use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.
the class ActiveScanAPI method createPluginProgressEntry.
private static ApiResponseList createPluginProgressEntry(Plugin plugin, String status, long timeTaken, int requestCount) {
ApiResponseList pList = new ApiResponseList("Plugin");
pList.addItem(new ApiResponseElement("name", XMLStringUtil.escapeControlChrs(plugin.getName())));
pList.addItem(new ApiResponseElement("id", Integer.toString(plugin.getId())));
pList.addItem(new ApiResponseElement("quality", plugin.getStatus().toString()));
pList.addItem(new ApiResponseElement("status", status));
pList.addItem(new ApiResponseElement("timeInMs", Long.toString(timeTaken)));
pList.addItem(new ApiResponseElement("reqCount", Integer.toString(requestCount)));
return pList;
}
use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.
the class ActiveScanAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result;
ActiveScan activeScan = null;
ScanPolicy policy;
int categoryId;
switch(name) {
case VIEW_STATUS:
activeScan = getActiveScan(params);
int progress = 0;
if (activeScan != null) {
progress = activeScan.getProgress();
}
result = new ApiResponseElement(name, String.valueOf(progress));
break;
case VIEW_SCANS:
ApiResponseList resultList = new ApiResponseList(name);
for (GenericScanner2 scan : controller.getAllScans()) {
Map<String, String> map = new HashMap<>();
map.put("id", Integer.toString(scan.getScanId()));
map.put("progress", Integer.toString(scan.getProgress()));
map.put("state", ((ActiveScan) scan).getState().name());
resultList.addItem(new ApiResponseSet<String>("scan", map));
}
result = resultList;
break;
case VIEW_SCAN_PROGRESS:
resultList = new ApiResponseList(name);
activeScan = getActiveScan(params);
if (activeScan != null) {
for (HostProcess hp : activeScan.getHostProcesses()) {
ApiResponseList hpList = new ApiResponseList("HostProcess");
resultList.addItem(new ApiResponseElement("id", XMLStringUtil.escapeControlChrs(hp.getHostAndPort())));
for (Plugin plugin : hp.getCompleted()) {
long timeTaken = plugin.getTimeFinished().getTime() - plugin.getTimeStarted().getTime();
int reqs = hp.getPluginRequestCount(plugin.getId());
if (hp.isSkipped(plugin)) {
String skippedReason = hp.getSkippedReason(plugin);
if (skippedReason == null) {
skippedReason = Constant.messages.getString("ascan.progress.label.skipped");
} else {
skippedReason = Constant.messages.getString("ascan.progress.label.skippedWithReason", skippedReason);
}
hpList.addItem(createPluginProgressEntry(plugin, skippedReason, timeTaken, reqs));
} else {
hpList.addItem(createPluginProgressEntry(plugin, "Complete", timeTaken, reqs));
}
}
for (Plugin plugin : hp.getRunning()) {
int pc = hp.getTestCurrentCount(plugin) * 100 / hp.getTestTotalCount();
// That might happen if more nodes are being scanned that the ones enumerated at the beginning.
if (pc >= 100) {
pc = 99;
}
long timeTaken = new Date().getTime() - plugin.getTimeStarted().getTime();
int reqs = hp.getPluginRequestCount(plugin.getId());
hpList.addItem(createPluginProgressEntry(plugin, pc + "%", timeTaken, reqs));
}
for (Plugin plugin : hp.getPending()) {
if (hp.isSkipped(plugin)) {
String skippedReason = hp.getSkippedReason(plugin);
if (skippedReason == null) {
skippedReason = Constant.messages.getString("ascan.progress.label.skipped");
} else {
skippedReason = Constant.messages.getString("ascan.progress.label.skippedWithReason", skippedReason);
}
hpList.addItem(createPluginProgressEntry(plugin, skippedReason, 0, 0));
} else {
hpList.addItem(createPluginProgressEntry(plugin, "Pending", 0, 0));
}
}
resultList.addItem(hpList);
}
}
result = resultList;
break;
case VIEW_MESSAGES_IDS:
resultList = new ApiResponseList(name);
activeScan = getActiveScan(params);
if (activeScan != null) {
synchronized (activeScan.getMessagesIds()) {
for (Integer id : activeScan.getMessagesIds()) {
resultList.addItem(new ApiResponseElement("id", id.toString()));
}
}
}
result = resultList;
break;
case VIEW_ALERTS_IDS:
resultList = new ApiResponseList(name);
activeScan = getActiveScan(params);
if (activeScan != null) {
synchronized (activeScan.getAlertsIds()) {
for (Integer id : activeScan.getAlertsIds()) {
resultList.addItem(new ApiResponseElement("id", id.toString()));
}
}
}
result = resultList;
break;
case VIEW_EXCLUDED_FROM_SCAN:
result = new ApiResponseList(name);
Session session = Model.getSingleton().getSession();
List<String> regexs = session.getExcludeFromScanRegexs();
for (String regex : regexs) {
((ApiResponseList) result).addItem(new ApiResponseElement("regex", regex));
}
break;
case VIEW_SCANNERS:
policy = getScanPolicyFromParams(params);
List<Plugin> scanners = policy.getPluginFactory().getAllPlugin();
categoryId = getParam(params, PARAM_CATEGORY_ID, -1);
if (categoryId != -1 && !hasPolicyWithId(categoryId)) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_CATEGORY_ID);
}
resultList = new ApiResponseList(name);
for (Plugin scanner : scanners) {
if (categoryId == -1 || categoryId == scanner.getCategory()) {
resultList.addItem(new ScannerApiResponse(policy, scanner));
}
}
result = resultList;
break;
case VIEW_POLICIES:
policy = getScanPolicyFromParams(params);
String[] policies = Category.getAllNames();
resultList = new ApiResponseList(name);
for (String pluginName : policies) {
categoryId = Category.getCategory(pluginName);
Plugin.AttackStrength attackStrength = getPolicyAttackStrength(policy, categoryId);
Plugin.AlertThreshold alertThreshold = getPolicyAlertThreshold(policy, categoryId);
Map<String, String> map = new HashMap<>();
map.put("id", String.valueOf(categoryId));
map.put("name", pluginName);
map.put("attackStrength", attackStrength == null ? "" : String.valueOf(attackStrength));
map.put("alertThreshold", alertThreshold == null ? "" : String.valueOf(alertThreshold));
map.put("enabled", String.valueOf(isPolicyEnabled(policy, categoryId)));
resultList.addItem(new ApiResponseSet<String>("policy", map));
}
result = resultList;
break;
case VIEW_SCAN_POLICY_NAMES:
resultList = new ApiResponseList(name);
for (String policyName : controller.getPolicyManager().getAllPolicyNames()) {
resultList.addItem(new ApiResponseElement("policy", policyName));
}
result = resultList;
break;
case VIEW_ATTACK_MODE_QUEUE:
result = new ApiResponseElement(name, String.valueOf(controller.getAttackModeStackSize()));
break;
case VIEW_OPTION_EXCLUDED_PARAM_LIST:
case VIEW_EXCLUDED_PARAMS:
resultList = new ApiResponseList(name);
List<ScannerParamFilter> excludedParams = controller.getScannerParam().getExcludedParamList();
for (int i = 0; i < excludedParams.size(); i++) {
resultList.addItem(new ExcludedParamApiResponse(excludedParams.get(i), i));
}
result = resultList;
break;
case VIEW_EXCLUDED_PARAM_TYPES:
resultList = new ApiResponseList(name);
for (Entry<Integer, String> type : ScannerParamFilter.getTypes().entrySet()) {
Map<String, String> typeData = new HashMap<>();
typeData.put("id", Integer.toString(type.getKey()));
typeData.put("name", type.getValue());
resultList.addItem(new ApiResponseSet<String>("type", typeData));
}
result = resultList;
break;
default:
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.
the class AutoUpdateAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result;
if (VIEW_LATEST_VERSION_NUMBER.equals(name)) {
result = new ApiResponseElement(name, this.getLatestVersionNumber());
} else if (VIEW_IS_LATEST_VERSION.equals(name)) {
result = new ApiResponseElement(name, Boolean.toString(this.isLatestVersion()));
} else if (VIEW_INSTALLED_ADDONS.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
for (AddOn ao : extension.getInstalledAddOns()) {
resultList.addItem(addonToSet(ao));
}
result = resultList;
} else if (VIEW_NEW_ADDONS.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
for (AddOn ao : extension.getNewAddOns()) {
resultList.addItem(addonToSet(ao));
}
result = resultList;
} else if (VIEW_UPDATED_ADDONS.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
for (AddOn ao : extension.getUpdatedAddOns()) {
resultList.addItem(addonToSet(ao));
}
result = resultList;
} else if (VIEW_MARKETPLACE_ADDONS.equals(name)) {
final ApiResponseList resultList = new ApiResponseList(name);
for (AddOn ao : extension.getMarketplaceAddOns()) {
resultList.addItem(addonToSet(ao));
}
result = resultList;
} else {
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.
the class SpiderAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
ApiResponse result;
if (VIEW_STATUS.equals(name)) {
SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
int progress = 0;
if (scan != null) {
if (scan.isStopped()) {
progress = 100;
} else {
progress = scan.getProgress();
}
}
result = new ApiResponseElement(name, Integer.toString(progress));
} else if (VIEW_RESULTS.equals(name)) {
result = new ApiResponseList(name);
SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
if (scan != null) {
synchronized (scan.getResults()) {
for (String s : scan.getResults()) {
((ApiResponseList) result).addItem(new ApiResponseElement("url", s));
}
}
}
} else if (VIEW_FULL_RESULTS.equals(name)) {
ApiResponseList resultUrls = new ApiResponseList(name);
SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
ApiResponseList resultList = new ApiResponseList("urlsInScope");
synchronized (scan.getResourcesFound()) {
for (SpiderResource sr : scan.getResourcesFound()) {
Map<String, String> map = new HashMap<>();
map.put("messageId", Integer.toString(sr.getHistoryId()));
map.put("method", sr.getMethod());
map.put("url", sr.getUri());
map.put("statusCode", Integer.toString(sr.getStatusCode()));
map.put("statusReason", sr.getStatusReason());
resultList.addItem(new ApiResponseSet<String>("resource", map));
}
}
resultUrls.addItem(resultList);
resultList = new ApiResponseList("urlsOutOfScope");
synchronized (scan.getResultsOutOfScope()) {
for (String url : scan.getResultsOutOfScope()) {
resultList.addItem(new ApiResponseElement("url", url));
}
}
resultUrls.addItem(resultList);
result = resultUrls;
} else if (VIEW_EXCLUDED_FROM_SCAN.equals(name)) {
result = new ApiResponseList(name);
Session session = Model.getSingleton().getSession();
List<String> regexs = session.getExcludeFromSpiderRegexs();
for (String regex : regexs) {
((ApiResponseList) result).addItem(new ApiResponseElement("regex", regex));
}
} else if (VIEW_SCANS.equals(name)) {
ApiResponseList resultList = new ApiResponseList(name);
for (GenericScanner2 scan : extension.getAllScans()) {
SpiderScan spiderScan = (SpiderScan) scan;
Map<String, String> map = new HashMap<>();
map.put("id", Integer.toString(spiderScan.getScanId()));
map.put("progress", Integer.toString(spiderScan.getProgress()));
map.put("state", spiderScan.getState());
resultList.addItem(new ApiResponseSet<String>("scan", map));
}
result = resultList;
} else if (VIEW_ALL_URLS.equals(name)) {
ApiResponseList resultUrls = new ApiResponseList(name);
Set<String> urlSet = new HashSet<String>();
TableHistory tableHistory = extension.getModel().getDb().getTableHistory();
List<Integer> ids = Collections.emptyList();
try {
ids = tableHistory.getHistoryIdsOfHistType(extension.getModel().getSession().getSessionId(), HistoryReference.TYPE_SPIDER, HistoryReference.TYPE_SPIDER_TASK);
} catch (DatabaseException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
String url;
for (Integer id : ids) {
try {
RecordHistory rh = tableHistory.read(id.intValue());
if (rh != null) {
url = rh.getHttpMessage().getRequestHeader().getURI().toString();
if (urlSet.add(url)) {
resultUrls.addItem(new ApiResponseElement("url", url));
}
}
} catch (HttpMalformedHeaderException | DatabaseException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
}
result = resultUrls;
} else if (VIEW_DOMAINS_ALWAYS_IN_SCOPE.equals(name) || VIEW_OPTION_DOMAINS_ALWAYS_IN_SCOPE.equals(name)) {
result = domainMatchersToApiResponseList(name, extension.getSpiderParam().getDomainsAlwaysInScope(), false);
} else if (VIEW_OPTION_DOMAINS_ALWAYS_IN_SCOPE_ENABLED.equals(name)) {
result = domainMatchersToApiResponseList(name, extension.getSpiderParam().getDomainsAlwaysInScope(), true);
} else {
throw new ApiException(ApiException.Type.BAD_VIEW);
}
return result;
}
use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.
the class SpiderAPI method domainMatchersToApiResponseList.
private ApiResponse domainMatchersToApiResponseList(String name, List<DomainAlwaysInScopeMatcher> domains, boolean excludeDisabled) {
ApiResponseList apiResponse = new ApiResponseList(name);
for (int i = 0; i < domains.size(); i++) {
DomainAlwaysInScopeMatcher domain = domains.get(i);
if (!domain.isEnabled() && excludeDisabled) {
continue;
}
Map<String, Object> domainData = new HashMap<>();
domainData.put("idx", i);
domainData.put("value", domain.getValue());
domainData.put("regex", domain.isRegex());
domainData.put("enabled", domain.isEnabled());
apiResponse.addItem(new ApiResponseSet<Object>("domain", domainData));
}
return apiResponse;
}
Aggregations