Example 31 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class ContextAPI method handleApiAction.
@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
log.debug("handleApiAction " + name + " " + params.toString());
Context context;
TechSet techSet;
String[] techNames;
String filename;
File f;
switch(name) {
case ACTION_EXCLUDE_FROM_CONTEXT_REGEX:
try {
addExcludeToContext(getContext(params), params.getString(REGEX_PARAM));
} catch (IllegalArgumentException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, REGEX_PARAM, e);
}
break;
case ACTION_INCLUDE_IN_CONTEXT_REGEX:
try {
addIncludeToContext(getContext(params), params.getString(REGEX_PARAM));
} catch (IllegalArgumentException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, REGEX_PARAM, e);
}
break;
case ACTION_SET_CONTEXT_REGEXS:
context = getContext(params);
JSONArray incRegexs;
JSONArray excRegexs;
try {
incRegexs = JSONArray.fromObject(params.get(INC_REGEXS_PARAM));
context.setIncludeInContextRegexs(JsonUtil.toStringList(incRegexs));
} catch (JSONException e1) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, INC_REGEXS_PARAM);
}
try {
excRegexs = JSONArray.fromObject(params.get(EXC_REGEXS_PARAM));
context.setExcludeFromContextRegexs(JsonUtil.toStringList(excRegexs));
} catch (Exception e1) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, EXC_REGEXS_PARAM);
}
Model.getSingleton().getSession().saveContext(context);
break;
case ACTION_SET_CONTEXT_CHECKING_STRATEGY:
context = getContext(params);
AuthCheckingStrategy checkingStrategy;
try {
checkingStrategy = AuthCheckingStrategy.valueOf(params.getString(PARAM_CHECKING_STRATEGRY));
} catch (Exception e1) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_CHECKING_STRATEGRY);
}
if (AuthCheckingStrategy.POLL_URL.equals(checkingStrategy)) {
AuthPollFrequencyUnits units;
try {
units = AuthPollFrequencyUnits.valueOf(params.getString(PARAM_POLL_FREQ_UNITS));
} catch (Exception e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_POLL_FREQ_UNITS);
}
int freq;
String pollUrl = params.getString(PARAM_POLL_URL);
String pollData = params.getString(PARAM_POLL_DATA);
String pollHeaders = params.getString(PARAM_POLL_HEADERS);
if (pollUrl == null || pollUrl.isEmpty()) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_POLL_URL);
}
try {
new URI(pollUrl, true);
} catch (Exception e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_POLL_URL);
}
try {
freq = params.getInt(PARAM_POLL_FREQ);
} catch (Exception e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_POLL_FREQ);
}
if (freq <= 0) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_POLL_FREQ);
}
context.getAuthenticationMethod().setPollUrl(pollUrl);
context.getAuthenticationMethod().setPollData(pollData);
context.getAuthenticationMethod().setPollHeaders(pollHeaders);
context.getAuthenticationMethod().setPollFrequency(freq);
context.getAuthenticationMethod().setPollFrequencyUnits(units);
}
context.getAuthenticationMethod().setAuthCheckingStrategy(checkingStrategy);
Model.getSingleton().getSession().saveContext(context);
break;
case ACTION_NEW_CONTEXT:
String contextName = params.getString(CONTEXT_NAME);
try {
context = Model.getSingleton().getSession().getNewContext(contextName);
} catch (IllegalContextNameException e) {
throw new ApiException(ApiException.Type.ALREADY_EXISTS, contextName, e);
}
Model.getSingleton().getSession().saveContext(context);
return new ApiResponseElement(CONTEXT_ID, String.valueOf(context.getId()));
case ACTION_REMOVE_CONTEXT:
context = getContext(params);
Model.getSingleton().getSession().deleteContext(context);
break;
case ACTION_SET_CONTEXT_IN_SCOPE:
context = getContext(params);
context.setInScope(params.getBoolean(IN_SCOPE));
Model.getSingleton().getSession().saveContext(context);
break;
case ACTION_IMPORT_CONTEXT:
filename = params.getString(CONTEXT_FILE_PARAM);
f = new File(filename);
if (!f.exists()) {
// Try relative to the contexts dir
f = new File(Constant.getContextsDir(), filename);
}
if (!f.exists()) {
throw new ApiException(ApiException.Type.DOES_NOT_EXIST, f.getAbsolutePath());
} else {
try {
context = Model.getSingleton().getSession().importContext(f);
} catch (IllegalContextNameException e) {
throw new ApiException(ApiException.Type.BAD_EXTERNAL_DATA, e);
} catch (Exception e) {
log.error(e.getMessage(), e);
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
}
return new ApiResponseElement(CONTEXT_ID, String.valueOf(context.getId()));
case ACTION_EXPORT_CONTEXT:
filename = params.getString(CONTEXT_FILE_PARAM);
context = getContext(params);
f = new File(filename);
if (!f.getAbsolutePath().equals(filename)) {
// Not an absolute filename, use one relative to the contexts dir
f = new File(Constant.getContextsDir(), filename);
}
if (!f.getParentFile().canWrite()) {
// Cant write to the parent dir so not looking good
throw new ApiException(ApiException.Type.NO_ACCESS, f.getAbsolutePath());
} else {
try {
Model.getSingleton().getSession().exportContext(context, f);
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
}
break;
case ACTION_INCLUDE_TECHS:
context = getContext(params);
techSet = context.getTechSet();
techNames = getParam(params, PARAM_TECH_NAMES, "").split(",");
for (String techName : techNames) {
techSet.include(getTech(techName));
}
context.save();
break;
case ACTION_INCLUDE_ALL_TECHS:
context = getContext(params);
techSet = new TechSet(Tech.getAll());
context.setTechSet(techSet);
context.save();
break;
case ACTION_EXCLUDE_TECHS:
context = getContext(params);
techSet = context.getTechSet();
techNames = getParam(params, PARAM_TECH_NAMES, "").split(",");
for (String techName : techNames) {
techSet.exclude(getTech(techName));
}
context.save();
break;
case ACTION_EXCLUDE_ALL_TECHS:
context = getContext(params);
techSet = context.getTechSet();
for (Tech tech : Tech.getAll()) {
techSet.exclude(tech);
}
context.save();
break;
default:
throw new ApiException(Type.BAD_ACTION);
}
return ApiResponseElement.OK;
}
Also used :
Context(org.zaproxy.zap.model.Context)
TechSet(org.zaproxy.zap.model.TechSet)
AuthPollFrequencyUnits(org.zaproxy.zap.authentication.AuthenticationMethod.AuthPollFrequencyUnits)
JSONArray(net.sf.json.JSONArray)
AuthCheckingStrategy(org.zaproxy.zap.authentication.AuthenticationMethod.AuthCheckingStrategy)
JSONException(net.sf.json.JSONException)
URI(org.apache.commons.httpclient.URI)
JSONException(net.sf.json.JSONException)
IllegalContextNameException(org.zaproxy.zap.model.IllegalContextNameException)
Tech(org.zaproxy.zap.model.Tech)
IllegalContextNameException(org.zaproxy.zap.model.IllegalContextNameException)
File(java.io.File)
Example 32 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class CustomScanDialog method setUsers.
private void setUsers() {
Context context = this.getSelectedContext();
List<String> userNames = new ArrayList<>();
if (context != null) {
List<User> users = this.extUserMgmt.getContextUserAuthManager(context.getId()).getUsers();
// The default should always be 'not specified'
userNames.add("");
for (User user : users) {
userNames.add(user.getName());
}
}
this.setComboFields(FIELD_USER, userNames, "");
// Theres always 1..
this.getField(FIELD_USER).setEnabled(userNames.size() > 1);
}Example 33 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class HostProcessUnitTest method isCustomPageShouldReturnFalseWhenCustomPageDoesNotMatch.
@Test
void isCustomPageShouldReturnFalseWhenCustomPageDoesNotMatch() {
// Given
Context context = mock(Context.class);
hostProcess.setContext(context);
HttpMessage msg = new HttpMessage();
CustomPage.Type cpType = CustomPage.Type.OTHER;
given(context.isCustomPage(msg, cpType)).willReturn(false);
// When / Then
assertFalse(hostProcess.isCustomPage(msg, cpType));
verify(context).isCustomPage(msg, cpType);
}
Also used :
Context(org.zaproxy.zap.model.Context)
CustomPage(org.zaproxy.zap.extension.custompages.CustomPage)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
Test(org.junit.jupiter.api.Test)
Example 34 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class HttpAuthenticationMethodType method getSetMethodForContextApiAction.
@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
return new ApiDynamicActionImplementor(API_METHOD_NAME, new String[] { PARAM_HOSTNAME }, new String[] { PARAM_REALM, PARAM_PORT }) {
@Override
public void handleAction(JSONObject params) throws ApiException {
Context context = ApiUtils.getContextByParamId(params, AuthenticationAPI.PARAM_CONTEXT_ID);
HttpAuthenticationMethod method = createAuthenticationMethod(context.getId());
method.hostname = ApiUtils.getNonEmptyStringParam(params, PARAM_HOSTNAME);
try {
new URI(method.hostname);
} catch (Exception ex) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_HOSTNAME);
}
method.realm = params.optString(PARAM_REALM);
if (params.containsKey(PARAM_PORT))
try {
String portString = params.getString(PARAM_PORT);
method.port = Integer.parseInt(portString);
} catch (Exception ex) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_PORT);
}
context.setAuthenticationMethod(method);
}
};
}
Also used :
ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)
Context(org.zaproxy.zap.model.Context)
RecordContext(org.parosproxy.paros.db.RecordContext)
JSONObject(net.sf.json.JSONObject)
URI(java.net.URI)
ApiException(org.zaproxy.zap.extension.api.ApiException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
UnknownHostException(java.net.UnknownHostException)
ConfigurationException(org.apache.commons.configuration.ConfigurationException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 35 with Context
use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.
the class PostBasedAuthenticationMethodType method getSetMethodForContextApiAction.
@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
String[] mandatoryParamNames;
String[] optionalParamNames;
if (postDataRequired) {
mandatoryParamNames = new String[] { PARAM_LOGIN_URL, PARAM_LOGIN_REQUEST_DATA };
optionalParamNames = new String[] { PARAM_LOGIN_PAGE_URL };
} else {
mandatoryParamNames = new String[] { PARAM_LOGIN_URL };
optionalParamNames = new String[] { PARAM_LOGIN_REQUEST_DATA, PARAM_LOGIN_PAGE_URL };
}
return new ApiDynamicActionImplementor(apiMethodName, mandatoryParamNames, optionalParamNames) {
@Override
public void handleAction(JSONObject params) throws ApiException {
Context context = ApiUtils.getContextByParamId(params, AuthenticationAPI.PARAM_CONTEXT_ID);
String loginUrl = ApiUtils.getNonEmptyStringParam(params, PARAM_LOGIN_URL);
if (!isValidLoginUrl(loginUrl)) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_LOGIN_URL);
}
String loginPageUrl = ApiUtils.getOptionalStringParam(params, PARAM_LOGIN_PAGE_URL);
if (loginPageUrl == null || loginPageUrl.isEmpty()) {
loginPageUrl = loginUrl;
} else if (!isValidLoginUrl(loginPageUrl)) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_LOGIN_PAGE_URL);
}
String postData = "";
if (postDataRequired) {
postData = ApiUtils.getNonEmptyStringParam(params, PARAM_LOGIN_REQUEST_DATA);
} else if (params.containsKey(PARAM_LOGIN_REQUEST_DATA)) {
postData = params.getString(PARAM_LOGIN_REQUEST_DATA);
}
// Set the method
PostBasedAuthenticationMethod method = createAuthenticationMethod(context.getId());
try {
method.setLoginRequest(loginUrl, postData);
method.setLoginPageUrl(loginPageUrl);
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
}
context.setAuthenticationMethod(method);
}
};
}
Also used :
ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)
Context(org.zaproxy.zap.model.Context)
PopupMenuItemContext(org.zaproxy.zap.view.popup.PopupMenuItemContext)
RecordContext(org.parosproxy.paros.db.RecordContext)
JSONObject(net.sf.json.JSONObject)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ConfigurationException(org.apache.commons.configuration.ConfigurationException)
IOException(java.io.IOException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Aggregations
Context (org.zaproxy.zap.model.Context)89
ApiException (org.zaproxy.zap.extension.api.ApiException)22
Test (org.junit.jupiter.api.Test)21
ZapXmlConfiguration (org.zaproxy.zap.utils.ZapXmlConfiguration)17
WithConfigsTest (org.zaproxy.zap.WithConfigsTest)16
User (org.zaproxy.zap.users.User)15
JSONObject (net.sf.json.JSONObject)14
Configuration (org.apache.commons.configuration.Configuration)14
Session (org.parosproxy.paros.model.Session)14
ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)13
RecordContext (org.parosproxy.paros.db.RecordContext)12
DatabaseException (org.parosproxy.paros.db.DatabaseException)10
ConfigurationException (org.apache.commons.configuration.ConfigurationException)9
HttpMessage (org.parosproxy.paros.network.HttpMessage)9
ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)9
ArrayList (java.util.ArrayList)8
JMenuItem (javax.swing.JMenuItem)7
ExtensionPopupMenuItem (org.parosproxy.paros.extension.ExtensionPopupMenuItem)7
SiteNode (org.parosproxy.paros.model.SiteNode)7
IOException (java.io.IOException)6
