Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: ricekot <ricekot@gmail.com>
- Loading branch information
Showing
37 changed files
with
2,874 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
version=0.0.1 | ||
version=0.1.0 | ||
release=false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
94 changes: 94 additions & 0 deletions
94
addOns/oast/src/main/java/org/zaproxy/addon/oast/OastRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
/* | ||
* Zed Attack Proxy (ZAP) and its related class files. | ||
* | ||
* ZAP is an HTTP/HTTPS proxy for assessing web application security. | ||
* | ||
* Copyright 2021 The ZAP Development Team | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package org.zaproxy.addon.oast; | ||
|
||
import java.util.List; | ||
import org.apache.commons.httpclient.URI; | ||
import org.apache.commons.httpclient.URIException; | ||
import org.parosproxy.paros.db.DatabaseException; | ||
import org.parosproxy.paros.model.HistoryReference; | ||
import org.parosproxy.paros.model.Model; | ||
import org.parosproxy.paros.network.HttpHeader; | ||
import org.parosproxy.paros.network.HttpMalformedHeaderException; | ||
import org.parosproxy.paros.network.HttpMessage; | ||
import org.zaproxy.addon.oast.ui.OastTableModel; | ||
import org.zaproxy.zap.view.table.DefaultHistoryReferencesTableEntry; | ||
|
||
public class OastRequest extends DefaultHistoryReferencesTableEntry { | ||
|
||
private String handler; | ||
private String source; | ||
private String referer; | ||
|
||
private OastRequest(HistoryReference historyReference) { | ||
super(historyReference, OastTableModel.COLUMNS); | ||
} | ||
|
||
public static OastRequest create(HttpMessage httpMessage, String source, String handler) | ||
throws DatabaseException, HttpMalformedHeaderException { | ||
HistoryReference historyReference = | ||
new HistoryReference( | ||
Model.getSingleton().getSession(), | ||
ExtensionOast.HISTORY_TYPE_OAST, | ||
httpMessage); | ||
historyReference.addTag(source); | ||
historyReference.addTag(handler); | ||
return create(historyReference); | ||
} | ||
|
||
public static OastRequest create(HistoryReference historyReference) | ||
throws HttpMalformedHeaderException, DatabaseException { | ||
OastRequest oastRequest = new OastRequest(historyReference); | ||
if (!historyReference.getTags().isEmpty()) { | ||
List<String> tags = historyReference.getTags(); | ||
if (isValidIpAddress(tags.get(0))) { | ||
oastRequest.source = tags.get(0); | ||
oastRequest.handler = tags.get(1); | ||
} else { | ||
oastRequest.source = tags.get(1); | ||
oastRequest.handler = tags.get(0); | ||
} | ||
} | ||
oastRequest.referer = | ||
historyReference.getHttpMessage().getRequestHeader().getHeader(HttpHeader.REFERER); | ||
return oastRequest; | ||
} | ||
|
||
public String getHandler() { | ||
return handler; | ||
} | ||
|
||
public String getSource() { | ||
return source; | ||
} | ||
|
||
public String getReferer() { | ||
return referer; | ||
} | ||
|
||
private static boolean isValidIpAddress(String ip) { | ||
try { | ||
new URI(ip, true); | ||
return true; | ||
} catch (URIException e) { | ||
return false; | ||
} | ||
} | ||
} |
25 changes: 25 additions & 0 deletions
25
addOns/oast/src/main/java/org/zaproxy/addon/oast/OastRequestHandler.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
/* | ||
* Zed Attack Proxy (ZAP) and its related class files. | ||
* | ||
* ZAP is an HTTP/HTTPS proxy for assessing web application security. | ||
* | ||
* Copyright 2021 The ZAP Development Team | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package org.zaproxy.addon.oast; | ||
|
||
@FunctionalInterface | ||
public interface OastRequestHandler { | ||
void handle(OastRequest oastRequest); | ||
} |
47 changes: 47 additions & 0 deletions
47
addOns/oast/src/main/java/org/zaproxy/addon/oast/OastService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/* | ||
* Zed Attack Proxy (ZAP) and its related class files. | ||
* | ||
* ZAP is an HTTP/HTTPS proxy for assessing web application security. | ||
* | ||
* Copyright 2021 The ZAP Development Team | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package org.zaproxy.addon.oast; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
public abstract class OastService { | ||
|
||
private final List<OastRequestHandler> oastRequestHandlerList = new ArrayList<>(); | ||
|
||
public abstract String getName(); | ||
|
||
/** Starts the OastService. This method should be called after ZAP has initialised. */ | ||
public abstract void startService(); | ||
|
||
public abstract void stopService(); | ||
|
||
public void sessionChanged() {} | ||
|
||
public void addOastRequestHandler(OastRequestHandler oastRequestHandler) { | ||
oastRequestHandlerList.add(oastRequestHandler); | ||
} | ||
|
||
public void handleOastRequest(OastRequest oastRequest) { | ||
for (OastRequestHandler handler : oastRequestHandlerList) { | ||
handler.handle(oastRequest); | ||
} | ||
} | ||
} |
Oops, something went wrong.