Example 1 with HttpPrefixFetchFilter
use of org.zaproxy.zap.spider.filters.HttpPrefixFetchFilter in project zaproxy by zaproxy.
the class SpiderAPI method scanURL.
/**
* Starts a spider scan at the given {@code url} and, optionally, with the perspective of the given {@code user}.
*
* @param url the url to start the spider scan
* @param user the user to scan as, or null if the scan is done without the perspective of any user
* @param maxChildren Max number of children to scan
* @param recurse Whether or not to scan recursively
* @param context the context that will be used during spider process, might be {@code null}
* @param subtreeOnly if the scan should be done only under a site's subtree
* @return the ID of the newly started scan
* @throws ApiException if the {@code url} is not valid
*/
private int scanURL(String url, User user, int maxChildren, boolean recurse, Context context, boolean subtreeOnly) throws ApiException {
log.debug("API Spider scanning url: " + url);
boolean useUrl = true;
if (url == null || url.isEmpty()) {
if (context == null || !context.hasNodesInContextFromSiteTree()) {
throw new ApiException(Type.MISSING_PARAMETER, PARAM_URL);
}
useUrl = false;
} else if (context != null && !context.isInContext(url)) {
throw new ApiException(Type.URL_NOT_IN_CONTEXT, PARAM_URL);
}
StructuralNode node = null;
URI startURI = null;
if (useUrl) {
try {
// Try to build uri
startURI = new URI(url, true);
} catch (URIException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL);
}
String scheme = startURI.getScheme();
if (scheme == null || (!scheme.equalsIgnoreCase("http") && !scheme.equalsIgnoreCase("https"))) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL);
}
try {
node = SessionStructure.find(Model.getSingleton().getSession().getSessionId(), new URI(url, false), "GET", "");
} catch (Exception e) {
throw new ApiException(ApiException.Type.INTERNAL_ERROR);
}
}
Target target;
if (useUrl) {
target = new Target(node);
target.setContext(context);
} else {
target = new Target(context);
}
target.setRecurse(recurse);
switch(Control.getSingleton().getMode()) {
case safe:
throw new ApiException(ApiException.Type.MODE_VIOLATION);
case protect:
if ((useUrl && !Model.getSingleton().getSession().isInScope(url)) || (context != null && !context.isInScope())) {
throw new ApiException(ApiException.Type.MODE_VIOLATION);
}
// No problem
break;
case standard:
// No problem
break;
case attack:
// No problem
break;
}
List<Object> objs = new ArrayList<>(4);
if (startURI != null) {
objs.add(startURI);
if (subtreeOnly) {
objs.add(new HttpPrefixFetchFilter(startURI));
}
}
if (maxChildren > 0) {
// Add the filters to filter on maximum number of children
MaxChildrenFetchFilter maxChildrenFetchFilter = new MaxChildrenFetchFilter();
maxChildrenFetchFilter.setMaxChildren(maxChildren);
maxChildrenFetchFilter.setModel(extension.getModel());
MaxChildrenParseFilter maxChildrenParseFilter = new MaxChildrenParseFilter();
maxChildrenParseFilter.setMaxChildren(maxChildren);
maxChildrenParseFilter.setModel(extension.getModel());
objs.add(maxChildrenFetchFilter);
objs.add(maxChildrenParseFilter);
}
return extension.startScan(target, user, objs.toArray(new Object[objs.size()]));
}
Also used :
StructuralNode(org.zaproxy.zap.model.StructuralNode)
MaxChildrenParseFilter(org.zaproxy.zap.spider.filters.MaxChildrenParseFilter)
MaxChildrenFetchFilter(org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter)
ArrayList(java.util.ArrayList)
URI(org.apache.commons.httpclient.URI)
URIException(org.apache.commons.httpclient.URIException)
HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException)
JSONException(net.sf.json.JSONException)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
ApiException(org.zaproxy.zap.extension.api.ApiException)
DatabaseException(org.parosproxy.paros.db.DatabaseException)
Target(org.zaproxy.zap.model.Target)
URIException(org.apache.commons.httpclient.URIException)
HttpPrefixFetchFilter(org.zaproxy.zap.spider.filters.HttpPrefixFetchFilter)
JSONObject(net.sf.json.JSONObject)
ApiException(org.zaproxy.zap.extension.api.ApiException)
Example 2 with HttpPrefixFetchFilter
use of org.zaproxy.zap.spider.filters.HttpPrefixFetchFilter in project zaproxy by zaproxy.
the class SpiderDialog method save.
@Override
public void save() {
List<Object> contextSpecificObjects = new ArrayList<>();
URI startUri = null;
try {
// Always include the startUri, this has the side effect
// of handling URLs that have not been accessed
startUri = new URI(this.getStringValue(FIELD_START), true);
} catch (Exception e1) {
// Ignore - will have been checked in validateParams
}
if (this.getBoolValue(FIELD_ADVANCED)) {
// Set the advanced options
spiderParam.setMaxDepth(this.getIntValue(FIELD_MAX_DEPTH));
spiderParam.setMaxDuration(this.getIntValue(FIELD_MAX_DURATION));
spiderParam.setMaxChildren(this.getIntValue(FIELD_MAX_CHILDREN));
spiderParam.setSendRefererHeader(this.getBoolValue(FIELD_SEND_REFERER));
spiderParam.setProcessForm(this.getBoolValue(FIELD_PROCESS_FORMS));
spiderParam.setPostForm(this.getBoolValue(FIELD_POST_FORMS));
spiderParam.setParseComments(this.getBoolValue(FIELD_PARSE_COMMENTS));
spiderParam.setParseRobotsTxt(this.getBoolValue(FIELD_PARSE_ROBOTS));
spiderParam.setParseSitemapXml(this.getBoolValue(FIELD_PARSE_SITEMAP));
spiderParam.setParseSVNEntries(this.getBoolValue(FIELD_PARSE_SVN));
spiderParam.setParseGit(this.getBoolValue(FIELD_PARSE_GIT));
spiderParam.setHandleODataParametersVisited(this.getBoolValue(FIELD_HANDLE_ODATA));
spiderParam.setThreadCount(extension.getSpiderParam().getThreadCount());
contextSpecificObjects.add(spiderParam);
}
if (startUri != null) {
contextSpecificObjects.add(startUri);
if (getBoolValue(FIELD_SUBTREE_ONLY)) {
contextSpecificObjects.add(new HttpPrefixFetchFilter(startUri));
}
}
if (target == null || !this.getStringValue(FIELD_START).equals(getTargetText(target))) {
// Clear the target as it doesnt match the value entered manually
target = new Target((StructuralNode) null);
}
// Save the adv option permanently for next time
extension.getSpiderParam().setShowAdvancedDialog(this.getBoolValue(FIELD_ADVANCED));
target.setRecurse(this.getBoolValue(FIELD_RECURSE));
if (target.getContext() == null && getSelectedContext() != null) {
target.setContext(getSelectedContext());
}
subtreeOnlyPreviousCheckedState = getBoolValue(FIELD_SUBTREE_ONLY);
this.extension.startScan(target, getSelectedUser(), contextSpecificObjects.toArray());
}
Also used :
StructuralNode(org.zaproxy.zap.model.StructuralNode)
Target(org.zaproxy.zap.model.Target)
HttpPrefixFetchFilter(org.zaproxy.zap.spider.filters.HttpPrefixFetchFilter)
ArrayList(java.util.ArrayList)
URI(org.apache.commons.httpclient.URI)
Aggregations
ArrayList (java.util.ArrayList)2
URI (org.apache.commons.httpclient.URI)2
StructuralNode (org.zaproxy.zap.model.StructuralNode)2
Target (org.zaproxy.zap.model.Target)2
HttpPrefixFetchFilter (org.zaproxy.zap.spider.filters.HttpPrefixFetchFilter)2
PatternSyntaxException (java.util.regex.PatternSyntaxException)1
JSONException (net.sf.json.JSONException)1
JSONObject (net.sf.json.JSONObject)1
URIException (org.apache.commons.httpclient.URIException)1
DatabaseException (org.parosproxy.paros.db.DatabaseException)1
HttpMalformedHeaderException (org.parosproxy.paros.network.HttpMalformedHeaderException)1
ApiException (org.zaproxy.zap.extension.api.ApiException)1
MaxChildrenFetchFilter (org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter)1
MaxChildrenParseFilter (org.zaproxy.zap.spider.filters.MaxChildrenParseFilter)1
