Examples with ScanFilter org.zaproxy.zap.extension.ascan.filters.ScanFilter used on opensource projects

Search in sources :

Example 1 with ScanFilter

use of org.zaproxy.zap.extension.ascan.filters.ScanFilter in project zaproxy by zaproxy.

the class HostProcess method filterNode.

private boolean filterNode(StructuralNode node) {
    for (ScanFilter scanFilter : parentScanner.getScanFilters()) {
        try {
            FilterResult filterResult = scanFilter.isFiltered(node);
            if (filterResult.isFiltered()) {
                try {
                    HttpMessage msg = node.getHistoryReference().getHttpMessage();
                    parentScanner.notifyFilteredMessage(msg, filterResult.getReason());
                } catch (HttpMalformedHeaderException | DatabaseException e) {
                    log.warn("Error while getting httpmessage from history reference: " + e.getMessage(), e);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Ignoring filtered node: " + node.getName() + " Reason: " + filterResult.getReason());
                }
                return true;
            }
        } catch (Exception ex) {
            log.error(ex.getMessage(), ex);
        }
    }
    return false;
}
Also used : ScanFilter(org.zaproxy.zap.extension.ascan.filters.ScanFilter) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) FilterResult(org.zaproxy.zap.extension.ascan.filters.FilterResult) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) IOException(java.io.IOException) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 2 with ScanFilter

use of org.zaproxy.zap.extension.ascan.filters.ScanFilter in project zaproxy by zaproxy.

the class HostProcessUnitTest method shouldScanNonFilteredNode.

@Test
void shouldScanNonFilteredNode() {
    // Given
    ScanFilter scanFilter = mock(ScanFilter.class);
    given(scanFilter.isFiltered(any())).willReturn(FilterResult.NOT_FILTERED);
    given(scanner.getScanFilters()).willReturn(asList(scanFilter));
    StructuralNode node = createLeafNode("GET:file", "GET", "http://localhost/file");
    hostProcess.setStartNode(node);
    // When
    hostProcess.run();
    // Then
    assertThat(hostProcess.getTestTotalCount(), is(equalTo(1)));
    verify(scanFilter).isFiltered(node);
    verify(scanner, times(0)).notifyFilteredMessage(any(), any());
}
Also used : StructuralNode(org.zaproxy.zap.model.StructuralNode) ScanFilter(org.zaproxy.zap.extension.ascan.filters.ScanFilter) Test(org.junit.jupiter.api.Test)

Example 3 with ScanFilter

use of org.zaproxy.zap.extension.ascan.filters.ScanFilter in project zaproxy by zaproxy.

the class HostProcessUnitTest method shouldNotScanFilteredNode.

@Test
void shouldNotScanFilteredNode() throws Exception {
    // Given
    ScanFilter scanFilter = mock(ScanFilter.class);
    String filteredReason = "reason";
    FilterResult filterResult = new FilterResult(filteredReason);
    given(scanFilter.isFiltered(any())).willReturn(filterResult);
    given(scanner.getScanFilters()).willReturn(asList(scanFilter));
    HttpMessage httpMessage = mock(HttpMessage.class);
    StructuralNode node = createLeafNode("GET:file", "GET", "http://localhost/file");
    given(node.getHistoryReference().getHttpMessage()).willReturn(httpMessage);
    hostProcess.setStartNode(node);
    // When
    hostProcess.run();
    // Then
    assertThat(hostProcess.getTestTotalCount(), is(equalTo(0)));
    verify(scanFilter).isFiltered(node);
    verify(scanner).notifyFilteredMessage(httpMessage, filteredReason);
}
Also used : StructuralNode(org.zaproxy.zap.model.StructuralNode) ScanFilter(org.zaproxy.zap.extension.ascan.filters.ScanFilter) FilterResult(org.zaproxy.zap.extension.ascan.filters.FilterResult) HttpMessage(org.parosproxy.paros.network.HttpMessage) Test(org.junit.jupiter.api.Test)

Example 4 with ScanFilter

use of org.zaproxy.zap.extension.ascan.filters.ScanFilter in project zaproxy by zaproxy.

the class CustomScanDialog method save.

/**
 * Use the save method to launch a scan
 */
@Override
public void save() {
    List<Object> contextSpecificObjects = new ArrayList<>();
    techTreeState = getTechTree().getTechSet();
    if (!this.getBoolValue(FIELD_ADVANCED)) {
        contextSpecificObjects.add(scanPolicy);
    } else {
        contextSpecificObjects.add(policyPanel.getScanPolicy());
        if (target == null && this.customPanels != null) {
            // One of the custom scan panels must have specified a target
            for (CustomScanPanel customPanel : this.customPanels) {
                target = customPanel.getTarget();
                if (target != null) {
                    break;
                }
            }
        }
        // Save all Variant configurations
        getVariantPanel().saveParam(scannerParam);
        // force all injectable params and rpc model to NULL
        if (getDisableNonCustomVectors().isSelected()) {
            scannerParam.setTargetParamsInjectable(0);
            scannerParam.setTargetParamsEnabledRPC(0);
        }
        if (!getBoolValue(FIELD_RECURSE) && injectionPointModel.getSize() > 0) {
            int[][] injPoints = new int[injectionPointModel.getSize()][];
            for (int i = 0; i < injectionPointModel.getSize(); i++) {
                Highlight hl = injectionPointModel.elementAt(i);
                injPoints[i] = new int[2];
                injPoints[i][0] = hl.getStartOffset();
                injPoints[i][1] = hl.getEndOffset();
            }
            try {
                if (target != null && target.getStartNode() != null) {
                    VariantUserDefined.setInjectionPoints(this.target.getStartNode().getHistoryReference().getURI().toString(), injPoints);
                    enableUserDefinedRPC();
                }
            } catch (Exception e) {
                logger.error(e.getMessage(), e);
            }
        }
        scannerParam.setHostPerScan(extension.getScannerParam().getHostPerScan());
        scannerParam.setThreadPerHost(extension.getScannerParam().getThreadPerHost());
        scannerParam.setHandleAntiCSRFTokens(extension.getScannerParam().getHandleAntiCSRFTokens());
        scannerParam.setMaxResultsToList(extension.getScannerParam().getMaxResultsToList());
        contextSpecificObjects.add(scannerParam);
        contextSpecificObjects.add(techTreeState);
        List<ScanFilter> scanFilterList = filterPanel.getScanFilters();
        for (ScanFilter scanFilter : scanFilterList) {
            contextSpecificObjects.add(scanFilter);
        }
        if (this.customPanels != null) {
            for (CustomScanPanel customPanel : this.customPanels) {
                Object[] objs = customPanel.getContextSpecificObjects();
                if (objs != null) {
                    for (Object obj : objs) {
                        contextSpecificObjects.add(obj);
                    }
                }
            }
        }
    }
    target.setRecurse(this.getBoolValue(FIELD_RECURSE));
    if (target.getContext() == null && getSelectedContext() != null) {
        target.setContext(getSelectedContext());
    }
    this.extension.startScan(target, getSelectedUser(), contextSpecificObjects.toArray());
}
Also used : Highlight(javax.swing.text.Highlighter.Highlight) ScanFilter(org.zaproxy.zap.extension.ascan.filters.ScanFilter) ArrayList(java.util.ArrayList) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) BadLocationException(javax.swing.text.BadLocationException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) DatabaseException(org.parosproxy.paros.db.DatabaseException)

Example 5 with ScanFilter

use of org.zaproxy.zap.extension.ascan.filters.ScanFilter in project zaproxy by zaproxy.

the class ActiveScanController method startScan.

@Override
public int startScan(String name, Target target, User user, Object[] contextSpecificObjects) {
    activeScansLock.lock();
    try {
        int id = this.scanIdCounter++;
        RuleConfigParam ruleConfigParam = null;
        ExtensionRuleConfig extRC = Control.getSingleton().getExtensionLoader().getExtension(ExtensionRuleConfig.class);
        if (extRC != null) {
            ruleConfigParam = extRC.getRuleConfigParam();
        }
        ActiveScan ascan = new ActiveScan(name, extension.getScannerParam(), extension.getModel().getOptionsParam().getConnectionParam(), null, ruleConfigParam) {

            @Override
            public void alertFound(Alert alert) {
                alert.setSource(Alert.Source.ACTIVE);
                if (extAlert != null) {
                    extAlert.alertFound(alert, null);
                }
                super.alertFound(alert);
            }
        };
        Session session = extension.getModel().getSession();
        List<String> excludeList = new ArrayList<>();
        excludeList.addAll(extension.getExcludeList());
        excludeList.addAll(session.getExcludeFromScanRegexs());
        excludeList.addAll(session.getGlobalExcludeURLRegexs());
        ascan.setExcludeList(excludeList);
        ScanPolicy policy = null;
        ascan.setId(id);
        ascan.setUser(user);
        boolean techOverridden = false;
        if (contextSpecificObjects != null) {
            for (Object obj : contextSpecificObjects) {
                if (obj instanceof ScannerParam) {
                    logger.debug("Setting custom scanner params");
                    ascan.setScannerParam((ScannerParam) obj);
                } else if (obj instanceof ScanPolicy) {
                    policy = (ScanPolicy) obj;
                    logger.debug("Setting custom policy " + policy.getName());
                    ascan.setScanPolicy(policy);
                } else if (obj instanceof TechSet) {
                    ascan.setTechSet((TechSet) obj);
                    techOverridden = true;
                } else if (obj instanceof ScriptCollection) {
                    ascan.addScriptCollection((ScriptCollection) obj);
                } else if (obj instanceof ScanFilter) {
                    ascan.addScanFilter((ScanFilter) obj);
                } else {
                    logger.error("Unexpected contextSpecificObject: " + obj.getClass().getCanonicalName());
                }
            }
        }
        if (policy == null) {
            // use the default
            policy = extension.getPolicyManager().getDefaultScanPolicy();
            logger.debug("Setting default policy " + policy.getName());
            ascan.setScanPolicy(policy);
        }
        if (!techOverridden && target.getContext() != null) {
            ascan.setTechSet(target.getContext().getTechSet());
        }
        this.activeScanMap.put(id, ascan);
        this.activeScanList.add(ascan);
        ascan.start(target);
        return id;
    } finally {
        activeScansLock.unlock();
    }
}
Also used : TechSet(org.zaproxy.zap.model.TechSet) ScanFilter(org.zaproxy.zap.extension.ascan.filters.ScanFilter) ArrayList(java.util.ArrayList) ScriptCollection(org.zaproxy.zap.extension.script.ScriptCollection) RuleConfigParam(org.zaproxy.zap.extension.ruleconfig.RuleConfigParam) ExtensionRuleConfig(org.zaproxy.zap.extension.ruleconfig.ExtensionRuleConfig) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam) Alert(org.parosproxy.paros.core.scanner.Alert) ExtensionAlert(org.zaproxy.zap.extension.alert.ExtensionAlert) Session(org.parosproxy.paros.model.Session)

Aggregations

ScanFilter (org.zaproxy.zap.extension.ascan.filters.ScanFilter)6 Test (org.junit.jupiter.api.Test)3 StructuralNode (org.zaproxy.zap.model.StructuralNode)3 ArrayList (java.util.ArrayList)2 DatabaseException (org.parosproxy.paros.db.DatabaseException)2 HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)2 HttpMessage (org.parosproxy.paros.network.HttpMessage)2 FilterResult (org.zaproxy.zap.extension.ascan.filters.FilterResult)2 IOException (java.io.IOException)1 BadLocationException (javax.swing.text.BadLocationException)1 Highlight (javax.swing.text.Highlighter.Highlight)1 ConfigurationException (org.apache.commons.configuration.ConfigurationException)1 Alert (org.parosproxy.paros.core.scanner.Alert)1 ScannerParam (org.parosproxy.paros.core.scanner.ScannerParam)1 Session (org.parosproxy.paros.model.Session)1 ExtensionAlert (org.zaproxy.zap.extension.alert.ExtensionAlert)1 ExtensionRuleConfig (org.zaproxy.zap.extension.ruleconfig.ExtensionRuleConfig)1 RuleConfigParam (org.zaproxy.zap.extension.ruleconfig.RuleConfigParam)1 ScriptCollection (org.zaproxy.zap.extension.script.ScriptCollection)1 TechSet (org.zaproxy.zap.model.TechSet)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial