Search in sources :

Example 41 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class CookieBasedSessionManagementMethodType method getSetMethodForContextApiAction.

@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
    return new ApiDynamicActionImplementor(API_METHOD_NAME, null, null) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, SessionManagementAPI.PARAM_CONTEXT_ID);
            context.setSessionManagementMethod(createSessionManagementMethod(context.getId()));
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) JSONObject(net.sf.json.JSONObject)

Example 42 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class ScriptBasedSessionManagementMethodType method getSetMethodForContextApiAction.

@Override
public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
    return new ApiDynamicActionImplementor(API_METHOD_NAME, new String[] { PARAM_SCRIPT_NAME }, new String[] { PARAM_SCRIPT_CONFIG_PARAMS }) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, SessionManagementAPI.PARAM_CONTEXT_ID);
            String scriptName = ApiUtils.getNonEmptyStringParam(params, PARAM_SCRIPT_NAME);
            // Prepare the method
            ScriptBasedSessionManagementMethod method = createSessionManagementMethod(context.getId());
            // Load the script and make sure it exists and follows the required interface
            ScriptWrapper script = getScriptsExtension().getScript(scriptName);
            if (script == null) {
                LOG.error("Unable to find script while loading Script Based Session Management Method for name: " + scriptName);
                throw new ApiException(ApiException.Type.SCRIPT_NOT_FOUND, scriptName);
            } else {
                LOG.info("Loaded script for API:" + script.getName());
            }
            method.script = script;
            SessionScript sessionScript = getScriptInterface(script);
            String[] requiredParams = sessionScript.getRequiredParamsNames();
            String[] optionalParams = sessionScript.getOptionalParamsNames();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Loaded session management script - required parameters: " + Arrays.toString(requiredParams) + " - optional parameters: " + Arrays.toString(optionalParams));
            }
            Map<String, String> paramValues = new HashMap<>();
            for (String rp : requiredParams) {
                // If one of the required parameters is not present, it will throw
                // an exception
                String val = ApiUtils.getNonEmptyStringParam(params, rp);
                paramValues.put(rp, val);
            }
            for (String op : optionalParams) paramValues.put(op, ApiUtils.getOptionalStringParam(params, op));
            method.paramValues = paramValues;
            if (LOG.isDebugEnabled())
                LOG.debug("Loaded session management script parameters:" + paramValues);
            context.setSessionManagementMethod(method);
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) RecordContext(org.parosproxy.paros.db.RecordContext) JSONObject(net.sf.json.JSONObject) HashMap(java.util.HashMap) ScriptWrapper(org.zaproxy.zap.extension.script.ScriptWrapper) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 43 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class ExtensionAuthenticationUnitTest method shouldExportAllAuthContextData.

@Test
void shouldExportAllAuthContextData() {
    // Given
    Context context = new Context(null, 0);
    String loggedInIndicator = "logged in";
    String loggedOutIndicator = "logged out";
    String pollUrl = "https://www.example.com/poll";
    String pollData = "example-poll-data";
    String pollHeaders = "aaa : bbb\\Nccc : ddd";
    int pollFreq = 55;
    FormBasedAuthenticationMethodType type = new FormBasedAuthenticationMethodType();
    FormBasedAuthenticationMethod method = type.createAuthenticationMethod(0);
    method.setAuthCheckingStrategy(AuthCheckingStrategy.POLL_URL);
    method.setPollUrl(pollUrl);
    method.setPollData(pollData);
    method.setPollHeaders(pollHeaders);
    method.setPollFrequencyUnits(AuthPollFrequencyUnits.REQUESTS);
    method.setPollFrequency(pollFreq);
    method.setLoggedInIndicatorPattern(loggedInIndicator);
    method.setLoggedOutIndicatorPattern(loggedOutIndicator);
    context.setAuthenticationMethod(method);
    Configuration config = new ZapXmlConfiguration();
    // When
    extensionAuthentication.exportContextData(context, config);
    // Then
    assertThat(config.getInt(AuthenticationMethod.CONTEXT_CONFIG_AUTH_TYPE), is(2));
    assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_STRATEGY), is(AuthCheckingStrategy.POLL_URL.name()));
    assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_URL), is(pollUrl));
    assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_DATA), is(pollData));
    assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_HEADERS), is(pollHeaders));
    assertThat(config.getInt(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_FREQ), is(pollFreq));
    assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_UNITS), is(AuthPollFrequencyUnits.REQUESTS.name()));
    assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDIN), is(loggedInIndicator));
    assertThat(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDOUT), is(loggedOutIndicator));
}
Also used : Context(org.zaproxy.zap.model.Context) Configuration(org.apache.commons.configuration.Configuration) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) FormBasedAuthenticationMethod(org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType.FormBasedAuthenticationMethod) FormBasedAuthenticationMethodType(org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 44 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class ExtensionAuthenticationUnitTest method shouldImportContextWithNoAuthenticationMethod.

@Test
void shouldImportContextWithNoAuthenticationMethod() throws ConfigurationException {
    // Given
    Context context = mock(Context.class);
    Configuration config = new ZapXmlConfiguration();
    // When
    extensionAuthentication.importContextData(context, config);
    // Then
    verify(context, times(0)).setAuthenticationMethod(any());
}
Also used : Context(org.zaproxy.zap.model.Context) Configuration(org.apache.commons.configuration.Configuration) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 45 with Context

use of org.zaproxy.zap.model.Context in project zaproxy by zaproxy.

the class ExtensionAuthorizationUnitTest method shouldImportContextWithUnknownAuthorizationDetectionMethod.

@Test
void shouldImportContextWithUnknownAuthorizationDetectionMethod() throws ConfigurationException {
    // Given
    Context context = mock(Context.class);
    Configuration config = new ZapXmlConfiguration();
    config.setProperty("context.authorization.type", Integer.MIN_VALUE);
    // When
    extensionAuthorization.importContextData(context, config);
    // Then
    verify(context, times(0)).setAuthorizationDetectionMethod(any());
}
Also used : Context(org.zaproxy.zap.model.Context) Configuration(org.apache.commons.configuration.Configuration) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) Test(org.junit.jupiter.api.Test)

Aggregations

Context (org.zaproxy.zap.model.Context)89 ApiException (org.zaproxy.zap.extension.api.ApiException)22 Test (org.junit.jupiter.api.Test)21 ZapXmlConfiguration (org.zaproxy.zap.utils.ZapXmlConfiguration)17 WithConfigsTest (org.zaproxy.zap.WithConfigsTest)16 User (org.zaproxy.zap.users.User)15 JSONObject (net.sf.json.JSONObject)14 Configuration (org.apache.commons.configuration.Configuration)14 Session (org.parosproxy.paros.model.Session)14 ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)13 RecordContext (org.parosproxy.paros.db.RecordContext)12 DatabaseException (org.parosproxy.paros.db.DatabaseException)10 ConfigurationException (org.apache.commons.configuration.ConfigurationException)9 HttpMessage (org.parosproxy.paros.network.HttpMessage)9 ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)9 ArrayList (java.util.ArrayList)8 JMenuItem (javax.swing.JMenuItem)7 ExtensionPopupMenuItem (org.parosproxy.paros.extension.ExtensionPopupMenuItem)7 SiteNode (org.parosproxy.paros.model.SiteNode)7 IOException (java.io.IOException)6