Search in sources :

Example 16 with ApiResponseElement

use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.

the class BreakAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    if (VIEW_IS_BREAK_ALL.equals(name)) {
        return new ApiResponseElement(name, Boolean.toString(extension.getBreakpointManagementInterface().isBreakAll()));
    } else if (VIEW_IS_BREAK_REQUEST.equals(name)) {
        return new ApiResponseElement(name, Boolean.toString(extension.getBreakpointManagementInterface().isBreakRequest()));
    } else if (VIEW_IS_BREAK_RESPONSE.equals(name)) {
        return new ApiResponseElement(name, Boolean.toString(extension.getBreakpointManagementInterface().isBreakResponse()));
    } else if (VIEW_HTTP_MESSAGE.equals(name)) {
        Message msg = extension.getBreakpointManagementInterface().getMessage();
        if (msg == null) {
            return new ApiResponseElement(name, "");
        } else if (msg instanceof HttpMessage) {
            HttpMessage httpMsg = (HttpMessage) msg;
            StringBuilder sb = new StringBuilder();
            if (extension.getBreakpointManagementInterface().isRequest()) {
                sb.append(httpMsg.getRequestHeader().toString());
                sb.append(httpMsg.getRequestBody().toString());
            } else {
                sb.append(httpMsg.getResponseHeader().toString());
                sb.append(httpMsg.getResponseBody().toString());
            }
            return new ApiResponseElement(name, sb.toString());
        }
        throw new ApiException(ApiException.Type.BAD_TYPE);
    } else {
        throw new ApiException(ApiException.Type.BAD_VIEW);
    }
}
Also used : Message(org.zaproxy.zap.extension.httppanel.Message) HttpMessage(org.parosproxy.paros.network.HttpMessage) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) HttpMessage(org.parosproxy.paros.network.HttpMessage) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 17 with ApiResponseElement

use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.

the class HttpSessionsAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    if (log.isDebugEnabled()) {
        log.debug("Request for handleApiView: " + name + " (params: " + params.toString() + ")");
    }
    HttpSessionsSite site;
    switch(name) {
        case VIEW_SITES:
            // Get all sites with sessions
            ApiResponseList responseSites = new ApiResponseList(name);
            for (String s : extension.getSites()) {
                responseSites.addItem(new ApiResponseElement("site", s));
            }
            return responseSites;
        case VIEW_SESSIONS:
            // Get existing sessions
            site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), false);
            if (site == null) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
            }
            ApiResponseList response = new ApiResponseList(name);
            String vsName = getParam(params, VIEW_PARAM_SESSION, "");
            // If a session name was not provided
            if (vsName == null || vsName.isEmpty()) {
                Set<HttpSession> sessions = site.getHttpSessions();
                if (log.isDebugEnabled()) {
                    log.debug("API View for sessions for " + ApiUtils.getAuthority(params.getString(VIEW_PARAM_SITE)) + ": " + site);
                }
                // Build the response
                for (HttpSession session : sessions) {
                    // Dont include 'null' sessions
                    if (session.getTokenValuesUnmodifiableMap().size() > 0) {
                        response.addItem(createSessionResponse(session));
                    }
                }
            } else // If a session name was provided
            {
                HttpSession session = site.getHttpSession(vsName);
                if (session != null) {
                    response.addItem(createSessionResponse(session));
                }
            }
            return response;
        case VIEW_ACTIVE_SESSION:
            // Get existing sessions
            site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), false);
            if (site == null) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
            }
            if (log.isDebugEnabled()) {
                log.debug("API View for active session for " + ApiUtils.getAuthority(params.getString(VIEW_PARAM_SITE)) + ": " + site);
            }
            if (site.getActiveSession() != null) {
                return new ApiResponseElement("active_session", site.getActiveSession().getName());
            } else {
                return new ApiResponseElement("active_session", "");
            }
        case VIEW_SESSION_TOKENS:
            final String siteName = ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE));
            // Check if the site exists
            if (extension.getHttpSessionsSite(siteName, false) == null) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
            }
            // Get session tokens
            HttpSessionTokensSet sessionTokens = extension.getHttpSessionTokensSet(siteName);
            ApiResponseList responseST = new ApiResponseList("session_tokens");
            if (sessionTokens != null) {
                Set<String> tokens = sessionTokens.getTokensSet();
                // Build response list
                if (tokens != null) {
                    for (String token : tokens) {
                        responseST.addItem(new ApiResponseElement("token", token));
                    }
                }
            }
            return responseST;
        case VIEW_DEFAULT_SESSION_TOKENS:
            ApiResponseList defaultSessionTokens = new ApiResponseList(name);
            for (HttpSessionToken token : extension.getParam().getDefaultTokens()) {
                Map<String, Object> tokenFields = new HashMap<>();
                tokenFields.put("name", token.getName());
                tokenFields.put("enabled", token.isEnabled());
                defaultSessionTokens.addItem(new ApiResponseSet<>("token", tokenFields));
            }
            return defaultSessionTokens;
        default:
            throw new ApiException(ApiException.Type.BAD_VIEW);
    }
}
Also used : HashMap(java.util.HashMap) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) JSONObject(net.sf.json.JSONObject) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 18 with ApiResponseElement

use of org.zaproxy.zap.extension.api.ApiResponseElement in project zaproxy by zaproxy.

the class ParamsAPI method createSiteParamStatsResponse.

private static ApiResponseList createSiteParamStatsResponse(SiteParameters siteParam) {
    ApiResponseList stats = new ApiResponseList("Parameter");
    for (HtmlParameterStats param : siteParam.getParams()) {
        Map<String, String> map = new HashMap<>();
        map.put("site", param.getSite());
        map.put("name", param.getName());
        map.put("type", param.getType().name());
        map.put("timesUsed", String.valueOf(param.getTimesUsed()));
        stats.addItem(new ApiResponseSet<>("Stats", map));
        ApiResponseList flags = new ApiResponseList("Flags");
        for (String flag : param.getFlags()) {
            flags.addItem(new ApiResponseElement("Flag", flag));
        }
        if (param.getFlags().size() > 0) {
            stats.addItem(flags);
        }
        ApiResponseList vals = new ApiResponseList("Values");
        for (String value : param.getValues()) {
            vals.addItem(new ApiResponseElement("Value", value));
        }
        if (param.getValues().size() > 0) {
            stats.addItem(vals);
        }
    }
    return stats;
}
Also used : ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) HashMap(java.util.HashMap) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)

Aggregations

ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)18 ApiException (org.zaproxy.zap.extension.api.ApiException)15 ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)13 HashMap (java.util.HashMap)9 ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)8 JSONObject (net.sf.json.JSONObject)5 DatabaseException (org.parosproxy.paros.db.DatabaseException)5 ArrayList (java.util.ArrayList)4 Session (org.parosproxy.paros.model.Session)4 Context (org.zaproxy.zap.model.Context)4 User (org.zaproxy.zap.users.User)4 JSONException (net.sf.json.JSONException)3 HttpMessage (org.parosproxy.paros.network.HttpMessage)3 ApiResponseSet (org.zaproxy.zap.extension.api.ApiResponseSet)3 Enumeration (java.util.Enumeration)2 List (java.util.List)2 Map (java.util.Map)2 PatternSyntaxException (java.util.regex.PatternSyntaxException)2 Alert (org.parosproxy.paros.core.scanner.Alert)2 Plugin (org.parosproxy.paros.core.scanner.Plugin)2