Search in sources :

Example 1 with RuleConfigParam

use of org.zaproxy.zap.extension.ruleconfig.RuleConfigParam in project zaproxy by zaproxy.

the class ActiveScanController method startScan.

@Override
public int startScan(String name, Target target, User user, Object[] contextSpecificObjects) {
    activeScansLock.lock();
    try {
        int id = this.scanIdCounter++;
        RuleConfigParam ruleConfigParam = null;
        ExtensionRuleConfig extRC = Control.getSingleton().getExtensionLoader().getExtension(ExtensionRuleConfig.class);
        if (extRC != null) {
            ruleConfigParam = extRC.getRuleConfigParam();
        }
        ActiveScan ascan = new ActiveScan(name, extension.getScannerParam(), extension.getModel().getOptionsParam().getConnectionParam(), null, ruleConfigParam) {

            @Override
            public void alertFound(Alert alert) {
                alert.setSource(Alert.Source.ACTIVE);
                if (extAlert != null) {
                    extAlert.alertFound(alert, null);
                }
                super.alertFound(alert);
            }
        };
        Session session = extension.getModel().getSession();
        List<String> excludeList = new ArrayList<>();
        excludeList.addAll(extension.getExcludeList());
        excludeList.addAll(session.getExcludeFromScanRegexs());
        excludeList.addAll(session.getGlobalExcludeURLRegexs());
        ascan.setExcludeList(excludeList);
        ScanPolicy policy = null;
        ascan.setId(id);
        ascan.setUser(user);
        boolean techOverridden = false;
        if (contextSpecificObjects != null) {
            for (Object obj : contextSpecificObjects) {
                if (obj instanceof ScannerParam) {
                    logger.debug("Setting custom scanner params");
                    ascan.setScannerParam((ScannerParam) obj);
                } else if (obj instanceof ScanPolicy) {
                    policy = (ScanPolicy) obj;
                    logger.debug("Setting custom policy " + policy.getName());
                    ascan.setScanPolicy(policy);
                } else if (obj instanceof TechSet) {
                    ascan.setTechSet((TechSet) obj);
                    techOverridden = true;
                } else if (obj instanceof ScriptCollection) {
                    ascan.addScriptCollection((ScriptCollection) obj);
                } else if (obj instanceof ScanFilter) {
                    ascan.addScanFilter((ScanFilter) obj);
                } else {
                    logger.error("Unexpected contextSpecificObject: " + obj.getClass().getCanonicalName());
                }
            }
        }
        if (policy == null) {
            // use the default
            policy = extension.getPolicyManager().getDefaultScanPolicy();
            logger.debug("Setting default policy " + policy.getName());
            ascan.setScanPolicy(policy);
        }
        if (!techOverridden && target.getContext() != null) {
            ascan.setTechSet(target.getContext().getTechSet());
        }
        this.activeScanMap.put(id, ascan);
        this.activeScanList.add(ascan);
        ascan.start(target);
        return id;
    } finally {
        activeScansLock.unlock();
    }
}
Also used : TechSet(org.zaproxy.zap.model.TechSet) ScanFilter(org.zaproxy.zap.extension.ascan.filters.ScanFilter) ArrayList(java.util.ArrayList) ScriptCollection(org.zaproxy.zap.extension.script.ScriptCollection) RuleConfigParam(org.zaproxy.zap.extension.ruleconfig.RuleConfigParam) ExtensionRuleConfig(org.zaproxy.zap.extension.ruleconfig.ExtensionRuleConfig) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam) Alert(org.parosproxy.paros.core.scanner.Alert) ExtensionAlert(org.zaproxy.zap.extension.alert.ExtensionAlert) Session(org.parosproxy.paros.model.Session)

Aggregations

ArrayList (java.util.ArrayList)1 Alert (org.parosproxy.paros.core.scanner.Alert)1 ScannerParam (org.parosproxy.paros.core.scanner.ScannerParam)1 Session (org.parosproxy.paros.model.Session)1 ExtensionAlert (org.zaproxy.zap.extension.alert.ExtensionAlert)1 ScanFilter (org.zaproxy.zap.extension.ascan.filters.ScanFilter)1 ExtensionRuleConfig (org.zaproxy.zap.extension.ruleconfig.ExtensionRuleConfig)1 RuleConfigParam (org.zaproxy.zap.extension.ruleconfig.RuleConfigParam)1 ScriptCollection (org.zaproxy.zap.extension.script.ScriptCollection)1 TechSet (org.zaproxy.zap.model.TechSet)1