Search in sources :

Example 1 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class ActiveScanAPI method createPluginProgressEntry.

private static ApiResponseList createPluginProgressEntry(Plugin plugin, String status, long timeTaken, int requestCount) {
    ApiResponseList pList = new ApiResponseList("Plugin");
    pList.addItem(new ApiResponseElement("name", XMLStringUtil.escapeControlChrs(plugin.getName())));
    pList.addItem(new ApiResponseElement("id", Integer.toString(plugin.getId())));
    pList.addItem(new ApiResponseElement("quality", plugin.getStatus().toString()));
    pList.addItem(new ApiResponseElement("status", status));
    pList.addItem(new ApiResponseElement("timeInMs", Long.toString(timeTaken)));
    pList.addItem(new ApiResponseElement("reqCount", Integer.toString(requestCount)));
    return pList;
}
Also used : ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)

Example 2 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class ActiveScanAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    ApiResponse result;
    ActiveScan activeScan = null;
    ScanPolicy policy;
    int categoryId;
    switch(name) {
        case VIEW_STATUS:
            activeScan = getActiveScan(params);
            int progress = 0;
            if (activeScan != null) {
                progress = activeScan.getProgress();
            }
            result = new ApiResponseElement(name, String.valueOf(progress));
            break;
        case VIEW_SCANS:
            ApiResponseList resultList = new ApiResponseList(name);
            for (GenericScanner2 scan : controller.getAllScans()) {
                Map<String, String> map = new HashMap<>();
                map.put("id", Integer.toString(scan.getScanId()));
                map.put("progress", Integer.toString(scan.getProgress()));
                map.put("state", ((ActiveScan) scan).getState().name());
                resultList.addItem(new ApiResponseSet<String>("scan", map));
            }
            result = resultList;
            break;
        case VIEW_SCAN_PROGRESS:
            resultList = new ApiResponseList(name);
            activeScan = getActiveScan(params);
            if (activeScan != null) {
                for (HostProcess hp : activeScan.getHostProcesses()) {
                    ApiResponseList hpList = new ApiResponseList("HostProcess");
                    resultList.addItem(new ApiResponseElement("id", XMLStringUtil.escapeControlChrs(hp.getHostAndPort())));
                    for (Plugin plugin : hp.getCompleted()) {
                        long timeTaken = plugin.getTimeFinished().getTime() - plugin.getTimeStarted().getTime();
                        int reqs = hp.getPluginRequestCount(plugin.getId());
                        if (hp.isSkipped(plugin)) {
                            String skippedReason = hp.getSkippedReason(plugin);
                            if (skippedReason == null) {
                                skippedReason = Constant.messages.getString("ascan.progress.label.skipped");
                            } else {
                                skippedReason = Constant.messages.getString("ascan.progress.label.skippedWithReason", skippedReason);
                            }
                            hpList.addItem(createPluginProgressEntry(plugin, skippedReason, timeTaken, reqs));
                        } else {
                            hpList.addItem(createPluginProgressEntry(plugin, "Complete", timeTaken, reqs));
                        }
                    }
                    for (Plugin plugin : hp.getRunning()) {
                        int pc = hp.getTestCurrentCount(plugin) * 100 / hp.getTestTotalCount();
                        // That might happen if more nodes are being scanned that the ones enumerated at the beginning.
                        if (pc >= 100) {
                            pc = 99;
                        }
                        long timeTaken = new Date().getTime() - plugin.getTimeStarted().getTime();
                        int reqs = hp.getPluginRequestCount(plugin.getId());
                        hpList.addItem(createPluginProgressEntry(plugin, pc + "%", timeTaken, reqs));
                    }
                    for (Plugin plugin : hp.getPending()) {
                        if (hp.isSkipped(plugin)) {
                            String skippedReason = hp.getSkippedReason(plugin);
                            if (skippedReason == null) {
                                skippedReason = Constant.messages.getString("ascan.progress.label.skipped");
                            } else {
                                skippedReason = Constant.messages.getString("ascan.progress.label.skippedWithReason", skippedReason);
                            }
                            hpList.addItem(createPluginProgressEntry(plugin, skippedReason, 0, 0));
                        } else {
                            hpList.addItem(createPluginProgressEntry(plugin, "Pending", 0, 0));
                        }
                    }
                    resultList.addItem(hpList);
                }
            }
            result = resultList;
            break;
        case VIEW_MESSAGES_IDS:
            resultList = new ApiResponseList(name);
            activeScan = getActiveScan(params);
            if (activeScan != null) {
                synchronized (activeScan.getMessagesIds()) {
                    for (Integer id : activeScan.getMessagesIds()) {
                        resultList.addItem(new ApiResponseElement("id", id.toString()));
                    }
                }
            }
            result = resultList;
            break;
        case VIEW_ALERTS_IDS:
            resultList = new ApiResponseList(name);
            activeScan = getActiveScan(params);
            if (activeScan != null) {
                synchronized (activeScan.getAlertsIds()) {
                    for (Integer id : activeScan.getAlertsIds()) {
                        resultList.addItem(new ApiResponseElement("id", id.toString()));
                    }
                }
            }
            result = resultList;
            break;
        case VIEW_EXCLUDED_FROM_SCAN:
            result = new ApiResponseList(name);
            Session session = Model.getSingleton().getSession();
            List<String> regexs = session.getExcludeFromScanRegexs();
            for (String regex : regexs) {
                ((ApiResponseList) result).addItem(new ApiResponseElement("regex", regex));
            }
            break;
        case VIEW_SCANNERS:
            policy = getScanPolicyFromParams(params);
            List<Plugin> scanners = policy.getPluginFactory().getAllPlugin();
            categoryId = getParam(params, PARAM_CATEGORY_ID, -1);
            if (categoryId != -1 && !hasPolicyWithId(categoryId)) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_CATEGORY_ID);
            }
            resultList = new ApiResponseList(name);
            for (Plugin scanner : scanners) {
                if (categoryId == -1 || categoryId == scanner.getCategory()) {
                    resultList.addItem(new ScannerApiResponse(policy, scanner));
                }
            }
            result = resultList;
            break;
        case VIEW_POLICIES:
            policy = getScanPolicyFromParams(params);
            String[] policies = Category.getAllNames();
            resultList = new ApiResponseList(name);
            for (String pluginName : policies) {
                categoryId = Category.getCategory(pluginName);
                Plugin.AttackStrength attackStrength = getPolicyAttackStrength(policy, categoryId);
                Plugin.AlertThreshold alertThreshold = getPolicyAlertThreshold(policy, categoryId);
                Map<String, String> map = new HashMap<>();
                map.put("id", String.valueOf(categoryId));
                map.put("name", pluginName);
                map.put("attackStrength", attackStrength == null ? "" : String.valueOf(attackStrength));
                map.put("alertThreshold", alertThreshold == null ? "" : String.valueOf(alertThreshold));
                map.put("enabled", String.valueOf(isPolicyEnabled(policy, categoryId)));
                resultList.addItem(new ApiResponseSet<String>("policy", map));
            }
            result = resultList;
            break;
        case VIEW_SCAN_POLICY_NAMES:
            resultList = new ApiResponseList(name);
            for (String policyName : controller.getPolicyManager().getAllPolicyNames()) {
                resultList.addItem(new ApiResponseElement("policy", policyName));
            }
            result = resultList;
            break;
        case VIEW_ATTACK_MODE_QUEUE:
            result = new ApiResponseElement(name, String.valueOf(controller.getAttackModeStackSize()));
            break;
        case VIEW_OPTION_EXCLUDED_PARAM_LIST:
        case VIEW_EXCLUDED_PARAMS:
            resultList = new ApiResponseList(name);
            List<ScannerParamFilter> excludedParams = controller.getScannerParam().getExcludedParamList();
            for (int i = 0; i < excludedParams.size(); i++) {
                resultList.addItem(new ExcludedParamApiResponse(excludedParams.get(i), i));
            }
            result = resultList;
            break;
        case VIEW_EXCLUDED_PARAM_TYPES:
            resultList = new ApiResponseList(name);
            for (Entry<Integer, String> type : ScannerParamFilter.getTypes().entrySet()) {
                Map<String, String> typeData = new HashMap<>();
                typeData.put("id", Integer.toString(type.getKey()));
                typeData.put("name", type.getValue());
                resultList.addItem(new ApiResponseSet<String>("type", typeData));
            }
            result = resultList;
            break;
        default:
            throw new ApiException(ApiException.Type.BAD_VIEW);
    }
    return result;
}
Also used : AlertThreshold(org.parosproxy.paros.core.scanner.Plugin.AlertThreshold) HashMap(java.util.HashMap) ScannerParamFilter(org.parosproxy.paros.core.scanner.ScannerParamFilter) ApiResponse(org.zaproxy.zap.extension.api.ApiResponse) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) Date(java.util.Date) HostProcess(org.parosproxy.paros.core.scanner.HostProcess) GenericScanner2(org.zaproxy.zap.model.GenericScanner2) Plugin(org.parosproxy.paros.core.scanner.Plugin) Session(org.parosproxy.paros.model.Session) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 3 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class AutoUpdateAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    ApiResponse result;
    if (VIEW_LATEST_VERSION_NUMBER.equals(name)) {
        result = new ApiResponseElement(name, this.getLatestVersionNumber());
    } else if (VIEW_IS_LATEST_VERSION.equals(name)) {
        result = new ApiResponseElement(name, Boolean.toString(this.isLatestVersion()));
    } else if (VIEW_INSTALLED_ADDONS.equals(name)) {
        final ApiResponseList resultList = new ApiResponseList(name);
        for (AddOn ao : extension.getInstalledAddOns()) {
            resultList.addItem(addonToSet(ao));
        }
        result = resultList;
    } else if (VIEW_NEW_ADDONS.equals(name)) {
        final ApiResponseList resultList = new ApiResponseList(name);
        for (AddOn ao : extension.getNewAddOns()) {
            resultList.addItem(addonToSet(ao));
        }
        result = resultList;
    } else if (VIEW_UPDATED_ADDONS.equals(name)) {
        final ApiResponseList resultList = new ApiResponseList(name);
        for (AddOn ao : extension.getUpdatedAddOns()) {
            resultList.addItem(addonToSet(ao));
        }
        result = resultList;
    } else if (VIEW_MARKETPLACE_ADDONS.equals(name)) {
        final ApiResponseList resultList = new ApiResponseList(name);
        for (AddOn ao : extension.getMarketplaceAddOns()) {
            resultList.addItem(addonToSet(ao));
        }
        result = resultList;
    } else {
        throw new ApiException(ApiException.Type.BAD_VIEW);
    }
    return result;
}
Also used : AddOn(org.zaproxy.zap.control.AddOn) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ApiResponse(org.zaproxy.zap.extension.api.ApiResponse) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 4 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class SpiderAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    ApiResponse result;
    if (VIEW_STATUS.equals(name)) {
        SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
        int progress = 0;
        if (scan != null) {
            if (scan.isStopped()) {
                progress = 100;
            } else {
                progress = scan.getProgress();
            }
        }
        result = new ApiResponseElement(name, Integer.toString(progress));
    } else if (VIEW_RESULTS.equals(name)) {
        result = new ApiResponseList(name);
        SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
        if (scan != null) {
            synchronized (scan.getResults()) {
                for (String s : scan.getResults()) {
                    ((ApiResponseList) result).addItem(new ApiResponseElement("url", s));
                }
            }
        }
    } else if (VIEW_FULL_RESULTS.equals(name)) {
        ApiResponseList resultUrls = new ApiResponseList(name);
        SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
        ApiResponseList resultList = new ApiResponseList("urlsInScope");
        synchronized (scan.getResourcesFound()) {
            for (SpiderResource sr : scan.getResourcesFound()) {
                Map<String, String> map = new HashMap<>();
                map.put("messageId", Integer.toString(sr.getHistoryId()));
                map.put("method", sr.getMethod());
                map.put("url", sr.getUri());
                map.put("statusCode", Integer.toString(sr.getStatusCode()));
                map.put("statusReason", sr.getStatusReason());
                resultList.addItem(new ApiResponseSet<String>("resource", map));
            }
        }
        resultUrls.addItem(resultList);
        resultList = new ApiResponseList("urlsOutOfScope");
        synchronized (scan.getResultsOutOfScope()) {
            for (String url : scan.getResultsOutOfScope()) {
                resultList.addItem(new ApiResponseElement("url", url));
            }
        }
        resultUrls.addItem(resultList);
        result = resultUrls;
    } else if (VIEW_EXCLUDED_FROM_SCAN.equals(name)) {
        result = new ApiResponseList(name);
        Session session = Model.getSingleton().getSession();
        List<String> regexs = session.getExcludeFromSpiderRegexs();
        for (String regex : regexs) {
            ((ApiResponseList) result).addItem(new ApiResponseElement("regex", regex));
        }
    } else if (VIEW_SCANS.equals(name)) {
        ApiResponseList resultList = new ApiResponseList(name);
        for (GenericScanner2 scan : extension.getAllScans()) {
            SpiderScan spiderScan = (SpiderScan) scan;
            Map<String, String> map = new HashMap<>();
            map.put("id", Integer.toString(spiderScan.getScanId()));
            map.put("progress", Integer.toString(spiderScan.getProgress()));
            map.put("state", spiderScan.getState());
            resultList.addItem(new ApiResponseSet<String>("scan", map));
        }
        result = resultList;
    } else if (VIEW_ALL_URLS.equals(name)) {
        ApiResponseList resultUrls = new ApiResponseList(name);
        Set<String> urlSet = new HashSet<String>();
        TableHistory tableHistory = extension.getModel().getDb().getTableHistory();
        List<Integer> ids = Collections.emptyList();
        try {
            ids = tableHistory.getHistoryIdsOfHistType(extension.getModel().getSession().getSessionId(), HistoryReference.TYPE_SPIDER, HistoryReference.TYPE_SPIDER_TASK);
        } catch (DatabaseException e) {
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
        }
        String url;
        for (Integer id : ids) {
            try {
                RecordHistory rh = tableHistory.read(id.intValue());
                if (rh != null) {
                    url = rh.getHttpMessage().getRequestHeader().getURI().toString();
                    if (urlSet.add(url)) {
                        resultUrls.addItem(new ApiResponseElement("url", url));
                    }
                }
            } catch (HttpMalformedHeaderException | DatabaseException e) {
                throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
            }
        }
        result = resultUrls;
    } else if (VIEW_DOMAINS_ALWAYS_IN_SCOPE.equals(name) || VIEW_OPTION_DOMAINS_ALWAYS_IN_SCOPE.equals(name)) {
        result = domainMatchersToApiResponseList(name, extension.getSpiderParam().getDomainsAlwaysInScope(), false);
    } else if (VIEW_OPTION_DOMAINS_ALWAYS_IN_SCOPE_ENABLED.equals(name)) {
        result = domainMatchersToApiResponseList(name, extension.getSpiderParam().getDomainsAlwaysInScope(), true);
    } else {
        throw new ApiException(ApiException.Type.BAD_VIEW);
    }
    return result;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) ApiResponseSet(org.zaproxy.zap.extension.api.ApiResponseSet) HashMap(java.util.HashMap) ApiResponse(org.zaproxy.zap.extension.api.ApiResponse) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) GenericScanner2(org.zaproxy.zap.model.GenericScanner2) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ArrayList(java.util.ArrayList) List(java.util.List) TableHistory(org.parosproxy.paros.db.TableHistory) DatabaseException(org.parosproxy.paros.db.DatabaseException) RecordHistory(org.parosproxy.paros.db.RecordHistory) Session(org.parosproxy.paros.model.Session) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 5 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class SpiderAPI method domainMatchersToApiResponseList.

private ApiResponse domainMatchersToApiResponseList(String name, List<DomainAlwaysInScopeMatcher> domains, boolean excludeDisabled) {
    ApiResponseList apiResponse = new ApiResponseList(name);
    for (int i = 0; i < domains.size(); i++) {
        DomainAlwaysInScopeMatcher domain = domains.get(i);
        if (!domain.isEnabled() && excludeDisabled) {
            continue;
        }
        Map<String, Object> domainData = new HashMap<>();
        domainData.put("idx", i);
        domainData.put("value", domain.getValue());
        domainData.put("regex", domain.isRegex());
        domainData.put("enabled", domain.isEnabled());
        apiResponse.addItem(new ApiResponseSet<Object>("domain", domainData));
    }
    return apiResponse;
}
Also used : DomainAlwaysInScopeMatcher(org.zaproxy.zap.spider.DomainAlwaysInScopeMatcher) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) HashMap(java.util.HashMap) JSONObject(net.sf.json.JSONObject)

Aggregations

ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)15 ApiException (org.zaproxy.zap.extension.api.ApiException)11 ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)10 HashMap (java.util.HashMap)8 ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)6 DatabaseException (org.parosproxy.paros.db.DatabaseException)2 RecordHistory (org.parosproxy.paros.db.RecordHistory)2 Session (org.parosproxy.paros.model.Session)2 ApiResponseSet (org.zaproxy.zap.extension.api.ApiResponseSet)2 GenericScanner2 (org.zaproxy.zap.model.GenericScanner2)2 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Map (java.util.Map)1 Entry (java.util.Map.Entry)1 Set (java.util.Set)1 TreeMap (java.util.TreeMap)1 PatternSyntaxException (java.util.regex.PatternSyntaxException)1 JSONObject (net.sf.json.JSONObject)1