Fuzzer throwing exceptions #2142
Comments
thc202
added a commit
to thc202/zaproxy
that referenced
this issue
Feb 25, 2016
Change method HttpSessionsSite.getMatchingHttpSession(...) to create a copy of the sessions (in a synchronised block) and pass the copy to a method of CookieBasedSessionManagementHelper to prevent the exception ConcurrentModificationException (which happened while iterating/copying the original sessions collection in the method of the latter class). Change class HttpSessionsTableModel to do the modifications to sessions collection and notifications to the GUI in the EDT to prevent leaving the view in inconsistent state, which would lead to exceptions like "IndexOutOfBoundsException: Invalid range", when sorting the entries added to the "Http Sessions" table. Change method ExtensionHttpSessions.onHttpResponseReceive(...) to not process the responses of fuzzed messages, which can potentially generate thousands of "synthetic" sessions in ZAP (like the active scanner, already excluded). Fix zaproxy#2142 - Fuzzer throwing exceptions
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
After running for an hour or so, the Fuzzer starts to throw these exceptions.
2015-12-14 20:17:29,964 [ZAP-FuzzerThreadPool-3-thread-6] ERROR HttpSender -
java.util.ConcurrentModificationException
at java.util.LinkedHashMap$LinkedHashIterator.nextEntry(LinkedHashMap.java:394)
at java.util.LinkedHashMap$KeyIterator.next(LinkedHashMap.java:405)
at java.util.AbstractCollection.toArray(AbstractCollection.java:141)
at java.util.LinkedList.addAll(LinkedList.java:406)
at java.util.LinkedList.addAll(LinkedList.java:385)
at java.util.LinkedList.(LinkedList.java:117)
at org.zaproxy.zap.session.CookieBasedSessionManagementHelper.getMatchingHttpSession(Unknown Source)
at org.zaproxy.zap.extension.httpsessions.HttpSessionsSite.getMatchingHttpSession(Unknown Source)
at org.zaproxy.zap.extension.httpsessions.HttpSessionsSite.processHttpRequestMessage(Unknown Source)
at org.zaproxy.zap.extension.httpsessions.ExtensionHttpSessions.onHttpRequestSend(Unknown Source)
at org.parosproxy.paros.network.HttpSender.notifyRequestListeners(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.zaproxy.zap.extension.fuzz.httpfuzzer.HttpFuzzerTask.sendMessage(HttpFuzzerTask.java:84)
at org.zaproxy.zap.extension.fuzz.httpfuzzer.HttpFuzzerTask.runImpl(HttpFuzzerTask.java:52)
at org.zaproxy.zap.extension.fuzz.httpfuzzer.HttpFuzzerTask.runImpl(HttpFuzzerTask.java:32)
at org.zaproxy.zap.extension.fuzz.AbstractFuzzerTask.run(AbstractFuzzerTask.java:57)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
2015-12-14 20:17:29,975 [ZAP-FuzzerThreadPool-3-thread-1] ERROR HttpSender - Invalid range
java.lang.IndexOutOfBoundsException: Invalid range
at javax.swing.DefaultRowSorter.checkAgainstModel(DefaultRowSorter.java:921)
at javax.swing.DefaultRowSorter.rowsInserted(DefaultRowSorter.java:861)
at org.jdesktop.swingx.sort.DefaultSortController.rowsInserted(DefaultSortController.java:404)
at javax.swing.JTable.notifySorter(JTable.java:4270)
at javax.swing.JTable.sortedTableChanged(JTable.java:4118)
at javax.swing.JTable.tableChanged(JTable.java:4395)
at org.jdesktop.swingx.JXTable.tableChanged(JXTable.java:1561)
at javax.swing.table.AbstractTableModel.fireTableChanged(AbstractTableModel.java:296)
at javax.swing.table.AbstractTableModel.fireTableRowsInserted(AbstractTableModel.java:231)
at org.zaproxy.zap.extension.httpsessions.HttpSessionsTableModel.addHttpSession(Unknown Source)
at org.zaproxy.zap.extension.httpsessions.HttpSessionsSite.addHttpSession(Unknown Source)
at org.zaproxy.zap.extension.httpsessions.HttpSessionsSite.processHttpResponseMessage(Unknown Source)
at org.zaproxy.zap.extension.httpsessions.ExtensionHttpSessions.onHttpResponseReceive(Unknown Source)
at org.parosproxy.paros.network.HttpSender.notifyResponseListeners(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.zaproxy.zap.extension.fuzz.httpfuzzer.HttpFuzzerTask.sendMessage(HttpFuzzerTask.java:84)
at org.zaproxy.zap.extension.fuzz.httpfuzzer.HttpFuzzerTask.runImpl(HttpFuzzerTask.java:52)
at org.zaproxy.zap.extension.fuzz.httpfuzzer.HttpFuzzerTask.runImpl(HttpFuzzerTask.java:32)
at org.zaproxy.zap.extension.fuzz.AbstractFuzzerTask.run(AbstractFuzzerTask.java:57)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
The text was updated successfully, but these errors were encountered: