Search in sources :

Example 1 with FetchStatus

use of org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus in project zaproxy by zaproxy.

the class SpiderController method resourceURIFound.

@Override
public void resourceURIFound(HttpMessage responseMessage, int depth, String uri, boolean shouldIgnore) {
    log.debug("New resource found: " + uri);
    if (uri == null) {
        return;
    }
    // Create the uri
    URI uriV = createURI(uri);
    if (uriV == null) {
        return;
    }
    // Check if the uri was processed already
    String visitedURI;
    try {
        visitedURI = URLCanonicalizer.buildCleanedParametersURIRepresentation(uriV, spider.getSpiderParam().getHandleParameters(), spider.getSpiderParam().isHandleODataParametersVisited());
    } catch (URIException e) {
        return;
    }
    synchronized (visitedGet) {
        if (visitedGet.contains(visitedURI)) {
            // log.debug("URI already visited: " + visitedURI);
            return;
        } else {
            visitedGet.add(visitedURI);
        }
    }
    // Check if any of the filters disallows this uri
    for (FetchFilter f : fetchFilters) {
        FetchStatus s = f.checkFilter(uriV);
        if (s != FetchStatus.VALID) {
            log.debug("URI: " + uriV + " was filtered by a filter with reason: " + s);
            spider.notifyListenersFoundURI(uri, HttpRequestHeader.GET, s);
            return;
        }
    }
    // Check if should be ignored and not fetched
    if (shouldIgnore) {
        log.debug("URI: " + uriV + " is valid, but will not be fetched, by parser reccommendation.");
        spider.notifyListenersFoundURI(uri, HttpRequestHeader.GET, FetchStatus.VALID);
        return;
    }
    spider.notifyListenersFoundURI(uri, HttpRequestHeader.GET, FetchStatus.VALID);
    // Submit the task
    SpiderTask task = new SpiderTask(spider, responseMessage.getRequestHeader().getURI(), uriV, depth, HttpRequestHeader.GET);
    spider.submitTask(task);
}
Also used : URIException(org.apache.commons.httpclient.URIException) FetchFilter(org.zaproxy.zap.spider.filters.FetchFilter) URI(org.apache.commons.httpclient.URI) FetchStatus(org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus)

Example 2 with FetchStatus

use of org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus in project zaproxy by zaproxy.

the class HttpPrefixFetchFilterUnitTest method shouldFilterUriWithDifferentSchemeAsOutOfScope.

@Test
public void shouldFilterUriWithDifferentSchemeAsOutOfScope() throws Exception {
    // Given
    URI prefixUri = new URI("http://example.org/", true);
    HttpPrefixFetchFilter fetchFilter = new HttpPrefixFetchFilter(prefixUri);
    URI uri = new URI("https://example.org/", true);
    // When
    FetchStatus filterStatus = fetchFilter.checkFilter(uri);
    // Then
    assertThat(filterStatus, is(equalTo(FetchStatus.OUT_OF_SCOPE)));
}
Also used : URI(org.apache.commons.httpclient.URI) FetchStatus(org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus) Test(org.junit.Test)

Example 3 with FetchStatus

use of org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus in project zaproxy by zaproxy.

the class HttpPrefixFetchFilterUnitTest method shouldFilterUriWithMalformedHostAsOutOfScope.

@Test
public void shouldFilterUriWithMalformedHostAsOutOfScope() throws Exception {
    // Given
    URI prefixUri = new URI("http://example.org/", true);
    HttpPrefixFetchFilter fetchFilter = new HttpPrefixFetchFilter(prefixUri);
    URI uri = new URI("http://a%0/", true);
    // When
    FetchStatus filterStatus = fetchFilter.checkFilter(uri);
    // Then
    assertThat(filterStatus, is(equalTo(FetchStatus.OUT_OF_SCOPE)));
}
Also used : URI(org.apache.commons.httpclient.URI) FetchStatus(org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus) Test(org.junit.Test)

Example 4 with FetchStatus

use of org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus in project zaproxy by zaproxy.

the class HttpPrefixFetchFilterUnitTest method shouldFilterUriWithDifferentNonEmptyPathAsOutOfScope.

@Test
public void shouldFilterUriWithDifferentNonEmptyPathAsOutOfScope() throws Exception {
    // Given
    URI prefixUri = new URI("http://example.org/", true);
    HttpPrefixFetchFilter fetchFilter = new HttpPrefixFetchFilter(prefixUri);
    URI uri = new URI("http://example.org", true);
    // When
    FetchStatus filterStatus = fetchFilter.checkFilter(uri);
    // Then
    assertThat(filterStatus, is(equalTo(FetchStatus.OUT_OF_SCOPE)));
}
Also used : URI(org.apache.commons.httpclient.URI) FetchStatus(org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus) Test(org.junit.Test)

Example 5 with FetchStatus

use of org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus in project zaproxy by zaproxy.

the class DefaultFetchFilterUnitTest method shouldFilterNonAlwaysInScopeUriAsOutOfScope.

@Test
public void shouldFilterNonAlwaysInScopeUriAsOutOfScope() throws Exception {
    // Given
    filter.setDomainsAlwaysInScope(domainsAlwaysInScope("scope.example.com"));
    URI uri = createUri("https://example.com");
    // When
    FetchStatus status = filter.checkFilter(uri);
    // Then
    assertThat(status, is(equalTo(FetchStatus.OUT_OF_SCOPE)));
}
Also used : URI(org.apache.commons.httpclient.URI) FetchStatus(org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus) Test(org.junit.Test)

Aggregations

URI (org.apache.commons.httpclient.URI)33 FetchStatus (org.zaproxy.zap.spider.filters.FetchFilter.FetchStatus)33 Test (org.junit.Test)31 FetchFilter (org.zaproxy.zap.spider.filters.FetchFilter)2 ArrayList (java.util.ArrayList)1 URIException (org.apache.commons.httpclient.URIException)1