Skip to content

Commit

Permalink
Merge pull request #22 from NickLech/zap
Browse files Browse the repository at this point in the history 
HttpReqRes changes
  • Loading branch information
@simone36050
simone36050 authored Nov 29, 2024
2 parents f0a95fd + 3a77368 commit d590710
Show file tree
Hide file tree
Showing 9 changed files with 252 additions and 381 deletions.
324 changes: 141 additions & 183 deletions tool/src/main/java/org/zaproxy/addon/migt/Check.java
View file

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions tool/src/main/java/org/zaproxy/addon/migt/ExecutePassives.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,8 @@ public void run() {
public Session executePassiveTestSession(Session session) {
// FIXME: session's track is assumed to be present

System.out.println("Eseguito executePassiveTestSession");

synchronized (lock) {
finished = false;
}
Expand Down
77 changes: 23 additions & 54 deletions tool/src/main/java/org/zaproxy/addon/migt/HTTPReqRes.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@
import org.apache.http.util.CharArrayBuffer;
import org.parosproxy.paros.db.DatabaseException;
import org.parosproxy.paros.model.HistoryReference;
import org.parosproxy.paros.network.HtmlParameter;
import org.parosproxy.paros.network.HttpHeaderField;
import org.parosproxy.paros.network.HttpMalformedHeaderException;
import org.parosproxy.paros.network.HttpMessage;
Expand Down Expand Up @@ -108,11 +107,10 @@ public HTTPReqRes(byte[] request, byte[] response) {
*
* <p>--> now changed to create it from a HistoryReference
*
* @param hmsg the history reference to access the message
* @param message the history reference to access the message
*/
public HTTPReqRes(HistoryReference hmsg)
public HTTPReqRes(HttpMessage message)
throws MalformedURLException, HttpMalformedHeaderException, DatabaseException {
HttpMessage message = hmsg.getHttpMessage();
this.isRequest = true;
this.isResponse = true;

Expand All @@ -132,7 +130,7 @@ public HTTPReqRes(HistoryReference hmsg)
URL url = new URL(readURI);
this.setRequest_url(url.toString());

// utilizzo HttpRequestHeader perchè in teoria è solo per le richieste
// utilizzo HttpRequestHeader perchè sembra che httpmessage consenga sempre il RequestHeader
HttpRequestHeader service = message.getRequestHeader();
this.setHost(service.getHostName());
this.setPort(service.getHostPort());
Expand Down Expand Up @@ -198,15 +196,10 @@ public HTTPReqRes(HttpMessage message, boolean isRequest, int index) {

this.headers_req = toStringList(message.getRequestHeader().getHeaders());

// changed this by adding
// for (HtmlParameter p : message.getUrlParams()) {
// this.headers_req.add(p.toString());
// }

this.request_url = message.getRequestHeader().getURI().toString();
this.body_offset_req = message.getRequestHeader().toString().length();

// set host infogetHttpService
// set host info getHttpService
HttpRequestHeader service = message.getRequestHeader();
this.setHost(service.getHostName());
this.setPort(service.getHostPort());
Expand Down Expand Up @@ -261,45 +254,6 @@ public static List<NameValuePair> parse_url_query_no_decoding(
return list;
}

// public HttpMessage replaceBurpMessage(HttpMessage message) throws
// HttpMalformedHeaderException, URIException {
// if (isRequest) {
// message.setRequestHeader(Req_header);
// message.setRequestBody(Req_body);
//
// }
// if (isResponse) {
// message.setResponseHeader(Res_header);
// message.setResponseBody(Res_body);
// }
// if (host != null && port != 0 && protocol != null) {
// if (protocol == "https"){
// message.getRequestHeader().setSecure(true);
// } else {
// message.getRequestHeader().setSecure(false);
// }
//
// org.apache.commons.httpclient.URI origialURI = new
// org.apache.commons.httpclient.URI(request_url, true);
//
// org.apache.commons.httpclient.URI newURI = new org.apache.commons.httpclient.URI(
// origialURI.getScheme(),
// null,
// host,
// port,
// origialURI.getPath(),
// origialURI.getQuery(),
// origialURI.getFragment()
// );
//
// //set host and port values by changing the URI
// message.getRequestHeader().setURI(newURI);
//
//
// }
// return message;
// }

public String getUrlHeader() {
if (!isRequest) throw new RuntimeException("called getUrlHeader on a response message");

Expand Down Expand Up @@ -1019,25 +973,39 @@ public void updateHeadersWHurl() throws RuntimeException {
* @return true or false, if matched or not respectively
*/
public boolean matches_msg_type(MessageType msg_type, boolean is_request) {
System.out.println("eseguito matches_msg_type");
System.out.println("Checks are:");
for(Check c : msg_type.checks){
System.out.println(c.toStringExtended());
}
boolean matchedMessage = false;
try {
/* If the response message name is searched, the getByResponse will be true.
* so messageIndex have to search for the request, and then evaluate the response
*/
if (msg_type.getByResponse) {
if (!isResponse) return false; // both request and response have to be present
System.out.println("-------------> First if");
if (!isResponse){
System.out.println("-------------> return false since both request and response have to be present");
return false; // both request and response have to be present
}
matchedMessage =
Tools.executeChecks(
msg_type.checks, this, true, new ArrayList<>() // TODO: fix
);
System.out.println("-------------> First if end");
} else if (msg_type.getByRequest) {
if (!isResponse) return false; // both request and response have to be present
System.out.println("-------------> Second if");
if (!isResponse){
System.out.println("-------------> return false since both request and response have to be present");
return false; // both request and response have to be present
}
matchedMessage =
Tools.executeChecks(
msg_type.checks, this, false, new ArrayList<>() // TODO: fix
);
System.out.println("-------------> Second if end");
} else {
System.out.println("-------------> Third if");
// this check is done to avoid matching request messages when intercepting a
// response
if (is_request != msg_type.msg_to_process_is_request) return false;
Expand All @@ -1050,9 +1018,10 @@ public boolean matches_msg_type(MessageType msg_type, boolean is_request) {
msg_type.isRequest,
new ArrayList<>() // TODO: fix
);
System.out.println("-------------> Third if end");
}
} catch (Exception e) {
e.printStackTrace();
System.err.println(e.getMessage());
}
System.out.println("return di matches_msg_type is " + matchedMessage);
return matchedMessage;
Expand Down
19 changes: 12 additions & 7 deletions tool/src/main/java/org/zaproxy/addon/migt/Operation.java
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
package org.zaproxy.addon.migt;

import static org.zaproxy.addon.migt.Tools.buildStringWithVars;
import static org.zaproxy.addon.migt.Tools.executeChecks;
import static org.zaproxy.addon.migt.Tools.executeDecodeOps;
import static org.zaproxy.addon.migt.Tools.executeEditOps;
import static org.zaproxy.addon.migt.Tools.executeMessageOperations;
import static org.zaproxy.addon.migt.Tools.findParentDiv;
import static org.zaproxy.addon.migt.Tools.getVariableByName;
import static org.zaproxy.addon.migt.Tools.*;
//import static org.zaproxy.addon.migt.Tools.buildStringWithVars;
//import static org.zaproxy.addon.migt.Tools.executeChecks;
//import static org.zaproxy.addon.migt.Tools.executeDecodeOps;
//import static org.zaproxy.addon.migt.Tools.executeEditOps;
//import static org.zaproxy.addon.migt.Tools.executeMessageOperations;
//import static org.zaproxy.addon.migt.Tools.findParentDiv;
//import static org.zaproxy.addon.migt.Tools.getVariableByName;

import java.util.ArrayList;
import java.util.List;
Expand Down Expand Up @@ -439,6 +440,9 @@ public void setAPI(Operation_API api) {
}

public void execute() {

System.out.println("Entrato in execute");

if (!preconditions.isEmpty()) {
try {
applicable =
Expand Down Expand Up @@ -485,6 +489,7 @@ public void execute() {
// The order of execution is very important
try {
applicable = true;
System.out.println("Set true 22");
executeMessageOperations(this);
if (!applicable | !result) return;
executeEditOps(this, api.vars);
Expand Down
2 changes: 1 addition & 1 deletion tool/src/main/java/org/zaproxy/addon/migt/ParsingException.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

/** Exception raised when the parsing of the language fails */
public class ParsingException extends Exception {
private static final long serialVersionUID = 1L;
// private static final long serialVersionUID = 1L;

/**
* Raised when there is a problem in the parsing of the json
Expand Down
17 changes: 9 additions & 8 deletions tool/src/main/java/org/zaproxy/addon/migt/Session.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,21 +101,22 @@ public SessionTrackAction next() {
* the message is checked against some common file extension and if it is matched it is
* discarded
*
* @param hmsg the message to be added
* @param msg the message to be added
* @param filter specify if filtering is enabled
* @return the added message
*/
public HTTPReqRes addMessage(HistoryReference hmsg, boolean filter)
public HTTPReqRes addMessage(HttpMessage msg, boolean filter)
throws URISyntaxException,
MalformedURLException,
HttpMalformedHeaderException,
DatabaseException {
HTTPReqRes res = null;
HttpMessage message = hmsg.getHttpMessage();

if (filter) {
String forURI = message.getRequestHeader().getURI().toString();
URI uri = new URI(forURI);
String url = uri.toURL().toString();
// String forURI = message.getRequestHeader().getURI().toString();
// URI uri = new URI(forURI);
// String url = uri.toURL().toString();
String url = msg.getRequestHeader().getPrimeHeader();
url = url.split("\\sHTTP")[0];
Pattern pattern =
Pattern.compile(
Expand All @@ -124,11 +125,11 @@ public HTTPReqRes addMessage(HistoryReference hmsg, boolean filter)
Matcher matcher = pattern.matcher(url);

if (!matcher.find()) {
res = new HTTPReqRes(hmsg);
res = new HTTPReqRes(msg);
messages.add(res);
}
} else {
res = new HTTPReqRes(hmsg);
res = new HTTPReqRes(msg);
messages.add(res);
}
return res;
Expand Down
9 changes: 9 additions & 0 deletions tool/src/main/java/org/zaproxy/addon/migt/Test.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -442,8 +442,15 @@ public void logTest(String log_folder) {
* @param msg_types the message types used by the test
* @return true if a test is passed, false otherwise
*/

//jump here -- remove this comment

public boolean execute(List<HTTPReqRes> messageList, List<MessageType> msg_types)
throws ParsingException {

System.out.println("Entrato in execute di Test");


int i, j;
boolean res = true;

Expand Down Expand Up @@ -483,6 +490,8 @@ public boolean execute(List<HTTPReqRes> messageList, List<MessageType> msg_types
}
}

System.out.println("About to return --> " + res);

return res;
}

Expand Down
2 changes: 2 additions & 0 deletions tool/src/main/java/org/zaproxy/addon/migt/Tools.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,11 @@ public static boolean executeChecks(
System.out.println("eseguito executeChecks");
for (Check c : checks) {
if (!c.execute(message, isRequest, vars)) {
System.out.println("executeChecks will return false");
return false;
}
}
System.out.println("executeChecks will return true");
return true;
}

Expand Down
Loading

0 comments on commit d590710

Please sign in to comment.