Search in sources :

Example 1 with DefaultValueGenerator

use of org.zaproxy.zap.model.DefaultValueGenerator in project zaproxy by zaproxy.

the class SpiderHtmlFormParserUnitTest method shouldFailToCreateParserWithUndefinedSpiderOptions.

@Test
void shouldFailToCreateParserWithUndefinedSpiderOptions() {
    // Given
    SpiderParam undefinedSpiderOptions = null;
    // When / Then
    assertThrows(IllegalArgumentException.class, () -> new SpiderHtmlFormParser(undefinedSpiderOptions, new DefaultValueGenerator()));
}
Also used : DefaultValueGenerator(org.zaproxy.zap.model.DefaultValueGenerator) SpiderParam(org.zaproxy.zap.spider.SpiderParam) Test(org.junit.jupiter.api.Test)

Example 2 with DefaultValueGenerator

use of org.zaproxy.zap.model.DefaultValueGenerator in project zaproxy by zaproxy.

the class SpiderHtmlFormParserUnitTest method shouldParseNonPostFormIfPostFormProcessingIsDisabled.

@Test
void shouldParseNonPostFormIfPostFormProcessingIsDisabled() {
    // Given
    SpiderParam spiderOptions = createSpiderParamWithConfig();
    spiderOptions.setProcessForm(true);
    spiderOptions.setPostForm(false);
    SpiderHtmlFormParser htmlParser = new SpiderHtmlFormParser(spiderOptions, new DefaultValueGenerator());
    TestSpiderParserListener listener = createTestSpiderParserListener();
    htmlParser.addSpiderParserListener(listener);
    HttpMessage messageHtmlResponse = createMessageWith("GET", "Form.html");
    Source source = createSource(messageHtmlResponse);
    // When
    boolean completelyParsed = htmlParser.parseResource(messageHtmlResponse, source, BASE_DEPTH);
    // Then
    assertThat(completelyParsed, is(equalTo(false)));
    assertThat(listener.getNumberOfUrlsFound(), is(equalTo(1)));
    assertThat(listener.getUrlsFound(), contains("http://example.org/?field1=Text+1&field2=Text+2&submit=Submit"));
}
Also used : DefaultValueGenerator(org.zaproxy.zap.model.DefaultValueGenerator) SpiderParam(org.zaproxy.zap.spider.SpiderParam) HttpMessage(org.parosproxy.paros.network.HttpMessage) Source(net.htmlparser.jericho.Source) Test(org.junit.jupiter.api.Test)

Example 3 with DefaultValueGenerator

use of org.zaproxy.zap.model.DefaultValueGenerator in project zaproxy by zaproxy.

the class SpiderHtmlFormParserUnitTest method shouldNotParseMessageIfFormProcessingIsDisabled.

@Test
void shouldNotParseMessageIfFormProcessingIsDisabled() {
    // Given
    SpiderParam spiderOptions = createSpiderParamWithConfig();
    spiderOptions.setProcessForm(false);
    SpiderHtmlFormParser htmlParser = new SpiderHtmlFormParser(spiderOptions, new DefaultValueGenerator());
    TestSpiderParserListener listener = createTestSpiderParserListener();
    htmlParser.addSpiderParserListener(listener);
    HttpMessage messageHtmlResponse = createMessageWith("PostGetForms.html");
    Source source = createSource(messageHtmlResponse);
    // When
    boolean completelyParsed = htmlParser.parseResource(messageHtmlResponse, source, BASE_DEPTH);
    // Then
    assertThat(completelyParsed, is(equalTo(false)));
    assertThat(listener.getNumberOfUrlsFound(), is(equalTo(0)));
}
Also used : DefaultValueGenerator(org.zaproxy.zap.model.DefaultValueGenerator) SpiderParam(org.zaproxy.zap.spider.SpiderParam) HttpMessage(org.parosproxy.paros.network.HttpMessage) Source(net.htmlparser.jericho.Source) Test(org.junit.jupiter.api.Test)

Example 4 with DefaultValueGenerator

use of org.zaproxy.zap.model.DefaultValueGenerator in project zaproxy by zaproxy.

the class SpiderHtmlFormParserUnitTest method shouldSetValuesToFieldsWithNoValueWhenParsingPostForm.

@Test
void shouldSetValuesToFieldsWithNoValueWhenParsingPostForm() {
    // Given
    DefaultValueGenerator valueGenerator = new DefaultValueGenerator();
    SpiderHtmlFormParser htmlParser = createSpiderHtmlFormParser(valueGenerator);
    TestSpiderParserListener listener = createTestSpiderParserListener();
    htmlParser.addSpiderParserListener(listener);
    Date date = new Date(1474370354555L);
    valueGenerator.setDefaultDate(date);
    HttpMessage msg = createMessageWith("POST", "FormNoDefaultValues.html");
    Source source = createSource(msg);
    // When
    boolean completelyParsed = htmlParser.parseResource(msg, source, BASE_DEPTH);
    // Then
    assertThat(completelyParsed, is(equalTo(false)));
    assertThat(listener.getNumberOfResourcesFound(), is(equalTo(8)));
    assertThat(listener.getResourcesFound(), contains(postResource(msg, 1, "http://example.org/", "_hidden=&_no-type=ZAP&_text=ZAP&_password=ZAP&_file=test_file.txt&submit=Submit"), postResource(msg, 1, "http://example.org/html5/number", "_number=1&_number-min=1&_number-max=2&submit=Submit"), postResource(msg, 1, "http://example.org/html5/range", "_range=1&_range-min=3&_range-max=4&submit=Submit"), postResource(msg, 1, "http://example.org/html5/misc", "_url=http%3A%2F%2Fwww.example.com&_email=foo-bar%40example.com&_color=%23ffffff&_tel=9999999999&submit=Submit"), postResource(msg, 1, "http://example.org/unknown", "_unknown=&submit=Submit"), postResource(msg, 1, "http://example.org/selects", "_select-one-option=first-option&_select-two-options=last-option&_select-selected-option=selected-option&submit=Submit"), postResource(msg, 1, "http://example.org/checkbox", "_checkbox=first-checkbox&submit=Submit"), postResource(msg, 1, "http://example.org/html5/date-time", params(param("_datetime", formattedDate("yyyy-MM-dd'T'HH:mm:ss'Z'", date)), param("_datetime-local", formattedDate("yyyy-MM-dd'T'HH:mm:ss", date)), param("_date", formattedDate("yyyy-MM-dd", date)), param("_time", formattedDate("HH:mm:ss", date)), param("_month", formattedDate("yyyy-MM", date)), param("_week", formattedDate("yyyy-'W'ww", date)), param("submit", "Submit")))));
}
Also used : DefaultValueGenerator(org.zaproxy.zap.model.DefaultValueGenerator) HttpMessage(org.parosproxy.paros.network.HttpMessage) Date(java.util.Date) Source(net.htmlparser.jericho.Source) Test(org.junit.jupiter.api.Test)

Example 5 with DefaultValueGenerator

use of org.zaproxy.zap.model.DefaultValueGenerator in project zaproxy by zaproxy.

the class SpiderHtmlFormParserUnitTest method shouldParseFormAsGetIfFormHasNoMethodEvenIfPostFormProcessingIsDisabled.

@Test
void shouldParseFormAsGetIfFormHasNoMethodEvenIfPostFormProcessingIsDisabled() {
    // Given
    SpiderParam spiderOptions = createSpiderParamWithConfig();
    spiderOptions.setProcessForm(true);
    spiderOptions.setPostForm(false);
    SpiderHtmlFormParser htmlParser = new SpiderHtmlFormParser(spiderOptions, new DefaultValueGenerator());
    TestSpiderParserListener listener = createTestSpiderParserListener();
    htmlParser.addSpiderParserListener(listener);
    HttpMessage messageHtmlResponse = createMessageWith("NoMethodForm.html");
    Source source = createSource(messageHtmlResponse);
    // When
    boolean completelyParsed = htmlParser.parseResource(messageHtmlResponse, source, BASE_DEPTH);
    // Then
    assertThat(completelyParsed, is(equalTo(false)));
    assertThat(listener.getNumberOfUrlsFound(), is(equalTo(1)));
    assertThat(listener.getUrlsFound(), contains("http://example.org/?field1=Text+1&field2=Text+2&submit=Submit"));
}
Also used : DefaultValueGenerator(org.zaproxy.zap.model.DefaultValueGenerator) SpiderParam(org.zaproxy.zap.spider.SpiderParam) HttpMessage(org.parosproxy.paros.network.HttpMessage) Source(net.htmlparser.jericho.Source) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)7 DefaultValueGenerator (org.zaproxy.zap.model.DefaultValueGenerator)7 Source (net.htmlparser.jericho.Source)6 HttpMessage (org.parosproxy.paros.network.HttpMessage)6 SpiderParam (org.zaproxy.zap.spider.SpiderParam)5 Date (java.util.Date)2