Search in sources :

Example 1 with HttpRedirectionValidator

use of org.zaproxy.zap.network.HttpRedirectionValidator in project zaproxy by zaproxy.

the class HttpSender method followRedirections.

/**
 * Follows redirections using the response of the given {@code message}. The {@code validator}
 * in the given request configuration will be called for each redirection received. After the
 * call to this method the given {@code message} will have the contents of the last response
 * received (possibly the response of a redirection).
 *
 * <p>The validator is notified of each message sent and received (first message and
 * redirections followed, if any).
 *
 * @param message the message that will be sent, must not be {@code null}
 * @param requestConfig the request configuration that contains the validator responsible for
 *     validation of redirections, must not be {@code null}.
 * @throws IOException if an error occurred while sending the message or following the
 *     redirections
 * @see #isRedirectionNeeded(int)
 */
private void followRedirections(HttpMessage message, HttpRequestConfig requestConfig) throws IOException {
    HttpRedirectionValidator validator = requestConfig.getRedirectionValidator();
    validator.notifyMessageReceived(message);
    User requestingUser = getUser(message);
    HttpMessage redirectMessage = message;
    int maxRedirections = client.getParams().getIntParameter(HttpClientParams.MAX_REDIRECTS, 100);
    for (int i = 0; i < maxRedirections && isRedirectionNeeded(redirectMessage.getResponseHeader().getStatusCode()); i++) {
        URI newLocation = extractRedirectLocation(redirectMessage);
        if (newLocation == null || !validator.isValid(newLocation)) {
            return;
        }
        redirectMessage = redirectMessage.cloneAll();
        redirectMessage.setRequestingUser(requestingUser);
        redirectMessage.getRequestHeader().setURI(newLocation);
        if (isRequestRewriteNeeded(redirectMessage)) {
            redirectMessage.getRequestHeader().setMethod(HttpRequestHeader.GET);
            redirectMessage.getRequestHeader().setHeader(HttpHeader.CONTENT_TYPE, null);
            redirectMessage.getRequestHeader().setHeader(HttpHeader.CONTENT_LENGTH, null);
            redirectMessage.setRequestBody("");
        }
        sendAndReceiveImpl(redirectMessage, requestConfig);
        validator.notifyMessageReceived(redirectMessage);
        // Update the response of the (original) message
        message.setResponseHeader(redirectMessage.getResponseHeader());
        message.setResponseBody(redirectMessage.getResponseBody());
    }
}
Also used : HttpRedirectionValidator(org.zaproxy.zap.network.HttpRedirectionValidator) User(org.zaproxy.zap.users.User) URI(org.apache.commons.httpclient.URI)

Aggregations

URI (org.apache.commons.httpclient.URI)1 HttpRedirectionValidator (org.zaproxy.zap.network.HttpRedirectionValidator)1 User (org.zaproxy.zap.users.User)1