Example 16 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class PopupFlagLoggedOutIndicatorMenu method performAction.
public void performAction() {
// Manually create the UI shared contexts so any modifications are done
// on an UI shared Context, so changes can be undone by pressing Cancel
SessionDialog sessionDialog = View.getSingleton().getSessionDialog();
sessionDialog.recreateUISharedContexts(Model.getSingleton().getSession());
Context uiSharedContext = sessionDialog.getUISharedContext(this.contextId);
uiSharedContext.getAuthenticationMethod().setLoggedOutIndicatorPattern(Pattern.quote(getSelectedText()));
// Show the session dialog without recreating UI Shared contexts
View.getSingleton().showSessionDialog(Model.getSingleton().getSession(), ContextAuthenticationPanel.buildName(this.contextId), false);
}
Also used :
Context(org.zaproxy.zap.model.Context)
SessionDialog(org.parosproxy.paros.view.SessionDialog)
Example 17 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class AuthenticationAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
log.debug("handleApiAction " + name + " " + params.toString());
Context context;
switch(name) {
case ACTION_SET_LOGGED_IN_INDICATOR:
String loggedInIndicator = params.getString(PARAM_LOGGED_IN_INDICATOR);
if (loggedInIndicator == null || loggedInIndicator.isEmpty())
throw new ApiException(Type.MISSING_PARAMETER, PARAM_LOGGED_IN_INDICATOR);
context = getContext(params);
context.getAuthenticationMethod().setLoggedInIndicatorPattern(loggedInIndicator);
context.save();
return ApiResponseElement.OK;
case ACTION_SET_LOGGED_OUT_INDICATOR:
String loggedOutIndicator = params.getString(PARAM_LOGGED_OUT_INDICATOR);
if (loggedOutIndicator == null || loggedOutIndicator.isEmpty())
throw new ApiException(Type.MISSING_PARAMETER, PARAM_LOGGED_OUT_INDICATOR);
context = getContext(params);
context.getAuthenticationMethod().setLoggedOutIndicatorPattern(loggedOutIndicator);
context.save();
return ApiResponseElement.OK;
case ACTION_SET_METHOD:
// Prepare the params
JSONObject actionParams;
if (params.has(PARAM_METHOD_CONFIG_PARAMS))
actionParams = API.getParams(params.getString(PARAM_METHOD_CONFIG_PARAMS));
else
actionParams = new JSONObject();
context = getContext(params);
actionParams.put(PARAM_CONTEXT_ID, context.getId());
AuthenticationMethodType oldMethodType = context.getAuthenticationMethod().getType();
AuthMethodEntry authEntry = getSetMethodActionImplementor(params);
authEntry.getApi().handleAction(actionParams);
resetUsersCredentials(context.getId(), oldMethodType, authEntry.getMethodType());
context.save();
return ApiResponseElement.OK;
default:
throw new ApiException(Type.BAD_ACTION);
}
}
Also used :
Context(org.zaproxy.zap.model.Context)
AuthenticationMethodType(org.zaproxy.zap.authentication.AuthenticationMethodType)
JSONObject(net.sf.json.JSONObject)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 18 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class PopupFlagLoggedInIndicatorMenu method performAction.
public void performAction() {
// Manually create the UI shared contexts so any modifications are done
// on an UI shared Context, so changes can be undone by pressing Cancel
SessionDialog sessionDialog = View.getSingleton().getSessionDialog();
sessionDialog.recreateUISharedContexts(Model.getSingleton().getSession());
Context uiSharedContext = sessionDialog.getUISharedContext(this.contextId);
uiSharedContext.getAuthenticationMethod().setLoggedInIndicatorPattern(Pattern.quote(getSelectedText()));
// Show the session dialog without recreating UI Shared contexts
View.getSingleton().showSessionDialog(Model.getSingleton().getSession(), ContextAuthenticationPanel.buildName(this.contextId), false);
}
Also used :
Context(org.zaproxy.zap.model.Context)
SessionDialog(org.parosproxy.paros.view.SessionDialog)
Example 19 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class AuthorizationAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
log.debug("handleApiAction " + name + " " + params.toString());
Context context;
switch(name) {
case ACTION_SET_AUTHORIZATION_METHOD:
context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
String headerRegex = params.optString(PARAM_HEADER_REGEX, null);
String bodyRegex = params.optString(PARAM_BODY_REGEX, null);
LogicalOperator logicalOperator = ApiUtils.getOptionalEnumParam(params, PARAM_LOGICAL_OPERATOR, LogicalOperator.class);
if (logicalOperator == null) {
logicalOperator = LogicalOperator.AND;
}
int statusCode = params.optInt(PARAM_STATUS_CODE, BasicAuthorizationDetectionMethod.NO_STATUS_CODE);
if (log.isDebugEnabled()) {
log.debug(String.format("Setting basic authorization detection to: %s / %s / %d / %s", headerRegex, bodyRegex, statusCode, logicalOperator));
}
BasicAuthorizationDetectionMethod method = new BasicAuthorizationDetectionMethod(statusCode, headerRegex, bodyRegex, logicalOperator);
context.setAuthorizationDetectionMethod(method);
return ApiResponseElement.OK;
default:
throw new ApiException(Type.BAD_ACTION);
}
}
Also used :
Context(org.zaproxy.zap.model.Context)
LogicalOperator(org.zaproxy.zap.extension.authorization.BasicAuthorizationDetectionMethod.LogicalOperator)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 20 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class SpiderAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
log.debug("Request for handleApiAction: " + name + " (params: " + params.toString() + ")");
SpiderScan scan;
int maxChildren = -1;
Context context = null;
switch(name) {
case ACTION_START_SCAN:
// The action is to start a new Scan
String url = ApiUtils.getOptionalStringParam(params, PARAM_URL);
if (params.containsKey(PARAM_MAX_CHILDREN)) {
String maxChildrenStr = params.getString(PARAM_MAX_CHILDREN);
if (maxChildrenStr != null && maxChildrenStr.length() > 0) {
try {
maxChildren = Integer.parseInt(maxChildrenStr);
} catch (NumberFormatException e) {
throw new ApiException(Type.ILLEGAL_PARAMETER, PARAM_MAX_CHILDREN);
}
}
}
if (params.containsKey(PARAM_CONTEXT_NAME)) {
String contextName = params.getString(PARAM_CONTEXT_NAME);
if (!contextName.isEmpty()) {
context = ApiUtils.getContextByName(contextName);
}
}
int scanId = scanURL(url, null, maxChildren, this.getParam(params, PARAM_RECURSE, true), context, getParam(params, PARAM_SUBTREE_ONLY, false));
return new ApiResponseElement(name, Integer.toString(scanId));
case ACTION_START_SCAN_AS_USER:
// The action is to start a new Scan from the perspective of a user
String urlUserScan = ApiUtils.getOptionalStringParam(params, PARAM_URL);
int userID = ApiUtils.getIntParam(params, PARAM_USER_ID);
ExtensionUserManagement usersExtension = Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.class);
if (usersExtension == null) {
throw new ApiException(Type.NO_IMPLEMENTOR, ExtensionUserManagement.NAME);
}
context = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID);
User user = usersExtension.getContextUserAuthManager(context.getId()).getUserById(userID);
if (user == null) {
throw new ApiException(Type.USER_NOT_FOUND, PARAM_USER_ID);
}
if (params.containsKey(PARAM_MAX_CHILDREN)) {
String maxChildrenStr = params.getString(PARAM_MAX_CHILDREN);
if (maxChildrenStr != null && maxChildrenStr.length() > 0) {
try {
maxChildren = Integer.parseInt(maxChildrenStr);
} catch (NumberFormatException e) {
throw new ApiException(Type.ILLEGAL_PARAMETER, PARAM_MAX_CHILDREN);
}
}
}
scanId = scanURL(urlUserScan, user, maxChildren, this.getParam(params, PARAM_RECURSE, true), context, getParam(params, PARAM_SUBTREE_ONLY, false));
return new ApiResponseElement(name, Integer.toString(scanId));
case ACTION_PAUSE_SCAN:
scan = getSpiderScan(params);
extension.pauseScan(scan.getScanId());
break;
case ACTION_RESUME_SCAN:
scan = getSpiderScan(params);
extension.resumeScan(scan.getScanId());
break;
case ACTION_STOP_SCAN:
// The action is to stop a pending scan
scan = getSpiderScan(params);
extension.stopScan(scan.getScanId());
break;
case ACTION_REMOVE_SCAN:
// Note that we're removing the scan with this call, not just getting it ;)
scan = getSpiderScan(params);
extension.removeScan(scan.getScanId());
break;
case ACTION_PAUSE_ALL_SCANS:
extension.pauseAllScans();
break;
case ACTION_RESUME_ALL_SCANS:
extension.resumeAllScans();
break;
case ACTION_STOP_ALL_SCANS:
extension.stopAllScans();
break;
case ACTION_REMOVE_ALL_SCANS:
extension.removeAllScans();
break;
case ACTION_CLEAR_EXCLUDED_FROM_SCAN:
try {
Session session = Model.getSingleton().getSession();
session.setExcludeFromSpiderRegexs(new ArrayList<>());
} catch (DatabaseException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
break;
case ACTION_EXCLUDE_FROM_SCAN:
String regex = params.getString(PARAM_REGEX);
try {
Session session = Model.getSingleton().getSession();
session.addExcludeFromSpiderRegex(regex);
} catch (DatabaseException e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
} catch (PatternSyntaxException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REGEX);
}
break;
case ACTION_ADD_DOMAIN_ALWAYS_IN_SCOPE:
try {
String value = params.getString(PARAM_VALUE);
DomainAlwaysInScopeMatcher domainAlwaysInScope;
if (getParam(params, PARAM_IS_REGEX, false)) {
domainAlwaysInScope = new DomainAlwaysInScopeMatcher(DomainAlwaysInScopeMatcher.createPattern(value));
} else {
domainAlwaysInScope = new DomainAlwaysInScopeMatcher(value);
}
domainAlwaysInScope.setEnabled(getParam(params, PARAM_IS_ENABLED, true));
List<DomainAlwaysInScopeMatcher> domainsAlwaysInScope = new ArrayList<>(extension.getSpiderParam().getDomainsAlwaysInScope());
domainsAlwaysInScope.add(domainAlwaysInScope);
extension.getSpiderParam().setDomainsAlwaysInScope(domainsAlwaysInScope);
} catch (IllegalArgumentException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_VALUE, e);
}
break;
case ACTION_MODIFY_DOMAIN_ALWAYS_IN_SCOPE:
try {
int idx = params.getInt(PARAM_IDX);
if (idx < 0 || idx >= extension.getSpiderParam().getDomainsAlwaysInScope().size()) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
}
DomainAlwaysInScopeMatcher oldDomain = extension.getSpiderParam().getDomainsAlwaysInScope().get(idx);
String value = getParam(params, PARAM_VALUE, oldDomain.getValue());
if (value.isEmpty()) {
value = oldDomain.getValue();
}
DomainAlwaysInScopeMatcher newDomain;
if (getParam(params, PARAM_IS_REGEX, oldDomain.isRegex())) {
newDomain = new DomainAlwaysInScopeMatcher(DomainAlwaysInScopeMatcher.createPattern(value));
} else {
newDomain = new DomainAlwaysInScopeMatcher(value);
}
newDomain.setEnabled(getParam(params, PARAM_IS_ENABLED, oldDomain.isEnabled()));
if (oldDomain.equals(newDomain)) {
break;
}
List<DomainAlwaysInScopeMatcher> domainsAlwaysInScope = new ArrayList<>(extension.getSpiderParam().getDomainsAlwaysInScope());
domainsAlwaysInScope.set(idx, newDomain);
extension.getSpiderParam().setDomainsAlwaysInScope(domainsAlwaysInScope);
} catch (JSONException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
} catch (IllegalArgumentException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_VALUE, e);
}
break;
case ACTION_REMOVE_DOMAIN_ALWAYS_IN_SCOPE:
try {
int idx = params.getInt(PARAM_IDX);
if (idx < 0 || idx >= extension.getSpiderParam().getDomainsAlwaysInScope().size()) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
}
List<DomainAlwaysInScopeMatcher> domainsAlwaysInScope = new ArrayList<>(extension.getSpiderParam().getDomainsAlwaysInScope());
domainsAlwaysInScope.remove(idx);
extension.getSpiderParam().setDomainsAlwaysInScope(domainsAlwaysInScope);
} catch (JSONException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
}
break;
case ACTION_ENABLE_ALL_DOMAINS_ALWAYS_IN_SCOPE:
setDomainsAlwaysInScopeEnabled(true);
break;
case ACTION_DISABLE_ALL_DOMAINS_ALWAYS_IN_SCOPE:
setDomainsAlwaysInScopeEnabled(false);
break;
default:
throw new ApiException(ApiException.Type.BAD_ACTION);
}
return ApiResponseElement.OK;
}
Also used :
Context(org.zaproxy.zap.model.Context)
User(org.zaproxy.zap.users.User)
ArrayList(java.util.ArrayList)
JSONException(net.sf.json.JSONException)
DomainAlwaysInScopeMatcher(org.zaproxy.zap.spider.DomainAlwaysInScopeMatcher)
ExtensionUserManagement(org.zaproxy.zap.extension.users.ExtensionUserManagement)
ApiResponseElement(org.zaproxy.zap.extension.api.ApiResponseElement)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Session(org.parosproxy.paros.model.Session)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
Aggregations
Context (org.zaproxy.zap.model.Context)89
ApiException (org.zaproxy.zap.extension.api.ApiException)22
Test (org.junit.jupiter.api.Test)21
ZapXmlConfiguration (org.zaproxy.zap.utils.ZapXmlConfiguration)17
WithConfigsTest (org.zaproxy.zap.WithConfigsTest)16
User (org.zaproxy.zap.users.User)15
JSONObject (net.sf.json.JSONObject)14
Configuration (org.apache.commons.configuration.Configuration)14
Session (org.parosproxy.paros.model.Session)14
ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)13
RecordContext (org.parosproxy.paros.db.RecordContext)12
DatabaseException (org.parosproxy.paros.db.DatabaseException)10
ConfigurationException (org.apache.commons.configuration.ConfigurationException)9
HttpMessage (org.parosproxy.paros.network.HttpMessage)9
ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)9
ArrayList (java.util.ArrayList)8
JMenuItem (javax.swing.JMenuItem)7
ExtensionPopupMenuItem (org.parosproxy.paros.extension.ExtensionPopupMenuItem)7
SiteNode (org.parosproxy.paros.model.SiteNode)7
IOException (java.io.IOException)6
