Search in sources :

Example 1 with ApiResponseSet

use of org.zaproxy.zap.extension.api.ApiResponseSet in project zaproxy by zaproxy.

the class SpiderAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    ApiResponse result;
    if (VIEW_STATUS.equals(name)) {
        SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
        int progress = 0;
        if (scan != null) {
            if (scan.isStopped()) {
                progress = 100;
            } else {
                progress = scan.getProgress();
            }
        }
        result = new ApiResponseElement(name, Integer.toString(progress));
    } else if (VIEW_RESULTS.equals(name)) {
        result = new ApiResponseList(name);
        SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
        if (scan != null) {
            synchronized (scan.getResults()) {
                for (String s : scan.getResults()) {
                    ((ApiResponseList) result).addItem(new ApiResponseElement("url", s));
                }
            }
        }
    } else if (VIEW_FULL_RESULTS.equals(name)) {
        ApiResponseList resultUrls = new ApiResponseList(name);
        SpiderScan scan = (SpiderScan) this.getSpiderScan(params);
        ApiResponseList resultList = new ApiResponseList("urlsInScope");
        synchronized (scan.getResourcesFound()) {
            for (SpiderResource sr : scan.getResourcesFound()) {
                Map<String, String> map = new HashMap<>();
                map.put("messageId", Integer.toString(sr.getHistoryId()));
                map.put("method", sr.getMethod());
                map.put("url", sr.getUri());
                map.put("statusCode", Integer.toString(sr.getStatusCode()));
                map.put("statusReason", sr.getStatusReason());
                resultList.addItem(new ApiResponseSet<String>("resource", map));
            }
        }
        resultUrls.addItem(resultList);
        resultList = new ApiResponseList("urlsOutOfScope");
        synchronized (scan.getResultsOutOfScope()) {
            for (String url : scan.getResultsOutOfScope()) {
                resultList.addItem(new ApiResponseElement("url", url));
            }
        }
        resultUrls.addItem(resultList);
        result = resultUrls;
    } else if (VIEW_EXCLUDED_FROM_SCAN.equals(name)) {
        result = new ApiResponseList(name);
        Session session = Model.getSingleton().getSession();
        List<String> regexs = session.getExcludeFromSpiderRegexs();
        for (String regex : regexs) {
            ((ApiResponseList) result).addItem(new ApiResponseElement("regex", regex));
        }
    } else if (VIEW_SCANS.equals(name)) {
        ApiResponseList resultList = new ApiResponseList(name);
        for (GenericScanner2 scan : extension.getAllScans()) {
            SpiderScan spiderScan = (SpiderScan) scan;
            Map<String, String> map = new HashMap<>();
            map.put("id", Integer.toString(spiderScan.getScanId()));
            map.put("progress", Integer.toString(spiderScan.getProgress()));
            map.put("state", spiderScan.getState());
            resultList.addItem(new ApiResponseSet<String>("scan", map));
        }
        result = resultList;
    } else if (VIEW_ALL_URLS.equals(name)) {
        ApiResponseList resultUrls = new ApiResponseList(name);
        Set<String> urlSet = new HashSet<String>();
        TableHistory tableHistory = extension.getModel().getDb().getTableHistory();
        List<Integer> ids = Collections.emptyList();
        try {
            ids = tableHistory.getHistoryIdsOfHistType(extension.getModel().getSession().getSessionId(), HistoryReference.TYPE_SPIDER, HistoryReference.TYPE_SPIDER_TASK);
        } catch (DatabaseException e) {
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
        }
        String url;
        for (Integer id : ids) {
            try {
                RecordHistory rh = tableHistory.read(id.intValue());
                if (rh != null) {
                    url = rh.getHttpMessage().getRequestHeader().getURI().toString();
                    if (urlSet.add(url)) {
                        resultUrls.addItem(new ApiResponseElement("url", url));
                    }
                }
            } catch (HttpMalformedHeaderException | DatabaseException e) {
                throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
            }
        }
        result = resultUrls;
    } else if (VIEW_DOMAINS_ALWAYS_IN_SCOPE.equals(name) || VIEW_OPTION_DOMAINS_ALWAYS_IN_SCOPE.equals(name)) {
        result = domainMatchersToApiResponseList(name, extension.getSpiderParam().getDomainsAlwaysInScope(), false);
    } else if (VIEW_OPTION_DOMAINS_ALWAYS_IN_SCOPE_ENABLED.equals(name)) {
        result = domainMatchersToApiResponseList(name, extension.getSpiderParam().getDomainsAlwaysInScope(), true);
    } else {
        throw new ApiException(ApiException.Type.BAD_VIEW);
    }
    return result;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) ApiResponseSet(org.zaproxy.zap.extension.api.ApiResponseSet) HashMap(java.util.HashMap) ApiResponse(org.zaproxy.zap.extension.api.ApiResponse) ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) GenericScanner2(org.zaproxy.zap.model.GenericScanner2) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) ArrayList(java.util.ArrayList) List(java.util.List) TableHistory(org.parosproxy.paros.db.TableHistory) DatabaseException(org.parosproxy.paros.db.DatabaseException) RecordHistory(org.parosproxy.paros.db.RecordHistory) Session(org.parosproxy.paros.model.Session) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 2 with ApiResponseSet

use of org.zaproxy.zap.extension.api.ApiResponseSet in project zaproxy by zaproxy.

the class SearchAPI method handleApiView.

@Override
public ApiResponse handleApiView(final String name, JSONObject params) throws ApiException {
    final ApiResponseList result = new ApiResponseList(name);
    ExtensionSearch.Type searchType;
    SearchViewResponseType responseType;
    switch(name) {
        case VIEW_URLS_BY_URL_REGEX:
            searchType = ExtensionSearch.Type.URL;
            responseType = SearchViewResponseType.URL;
            break;
        case VIEW_MESSAGES_BY_URL_REGEX:
            searchType = ExtensionSearch.Type.URL;
            responseType = SearchViewResponseType.MESSAGE;
            break;
        case VIEW_URLS_BY_REQUEST_REGEX:
            searchType = ExtensionSearch.Type.Request;
            responseType = SearchViewResponseType.URL;
            break;
        case VIEW_MESSAGES_BY_REQUEST_REGEX:
            searchType = ExtensionSearch.Type.Request;
            responseType = SearchViewResponseType.MESSAGE;
            break;
        case VIEW_URLS_BY_RESPONSE_REGEX:
            searchType = ExtensionSearch.Type.Response;
            responseType = SearchViewResponseType.URL;
            break;
        case VIEW_MESSAGES_BY_RESPONSE_REGEX:
            searchType = ExtensionSearch.Type.Response;
            responseType = SearchViewResponseType.MESSAGE;
            break;
        case VIEW_URLS_BY_HEADER_REGEX:
            searchType = ExtensionSearch.Type.Header;
            responseType = SearchViewResponseType.URL;
            break;
        case VIEW_MESSAGES_BY_HEADER_REGEX:
            searchType = ExtensionSearch.Type.Header;
            responseType = SearchViewResponseType.MESSAGE;
            break;
        default:
            throw new ApiException(ApiException.Type.BAD_VIEW);
    }
    validateRegex(params);
    try {
        SearchResultsProcessor processor;
        if (SearchViewResponseType.MESSAGE == responseType) {
            processor = new SearchResultsProcessor() {

                @Override
                public void processRecordHistory(RecordHistory recordHistory) {
                    result.addItem(ApiResponseConversionUtils.httpMessageToSet(recordHistory.getHistoryId(), recordHistory.getHistoryType(), recordHistory.getHttpMessage()));
                }
            };
        } else {
            processor = new SearchResultsProcessor() {

                @Override
                public void processRecordHistory(RecordHistory recordHistory) {
                    final HttpMessage msg = recordHistory.getHttpMessage();
                    Map<String, String> map = new HashMap<>();
                    map.put("id", String.valueOf(recordHistory.getHistoryId()));
                    map.put("type", String.valueOf(recordHistory.getHistoryType()));
                    map.put("method", msg.getRequestHeader().getMethod());
                    map.put("url", msg.getRequestHeader().getURI().toString());
                    map.put("code", String.valueOf(msg.getResponseHeader().getStatusCode()));
                    map.put("time", String.valueOf(msg.getTimeElapsedMillis()));
                    result.addItem(new ApiResponseSet<String>(name, map));
                }
            };
        }
        search(params, searchType, processor);
    } catch (Exception e) {
        log.error(e.getMessage(), e);
        throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
    }
    return result;
}
Also used : HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) PatternSyntaxException(java.util.regex.PatternSyntaxException) ApiException(org.zaproxy.zap.extension.api.ApiException) DatabaseException(org.parosproxy.paros.db.DatabaseException) ApiResponseSet(org.zaproxy.zap.extension.api.ApiResponseSet) ApiResponseList(org.zaproxy.zap.extension.api.ApiResponseList) HttpMessage(org.parosproxy.paros.network.HttpMessage) RecordHistory(org.parosproxy.paros.db.RecordHistory) HashMap(java.util.HashMap) Map(java.util.Map) ApiException(org.zaproxy.zap.extension.api.ApiException)

Aggregations

HashMap (java.util.HashMap)2 DatabaseException (org.parosproxy.paros.db.DatabaseException)2 RecordHistory (org.parosproxy.paros.db.RecordHistory)2 ApiException (org.zaproxy.zap.extension.api.ApiException)2 ApiResponseList (org.zaproxy.zap.extension.api.ApiResponseList)2 ApiResponseSet (org.zaproxy.zap.extension.api.ApiResponseSet)2 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Map (java.util.Map)1 Set (java.util.Set)1 PatternSyntaxException (java.util.regex.PatternSyntaxException)1 TableHistory (org.parosproxy.paros.db.TableHistory)1 Session (org.parosproxy.paros.model.Session)1 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)1 HttpMessage (org.parosproxy.paros.network.HttpMessage)1 ApiResponse (org.zaproxy.zap.extension.api.ApiResponse)1 ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)1 GenericScanner2 (org.zaproxy.zap.model.GenericScanner2)1