Example 1 with RuleConfigParam
use of org.zaproxy.zap.extension.ruleconfig.RuleConfigParam in project zaproxy by zaproxy.
the class ActiveScanController method startScan.
@Override
public int startScan(String name, Target target, User user, Object[] contextSpecificObjects) {
activeScansLock.lock();
try {
int id = this.scanIdCounter++;
RuleConfigParam ruleConfigParam = null;
ExtensionRuleConfig extRC = Control.getSingleton().getExtensionLoader().getExtension(ExtensionRuleConfig.class);
if (extRC != null) {
ruleConfigParam = extRC.getRuleConfigParam();
}
ActiveScan ascan = new ActiveScan(name, extension.getScannerParam(), extension.getModel().getOptionsParam().getConnectionParam(), null, ruleConfigParam) {
@Override
public void alertFound(Alert alert) {
alert.setSource(Alert.Source.ACTIVE);
if (extAlert != null) {
extAlert.alertFound(alert, null);
}
super.alertFound(alert);
}
};
Session session = extension.getModel().getSession();
List<String> excludeList = new ArrayList<>();
excludeList.addAll(extension.getExcludeList());
excludeList.addAll(session.getExcludeFromScanRegexs());
excludeList.addAll(session.getGlobalExcludeURLRegexs());
ascan.setExcludeList(excludeList);
ScanPolicy policy = null;
ascan.setId(id);
ascan.setUser(user);
boolean techOverridden = false;
if (contextSpecificObjects != null) {
for (Object obj : contextSpecificObjects) {
if (obj instanceof ScannerParam) {
logger.debug("Setting custom scanner params");
ascan.setScannerParam((ScannerParam) obj);
} else if (obj instanceof ScanPolicy) {
policy = (ScanPolicy) obj;
logger.debug("Setting custom policy " + policy.getName());
ascan.setScanPolicy(policy);
} else if (obj instanceof TechSet) {
ascan.setTechSet((TechSet) obj);
techOverridden = true;
} else if (obj instanceof ScriptCollection) {
ascan.addScriptCollection((ScriptCollection) obj);
} else if (obj instanceof ScanFilter) {
ascan.addScanFilter((ScanFilter) obj);
} else {
logger.error("Unexpected contextSpecificObject: " + obj.getClass().getCanonicalName());
}
}
}
if (policy == null) {
// use the default
policy = extension.getPolicyManager().getDefaultScanPolicy();
logger.debug("Setting default policy " + policy.getName());
ascan.setScanPolicy(policy);
}
if (!techOverridden && target.getContext() != null) {
ascan.setTechSet(target.getContext().getTechSet());
}
this.activeScanMap.put(id, ascan);
this.activeScanList.add(ascan);
ascan.start(target);
return id;
} finally {
activeScansLock.unlock();
}
}
Also used :
TechSet(org.zaproxy.zap.model.TechSet)
ScanFilter(org.zaproxy.zap.extension.ascan.filters.ScanFilter)
ArrayList(java.util.ArrayList)
ScriptCollection(org.zaproxy.zap.extension.script.ScriptCollection)
RuleConfigParam(org.zaproxy.zap.extension.ruleconfig.RuleConfigParam)
ExtensionRuleConfig(org.zaproxy.zap.extension.ruleconfig.ExtensionRuleConfig)
ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam)
Alert(org.parosproxy.paros.core.scanner.Alert)
ExtensionAlert(org.zaproxy.zap.extension.alert.ExtensionAlert)
Session(org.parosproxy.paros.model.Session)
Aggregations
ArrayList (java.util.ArrayList)1
Alert (org.parosproxy.paros.core.scanner.Alert)1
ScannerParam (org.parosproxy.paros.core.scanner.ScannerParam)1
Session (org.parosproxy.paros.model.Session)1
ExtensionAlert (org.zaproxy.zap.extension.alert.ExtensionAlert)1
ScanFilter (org.zaproxy.zap.extension.ascan.filters.ScanFilter)1
ExtensionRuleConfig (org.zaproxy.zap.extension.ruleconfig.ExtensionRuleConfig)1
RuleConfigParam (org.zaproxy.zap.extension.ruleconfig.RuleConfigParam)1
ScriptCollection (org.zaproxy.zap.extension.script.ScriptCollection)1
TechSet (org.zaproxy.zap.model.TechSet)1
