Examples with Target org.zaproxy.zap.model.Target used on opensource projects

Example 16 with Target

use of org.zaproxy.zap.model.Target in project zaproxy by zaproxy.

the class SpiderAPI method scanURL.

/**
 * Starts a spider scan at the given {@code url} and, optionally, with the perspective of the
 * given {@code user}.
 *
 * @param url the url to start the spider scan
 * @param user the user to scan as, or null if the scan is done without the perspective of any
 *     user
 * @param maxChildren Max number of children to scan
 * @param recurse Whether or not to scan recursively
 * @param context the context that will be used during spider process, might be {@code null}
 * @param subtreeOnly if the scan should be done only under a site's subtree
 * @return the ID of the newly started scan
 * @throws ApiException if the {@code url} is not valid
 */
private int scanURL(String url, User user, int maxChildren, boolean recurse, Context context, boolean subtreeOnly) throws ApiException {
    log.debug("API Spider scanning url: " + url);
    boolean useUrl = true;
    if (url == null || url.isEmpty()) {
        if (context == null || !context.hasNodesInContextFromSiteTree()) {
            throw new ApiException(Type.MISSING_PARAMETER, PARAM_URL);
        }
        useUrl = false;
    } else if (context != null && !context.isInContext(url)) {
        throw new ApiException(Type.URL_NOT_IN_CONTEXT, PARAM_URL);
    }
    StructuralNode node = null;
    URI startURI = null;
    if (useUrl) {
        try {
            // Try to build uri
            startURI = new URI(url, true);
        } catch (URIException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL);
        }
        String scheme = startURI.getScheme();
        if (scheme == null || (!scheme.equalsIgnoreCase("http") && !scheme.equalsIgnoreCase("https"))) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL);
        }
        node = getStartNode(startURI, recurse);
    }
    Target target = new Target();
    if (useUrl && node != null) {
        target.setStartNode(node);
    }
    target.setContext(context);
    target.setRecurse(recurse);
    switch(Control.getSingleton().getMode()) {
        case safe:
            throw new ApiException(ApiException.Type.MODE_VIOLATION);
        case protect:
            if ((useUrl && !Model.getSingleton().getSession().isInScope(url)) || (context != null && !context.isInScope())) {
                throw new ApiException(ApiException.Type.MODE_VIOLATION);
            }
            // No problem
            break;
        case standard:
            // No problem
            break;
        case attack:
            // No problem
            break;
    }
    List<Object> objs = new ArrayList<>(4);
    if (startURI != null) {
        objs.add(startURI);
        if (subtreeOnly) {
            objs.add(new HttpPrefixFetchFilter(startURI));
        }
    }
    if (maxChildren > 0) {
        // Add the filters to filter on maximum number of children
        MaxChildrenFetchFilter maxChildrenFetchFilter = new MaxChildrenFetchFilter();
        maxChildrenFetchFilter.setMaxChildren(maxChildren);
        maxChildrenFetchFilter.setModel(extension.getModel());
        MaxChildrenParseFilter maxChildrenParseFilter = new MaxChildrenParseFilter(extension.getMessages());
        maxChildrenParseFilter.setMaxChildren(maxChildren);
        maxChildrenParseFilter.setModel(extension.getModel());
        objs.add(maxChildrenFetchFilter);
        objs.add(maxChildrenParseFilter);
    }
    return extension.startScan(target, user, objs.toArray(new Object[objs.size()]));
}

Example 17 with Target

use of org.zaproxy.zap.model.Target in project zaproxy by zaproxy.

the class SpiderDialog method save.

@Override
public void save() {
    List<Object> contextSpecificObjects = new ArrayList<>();
    URI startUri = null;
    try {
        // Always include the startUri, this has the side effect
        // of handling URLs that have not been accessed
        startUri = new URI(this.getStringValue(FIELD_START), true);
    } catch (Exception e1) {
    // Ignore - will have been checked in validateParams
    }
    if (this.getBoolValue(FIELD_ADVANCED)) {
        // Set the advanced options
        spiderParam.setMaxDepth(this.getIntValue(FIELD_MAX_DEPTH));
        spiderParam.setMaxDuration(this.getIntValue(FIELD_MAX_DURATION));
        spiderParam.setMaxChildren(this.getIntValue(FIELD_MAX_CHILDREN));
        spiderParam.setMaxParseSizeBytes(this.getIntValue(FIELD_MAX_PARSE_SIZE_BYTES));
        spiderParam.setSendRefererHeader(this.getBoolValue(FIELD_SEND_REFERER));
        spiderParam.setAcceptCookies(this.getBoolValue(FIELD_ACCEPT_COOKIES));
        spiderParam.setProcessForm(this.getBoolValue(FIELD_PROCESS_FORMS));
        spiderParam.setPostForm(this.getBoolValue(FIELD_POST_FORMS));
        spiderParam.setParseComments(this.getBoolValue(FIELD_PARSE_COMMENTS));
        spiderParam.setParseRobotsTxt(this.getBoolValue(FIELD_PARSE_ROBOTS));
        spiderParam.setParseSitemapXml(this.getBoolValue(FIELD_PARSE_SITEMAP));
        spiderParam.setParseSVNEntries(this.getBoolValue(FIELD_PARSE_SVN));
        spiderParam.setParseGit(this.getBoolValue(FIELD_PARSE_GIT));
        spiderParam.setHandleODataParametersVisited(this.getBoolValue(FIELD_HANDLE_ODATA));
        spiderParam.setThreadCount(extension.getSpiderParam().getThreadCount());
        contextSpecificObjects.add(spiderParam);
    }
    if (startUri != null) {
        contextSpecificObjects.add(startUri);
        if (getBoolValue(FIELD_SUBTREE_ONLY)) {
            contextSpecificObjects.add(new HttpPrefixFetchFilter(startUri));
        }
    }
    if (target == null || !this.getStringValue(FIELD_START).equals(getTargetText(target))) {
        // Clear the target as it doesn't match the value entered manually
        target = new Target((StructuralNode) null);
    }
    // Save the adv option permanently for next time
    extension.getSpiderParam().setShowAdvancedDialog(this.getBoolValue(FIELD_ADVANCED));
    target.setRecurse(this.getBoolValue(FIELD_RECURSE));
    if (target.getContext() == null && getSelectedContext() != null) {
        target.setContext(getSelectedContext());
    }
    subtreeOnlyPreviousCheckedState = getBoolValue(FIELD_SUBTREE_ONLY);
    this.extension.startScan(target, getSelectedUser(), contextSpecificObjects.toArray());
}

Example 18 with Target

use of org.zaproxy.zap.model.Target in project zaproxy by zaproxy.

the class ExtensionSpider method startScan.

/**
 * Start scan.
 *
 * @param startNode the start node
 */
public void startScan(SiteNode startNode) {
    Target target = new Target(startNode);
    target.setRecurse(true);
    this.startScan(target, null, null);
}

Example 19 with Target

use of org.zaproxy.zap.model.Target in project zaproxy by zaproxy.

the class ExtensionSpider method startScanAllInContext.

/**
 * Start scan all in context, from the POV of an User.
 */
public void startScanAllInContext(Context context, User user) {
    Target target = new Target(context);
    target.setRecurse(true);
    this.startScan(target, user, null);
}

Example 20 with Target

use of org.zaproxy.zap.model.Target in project zaproxy by zaproxy.

the class ExtensionSpider method startScanNode.

/**
 * Start scan node.
 *
 * @param node the node
 */
public void startScanNode(SiteNode node) {
    Target target = new Target(node);
    target.setRecurse(true);
    this.startScan(target, null, null);
}