASE_URL, (String) null), -1, -1, NO_RISK_ID, counter);
Map<String, Object> alertData = new HashMap<>();
for (int i = 0; i < riskSummary.length; i++) {
alertData.put(Alert.MSG_RISK[i], riskSummary[i]);
}
result = new ApiResponseSet<Object>("risk", alertData) {
@Override
public JSON toJSON() {
JSONObject response = new JSONObject();
response.put(name, super.toJSON());
return response;
}
};
} else if (VIEW_ALERTS_BY_RISK.equals(name)) {
String url = this.getParam(params, PARAM_URL, "");
boolean recurse = this.getParam(params, PARAM_RECURSE, false);
ApiResponseList resultList = new ApiResponseList(name);
result = resultList;
// 0 (RISK_INFO) -> 3 (RISK_HIGH)
ApiResponseList[] list = new ApiResponseList[4];
for (int i = 0; i < list.length; i++) {
list[i] = new ApiResponseList(Alert.MSG_RISK[i]);
}
AlertTreeModel model = extension.getTreeModel();
AlertNode root = (AlertNode) model.getRoot();
Enumeration<?> enumAllAlerts = root.children();
while (enumAllAlerts.hasMoreElements()) {
AlertNode child = (AlertNode) enumAllAlerts.nextElement();
Alert alert = child.getUserObject();
ApiResponseList alertList = filterAlertInstances(child, url, recurse);
if (alertList.getItems().size() > 0) {
list[alert.getRisk()].addItem(alertList);
}
}
Arrays.stream(list).forEach(resultList::addItem);
} else if (VIEW_ALERT_COUNTS_BY_RISK.equals(name)) {
String url = this.getParam(params, PARAM_URL, "");
boolean recurse = this.getParam(params, PARAM_RECURSE, false);
// 0 (RISK_INFO) -> 3 (RISK_HIGH)
int[] counts = new int[] { 0, 0, 0, 0 };
AlertTreeModel model = extension.getTreeModel();
AlertNode root = (AlertNode) model.getRoot();
Enumeration<?> enumAllAlerts = root.children();
while (enumAllAlerts.hasMoreElements()) {
AlertNode child = (AlertNode) enumAllAlerts.nextElement();
Alert alert = child.getUserObject();
ApiResponseList alertList = filterAlertInstances(child, url, recurse);
if (alertList.getItems().size() > 0) {
counts[alert.getRisk()] += 1;
}
}
Map<String, Integer> map = new HashMap<>();
map.put(Alert.MSG_RISK[Alert.RISK_HIGH], counts[Alert.RISK_HIGH]);
map.put(Alert.MSG_RISK[Alert.RISK_MEDIUM], counts[Alert.RISK_MEDIUM]);
map.put(Alert.MSG_RISK[Alert.RISK_LOW], counts[Alert.RISK_LOW]);
map.put(Alert.MSG_RISK[Alert.RISK_INFO], counts[Alert.RISK_INFO]);
result = new ApiResponseSet<>(name, map);
} else {
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
Also used :
ApiResponse(org.zaproxy.zap.extension.api.ApiResponse)
ApiResponseSet(org.zaproxy.zap.extension.api.ApiResponseSet)
TableAlertTag(org.zaproxy.zap.db.TableAlertTag)
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList)
Enumeration(java.util.Enumeration)
RecordAlert(org.parosproxy.paros.db.RecordAlert)
JSONObject(net.sf.json.JSONObject)
TableAlert(org.parosproxy.paros.db.TableAlert)
Alert(org.parosproxy.paros.core.scanner.Alert)
RecordAlert(org.parosproxy.paros.db.RecordAlert)
TableAlert(org.parosproxy.paros.db.TableAlert)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
HashMap(java.util.HashMap)
Map(java.util.Map)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Aggregations
ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)18
ApiException (org.zaproxy.zap.extension.api.ApiException)15
ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)13
HashMap (java.util.HashMap)9
ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)8
JSONObject (net.sf.json.JSONObject)5
DatabaseException (org.parosproxy.paros.db.DatabaseException)5
ArrayList (java.util.ArrayList)4
Session (org.parosproxy.paros.model.Session)4
Context (org.zaproxy.zap.model.Context)4
User (org.zaproxy.zap.users.User)4
JSONException (net.sf.json.JSONException)3
HttpMessage (org.parosproxy.paros.network.HttpMessage)3
ApiResponseSet (org.zaproxy.zap.extension.api.ApiResponseSet)3
Enumeration (java.util.Enumeration)2
List (java.util.List)2
Map (java.util.Map)2
PatternSyntaxException (java.util.regex.PatternSyntaxException)2
Alert (org.parosproxy.paros.core.scanner.Alert)2
Plugin (org.parosproxy.paros.core.scanner.Plugin)2
