Example 41 with SpiderParam
use of org.zaproxy.zap.spider.SpiderParam in project zaproxy by zaproxy.
the class SpiderHtmlParserUnitTest method shouldFindUrlsInAElements.
@Test
void shouldFindUrlsInAElements() {
// Given
SpiderHtmlParser htmlParser = new SpiderHtmlParser(new SpiderParam());
TestSpiderParserListener listener = createTestSpiderParserListener();
htmlParser.addSpiderParserListener(listener);
HttpMessage messageHtmlResponse = createMessageWith("AElementsSpiderHtmlParser.html");
Source source = createSource(messageHtmlResponse);
// When
boolean completelyParsed = htmlParser.parseResource(messageHtmlResponse, source, BASE_DEPTH);
// Then
assertThat(completelyParsed, is(equalTo(false)));
assertThat(listener.getNumberOfUrlsFound(), is(equalTo(7)));
assertThat(listener.getUrlsFound(), contains("http://a.example.com/base/scheme", "http://a.example.com:8000/b", "https://a.example.com/c?a=b", "http://example.com/sample/a/relative", "http://example.com/sample/", "http://example.com/a/absolute", "ftp://a.example.com/"));
}
Also used :
SpiderParam(org.zaproxy.zap.spider.SpiderParam)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
Source(net.htmlparser.jericho.Source)
Test(org.junit.jupiter.api.Test)
Example 42 with SpiderParam
use of org.zaproxy.zap.spider.SpiderParam in project zaproxy by zaproxy.
the class SpiderHtmlParserUnitTest method shouldNotFindUrlsInCommentsWithoutElementsIfNotEnabledToParseComments.
@Test
void shouldNotFindUrlsInCommentsWithoutElementsIfNotEnabledToParseComments() {
// Given
SpiderParam spiderOptions = createSpiderParamWithConfig();
spiderOptions.setParseComments(false);
SpiderHtmlParser htmlParser = new SpiderHtmlParser(spiderOptions);
TestSpiderParserListener listener = createTestSpiderParserListener();
htmlParser.addSpiderParserListener(listener);
HttpMessage messageHtmlResponse = createMessageWith("CommentWithoutElementsSpiderHtmlParser.html");
Source source = createSource(messageHtmlResponse);
// When
boolean completelyParsed = htmlParser.parseResource(messageHtmlResponse, source, BASE_DEPTH);
// Then
assertThat(completelyParsed, is(equalTo(false)));
assertThat(listener.getNumberOfUrlsFound(), is(equalTo(0)));
assertThat(listener.getUrlsFound(), is(empty()));
}
Also used :
SpiderParam(org.zaproxy.zap.spider.SpiderParam)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
Source(net.htmlparser.jericho.Source)
Test(org.junit.jupiter.api.Test)
Example 43 with SpiderParam
use of org.zaproxy.zap.spider.SpiderParam in project zaproxy by zaproxy.
the class SpiderHtmlParserUnitTest method shouldParseHtmlResponse.
@Test
void shouldParseHtmlResponse() {
// Given
SpiderHtmlParser htmlParser = new SpiderHtmlParser(new SpiderParam());
HttpMessage messageHtmlResponse = createMessageWith("NoURLsSpiderHtmlParser.html");
boolean parsed = false;
// When
boolean canParse = htmlParser.canParseResource(messageHtmlResponse, ROOT_PATH, parsed);
// Then
assertThat(canParse, is(equalTo(true)));
}
Also used :
SpiderParam(org.zaproxy.zap.spider.SpiderParam)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
Test(org.junit.jupiter.api.Test)
Example 44 with SpiderParam
use of org.zaproxy.zap.spider.SpiderParam in project zaproxy by zaproxy.
the class SpiderHtmlParserUnitTest method shouldFindUrlsInMetaElements.
@Test
void shouldFindUrlsInMetaElements() {
// Given
SpiderHtmlParser htmlParser = new SpiderHtmlParser(new SpiderParam());
TestSpiderParserListener listener = createTestSpiderParserListener();
htmlParser.addSpiderParserListener(listener);
HttpMessage messageHtmlResponse = createMessageWith("MetaElementsSpiderHtmlParser.html");
Source source = createSource(messageHtmlResponse);
// When
boolean completelyParsed = htmlParser.parseResource(messageHtmlResponse, source, BASE_DEPTH);
// Then
assertThat(completelyParsed, is(equalTo(false)));
assertThat(listener.getNumberOfUrlsFound(), is(equalTo(12)));
assertThat(listener.getUrlsFound(), contains("http://meta.example.com:8443/refresh/base/scheme", "https://meta.example.com/refresh", "http://example.com/sample/meta/refresh/relative", "http://example.com/meta/refresh/absolute", "http://meta.example.com/refresh/url/quoted/single", "http://meta.example.com/refresh/url/quoted/double", "ftp://meta.example.com/refresh", "http://meta.example.com:8080/location/base/scheme", "https://meta.example.com/location", "http://example.com/sample/meta/location/relative", "http://example.com/meta/location/absolute", "ftp://meta.example.com/location"));
}
Also used :
SpiderParam(org.zaproxy.zap.spider.SpiderParam)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
Source(net.htmlparser.jericho.Source)
Test(org.junit.jupiter.api.Test)
Example 45 with SpiderParam
use of org.zaproxy.zap.spider.SpiderParam in project zaproxy by zaproxy.
the class SpiderHtmlParserUnitTest method shouldFindUrlsInAreaPingElements.
@Test
void shouldFindUrlsInAreaPingElements() {
// Given
SpiderHtmlParser htmlParser = new SpiderHtmlParser(new SpiderParam());
TestSpiderParserListener listener = createTestSpiderParserListener();
htmlParser.addSpiderParserListener(listener);
HttpMessage messageHtmlResponse = createMessageWith("AreaElementsWithPingSpiderHtmlParser.html");
Source source = createSource(messageHtmlResponse);
// When
boolean completelyParsed = htmlParser.parseResource(messageHtmlResponse, source, BASE_DEPTH);
// Then
assertThat(completelyParsed, is(equalTo(false)));
assertThat(listener.getNumberOfUrlsFound(), is(equalTo(23)));
assertThat(listener.getUrlsFound(), contains(// area URLs followed by ping URLs
"http://a.example.com/base/scheme", "http://ping.example.com/base/scheme", "http://a.example.com:8000/b", "http://ping.example.com:8000/b", "https://a.example.com/c?a=b", "https://ping.example.com/c?a=b", "http://example.com/sample/a/relative", "http://example.com/sample/a/relative/ping", "http://example.com/a/absolute", "http://example.com/a/absolute/ping", "ftp://a.example.com/", "https://ping.example.com/ping", // Ping first, is parsed href before ping
"http://b.example.com/", "https://ping.first.com/", // Ignored anchors but picked pings
"http://ping.example.com/mailping", "http://ping.example.com/jsping", "http://ping.example.com/ping", // Multiple ping URLs
"http://a.example.com/", "http://ping.example.com/", "http://pong.example.com/", // Multiple ping URLs with tab in the middle
"http://a.example.com/", "http://ping.example.com/", // Trailing slash is added on host
"http://pong.example.com/"));
}
Also used :
SpiderParam(org.zaproxy.zap.spider.SpiderParam)
HttpMessage(org.parosproxy.paros.network.HttpMessage)
Source(net.htmlparser.jericho.Source)
Test(org.junit.jupiter.api.Test)
Aggregations
SpiderParam (org.zaproxy.zap.spider.SpiderParam)55
Test (org.junit.jupiter.api.Test)48
HttpMessage (org.parosproxy.paros.network.HttpMessage)36
Source (net.htmlparser.jericho.Source)26
DefaultValueGenerator (org.zaproxy.zap.model.DefaultValueGenerator)5
ArrayList (java.util.ArrayList)2
OptionsParam (org.parosproxy.paros.model.OptionsParam)2
ResourceBundle (java.util.ResourceBundle)1
URI (org.apache.commons.httpclient.URI)1
ScannerParam (org.parosproxy.paros.core.scanner.ScannerParam)1
ConnectionParam (org.parosproxy.paros.network.ConnectionParam)1
AlertAPI (org.zaproxy.zap.extension.alert.AlertAPI)1
AntiCsrfAPI (org.zaproxy.zap.extension.anticsrf.AntiCsrfAPI)1
AntiCsrfParam (org.zaproxy.zap.extension.anticsrf.AntiCsrfParam)1
ActiveScanAPI (org.zaproxy.zap.extension.ascan.ActiveScanAPI)1
AuthenticationAPI (org.zaproxy.zap.extension.authentication.AuthenticationAPI)1
AuthorizationAPI (org.zaproxy.zap.extension.authorization.AuthorizationAPI)1
AutoUpdateAPI (org.zaproxy.zap.extension.autoupdate.AutoUpdateAPI)1
OptionsParamCheckForUpdates (org.zaproxy.zap.extension.autoupdate.OptionsParamCheckForUpdates)1
BreakAPI (org.zaproxy.zap.extension.brk.BreakAPI)1
