Search in sources :

Example 6 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class StatsAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    ApiResponse result = null;
    InMemoryStats memStats = extension.getInMemoryStats();
    if (memStats == null) {
        throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
    }
    if (VIEW_STATS.equals(name)) {
        Map<String, String> map = new TreeMap<>();
        for (Entry<String, Long> stat : memStats.getStats(this.getParam(params, PARAM_KEY_PREFIX, "")).entrySet()) {
            map.put(stat.getKey(), stat.getValue().toString());
        }
        result = new ApiResponseSet<String>(name, map);
    } else if (VIEW_ALL_SITES_STATS.equals(name)) {
        result = new ApiResponseList(name);
        for (Entry<String, Map<String, Long>> stats : memStats.getAllSiteStats(this.getParam(params, PARAM_KEY_PREFIX, "")).entrySet()) {
            ((ApiResponseList) result).addItem(new SiteStatsApiResponse(stats.getKey(), stats.getValue()));
        }
    } else if (VIEW_SITE_STATS.equals(name)) {
        String site = params.getString(PARAM_SITE);
        URI siteURI;
        try {
            siteURI = new URI(site, true);
            site = SessionStructure.getHostName(siteURI);
        } catch (Exception e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_SITE);
        }
        String scheme = siteURI.getScheme();
        if (scheme == null || (!scheme.equalsIgnoreCase("http") && !scheme.equalsIgnoreCase("https"))) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_SITE);
        }
        result = new SiteStatsApiResponse(site, memStats.getSiteStats(site, this.getParam(params, PARAM_KEY_PREFIX, "")));
    } else {
        throw new ApiException(ApiException.Type.BAD_VIEW);
    }
    return result;
}
Also used : TreeMap(java.util.TreeMap) URI(org.apache.commons.httpclient.URI) ApiResponse(org.zaproxy.zap.extension.api.ApiResponse) ApiException(org.zaproxy.zap.extension.api.ApiException) Entry(java.util.Map.Entry) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 7 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class ScriptAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    if (VIEW_SCRIPTS.equals(name)) {
        ApiResponseList result = new ApiResponseList(name);
        for (ScriptType type : extension.getScriptTypes()) {
            for (ScriptWrapper script : extension.getScripts(type)) {
                Map<String, String> map = new HashMap<>();
                map.put("name", script.getName());
                map.put("type", script.getTypeName());
                map.put("engine", script.getEngineName());
                map.put("description", script.getDescription());
                map.put("error", Boolean.toString(script.isError()));
                if (script.isError()) {
                    map.put("lastError", script.getLastErrorDetails());
                }
                if (type.isEnableable()) {
                    map.put("enabled", Boolean.toString(script.isEnabled()));
                }
                result.addItem(new ApiResponseSet<String>("Script", map));
            }
        }
        return result;
    } else if (VIEW_ENGINES.equals(name)) {
        ApiResponseList result = new ApiResponseList(name);
        for (String engine : extension.getScriptingEngines()) {
            result.addItem(new ApiResponseElement("engine", engine));
        }
        return result;
    } else {
        throw new ApiException(ApiException.Type.BAD_VIEW);
    }
}
Also used : ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) HashMap(java.util.HashMap) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 8 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class UsersAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    log.debug("handleApiView " + name + " " + params.toString());
    switch(name) {
        case VIEW_USERS_LIST:
            ApiResponseList usersListResponse = new ApiResponseList(name);
            // Get the users
            List<User> users;
            if (hasContextId(params))
                users = extension.getContextUserAuthManager(getContextId(params)).getUsers();
            else {
                users = new ArrayList<>();
                for (Context c : Model.getSingleton().getSession().getContexts()) users.addAll(extension.getContextUserAuthManager(c.getIndex()).getUsers());
            }
            // Prepare the response
            for (User user : users) usersListResponse.addItem(buildResponseFromUser(user));
            return usersListResponse;
        case VIEW_GET_USER_BY_ID:
            return buildResponseFromUser(getUser(params));
        case VIEW_GET_AUTH_CREDENTIALS:
            return getUser(params).getAuthenticationCredentials().getApiResponseRepresentation();
        case VIEW_GET_AUTH_CREDENTIALS_CONFIG_PARAMETERS:
            AuthenticationMethodType type = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID).getAuthenticationMethod().getType();
            ApiDynamicActionImplementor a = loadedAuthenticationMethodActions.get(type.getUniqueIdentifier());
            return a.buildParamsDescription();
        default:
            throw new ApiException(ApiException.Type.BAD_VIEW);
    }
}
Also used : Context(org.zaproxy.zap.model.Context) ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) AuthenticationMethodType(org.zaproxy.zap.authentication.AuthenticationMethodType) User(org.zaproxy.zap.users.User) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 9 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class HttpSessionsAPI method createSessionResponse.

private ApiResponseList createSessionResponse(HttpSession session) {
    ApiResponseList sessionResult = new ApiResponseList("session");
    sessionResult.addItem(new ApiResponseElement("name", session.getName()));
    sessionResult.addItem(new TokenValuesResponseSet(session.getTokenValuesUnmodifiableMap()));
    sessionResult.addItem(new ApiResponseElement("messages_matched", Integer.toString(session.getMessagesMatched())));
    return sessionResult;
}
Also used : ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)

Example 10 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class SearchAPI method handleApiView.

@Override
public ApiResponse handleApiView(final String name, JSONObject params) throws ApiException {
    final ApiResponseList result = new ApiResponseList(name);
    ExtensionSearch.Type searchType;
    SearchViewResponseType responseType;
    switch(name) {
        case VIEW_URLS_BY_URL_REGEX:
            searchType = ExtensionSearch.Type.URL;
            responseType = SearchViewResponseType.URL;
            break;
        case VIEW_MESSAGES_BY_URL_REGEX:
            searchType = ExtensionSearch.Type.URL;
            responseType = SearchViewResponseType.MESSAGE;
            break;
        case VIEW_URLS_BY_REQUEST_REGEX:
            searchType = ExtensionSearch.Type.Request;
            responseType = SearchViewResponseType.URL;
            break;
        case VIEW_MESSAGES_BY_REQUEST_REGEX:
            searchType = ExtensionSearch.Type.Request;
            responseType = SearchViewResponseType.MESSAGE;
            break;
        case VIEW_URLS_BY_RESPONSE_REGEX:
            searchType = ExtensionSearch.Type.Response;
            responseType = SearchViewResponseType.URL;
            break;
        case VIEW_MESSAGES_BY_RESPONSE_REGEX:
            searchType = ExtensionSearch.Type.Response;
            responseType = SearchViewResponseType.MESSAGE;
            break;
        case VIEW_URLS_BY_HEADER_REGEX:
            searchType = ExtensionSearch.Type.Header;
            responseType = SearchViewResponseType.URL;
            break;
        case VIEW_MESSAGES_BY_HEADER_REGEX:
            searchType = ExtensionSearch.Type.Header;
            responseType = SearchViewResponseType.MESSAGE;
            break;
        default:
            throw new ApiException(ApiException.Type.BAD_VIEW);
    }
    validateRegex(params);
    try {
        SearchResultsProcessor processor;
        if (SearchViewResponseType.MESSAGE == responseType) {
            processor = new SearchResultsProcessor() {

                @Override
                public void processRecordHistory(RecordHistory recordHistory) {
                    result.addItem(ApiResponseConversionUtils.httpMessageToSet(recordHistory.getHistoryId(), recordHistory.getHistoryType(), recordHistory.getHttpMessage()));
                }
            };
        } else {
            processor = new SearchResultsProcessor() {

                @Override
                public void processRecordHistory(RecordHistory recordHistory) {
                    final HttpMessage msg = recordHistory.getHttpMessage();
                    Map<String, String> map = new HashMap<>();
                    map.put("id", String.valueOf(recordHistory.getHistoryId()));
                    map.put("type", String.valueOf(recordHistory.getHistoryType()));
                    map.put("method", msg.getRequestHeader().getMethod());
                    map.put("url", msg.getRequestHeader().getURI().toString());
                    map.put("code", String.valueOf(msg.getResponseHeader().getStatusCode()));
                    map.put("time", String.valueOf(msg.getTimeElapsedMillis()));
                    result.addItem(new ApiResponseSet<String>(name, map));
                }
            };
        }
        search(params, searchType, processor);
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
    }
    return result;
}
Also used : HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) PatternSyntaxException(java.util.regex.PatternSyntaxException) ApiException(org.zaproxy.zap.extension.api.ApiException) DatabaseException(org.parosproxy.paros.db.DatabaseException) ApiResponseSet(org.zaproxy.zap.extension.api.ApiResponseSet) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) HttpMessage(org.parosproxy.paros.network.HttpMessage) RecordHistory(org.parosproxy.paros.db.RecordHistory) HashMap(java.util.HashMap) Map(java.util.Map) ApiException(org.zaproxy.zap.extension.api.ApiException)

Aggregations

ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)15 ApiException (org.zaproxy.zap.extension.api.ApiException)11 ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)10 HashMap (java.util.HashMap)8 ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)6 DatabaseException (org.parosproxy.paros.db.DatabaseException)2 RecordHistory (org.parosproxy.paros.db.RecordHistory)2 Session (org.parosproxy.paros.model.Session)2 ApiResponseSet (org.zaproxy.zap.extension.api.ApiResponseSet)2 GenericScanner2 (org.zaproxy.zap.model.GenericScanner2)2 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Map (java.util.Map)1 Entry (java.util.Map.Entry)1 Set (java.util.Set)1 TreeMap (java.util.TreeMap)1 PatternSyntaxException (java.util.regex.PatternSyntaxException)1 JSONObject (net.sf.json.JSONObject)1