Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: ricekot <ricekot@gmail.com>
- Loading branch information
Showing
37 changed files
with
3,021 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
version=0.0.1 | ||
version=0.1.0 | ||
release=false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
67 changes: 67 additions & 0 deletions
67
addOns/oast/src/main/java/org/zaproxy/addon/oast/OastParam.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
/* | ||
* Zed Attack Proxy (ZAP) and its related class files. | ||
* | ||
* ZAP is an HTTP/HTTPS proxy for assessing web application security. | ||
* | ||
* Copyright 2021 The ZAP Development Team | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package org.zaproxy.addon.oast; | ||
|
||
import org.apache.logging.log4j.LogManager; | ||
import org.apache.logging.log4j.Logger; | ||
import org.parosproxy.paros.Constant; | ||
import org.zaproxy.zap.common.VersionedAbstractParam; | ||
|
||
public class OastParam extends VersionedAbstractParam { | ||
|
||
/** Update this if params are added, changed or deleted. */ | ||
private static final int PARAM_CURRENT_VERSION = 1; | ||
|
||
private static final String PARAM_BASE_KEY = "oast"; | ||
private static final String PARAM_SERVER = PARAM_BASE_KEY + ".service"; | ||
|
||
private static final Logger LOG = LogManager.getLogger(OastParam.class); | ||
|
||
private String oastService; | ||
|
||
public OastParam() {} | ||
|
||
public String getOastService() { | ||
return oastService; | ||
} | ||
|
||
public void setOastService(String oastService) { | ||
this.oastService = oastService; | ||
getConfig().setProperty(PARAM_SERVER, oastService); | ||
} | ||
|
||
@Override | ||
protected void parseImpl() { | ||
oastService = getString(PARAM_SERVER, Constant.messages.getString("oast.callback.name")); | ||
} | ||
|
||
@Override | ||
protected String getConfigVersionKey() { | ||
return PARAM_BASE_KEY + VERSION_ATTRIBUTE; | ||
} | ||
|
||
@Override | ||
protected int getCurrentVersion() { | ||
return PARAM_CURRENT_VERSION; | ||
} | ||
|
||
@Override | ||
protected void updateConfigsImpl(int fileVersion) {} | ||
} |
94 changes: 94 additions & 0 deletions
94
addOns/oast/src/main/java/org/zaproxy/addon/oast/OastRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
/* | ||
* Zed Attack Proxy (ZAP) and its related class files. | ||
* | ||
* ZAP is an HTTP/HTTPS proxy for assessing web application security. | ||
* | ||
* Copyright 2021 The ZAP Development Team | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package org.zaproxy.addon.oast; | ||
|
||
import java.util.List; | ||
import org.apache.commons.httpclient.URI; | ||
import org.apache.commons.httpclient.URIException; | ||
import org.parosproxy.paros.db.DatabaseException; | ||
import org.parosproxy.paros.model.HistoryReference; | ||
import org.parosproxy.paros.model.Model; | ||
import org.parosproxy.paros.network.HttpHeader; | ||
import org.parosproxy.paros.network.HttpMalformedHeaderException; | ||
import org.parosproxy.paros.network.HttpMessage; | ||
import org.zaproxy.addon.oast.ui.OastTableModel; | ||
import org.zaproxy.zap.view.table.DefaultHistoryReferencesTableEntry; | ||
|
||
public class OastRequest extends DefaultHistoryReferencesTableEntry { | ||
|
||
private String handler; | ||
private String source; | ||
private String referer; | ||
|
||
private OastRequest(HistoryReference historyReference) { | ||
super(historyReference, OastTableModel.COLUMNS); | ||
} | ||
|
||
public static OastRequest create(HttpMessage httpMessage, String source, String handler) | ||
throws DatabaseException, HttpMalformedHeaderException { | ||
HistoryReference historyReference = | ||
new HistoryReference( | ||
Model.getSingleton().getSession(), | ||
ExtensionOast.HISTORY_TYPE_OAST, | ||
httpMessage); | ||
historyReference.addTag(source); | ||
historyReference.addTag(handler); | ||
return create(historyReference); | ||
} | ||
|
||
public static OastRequest create(HistoryReference historyReference) | ||
throws HttpMalformedHeaderException, DatabaseException { | ||
OastRequest oastRequest = new OastRequest(historyReference); | ||
if (!historyReference.getTags().isEmpty()) { | ||
List<String> tags = historyReference.getTags(); | ||
if (isValidIpAddress(tags.get(0))) { | ||
oastRequest.source = tags.get(0); | ||
oastRequest.handler = tags.get(1); | ||
} else { | ||
oastRequest.source = tags.get(1); | ||
oastRequest.handler = tags.get(0); | ||
} | ||
} | ||
oastRequest.referer = | ||
historyReference.getHttpMessage().getRequestHeader().getHeader(HttpHeader.REFERER); | ||
return oastRequest; | ||
} | ||
|
||
public String getHandler() { | ||
return handler; | ||
} | ||
|
||
public String getSource() { | ||
return source; | ||
} | ||
|
||
public String getReferer() { | ||
return referer; | ||
} | ||
|
||
private static boolean isValidIpAddress(String ip) { | ||
try { | ||
new URI(ip, true); | ||
return true; | ||
} catch (URIException e) { | ||
return false; | ||
} | ||
} | ||
} |
Oops, something went wrong.