use of org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter in project zaproxy by zaproxy.
the class SpiderScanController method startScan.
@Override
public int startScan(String name, Target target, User user, Object[] contextSpecificObjects) {
spiderScansLock.lock();
try {
int id = this.scanIdCounter++;
SpiderParam spiderParams = extension.getSpiderParam();
List<SpiderParser> customSpiderParsers = new ArrayList<>();
List<FetchFilter> customFetchFilters = new ArrayList<>();
List<ParseFilter> customParseFilters = new ArrayList<>();
URI startUri = null;
if (contextSpecificObjects != null) {
for (Object obj : contextSpecificObjects) {
if (obj instanceof SpiderParam) {
log.debug("Setting custom spider params");
spiderParams = (SpiderParam) obj;
} else if (obj instanceof SpiderParser) {
customSpiderParsers.add((SpiderParser) obj);
} else if (obj instanceof FetchFilter) {
customFetchFilters.add((FetchFilter) obj);
} else if (obj instanceof ParseFilter) {
customParseFilters.add((ParseFilter) obj);
} else if (obj instanceof URI) {
startUri = (URI) obj;
} else {
log.error("Unexpected contextSpecificObject: " + obj.getClass().getCanonicalName());
}
}
}
if (spiderParams.getMaxChildren() > 0) {
// Add the filters to filter on maximum number of children
MaxChildrenFetchFilter maxChildrenFetchFilter = new MaxChildrenFetchFilter();
maxChildrenFetchFilter.setMaxChildren(spiderParams.getMaxChildren());
maxChildrenFetchFilter.setModel(extension.getModel());
MaxChildrenParseFilter maxChildrenParseFilter = new MaxChildrenParseFilter(extension.getMessages());
maxChildrenParseFilter.setMaxChildren(spiderParams.getMaxChildren());
maxChildrenParseFilter.setModel(extension.getModel());
customFetchFilters.add(maxChildrenFetchFilter);
customParseFilters.add(maxChildrenParseFilter);
}
SpiderScan scan = new SpiderScan(extension, spiderParams, target, startUri, user, id, name);
scan.setCustomSpiderParsers(customSpiderParsers);
scan.setCustomFetchFilters(customFetchFilters);
scan.setCustomParseFilters(customParseFilters);
this.spiderScanMap.put(id, scan);
this.spiderScanList.add(scan);
scan.start();
return id;
} finally {
spiderScansLock.unlock();
}
}
use of org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter in project zaproxy by zaproxy.
the class SpiderAPI method scanURL.
/**
* Starts a spider scan at the given {@code url} and, optionally, with the perspective of the
* given {@code user}.
*
* @param url the url to start the spider scan
* @param user the user to scan as, or null if the scan is done without the perspective of any
* user
* @param maxChildren Max number of children to scan
* @param recurse Whether or not to scan recursively
* @param context the context that will be used during spider process, might be {@code null}
* @param subtreeOnly if the scan should be done only under a site's subtree
* @return the ID of the newly started scan
* @throws ApiException if the {@code url} is not valid
*/
private int scanURL(String url, User user, int maxChildren, boolean recurse, Context context, boolean subtreeOnly) throws ApiException {
log.debug("API Spider scanning url: " + url);
boolean useUrl = true;
if (url == null || url.isEmpty()) {
if (context == null || !context.hasNodesInContextFromSiteTree()) {
throw new ApiException(Type.MISSING_PARAMETER, PARAM_URL);
}
useUrl = false;
} else if (context != null && !context.isInContext(url)) {
throw new ApiException(Type.URL_NOT_IN_CONTEXT, PARAM_URL);
}
StructuralNode node = null;
URI startURI = null;
if (useUrl) {
try {
// Try to build uri
startURI = new URI(url, true);
} catch (URIException e) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL);
}
String scheme = startURI.getScheme();
if (scheme == null || (!scheme.equalsIgnoreCase("http") && !scheme.equalsIgnoreCase("https"))) {
throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL);
}
node = getStartNode(startURI, recurse);
}
Target target = new Target();
if (useUrl && node != null) {
target.setStartNode(node);
}
target.setContext(context);
target.setRecurse(recurse);
switch(Control.getSingleton().getMode()) {
case safe:
throw new ApiException(ApiException.Type.MODE_VIOLATION);
case protect:
if ((useUrl && !Model.getSingleton().getSession().isInScope(url)) || (context != null && !context.isInScope())) {
throw new ApiException(ApiException.Type.MODE_VIOLATION);
}
// No problem
break;
case standard:
// No problem
break;
case attack:
// No problem
break;
}
List<Object> objs = new ArrayList<>(4);
if (startURI != null) {
objs.add(startURI);
if (subtreeOnly) {
objs.add(new HttpPrefixFetchFilter(startURI));
}
}
if (maxChildren > 0) {
// Add the filters to filter on maximum number of children
MaxChildrenFetchFilter maxChildrenFetchFilter = new MaxChildrenFetchFilter();
maxChildrenFetchFilter.setMaxChildren(maxChildren);
maxChildrenFetchFilter.setModel(extension.getModel());
MaxChildrenParseFilter maxChildrenParseFilter = new MaxChildrenParseFilter(extension.getMessages());
maxChildrenParseFilter.setMaxChildren(maxChildren);
maxChildrenParseFilter.setModel(extension.getModel());
objs.add(maxChildrenFetchFilter);
objs.add(maxChildrenParseFilter);
}
return extension.startScan(target, user, objs.toArray(new Object[objs.size()]));
}
Aggregations