Example 6 with TechSet
use of org.zaproxy.zap.model.TechSet in project zaproxy by zaproxy.
the class ActiveScanController method startScan.
@Override
public int startScan(String name, Target target, User user, Object[] contextSpecificObjects) {
activeScansLock.lock();
try {
int id = this.scanIdCounter++;
RuleConfigParam ruleConfigParam = null;
ExtensionRuleConfig extRC = Control.getSingleton().getExtensionLoader().getExtension(ExtensionRuleConfig.class);
if (extRC != null) {
ruleConfigParam = extRC.getRuleConfigParam();
}
ActiveScan ascan = new ActiveScan(name, extension.getScannerParam(), extension.getModel().getOptionsParam().getConnectionParam(), null, ruleConfigParam) {
@Override
public void alertFound(Alert alert) {
alert.setSource(Alert.Source.ACTIVE);
if (extAlert != null) {
extAlert.alertFound(alert, null);
}
super.alertFound(alert);
}
};
Session session = extension.getModel().getSession();
List<String> excludeList = new ArrayList<>();
excludeList.addAll(extension.getExcludeList());
excludeList.addAll(session.getExcludeFromScanRegexs());
excludeList.addAll(session.getGlobalExcludeURLRegexs());
ascan.setExcludeList(excludeList);
ScanPolicy policy = null;
ascan.setId(id);
ascan.setUser(user);
boolean techOverridden = false;
if (contextSpecificObjects != null) {
for (Object obj : contextSpecificObjects) {
if (obj instanceof ScannerParam) {
logger.debug("Setting custom scanner params");
ascan.setScannerParam((ScannerParam) obj);
} else if (obj instanceof ScanPolicy) {
policy = (ScanPolicy) obj;
logger.debug("Setting custom policy " + policy.getName());
ascan.setScanPolicy(policy);
} else if (obj instanceof TechSet) {
ascan.setTechSet((TechSet) obj);
techOverridden = true;
} else if (obj instanceof ScriptCollection) {
ascan.addScriptCollection((ScriptCollection) obj);
} else if (obj instanceof ScanFilter) {
ascan.addScanFilter((ScanFilter) obj);
} else {
logger.error("Unexpected contextSpecificObject: " + obj.getClass().getCanonicalName());
}
}
}
if (policy == null) {
// use the default
policy = extension.getPolicyManager().getDefaultScanPolicy();
logger.debug("Setting default policy " + policy.getName());
ascan.setScanPolicy(policy);
}
if (!techOverridden && target.getContext() != null) {
ascan.setTechSet(target.getContext().getTechSet());
}
this.activeScanMap.put(id, ascan);
this.activeScanList.add(ascan);
ascan.start(target);
return id;
} finally {
activeScansLock.unlock();
}
}
Also used :
TechSet(org.zaproxy.zap.model.TechSet)
ScanFilter(org.zaproxy.zap.extension.ascan.filters.ScanFilter)
ArrayList(java.util.ArrayList)
ScriptCollection(org.zaproxy.zap.extension.script.ScriptCollection)
RuleConfigParam(org.zaproxy.zap.extension.ruleconfig.RuleConfigParam)
ExtensionRuleConfig(org.zaproxy.zap.extension.ruleconfig.ExtensionRuleConfig)
ScannerParam(org.parosproxy.paros.core.scanner.ScannerParam)
Alert(org.parosproxy.paros.core.scanner.Alert)
ExtensionAlert(org.zaproxy.zap.extension.alert.ExtensionAlert)
Session(org.parosproxy.paros.model.Session)
Example 7 with TechSet
use of org.zaproxy.zap.model.TechSet in project zaproxy by zaproxy.
the class ContextAPI method handleApiView.
@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
log.debug("handleApiView " + name + " " + params.toString());
ApiResponse result;
ApiResponseList resultList;
TechSet techSet;
switch(name) {
case VIEW_EXCLUDE_REGEXS:
resultList = new ApiResponseList(name);
for (String regex : getContext(params).getExcludeFromContextRegexs()) {
resultList.addItem(new ApiResponseElement(REGEX_PARAM, regex));
}
result = resultList;
break;
case VIEW_INCLUDE_REGEXS:
resultList = new ApiResponseList(name);
for (String regex : getContext(params).getIncludeInContextRegexs()) {
resultList.addItem(new ApiResponseElement(REGEX_PARAM, regex));
}
result = resultList;
break;
case VIEW_CONTEXT_LIST:
resultList = new ApiResponseList(name);
for (Context context : Model.getSingleton().getSession().getContexts()) {
resultList.addItem(new ApiResponseElement(CONTEXT_NAME, context.getName()));
}
result = resultList;
break;
case VIEW_CONTEXT:
result = new ApiResponseElement(buildResponseFromContext(getContext(params)));
break;
case VIEW_ALL_TECHS:
resultList = new ApiResponseList(name);
for (Tech tech : Tech.getAll()) {
resultList.addItem(new ApiResponseElement(TECH_NAME, tech.toString()));
}
result = resultList;
break;
case VIEW_INCLUDED_TECHS:
resultList = new ApiResponseList(name);
techSet = getContext(params).getTechSet();
for (Tech tech : techSet.getIncludeTech()) {
resultList.addItem(new ApiResponseElement(TECH_NAME, tech.toString()));
}
result = resultList;
break;
case VIEW_EXCLUDED_TECHS:
resultList = new ApiResponseList(name);
techSet = getContext(params).getTechSet();
for (Tech tech : techSet.getExcludeTech()) {
resultList.addItem(new ApiResponseElement(TECH_NAME, tech.toString()));
}
result = resultList;
break;
case VIEW_URLS:
resultList = new ApiResponseList(name);
Set<String> addedUrls = new HashSet<>();
for (SiteNode node : getContext(params).getNodesInContextFromSiteTree()) {
String uri = node.getHistoryReference().getURI().toString();
if (!addedUrls.contains(uri)) {
resultList.addItem(new ApiResponseElement("url", uri));
addedUrls.add(uri);
}
}
result = resultList;
break;
default:
throw new ApiException(Type.BAD_VIEW);
}
return result;
}Example 8 with TechSet
use of org.zaproxy.zap.model.TechSet in project zaproxy by zaproxy.
the class TechnologyTreePanel method getTechSet.
/**
* Gets a {@code TechSet} with the technologies included, if selected, and excluded if not.
*
* @return a TechSet with the technologies included and excluded
* @see TechSet#include(Tech)
* @see TechSet#exclude(Tech)
*/
public TechSet getTechSet() {
TechSet techSet = new TechSet();
Iterator<Entry<Tech, DefaultMutableTreeNode>> iter = techToNodeMap.entrySet().iterator();
while (iter.hasNext()) {
Entry<Tech, DefaultMutableTreeNode> node = iter.next();
TreePath tp = this.getPath(node.getValue());
Tech tech = node.getKey();
if (techTree.isSelectedFully(tp)) {
techSet.include(tech);
} else {
techSet.exclude(tech);
}
}
return techSet;
}
Also used :
Tech(org.zaproxy.zap.model.Tech)
Entry(java.util.Map.Entry)
TechSet(org.zaproxy.zap.model.TechSet)
DefaultMutableTreeNode(javax.swing.tree.DefaultMutableTreeNode)
TreePath(javax.swing.tree.TreePath)
Example 9 with TechSet
use of org.zaproxy.zap.model.TechSet in project zaproxy by zaproxy.
the class HostProcessUnitTest method shouldSkipPluginIfItDoesNotTargetTechSet.
@Test
void shouldSkipPluginIfItDoesNotTargetTechSet() {
// Given
int pluginId = 1234;
Plugin plugin = createPlugin(Plugin.class, pluginId);
setupPluginFactoryWith(plugin);
TechSet techSet = mock(TechSet.class);
given(plugin.targets(techSet)).willReturn(false);
StructuralNode node = createLeafNode("GET:file", "GET", "http://localhost/file");
hostProcess.setStartNode(node);
hostProcess.setTechSet(techSet);
// When
hostProcess.run();
// Then
verify(plugin).targets(techSet);
assertThat(hostProcess.getPluginStats(pluginId).isSkipped(), is(equalTo(true)));
assertThat(hostProcess.getPluginStats(pluginId).getSkippedReason(), is(equalTo("scanner does not target selected technologies")));
assertThat(hostProcess.getPluginStats(pluginId).getMessageCount(), is(equalTo(0)));
assertThat(hostProcess.getTestTotalCount(), is(equalTo(1)));
}
Also used :
StructuralNode(org.zaproxy.zap.model.StructuralNode)
TechSet(org.zaproxy.zap.model.TechSet)
Test(org.junit.jupiter.api.Test)
Example 10 with TechSet
use of org.zaproxy.zap.model.TechSet in project zaproxy by zaproxy.
the class HostProcessUnitTest method shouldSetTechSetIntoPlugin.
@Test
void shouldSetTechSetIntoPlugin() {
// Given
TechSet techSet = mock(TechSet.class);
Plugin plugin = createPlugin(Plugin.class, 1234);
setupPluginFactoryWith(plugin);
hostProcess.setTechSet(techSet);
// When
hostProcess.run();
// Then
verify(plugin).setTechSet(techSet);
}Aggregations
TechSet (org.zaproxy.zap.model.TechSet)10
Test (org.junit.jupiter.api.Test)5
Context (org.zaproxy.zap.model.Context)4
Tech (org.zaproxy.zap.model.Tech)4
File (java.io.File)1
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
Entry (java.util.Map.Entry)1
DefaultMutableTreeNode (javax.swing.tree.DefaultMutableTreeNode)1
TreePath (javax.swing.tree.TreePath)1
JSONArray (net.sf.json.JSONArray)1
JSONException (net.sf.json.JSONException)1
ConfigurationException (org.apache.commons.configuration.ConfigurationException)1
URI (org.apache.commons.httpclient.URI)1
Alert (org.parosproxy.paros.core.scanner.Alert)1
ScannerParam (org.parosproxy.paros.core.scanner.ScannerParam)1
RecordContext (org.parosproxy.paros.db.RecordContext)1
Session (org.parosproxy.paros.model.Session)1
SiteNode (org.parosproxy.paros.model.SiteNode)1
HttpMessage (org.parosproxy.paros.network.HttpMessage)1
