Examples with ScriptWrapper org.zaproxy.zap.extension.script.ScriptWrapper used on opensource projects

Search in sources :

Example 16 with ScriptWrapper

use of org.zaproxy.zap.extension.script.ScriptWrapper in project zaproxy by zaproxy.

the class ScriptsActiveScannerUnitTest method shouldStopScanningParamsWithActiveScriptWhenScanStopped.

@Test
@SuppressWarnings("unchecked")
void shouldStopScanningParamsWithActiveScriptWhenScanStopped() throws Exception {
    // Given
    ActiveScript script1 = mock(ActiveScript.class);
    doAnswer(stopScan()).when(script1).scan(any(), any(), any(), any());
    ScriptWrapper scriptWrapper1 = createScriptWrapper(script1, ActiveScript.class);
    ActiveScript script2 = mock(ActiveScript.class);
    ScriptWrapper scriptWrapper2 = createScriptWrapper(script2, ActiveScript.class);
    given(extensionScript.getScripts(SCRIPT_TYPE)).willReturn(asList(scriptWrapper1, scriptWrapper2));
    ScriptsCache<ActiveScript> scriptsCache = createScriptsCache(createCachedScript(script1, scriptWrapper1), createCachedScript(script2, scriptWrapper2));
    given(extensionScript.<ActiveScript>createScriptsCache(any())).willReturn(scriptsCache);
    given(parent.getScannerParam()).willReturn(mock(ScannerParam.class));
    String name1 = "Name1";
    String value1 = "Value1";
    NameValuePair param1 = param(name1, value1);
    String name2 = "Name2";
    String value2 = "Value2";
    NameValuePair param2 = param(name2, value2);
    Variant variant = mock(Variant.class);
    given(variant.getParamList()).willReturn(asList(param1, param2));
    VariantFactory variantFactory = mock(VariantFactory.class);
    given(variantFactory.createVariants(any(), any())).willReturn(asList(variant));
    given(model.getVariantFactory()).willReturn(variantFactory);
    ScriptsActiveScanner scriptsActiveScanner = new ScriptsActiveScanner();
    scriptsActiveScanner.init(message, parent);
    // When
    scriptsActiveScanner.scan();
    // Then
    verify(scriptsCache, times(1)).refresh();
    verify(scriptsCache, times(1)).getCachedScripts();
    verify(script1, times(1)).scan(scriptsActiveScanner, message, name1, value1);
    verify(script1, times(0)).scan(scriptsActiveScanner, message, name2, value2);
    verify(script2, times(0)).scan(any(), any(), any(), any());
}
Also used : Variant(org.parosproxy.paros.core.scanner.Variant) NameValuePair(org.parosproxy.paros.core.scanner.NameValuePair) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam) ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 17 with ScriptWrapper

use of org.zaproxy.zap.extension.script.ScriptWrapper in project zaproxy by zaproxy.

the class ScriptsActiveScanner method scan.

@Override
public void scan() {
    List<ScriptWrapper> scripts = this.getActiveScripts();
    for (Iterator<ScriptWrapper> it = scripts.iterator(); it.hasNext() && !isStop(); ) {
        ScriptWrapper script = it.next();
        try {
            if (script.isEnabled()) {
                ActiveScript2 s = extension.getInterface(script, ActiveScript2.class);
                if (s != null) {
                    HttpMessage msg = this.getNewMsg();
                    logger.debug("Calling script " + script.getName() + " scanNode for " + msg.getRequestHeader().getURI());
                    s.scanNode(this, msg);
                } else {
                    scriptsNoInterface.add(script);
                }
            }
        } catch (Exception e) {
            extension.handleScriptException(script, e);
        }
    }
    if (!isStop()) {
        InterfaceProvider<ActiveScript> interfaceProvider = (scriptWrapper, targetInterface) -> {
            ActiveScript s = extension.getInterface(scriptWrapper, targetInterface);
            if (s != null) {
                return s;
            }
            if (scriptsNoInterface.contains(scriptWrapper)) {
                extension.handleFailedScriptInterface(scriptWrapper, Constant.messages.getString("ascan.scripts.interface.active.error", scriptWrapper.getName()));
            }
            return null;
        };
        cachedScripts = getExtension().createScriptsCache(Configuration.<ActiveScript>builder().setScriptType(ExtensionActiveScan.SCRIPT_TYPE_ACTIVE).setTargetInterface(ActiveScript.class).setInterfaceProvider(interfaceProvider).build());
        super.scan();
    }
    scriptsNoInterface.clear();
}
Also used : Category(org.parosproxy.paros.core.scanner.Category) Configuration(org.zaproxy.zap.extension.script.ScriptsCache.Configuration) Iterator(java.util.Iterator) AbstractAppParamPlugin(org.parosproxy.paros.core.scanner.AbstractAppParamPlugin) Set(java.util.Set) IOException(java.io.IOException) Control(org.parosproxy.paros.control.Control) AlertBuilder(org.parosproxy.paros.core.scanner.AbstractPlugin.AlertBuilder) HashSet(java.util.HashSet) CachedScript(org.zaproxy.zap.extension.script.ScriptsCache.CachedScript) List(java.util.List) Logger(org.apache.logging.log4j.Logger) Alert(org.parosproxy.paros.core.scanner.Alert) ExtensionScript(org.zaproxy.zap.extension.script.ExtensionScript) ScriptsCache(org.zaproxy.zap.extension.script.ScriptsCache) HttpException(org.apache.commons.httpclient.HttpException) Constant(org.parosproxy.paros.Constant) InterfaceProvider(org.zaproxy.zap.extension.script.ScriptsCache.InterfaceProvider) HttpMessage(org.parosproxy.paros.network.HttpMessage) LogManager(org.apache.logging.log4j.LogManager) ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper) ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper) HttpMessage(org.parosproxy.paros.network.HttpMessage) IOException(java.io.IOException) HttpException(org.apache.commons.httpclient.HttpException)

Example 18 with ScriptWrapper

use of org.zaproxy.zap.extension.script.ScriptWrapper in project zaproxy by zaproxy.

the class ScriptsActiveScanner method scan.

@Override
public void scan(HttpMessage msg, String param, String value) {
    cachedScripts.refresh();
    for (CachedScript<ActiveScript> cachedScript : cachedScripts.getCachedScripts()) {
        if (isStop()) {
            return;
        }
        ScriptWrapper script = cachedScript.getScriptWrapper();
        try {
            logger.debug("Calling script " + script.getName() + " scan for " + msg.getRequestHeader().getURI() + "param=" + param + " value=" + value);
            cachedScript.getScript().scan(this, msg, param, value);
        } catch (Exception e) {
            extension.handleScriptException(script, e);
        }
    }
}
Also used : ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper) IOException(java.io.IOException) HttpException(org.apache.commons.httpclient.HttpException)

Example 19 with ScriptWrapper

use of org.zaproxy.zap.extension.script.ScriptWrapper in project zaproxy by zaproxy.

the class ScriptsActiveScannerUnitTest method shouldHandleExceptionsThrownByActiveScript.

@Test
@SuppressWarnings("unchecked")
void shouldHandleExceptionsThrownByActiveScript() throws Exception {
    // Given
    ActiveScript script1 = mock(ActiveScript.class);
    ScriptWrapper scriptWrapper1 = createScriptWrapper(script1, ActiveScript.class);
    ActiveScript script2 = mock(ActiveScript.class);
    ScriptWrapper scriptWrapper2 = createScriptWrapper(script2, ActiveScript.class);
    given(extensionScript.getScripts(SCRIPT_TYPE)).willReturn(asList(scriptWrapper1, scriptWrapper2));
    ScriptsCache<ActiveScript> scriptsCache = createScriptsCache(createCachedScript(script1, scriptWrapper1), createCachedScript(script2, scriptWrapper2));
    given(extensionScript.<ActiveScript>createScriptsCache(any())).willReturn(scriptsCache);
    given(parent.getScannerParam()).willReturn(mock(ScannerParam.class));
    String name1 = "Name1";
    String value1 = "Value1";
    NameValuePair param1 = param(name1, value1);
    ScriptException exception = mock(ScriptException.class);
    doThrow(exception).when(script1).scan(any(), any(), eq(name1), eq(value1));
    String name2 = "Name2";
    String value2 = "Value2";
    NameValuePair param2 = param(name2, value2);
    Variant variant = mock(Variant.class);
    given(variant.getParamList()).willReturn(asList(param1, param2));
    VariantFactory variantFactory = mock(VariantFactory.class);
    given(variantFactory.createVariants(any(), any())).willReturn(asList(variant));
    given(model.getVariantFactory()).willReturn(variantFactory);
    ScriptsActiveScanner scriptsActiveScanner = new ScriptsActiveScanner();
    scriptsActiveScanner.init(message, parent);
    // When
    scriptsActiveScanner.scan();
    // Then
    verify(scriptsCache, times(2)).refresh();
    verify(scriptsCache, times(2)).getCachedScripts();
    verify(script1, times(1)).scan(scriptsActiveScanner, message, name1, value1);
    verify(extensionScript, times(1)).handleScriptException(scriptWrapper1, exception);
    verify(script2, times(1)).scan(scriptsActiveScanner, message, name1, value1);
    verify(script2, times(1)).scan(scriptsActiveScanner, message, name2, value2);
}
Also used : Variant(org.parosproxy.paros.core.scanner.Variant) NameValuePair(org.parosproxy.paros.core.scanner.NameValuePair) ScriptException(javax.script.ScriptException) ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam) ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 20 with ScriptWrapper

use of org.zaproxy.zap.extension.script.ScriptWrapper in project zaproxy by zaproxy.

the class ScriptsActiveScannerUnitTest method createScriptWrapper.

private <T> ScriptWrapper createScriptWrapper(T script, Class<T> scriptClass) throws Exception {
    ScriptWrapper scriptWrapper = mock(ScriptWrapper.class);
    given(scriptWrapper.isEnabled()).willReturn(true);
    given(extensionScript.getInterface(scriptWrapper, scriptClass)).willReturn(script);
    return scriptWrapper;
}
Also used : ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper)

Aggregations

ScriptWrapper (org.zaproxy.zap.extension.script.ScriptWrapper)25 Test (org.junit.jupiter.api.Test)16 WithConfigsTest (org.zaproxy.zap.WithConfigsTest)10 HttpMessage (org.parosproxy.paros.network.HttpMessage)7 ExtensionScript (org.zaproxy.zap.extension.script.ExtensionScript)7 ArrayList (java.util.ArrayList)4 ScriptException (javax.script.ScriptException)4 Variant (org.parosproxy.paros.core.scanner.Variant)4 NameValuePair (org.parosproxy.paros.core.scanner.NameValuePair)3 ScannerParam (org.parosproxy.paros.core.scanner.ScannerParam)3 ApiException (org.zaproxy.zap.extension.api.ApiException)3 Configuration (org.zaproxy.zap.extension.script.ScriptsCache.Configuration)3 IOException (java.io.IOException)2 HashMap (java.util.HashMap)2 JSONObject (net.sf.json.JSONObject)2 ConfigurationException (org.apache.commons.configuration.ConfigurationException)2 HttpException (org.apache.commons.httpclient.HttpException)2 DatabaseException (org.parosproxy.paros.db.DatabaseException)2 RecordContext (org.parosproxy.paros.db.RecordContext)2 ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial