Search in sources :

Example 11 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class HttpSessionsAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    if (log.isDebugEnabled()) {
        log.debug("Request for handleApiView: " + name + " (params: " + params.toString() + ")");
    }
    HttpSessionsSite site;
    switch(name) {
        case VIEW_SITES:
            // Get all sites with sessions
            ApiResponseList responseSites = new ApiResponseList(name);
            for (String s : extension.getSites()) {
                responseSites.addItem(new ApiResponseElement("site", s));
            }
            return responseSites;
        case VIEW_SESSIONS:
            // Get existing sessions
            site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), false);
            if (site == null) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
            }
            ApiResponseList response = new ApiResponseList(name);
            String vsName = getParam(params, VIEW_PARAM_SESSION, "");
            // If a session name was not provided
            if (vsName == null || vsName.isEmpty()) {
                Set<HttpSession> sessions = site.getHttpSessions();
                if (log.isDebugEnabled()) {
                    log.debug("API View for sessions for " + ApiUtils.getAuthority(params.getString(VIEW_PARAM_SITE)) + ": " + site);
                }
                // Build the response
                for (HttpSession session : sessions) {
                    // Dont include 'null' sessions
                    if (session.getTokenValuesUnmodifiableMap().size() > 0) {
                        response.addItem(createSessionResponse(session));
                    }
                }
            } else // If a session name was provided
            {
                HttpSession session = site.getHttpSession(vsName);
                if (session != null) {
                    response.addItem(createSessionResponse(session));
                }
            }
            return response;
        case VIEW_ACTIVE_SESSION:
            // Get existing sessions
            site = extension.getHttpSessionsSite(ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE)), false);
            if (site == null) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
            }
            if (log.isDebugEnabled()) {
                log.debug("API View for active session for " + ApiUtils.getAuthority(params.getString(VIEW_PARAM_SITE)) + ": " + site);
            }
            if (site.getActiveSession() != null) {
                return new ApiResponseElement("active_session", site.getActiveSession().getName());
            } else {
                return new ApiResponseElement("active_session", "");
            }
        case VIEW_SESSION_TOKENS:
            final String siteName = ApiUtils.getAuthority(params.getString(ACTION_PARAM_SITE));
            // Check if the site exists
            if (extension.getHttpSessionsSite(siteName, false) == null) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, ACTION_PARAM_SITE);
            }
            // Get session tokens
            HttpSessionTokensSet sessionTokens = extension.getHttpSessionTokensSet(siteName);
            ApiResponseList responseST = new ApiResponseList("session_tokens");
            if (sessionTokens != null) {
                Set<String> tokens = sessionTokens.getTokensSet();
                // Build response list
                if (tokens != null) {
                    for (String token : tokens) {
                        responseST.addItem(new ApiResponseElement("token", token));
                    }
                }
            }
            return responseST;
        default:
            throw new ApiException(ApiException.Type.BAD_VIEW);
    }
}
Also used : ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 12 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class ParamsAPI method createSiteParamStatsResponse.

private static ApiResponseList createSiteParamStatsResponse(SiteParameters siteParam) {
    ApiResponseList stats = new ApiResponseList("Parameter");
    for (HtmlParameterStats param : siteParam.getParams()) {
        Map<String, String> map = new HashMap<>();
        map.put("site", param.getSite());
        map.put("name", param.getName());
        map.put("type", param.getType().name());
        map.put("timesUsed", String.valueOf(param.getTimesUsed()));
        stats.addItem(new ApiResponseSet<String>("Stats", map));
        ApiResponseList flags = new ApiResponseList("Flags");
        for (String flag : param.getFlags()) {
            flags.addItem(new ApiResponseElement("Flag", flag));
        }
        if (param.getFlags().size() > 0) {
            stats.addItem(flags);
        }
        ApiResponseList vals = new ApiResponseList("Values");
        for (String value : param.getValues()) {
            vals.addItem(new ApiResponseElement("Value", value));
        }
        if (param.getValues().size() > 0) {
            stats.addItem(vals);
        }
    }
    return stats;
}
Also used : ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) HashMap(java.util.HashMap) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)

Example 13 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class ParamsAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    if (VIEW_PARAMS.equals(name)) {
        ApiResponseList result = new ApiResponseList("Parameters");
        if (params.containsKey(VIEW_PARAMS_PARAM_SITE)) {
            String paramSite = params.getString(VIEW_PARAMS_PARAM_SITE);
            if (!paramSite.isEmpty()) {
                String site = ApiUtils.getAuthority(paramSite);
                if (!extension.hasSite(site)) {
                    throw new ApiException(ApiException.Type.DOES_NOT_EXIST, paramSite);
                }
                if (extension.hasParameters(site)) {
                    result.addItem(createSiteParamStatsResponse(extension.getSiteParameters(site)));
                }
                return result;
            }
        }
        Collection<SiteParameters> siteParams = extension.getAllSiteParameters();
        for (SiteParameters siteParam : siteParams) {
            result.addItem(createSiteParamStatsResponse(siteParam));
        }
        return result;
    } else {
        throw new ApiException(ApiException.Type.BAD_VIEW);
    }
}
Also used : ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 14 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class RuleConfigAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    ApiResponse result;
    switch(name) {
        case VIEW_RULE_CONFIG_VALUE:
            RuleConfig rc = extension.getRuleConfig(params.getString(PARAM_KEY));
            if (rc != null) {
                result = new ApiResponseElement(name, rc.getValue());
            } else {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_KEY);
            }
            break;
        case VIEW_ALL_RULE_CONFIGS:
            List<RuleConfig> allRules = extension.getAllRuleConfigs();
            ApiResponseList resultList = new ApiResponseList(name);
            for (RuleConfig rc2 : allRules) {
                Map<String, String> map = new HashMap<>();
                map.put("key", String.valueOf(rc2.getKey()));
                map.put("defaultValue", rc2.getDefaultValue());
                map.put("value", String.valueOf(rc2.getValue()));
                if (Constant.messages.containsKey(rc2.getKey())) {
                    map.put("description", Constant.messages.getString(rc2.getKey()));
                }
                resultList.addItem(new ApiResponseSet<String>("ruleConfig", map));
            }
            result = resultList;
            break;
        default:
            throw new ApiException(ApiException.Type.BAD_VIEW);
    }
    return result;
}
Also used : ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) HashMap(java.util.HashMap) ApiResponse(org.zaproxy.zap.extension.api.ApiResponse) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 15 with ApiResponseList

use of org.zaproxy.zap.extension.api.ApiResponseList in project zaproxy by zaproxy.

the class PassiveScanAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    ApiResponse result;
    switch(name) {
        case VIEW_SCAN_ONLY_IN_SCOPE:
            result = new ApiResponseElement(name, Boolean.toString(extension.getPassiveScanParam().isScanOnlyInScope()));
            break;
        case VIEW_RECORDS_TO_SCAN:
            result = new ApiResponseElement(name, String.valueOf(extension.getRecordsToScan()));
            break;
        case VIEW_SCANNERS:
            List<PluginPassiveScanner> scanners = extension.getPluginPassiveScanners();
            ApiResponseList resultList = new ApiResponseList(name);
            for (PluginPassiveScanner scanner : scanners) {
                Map<String, String> map = new HashMap<>();
                map.put("id", String.valueOf(scanner.getPluginId()));
                map.put("name", scanner.getName());
                map.put("enabled", String.valueOf(scanner.isEnabled()));
                map.put("alertThreshold", scanner.getLevel(true).name());
                map.put("quality", scanner.getStatus().toString());
                resultList.addItem(new ApiResponseSet<String>("scanner", map));
            }
            result = resultList;
            break;
        default:
            throw new ApiException(ApiException.Type.BAD_VIEW);
    }
    return result;
}
Also used : ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) HashMap(java.util.HashMap) ApiResponse(org.zaproxy.zap.extension.api.ApiResponse) ApiException(org.zaproxy.zap.extension.api.ApiException)

Aggregations

ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)15 ApiException (org.zaproxy.zap.extension.api.ApiException)11 ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)10 HashMap (java.util.HashMap)8 ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)6 DatabaseException (org.parosproxy.paros.db.DatabaseException)2 RecordHistory (org.parosproxy.paros.db.RecordHistory)2 Session (org.parosproxy.paros.model.Session)2 ApiResponseSet (org.zaproxy.zap.extension.api.ApiResponseSet)2 GenericScanner2 (org.zaproxy.zap.model.GenericScanner2)2 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Map (java.util.Map)1 Entry (java.util.Map.Entry)1 Set (java.util.Set)1 TreeMap (java.util.TreeMap)1 PatternSyntaxException (java.util.regex.PatternSyntaxException)1 JSONObject (net.sf.json.JSONObject)1