Example 1 with FetchFilter
use of org.zaproxy.zap.spider.filters.FetchFilter in project zaproxy by zaproxy.
the class SpiderThread method startSpider.
/**
* Start spider.
*/
private void startSpider() {
spider = new Spider(id, extension, spiderParams, extension.getModel().getOptionsParam().getConnectionParam(), extension.getModel(), this.scanContext);
// Register this thread as a Spider Listener, so it gets notified of events and is able
// to manipulate the UI accordingly
spider.addSpiderListener(this);
// Add the pending listeners
for (SpiderListener l : pendingSpiderListeners) {
spider.addSpiderListener(l);
}
// Add the list of (regex) URIs that should be excluded
List<String> excludeList = new ArrayList<>();
excludeList.addAll(extension.getExcludeList());
excludeList.addAll(extension.getModel().getSession().getExcludeFromSpiderRegexs());
excludeList.addAll(extension.getModel().getSession().getGlobalExcludeURLRegexs());
spider.setExcludeList(excludeList);
// Add seeds accordingly
addSeeds();
spider.setScanAsUser(scanUser);
// Add any custom parsers and filters specified
if (this.customSpiderParsers != null) {
for (SpiderParser sp : this.customSpiderParsers) {
spider.addCustomParser(sp);
}
}
if (this.customFetchFilters != null) {
for (FetchFilter ff : this.customFetchFilters) {
spider.addFetchFilter(ff);
}
}
if (this.customParseFilters != null) {
for (ParseFilter pf : this.customParseFilters) {
spider.addParseFilter(pf);
}
}
// Start the spider
spider.start();
}
Also used :
SpiderListener(org.zaproxy.zap.spider.SpiderListener)
ParseFilter(org.zaproxy.zap.spider.filters.ParseFilter)
Spider(org.zaproxy.zap.spider.Spider)
ArrayList(java.util.ArrayList)
SpiderParser(org.zaproxy.zap.spider.parser.SpiderParser)
FetchFilter(org.zaproxy.zap.spider.filters.FetchFilter)
Example 2 with FetchFilter
use of org.zaproxy.zap.spider.filters.FetchFilter in project zaproxy by zaproxy.
the class SpiderController method resourceURIFound.
@Override
public void resourceURIFound(HttpMessage responseMessage, int depth, String uri, boolean shouldIgnore) {
log.debug("New resource found: " + uri);
if (uri == null) {
return;
}
// Create the uri
URI uriV = createURI(uri);
if (uriV == null) {
return;
}
// Check if the uri was processed already
String visitedURI;
try {
visitedURI = URLCanonicalizer.buildCleanedParametersURIRepresentation(uriV, spider.getSpiderParam().getHandleParameters(), spider.getSpiderParam().isHandleODataParametersVisited());
} catch (URIException e) {
return;
}
synchronized (visitedGet) {
if (visitedGet.contains(visitedURI)) {
// log.debug("URI already visited: " + visitedURI);
return;
} else {
visitedGet.add(visitedURI);
}
}
// Check if any of the filters disallows this uri
for (FetchFilter f : fetchFilters) {
FetchStatus s = f.checkFilter(uriV);
if (s != FetchStatus.VALID) {
log.debug("URI: " + uriV + " was filtered by a filter with reason: " + s);
spider.notifyListenersFoundURI(uri, HttpRequestHeader.GET, s);
return;
}
}
// Check if should be ignored and not fetched
if (shouldIgnore) {
log.debug("URI: " + uriV + " is valid, but will not be fetched, by parser reccommendation.");
spider.notifyListenersFoundURI(uri, HttpRequestHeader.GET, FetchStatus.VALID);
return;
}
spider.notifyListenersFoundURI(uri, HttpRequestHeader.GET, FetchStatus.VALID);
// Submit the task
SpiderTask task = new SpiderTask(spider, responseMessage.getRequestHeader().getURI(), uriV, depth, HttpRequestHeader.GET);
spider.submitTask(task);
}
Also used :
URIException(org.apache.commons.httpclient.URIException)
FetchFilter(org.zaproxy.zap.spider.filters.FetchFilter)
URI(org.apache.commons.httpclient.URI)
FetchStatus(org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus)
Example 3 with FetchFilter
use of org.zaproxy.zap.spider.filters.FetchFilter in project zaproxy by zaproxy.
the class Spider method init.
/**
* Initialize the spider.
*/
private void init() {
this.paused = false;
this.stopped = true;
this.tasksDoneCount = 0;
this.tasksTotalCount = 0;
this.initialized = false;
// Add a default fetch filter and any custom ones
defaultFetchFilter = new DefaultFetchFilter();
this.addFetchFilter(defaultFetchFilter);
for (FetchFilter filter : extension.getCustomFetchFilters()) {
this.addFetchFilter(filter);
}
// Add a default parse filter and any custom ones
this.addParseFilter(new DefaultParseFilter());
for (ParseFilter filter : extension.getCustomParseFilters()) this.addParseFilter(filter);
// Add the scan context, if any
defaultFetchFilter.setScanContext(this.scanContext);
defaultFetchFilter.setDomainsAlwaysInScope(spiderParam.getDomainsAlwaysInScopeEnabled());
}
Also used :
DefaultParseFilter(org.zaproxy.zap.spider.filters.DefaultParseFilter)
DefaultParseFilter(org.zaproxy.zap.spider.filters.DefaultParseFilter)
ParseFilter(org.zaproxy.zap.spider.filters.ParseFilter)
DefaultFetchFilter(org.zaproxy.zap.spider.filters.DefaultFetchFilter)
FetchFilter(org.zaproxy.zap.spider.filters.FetchFilter)
DefaultFetchFilter(org.zaproxy.zap.spider.filters.DefaultFetchFilter)
Example 4 with FetchFilter
use of org.zaproxy.zap.spider.filters.FetchFilter in project zaproxy by zaproxy.
the class SpiderController method resourcePostURIFound.
@Override
public void resourcePostURIFound(HttpMessage responseMessage, int depth, String uri, String requestBody) {
log.debug("New POST resource found: " + uri);
// Check if the uri was processed already
synchronized (visitedPost) {
if (arrayKeyValueExists(uri, requestBody)) {
log.debug("URI already visited: " + uri);
return;
} else {
if (visitedPost.containsKey(uri)) {
visitedPost.get(uri).add(requestBody);
} else {
ArrayList<String> l = new ArrayList<String>();
l.add(requestBody);
visitedPost.put(uri, l);
}
}
}
// Create the uri
URI uriV = createURI(uri);
if (uriV == null) {
return;
}
// Check if any of the filters disallows this uri
for (FetchFilter f : fetchFilters) {
FetchStatus s = f.checkFilter(uriV);
if (s != FetchStatus.VALID) {
log.debug("URI: " + uriV + " was filtered by a filter with reason: " + s);
spider.notifyListenersFoundURI(uri, HttpRequestHeader.POST, s);
return;
}
}
spider.notifyListenersFoundURI(uri, HttpRequestHeader.POST, FetchStatus.VALID);
// Submit the task
SpiderTask task = new SpiderTask(spider, responseMessage.getRequestHeader().getURI(), uriV, depth, HttpRequestHeader.POST, requestBody);
spider.submitTask(task);
}
Also used :
ArrayList(java.util.ArrayList)
FetchFilter(org.zaproxy.zap.spider.filters.FetchFilter)
URI(org.apache.commons.httpclient.URI)
FetchStatus(org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus)
Example 5 with FetchFilter
use of org.zaproxy.zap.spider.filters.FetchFilter in project zaproxy by zaproxy.
the class SpiderScanController method startScan.
@Override
public int startScan(String name, Target target, User user, Object[] contextSpecificObjects) {
spiderScansLock.lock();
try {
int id = this.scanIdCounter++;
SpiderParam spiderParams = extension.getSpiderParam();
List<SpiderParser> customSpiderParsers = new ArrayList<SpiderParser>();
List<FetchFilter> customFetchFilters = new ArrayList<FetchFilter>();
List<ParseFilter> customParseFilters = new ArrayList<ParseFilter>();
URI startUri = null;
if (contextSpecificObjects != null) {
for (Object obj : contextSpecificObjects) {
if (obj instanceof SpiderParam) {
log.debug("Setting custom spider params");
spiderParams = (SpiderParam) obj;
} else if (obj instanceof SpiderParser) {
customSpiderParsers.add((SpiderParser) obj);
} else if (obj instanceof FetchFilter) {
customFetchFilters.add((FetchFilter) obj);
} else if (obj instanceof ParseFilter) {
customParseFilters.add((ParseFilter) obj);
} else if (obj instanceof URI) {
startUri = (URI) obj;
} else {
log.error("Unexpected contextSpecificObject: " + obj.getClass().getCanonicalName());
}
}
}
if (spiderParams.getMaxChildren() > 0) {
// Add the filters to filter on maximum number of children
MaxChildrenFetchFilter maxChildrenFetchFilter = new MaxChildrenFetchFilter();
maxChildrenFetchFilter.setMaxChildren(spiderParams.getMaxChildren());
maxChildrenFetchFilter.setModel(extension.getModel());
MaxChildrenParseFilter maxChildrenParseFilter = new MaxChildrenParseFilter();
maxChildrenParseFilter.setMaxChildren(spiderParams.getMaxChildren());
maxChildrenParseFilter.setModel(extension.getModel());
customFetchFilters.add(maxChildrenFetchFilter);
customParseFilters.add(maxChildrenParseFilter);
}
SpiderScan scan = new SpiderScan(extension, spiderParams, target, startUri, user, id, name);
scan.setCustomSpiderParsers(customSpiderParsers);
scan.setCustomFetchFilters(customFetchFilters);
scan.setCustomParseFilters(customParseFilters);
this.spiderScanMap.put(id, scan);
this.spiderScanList.add(scan);
scan.start();
return id;
} finally {
spiderScansLock.unlock();
}
}
Also used :
MaxChildrenParseFilter(org.zaproxy.zap.spider.filters.MaxChildrenParseFilter)
ParseFilter(org.zaproxy.zap.spider.filters.ParseFilter)
MaxChildrenParseFilter(org.zaproxy.zap.spider.filters.MaxChildrenParseFilter)
MaxChildrenFetchFilter(org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter)
ArrayList(java.util.ArrayList)
SpiderParam(org.zaproxy.zap.spider.SpiderParam)
SpiderParser(org.zaproxy.zap.spider.parser.SpiderParser)
URI(org.apache.commons.httpclient.URI)
FetchFilter(org.zaproxy.zap.spider.filters.FetchFilter)
MaxChildrenFetchFilter(org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter)
Aggregations
FetchFilter (org.zaproxy.zap.spider.filters.FetchFilter)5
ArrayList (java.util.ArrayList)3
URI (org.apache.commons.httpclient.URI)3
ParseFilter (org.zaproxy.zap.spider.filters.ParseFilter)3
FetchStatus (org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus)2
SpiderParser (org.zaproxy.zap.spider.parser.SpiderParser)2
URIException (org.apache.commons.httpclient.URIException)1
Spider (org.zaproxy.zap.spider.Spider)1
SpiderListener (org.zaproxy.zap.spider.SpiderListener)1
SpiderParam (org.zaproxy.zap.spider.SpiderParam)1
DefaultFetchFilter (org.zaproxy.zap.spider.filters.DefaultFetchFilter)1
DefaultParseFilter (org.zaproxy.zap.spider.filters.DefaultParseFilter)1
MaxChildrenFetchFilter (org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter)1
MaxChildrenParseFilter (org.zaproxy.zap.spider.filters.MaxChildrenParseFilter)1
