Search in sources :

Example 1 with MaxChildrenFetchFilter

use of org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter in project zaproxy by zaproxy.

the class SpiderScanController method startScan.

@Override
public int startScan(String name, Target target, User user, Object[] contextSpecificObjects) {
    spiderScansLock.lock();
    try {
        int id = this.scanIdCounter++;
        SpiderParam spiderParams = extension.getSpiderParam();
        List<SpiderParser> customSpiderParsers = new ArrayList<>();
        List<FetchFilter> customFetchFilters = new ArrayList<>();
        List<ParseFilter> customParseFilters = new ArrayList<>();
        URI startUri = null;
        if (contextSpecificObjects != null) {
            for (Object obj : contextSpecificObjects) {
                if (obj instanceof SpiderParam) {
                    log.debug("Setting custom spider params");
                    spiderParams = (SpiderParam) obj;
                } else if (obj instanceof SpiderParser) {
                    customSpiderParsers.add((SpiderParser) obj);
                } else if (obj instanceof FetchFilter) {
                    customFetchFilters.add((FetchFilter) obj);
                } else if (obj instanceof ParseFilter) {
                    customParseFilters.add((ParseFilter) obj);
                } else if (obj instanceof URI) {
                    startUri = (URI) obj;
                } else {
                    log.error("Unexpected contextSpecificObject: " + obj.getClass().getCanonicalName());
                }
            }
        }
        if (spiderParams.getMaxChildren() > 0) {
            // Add the filters to filter on maximum number of children
            MaxChildrenFetchFilter maxChildrenFetchFilter = new MaxChildrenFetchFilter();
            maxChildrenFetchFilter.setMaxChildren(spiderParams.getMaxChildren());
            maxChildrenFetchFilter.setModel(extension.getModel());
            MaxChildrenParseFilter maxChildrenParseFilter = new MaxChildrenParseFilter(extension.getMessages());
            maxChildrenParseFilter.setMaxChildren(spiderParams.getMaxChildren());
            maxChildrenParseFilter.setModel(extension.getModel());
            customFetchFilters.add(maxChildrenFetchFilter);
            customParseFilters.add(maxChildrenParseFilter);
        }
        SpiderScan scan = new SpiderScan(extension, spiderParams, target, startUri, user, id, name);
        scan.setCustomSpiderParsers(customSpiderParsers);
        scan.setCustomFetchFilters(customFetchFilters);
        scan.setCustomParseFilters(customParseFilters);
        this.spiderScanMap.put(id, scan);
        this.spiderScanList.add(scan);
        scan.start();
        return id;
    } finally {
        spiderScansLock.unlock();
    }
}
Also used : MaxChildrenParseFilter(org.zaproxy.zap.spider.filters.MaxChildrenParseFilter) ParseFilter(org.zaproxy.zap.spider.filters.ParseFilter) MaxChildrenParseFilter(org.zaproxy.zap.spider.filters.MaxChildrenParseFilter) MaxChildrenFetchFilter(org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter) ArrayList(java.util.ArrayList) SpiderParam(org.zaproxy.zap.spider.SpiderParam) SpiderParser(org.zaproxy.zap.spider.parser.SpiderParser) URI(org.apache.commons.httpclient.URI) FetchFilter(org.zaproxy.zap.spider.filters.FetchFilter) MaxChildrenFetchFilter(org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter)

Example 2 with MaxChildrenFetchFilter

use of org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter in project zaproxy by zaproxy.

the class SpiderAPI method scanURL.

/**
 * Starts a spider scan at the given {@code url} and, optionally, with the perspective of the
 * given {@code user}.
 *
 * @param url the url to start the spider scan
 * @param user the user to scan as, or null if the scan is done without the perspective of any
 *     user
 * @param maxChildren Max number of children to scan
 * @param recurse Whether or not to scan recursively
 * @param context the context that will be used during spider process, might be {@code null}
 * @param subtreeOnly if the scan should be done only under a site's subtree
 * @return the ID of the newly started scan
 * @throws ApiException if the {@code url} is not valid
 */
private int scanURL(String url, User user, int maxChildren, boolean recurse, Context context, boolean subtreeOnly) throws ApiException {
    log.debug("API Spider scanning url: " + url);
    boolean useUrl = true;
    if (url == null || url.isEmpty()) {
        if (context == null || !context.hasNodesInContextFromSiteTree()) {
            throw new ApiException(Type.MISSING_PARAMETER, PARAM_URL);
        }
        useUrl = false;
    } else if (context != null && !context.isInContext(url)) {
        throw new ApiException(Type.URL_NOT_IN_CONTEXT, PARAM_URL);
    }
    StructuralNode node = null;
    URI startURI = null;
    if (useUrl) {
        try {
            // Try to build uri
            startURI = new URI(url, true);
        } catch (URIException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL);
        }
        String scheme = startURI.getScheme();
        if (scheme == null || (!scheme.equalsIgnoreCase("http") && !scheme.equalsIgnoreCase("https"))) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL);
        }
        node = getStartNode(startURI, recurse);
    }
    Target target = new Target();
    if (useUrl && node != null) {
        target.setStartNode(node);
    }
    target.setContext(context);
    target.setRecurse(recurse);
    switch(Control.getSingleton().getMode()) {
        case safe:
            throw new ApiException(ApiException.Type.MODE_VIOLATION);
        case protect:
            if ((useUrl && !Model.getSingleton().getSession().isInScope(url)) || (context != null && !context.isInScope())) {
                throw new ApiException(ApiException.Type.MODE_VIOLATION);
            }
            // No problem
            break;
        case standard:
            // No problem
            break;
        case attack:
            // No problem
            break;
    }
    List<Object> objs = new ArrayList<>(4);
    if (startURI != null) {
        objs.add(startURI);
        if (subtreeOnly) {
            objs.add(new HttpPrefixFetchFilter(startURI));
        }
    }
    if (maxChildren > 0) {
        // Add the filters to filter on maximum number of children
        MaxChildrenFetchFilter maxChildrenFetchFilter = new MaxChildrenFetchFilter();
        maxChildrenFetchFilter.setMaxChildren(maxChildren);
        maxChildrenFetchFilter.setModel(extension.getModel());
        MaxChildrenParseFilter maxChildrenParseFilter = new MaxChildrenParseFilter(extension.getMessages());
        maxChildrenParseFilter.setMaxChildren(maxChildren);
        maxChildrenParseFilter.setModel(extension.getModel());
        objs.add(maxChildrenFetchFilter);
        objs.add(maxChildrenParseFilter);
    }
    return extension.startScan(target, user, objs.toArray(new Object[objs.size()]));
}
Also used : StructuralNode(org.zaproxy.zap.model.StructuralNode) MaxChildrenParseFilter(org.zaproxy.zap.spider.filters.MaxChildrenParseFilter) MaxChildrenFetchFilter(org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter) ArrayList(java.util.ArrayList) URI(org.apache.commons.httpclient.URI) Target(org.zaproxy.zap.model.Target) URIException(org.apache.commons.httpclient.URIException) HttpPrefixFetchFilter(org.zaproxy.zap.spider.filters.HttpPrefixFetchFilter) JSONObject(net.sf.json.JSONObject) ApiException(org.zaproxy.zap.extension.api.ApiException)

Aggregations

ArrayList (java.util.ArrayList)2 URI (org.apache.commons.httpclient.URI)2 MaxChildrenFetchFilter (org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter)2 MaxChildrenParseFilter (org.zaproxy.zap.spider.filters.MaxChildrenParseFilter)2 JSONObject (net.sf.json.JSONObject)1 URIException (org.apache.commons.httpclient.URIException)1 ApiException (org.zaproxy.zap.extension.api.ApiException)1 StructuralNode (org.zaproxy.zap.model.StructuralNode)1 Target (org.zaproxy.zap.model.Target)1 SpiderParam (org.zaproxy.zap.spider.SpiderParam)1 FetchFilter (org.zaproxy.zap.spider.filters.FetchFilter)1 HttpPrefixFetchFilter (org.zaproxy.zap.spider.filters.HttpPrefixFetchFilter)1 ParseFilter (org.zaproxy.zap.spider.filters.ParseFilter)1 SpiderParser (org.zaproxy.zap.spider.parser.SpiderParser)1