Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb2f6be5

Browse files
committed
Process triggers and notifications also on exception during ActiveScans sendAndReceive.Fixes#7004
Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
1 parent0e49dcb commitb2f6be5

21 files changed

+699
-102
lines changed

‎zap/src/main/java/org/parosproxy/paros/core/scanner/AbstractPlugin.java‎

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,8 @@
7070
// ZAP: 2020/11/17 Use new TechSet#getAllTech().
7171
// ZAP: 2020/11/26 Use Log4j2 getLogger() and deprecate Log4j1.x.
7272
// ZAP: 2021/07/20 Correct message updated with the scan rule ID header (Issue 6689).
73+
// ZAP: 2022/01/04 Process triggers and notifications also on exception during sendAndReceive (Issue
74+
// 7004).
7375
packageorg.parosproxy.paros.core.scanner;
7476

7577
importjava.io.IOException;
@@ -94,6 +96,7 @@
9496
importorg.parosproxy.paros.network.HttpStatusCode;
9597
importorg.zaproxy.zap.control.AddOn;
9698
importorg.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF;
99+
importorg.zaproxy.zap.extension.ascan.ScannerTaskResult;
97100
importorg.zaproxy.zap.extension.custompages.CustomPage;
98101
importorg.zaproxy.zap.model.Tech;
99102
importorg.zaproxy.zap.model.TechSet;
@@ -309,16 +312,22 @@ protected void sendAndReceive(
309312
// ZAP: Runs the "beforeScan" methods of any ScannerHooks
310313
parent.performScannerHookBeforeScan(message,this);
311314

312-
if (isFollowRedirect) {
313-
parent.getHttpSender().sendAndReceive(message,getParent().getRedirectRequestConfig());
314-
}else {
315-
parent.getHttpSender().sendAndReceive(message,false);
315+
try {
316+
if (isFollowRedirect) {
317+
parent.getHttpSender()
318+
.sendAndReceive(message,getParent().getRedirectRequestConfig());
319+
}else {
320+
parent.getHttpSender().sendAndReceive(message,false);
321+
}
322+
}catch (IOExceptione) {
323+
message.setErrorResponse(e);
324+
// ZAP: Notify parent
325+
parent.notifyNewMessage(this,newScannerTaskResult(message,e.getLocalizedMessage()));
326+
return;
316327
}
317328

318-
// ZAP: Notify parent
319-
parent.notifyNewMessage(this,message);
320-
321-
// ZAP: Set the history reference back and run the "afterScan" methods of any ScannerHooks
329+
// ZAP: Set the history reference back and run the "afterScan" methods of any
330+
// ScannerHooks
322331
parent.performScannerHookAfterScan(message,this);
323332
}
324333

‎zap/src/main/java/org/parosproxy/paros/core/scanner/Analyser.java‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@
6363
importorg.parosproxy.paros.network.HttpMessage;
6464
importorg.parosproxy.paros.network.HttpSender;
6565
importorg.parosproxy.paros.network.HttpStatusCode;
66+
importorg.zaproxy.zap.extension.ascan.ScannerTaskResult;
6667
importorg.zaproxy.zap.model.StructuralNode;
6768

6869
publicclassAnalyser {
@@ -519,7 +520,7 @@ private void sendAndReceive(HttpMessage msg) throws HttpException, IOException {
519520

520521
httpSender.sendAndReceive(msg,parent.getRedirectRequestConfig());
521522
requestCount++;
522-
parent.notifyNewMessage(msg);
523+
parent.notifyNewMessage(newScannerTaskResult(msg));
523524
}
524525

525526
publicintgetDelayInMs() {

‎zap/src/main/java/org/parosproxy/paros/core/scanner/HostProcess.java‎

Lines changed: 35 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,7 @@
126126
importorg.parosproxy.paros.network.HttpSender;
127127
importorg.zaproxy.zap.extension.alert.ExtensionAlert;
128128
importorg.zaproxy.zap.extension.ascan.ScanPolicy;
129+
importorg.zaproxy.zap.extension.ascan.ScannerTaskResult;
129130
importorg.zaproxy.zap.extension.ascan.filters.FilterResult;
130131
importorg.zaproxy.zap.extension.ascan.filters.ScanFilter;
131132
importorg.zaproxy.zap.extension.custompages.CustomPage;
@@ -646,7 +647,7 @@ private boolean scanMessage(Plugin plugin, int messageId) {
646647
privatebooleanobtainResponse(HistoryReferencehRef,HttpMessagemessage) {
647648
try {
648649
getHttpSender().sendAndReceive(message);
649-
notifyNewMessage(message);
650+
notifyNewMessage(newScannerTaskResult(message));
650651
requestCount++;
651652
returntrue;
652653
}catch (IOExceptione) {
@@ -839,9 +840,11 @@ private void notifyHostComplete() {
839840
*
840841
* @param msg the new HTTP message
841842
* @since 1.2.0
843+
* @deprecated (2.12.0) Use {@link #notifyNewMessage(ScannerTaskResult)}
842844
*/
845+
@Deprecated
843846
publicvoidnotifyNewMessage(HttpMessagemsg) {
844-
parentScanner.notifyNewMessage(msg);
847+
notifyNewMessage(newScannerTaskResult(msg));
845848
}
846849

847850
/**
@@ -852,9 +855,37 @@ public void notifyNewMessage(HttpMessage msg) {
852855
* @throws IllegalArgumentException if the given {@code plugin} is {@code null}.
853856
* @since 2.5.0
854857
* @see #notifyNewMessage(Plugin)
858+
* @deprecated (2.12.0) Use {@link #notifyNewMessage(Plugin, ScannerTaskResult)}
855859
*/
860+
@Deprecated
856861
publicvoidnotifyNewMessage(Pluginplugin,HttpMessagemessage) {
857-
parentScanner.notifyNewMessage(message);
862+
notifyNewMessage(plugin,newScannerTaskResult(message));
863+
}
864+
865+
/**
866+
* Notifies interested parties that a new message was sent (and received).
867+
*
868+
* <p>{@link Plugin Plugins} should call {@link #notifyNewMessage(Plugin)} or {@link
869+
* #notifyNewMessage(Plugin, ScannerTaskResult)}, instead.
870+
*
871+
* @param scannerTaskResult contains the new HTTP message
872+
* @since 1.2.0
873+
*/
874+
publicvoidnotifyNewMessage(ScannerTaskResultscannerTaskResult) {
875+
parentScanner.notifyNewMessage(scannerTaskResult);
876+
}
877+
878+
/**
879+
* Notifies that the given {@code plugin} sent (and received) the given HTTP message.
880+
*
881+
* @param plugin the plugin that sent the message
882+
* @param scannerTaskResult contains the message sent
883+
* @throws IllegalArgumentException if the given {@code plugin} is {@code null}.
884+
* @since 2.5.0
885+
* @see #notifyNewMessage(Plugin)
886+
*/
887+
publicvoidnotifyNewMessage(Pluginplugin,ScannerTaskResultscannerTaskResult) {
888+
parentScanner.notifyNewMessage(scannerTaskResult);
858889
notifyNewMessage(plugin);
859890
}
860891

@@ -867,7 +898,7 @@ public void notifyNewMessage(Plugin plugin, HttpMessage message) {
867898
* @param plugin the plugin that sent a non-HTTP message
868899
* @throws IllegalArgumentException if the given parameter is {@code null}.
869900
* @since 2.5.0
870-
* @see #notifyNewMessage(Plugin,HttpMessage)
901+
* @see #notifyNewMessage(Plugin,ScannerTaskResult)
871902
*/
872903
publicvoidnotifyNewMessage(Pluginplugin) {
873904
if (plugin ==null) {

‎zap/src/main/java/org/parosproxy/paros/core/scanner/Scanner.java‎

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,7 @@
7979
importorg.parosproxy.paros.network.HttpMessage;
8080
importorg.zaproxy.zap.extension.ascan.ActiveScanEventPublisher;
8181
importorg.zaproxy.zap.extension.ascan.ScanPolicy;
82+
importorg.zaproxy.zap.extension.ascan.ScannerTaskResult;
8283
importorg.zaproxy.zap.extension.ascan.filters.ScanFilter;
8384
importorg.zaproxy.zap.extension.ruleconfig.RuleConfigParam;
8485
importorg.zaproxy.zap.extension.script.ScriptCollection;
@@ -455,10 +456,16 @@ public boolean isPaused() {
455456
returnpause;
456457
}
457458

459+
/** @deprecated (2.12.0) Use {@link #notifyNewMessage(ScannerTaskResult)} */
460+
@Deprecated
458461
publicvoidnotifyNewMessage(HttpMessagemsg) {
462+
notifyNewMessage(newScannerTaskResult(msg));
463+
}
464+
465+
publicvoidnotifyNewMessage(ScannerTaskResultscannerTaskResult) {
459466
for (inti =0;i <listenerList.size();i++) {
460467
ScannerListenerlistener =listenerList.get(i);
461-
listener.notifyNewMessage(msg);
468+
listener.notifyNewTaskResult(scannerTaskResult);
462469
}
463470
}
464471

‎zap/src/main/java/org/parosproxy/paros/core/scanner/ScannerListener.java‎

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,9 +25,12 @@
2525
// ZAP: 2019/06/05 Normalise format/style.
2626
// ZAP: 2019/12/10 Issue 5278: Adding filtered messages to active scan panel.
2727
// ZAP: 2021/05/14 Remove empty statement.
28+
// ZAP: 2022/01/14 deprecated notifyNewMessage
29+
// ZAP: 2022/01/14 Added notifyNewTaskResult
2830
packageorg.parosproxy.paros.core.scanner;
2931

3032
importorg.parosproxy.paros.network.HttpMessage;
33+
importorg.zaproxy.zap.extension.ascan.ScannerTaskResult;
3134

3235
publicinterfaceScannerListener {
3336

@@ -41,8 +44,13 @@ public interface ScannerListener {
4144

4245
voidalertFound(Alertalert);
4346

44-
// ZAP: Added notifyNewMessage
45-
voidnotifyNewMessage(HttpMessagemsg);
47+
/** @deprecated (2.12.0) Use {@link #notifyNewTaskResult(ScannerTaskResult)} */
48+
@Deprecated
49+
defaultvoidnotifyNewMessage(HttpMessagemsg) {}
50+
51+
defaultvoidnotifyNewTaskResult(ScannerTaskResultscannerTaskResult) {
52+
notifyNewMessage(scannerTaskResult.getHttpMessage());
53+
}
4654

4755
/**
4856
* Added to notify reason for filtering message from scanning.

‎zap/src/main/java/org/parosproxy/paros/network/HttpMessage.java‎

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@
6363
packageorg.parosproxy.paros.network;
6464

6565
importjava.net.HttpCookie;
66+
importjava.nio.charset.StandardCharsets;
6667
importjava.util.ArrayList;
6768
importjava.util.Collections;
6869
importjava.util.HashMap;
@@ -74,11 +75,14 @@
7475
importjava.util.SortedSet;
7576
importjava.util.TreeSet;
7677
importjava.util.Vector;
78+
importjavax.net.ssl.SSLException;
7779
importorg.apache.commons.httpclient.URI;
7880
importorg.apache.commons.httpclient.URIException;
7981
importorg.apache.commons.lang.StringUtils;
82+
importorg.apache.commons.lang.exception.ExceptionUtils;
8083
importorg.apache.logging.log4j.LogManager;
8184
importorg.apache.logging.log4j.Logger;
85+
importorg.parosproxy.paros.Constant;
8286
importorg.parosproxy.paros.model.HistoryReference;
8387
importorg.parosproxy.paros.model.Model;
8488
importorg.zaproxy.zap.eventBus.Event;
@@ -1239,4 +1243,53 @@ public Map<String, String> toEventData() {
12391243
publicStringgetType() {
12401244
returnMESSAGE_TYPE;
12411245
}
1246+
1247+
publicvoidsetErrorResponse(Exceptioncause) {
1248+
StringBuilderstrBuilder =newStringBuilder(250);
1249+
if (causeinstanceofSSLException) {
1250+
strBuilder.append(Constant.messages.getString("network.ssl.error.connect"));
1251+
strBuilder.append(this.getRequestHeader().getURI().toString()).append('\n');
1252+
strBuilder
1253+
.append(Constant.messages.getString("network.ssl.error.exception"))
1254+
.append(cause.getMessage())
1255+
.append('\n');
1256+
strBuilder
1257+
.append(Constant.messages.getString("network.ssl.error.exception.rootcause"))
1258+
.append(ExceptionUtils.getRootCauseMessage(cause))
1259+
.append('\n');
1260+
strBuilder.append(
1261+
Constant.messages.getString(
1262+
"network.ssl.error.help",
1263+
Constant.messages.getString("network.ssl.error.help.url")));
1264+
1265+
strBuilder.append("\n\nStack Trace:\n");
1266+
for (StringstackTraceFrame :ExceptionUtils.getRootCauseStackTrace(cause)) {
1267+
strBuilder.append(stackTraceFrame).append('\n');
1268+
}
1269+
}else {
1270+
strBuilder
1271+
.append(cause.getClass().getName())
1272+
.append(": ")
1273+
.append(cause.getLocalizedMessage())
1274+
.append("\n\nStack Trace:\n");
1275+
for (StringstackTraceFrame :ExceptionUtils.getRootCauseStackTrace(cause)) {
1276+
strBuilder.append(stackTraceFrame).append('\n');
1277+
}
1278+
}
1279+
1280+
Stringmessage =strBuilder.toString();
1281+
1282+
HttpResponseHeaderresponseHeader;
1283+
try {
1284+
responseHeader =newHttpResponseHeader("HTTP/1.1 400 ZAP IO Error");
1285+
responseHeader.setHeader(HttpHeader.CONTENT_TYPE,"text/plain; charset=UTF-8");
1286+
responseHeader.setHeader(
1287+
HttpHeader.CONTENT_LENGTH,
1288+
Integer.toString(message.getBytes(StandardCharsets.UTF_8).length));
1289+
this.setResponseHeader(responseHeader);
1290+
this.setResponseBody(message);
1291+
}catch (HttpMalformedHeaderExceptione) {
1292+
log.error("Failed to create error response:",e);
1293+
}
1294+
}
12421295
}

‎zap/src/main/java/org/zaproxy/zap/extension/ascan/ActiveScan.java‎

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -273,7 +273,8 @@ public ActiveScanTableModel getMessagesTableModel() {
273273
}
274274

275275
@Override
276-
publicvoidnotifyNewMessage(finalHttpMessagemsg) {
276+
publicvoidnotifyNewTaskResult(finalScannerTaskResultscannerTaskResult) {
277+
HttpMessagemsg =scannerTaskResult.getHttpMessage();
277278
HistoryReferencehRef =msg.getHistoryRef();
278279
if (hRef ==null) {
279280
try {
@@ -299,17 +300,18 @@ public void notifyNewMessage(final HttpMessage msg) {
299300
if (this.rcTotals.getTotal() >this.maxResultsToList) {
300301
removeFirstHistoryReferenceInEdt();
301302
}
302-
addHistoryReferenceInEdt(hRef);
303+
addHistoryReferenceInEdt(hRef,scannerTaskResult);
303304
}
304305
}
305306

306-
privatevoidaddHistoryReferenceInEdt(finalHistoryReferencehRef) {
307+
privatevoidaddHistoryReferenceInEdt(
308+
finalHistoryReferencehRef,ScannerTaskResultscannerTaskResult) {
307309
EventQueue.invokeLater(
308310
newRunnable() {
309311

310312
@Override
311313
publicvoidrun() {
312-
messagesTableModel.addHistoryReference(hRef);
314+
messagesTableModel.addEntry(hRef,scannerTaskResult);
313315
}
314316
});
315317
}

‎zap/src/main/java/org/zaproxy/zap/extension/ascan/ActiveScanPanel.java‎

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,6 @@
3939
importorg.parosproxy.paros.core.scanner.Alert;
4040
importorg.parosproxy.paros.core.scanner.HostProcess;
4141
importorg.parosproxy.paros.core.scanner.ScannerListener;
42-
importorg.parosproxy.paros.network.HttpMessage;
4342
importorg.parosproxy.paros.view.View;
4443
importorg.zaproxy.zap.model.ScanController;
4544
importorg.zaproxy.zap.model.ScanListenner2;
@@ -75,7 +74,7 @@ public class ActiveScanPanel extends ScanPanel2<ActiveScan, ScanController<Activ
7574
newFilterMessageTableModel();
7675

7776
privateExtensionActiveScanextension;
78-
privateHistoryReferencesTablemessagesTable;
77+
privateActiveScanTablemessagesTable;
7978
privateZapTablefilterMessageTable;
8079

8180
privateJButtonpolicyButton =null;
@@ -281,7 +280,7 @@ private void resetFilterMessageTable() {
281280

282281
privateHistoryReferencesTablegetMessagesTable() {
283282
if (messagesTable ==null) {
284-
messagesTable =newHistoryReferencesTable(EMPTY_RESULTS_MODEL);
283+
messagesTable =newActiveScanTable(EMPTY_RESULTS_MODEL);
285284
messagesTable.setName(MESSAGE_CONTAINER_NAME);
286285
messagesTable.setAutoCreateColumnsFromModel(false);
287286
}
@@ -371,7 +370,7 @@ private void updateRequestCount() {
371370
}
372371

373372
@Override
374-
publicvoidnotifyNewMessage(HttpMessagemsg) {}
373+
publicvoidnotifyNewTaskResult(ScannerTaskResultscannerTaskResult) {}
375374

376375
privatevoidupdateNewAlertCount() {
377376
ActiveScanac =this.getSelectedScanner();

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp