org.apache.commons.httpclient.URI Java Examples
The following examples show how to use
Example #1
Source File: From davmail with GNU General Public License v2.0 | 6 votes |
protected String getAbsoluteUri(HttpMethod method, String path) throws URIException { URI uri = method.getURI(); if (path != null) { // reset query string uri.setQuery(null); if (path.startsWith("/")) { // path is absolute, replace method path uri.setPath(path); } else if (path.startsWith("http://") || path.startsWith("https://")) { return path; } else { // relative path, build new path String currentPath = method.getPath(); int end = currentPath.lastIndexOf('/'); if (end >= 0) { uri.setPath(currentPath.substring(0, end + 1) + path); } else { throw new URIException(uri.getURI()); } } } return uri.getURI(); }
Example #2
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
@BeforeEach public void before() throws URIException { antiCsrfTokenNames = new ArrayList<>(); antiCsrfTokenNames.add("token"); antiCsrfTokenNames.add("csrfToken"); extensionAntiCSRFMock = mock(ExtensionAntiCSRF.class); Mockito.lenient() .when(extensionAntiCSRFMock.getAntiCsrfTokenNames()) .thenReturn(antiCsrfTokenNames); rule.setExtensionAntiCSRF(extensionAntiCSRFMock); rule.setCsrfIgnoreList(""); rule.setCSRFIgnoreAttName(""); rule.setCSRFIgnoreAttValue(""); HttpRequestHeader requestHeader = new HttpRequestHeader(); requestHeader.setURI(new URI("", false)); msg = new HttpMessage(); msg.setRequestHeader(requestHeader); }
Example #3
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
/** * Returns a representation of the host name as used throughout ZAP. The representation contains * the scheme, the host and, if needed, the port. Method should be used to keep consistency * whenever displaying a node's hostname. * * <p>Example outputs: * * <ul> * <li><i></i> * <li><i></i> * <li><i></i> * </ul> * * @throws URIException */ public static String getHostName(URI uri) throws URIException { StringBuilder host = new StringBuilder(); String scheme = uri.getScheme().toLowerCase(); host.append(scheme).append("://").append(uri.getHost()); int port = uri.getPort(); if ((port != -1) && ((port == 80 && !"http".equals(scheme)) || (port == 443 && !"https".equals(scheme)) || (port != 80 && port != 443))) { host.append(":").append(port); } return host.toString(); }
Example #4
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
public ScanTarget(URI uri) { this.uri = copyURI(uri); this.scheme = uri.getScheme(); try { = uri.getHost(); } catch (URIException e) { throw new IllegalArgumentException("Failed to get host from URI: " + e.getMessage(), e); } this.port = getPort(scheme, uri.getPort()); try { this.uri.setPath(null); this.uri.setQuery(null); this.uri.setFragment(null); } catch (URIException ignore) { // It's safe to set the URI query, path and fragment components to null. } this.stringRepresentation = createHostPortString(host, port); buildHtmlStringRepresentation(); }
Example #5
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
@BeforeEach public void setUp() throws URIException, NullPointerException { ImportWSDL.destroy(); /* Retrieves singleton instance. */ singleton = ImportWSDL.getInstance(); /* Makes test request. */ testRequest = new HttpMessage(); HttpRequestHeader header = new HttpRequestHeader(); header.setURI(new URI(TEST_URI, true)); testRequest.setRequestHeader(header); HttpRequestBody body = new HttpRequestBody(); body.append("test"); body.setLength(4); testRequest.setRequestBody(body); /* Empty configuration object. */ soapConfig = new SOAPMsgConfig(); soapConfig.setWsdl(new Definitions()); soapConfig.setSoapVersion(1); soapConfig.setParams(new HashMap<String, String>()); soapConfig.setPort(new Port()); soapConfig.setBindOp(new BindingOperation()); }
Example #6
Source File: From swellrt with Apache License 2.0 | 6 votes |
private JsonArray sendSearchRequest(String solrQuery, Function<InputStreamReader, JsonArray> function) throws IOException { JsonArray docsJson; GetMethod getMethod = new GetMethod(); HttpClient httpClient = new HttpClient(); try { getMethod.setURI(new URI(solrQuery, false)); int statusCode = httpClient.executeMethod(getMethod); docsJson = function.apply(new InputStreamReader(getMethod.getResponseBodyAsStream())); if (statusCode != HttpStatus.SC_OK) { LOG.warning("Failed to execute query: " + solrQuery); throw new IOException("Search request status is not OK: " + statusCode); } } finally { getMethod.releaseConnection(); } return docsJson; }
Example #7
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
/** scans the node for cross-domain mis-configurations */ @Override public void scan() { if (docBuilder == null) { return; } try { // get the network details for the attack URI originalURI = this.getBaseMsg().getRequestHeader().getURI(); scanAdobeCrossdomainPolicyFile(originalURI); scanSilverlightCrossdomainPolicyFile(originalURI); } catch (Exception e) { // needed to catch exceptions from the "finally" statement log.error( "Error scanning a node for Cross Domain misconfigurations: " + e.getMessage(), e); } }
Example #8
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void shouldRaiseMultipleAlertsIfRequestParamValuesUsedInAttributes() throws Exception { // Given HttpMessage msg = createMessage(); msg.getRequestHeader() .setURI( new URI( "", false)); msg.setResponseBody( "<html><meta http-equiv=\"refresh\" content=\"0; url=\"><img src=\"x.jpg\" alt=fred></img></html>"); // When scanHttpResponseReceive(msg); // Then assertThat(alertsRaised.size(), equalTo(2)); assertThat(alertsRaised.get(0).getParam(), equalTo("place")); assertThat(alertsRaised.get(1).getParam(), equalTo("name")); }
Example #9
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void emailAddressInURLParamValue() throws HttpMalformedHeaderException, URIException { // Given String sensitiveParamName = "docid"; String sensitiveValue = ""; String testURI = URI + "?mailto=me&" + sensitiveParamName + "=" + sensitiveValue + "&hl=en"; HttpMessage msg = createHttpMessageWithRespBody(testURI); // When scanHttpRequestSend(msg); // Then assertEquals(1, alertsRaised.size()); assertEquals(sensitiveParamName, alertsRaised.get(0).getParam()); assertEquals(sensitiveValue, alertsRaised.get(0).getEvidence()); assertEquals( Constant.messages.getString( InformationDisclosureInUrlScanRule.MESSAGE_PREFIX + ""), alertsRaised.get(0).getOtherInfo()); }
Example #10
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void detectExposureTo3rdPartyInSRC() throws HttpMalformedHeaderException, URIException { // Given String testURI = ""; String body = "<html>\n<body>\n<h2>HTML Links</h2>\n" + "<p><a href=\"default.jsp\">\n" + " <img src=\"\" alt=\"HTML tutorial\" " + "style=\"width:42px;height:42px;border:0;\">\n</a>" + "</p>\n" + "</body>\n</html>"; HttpMessage msg = createHttpMessageWithRespBody(body); msg.getRequestHeader().setURI(new URI(testURI, false)); // When scanHttpResponseReceive(msg); // Then assertEquals(2, alertsRaised.size()); }
Example #11
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void shouldRaiseAlertIfCookieBasedOnGetParamDuringPost() throws Exception { // Given HttpMessage msg = createMessage(); msg.getRequestHeader().setURI(new URI("", false)); msg.getRequestHeader().setMethod(HttpRequestHeader.POST); TreeSet<HtmlParameter> formParams = new TreeSet<HtmlParameter>(); formParams.add(new HtmlParameter(HtmlParameter.Type.form, "name", "jane")); msg.setFormParams(formParams); msg.getResponseHeader().setStatusCode(HttpStatusCode.FOUND); msg.getResponseHeader() .setHeader(HttpHeader.SET_COOKIE, "Set-Cookie: aCookie=evil; Secure"); // When scanHttpResponseReceive(msg); // Then assertThat(alertsRaised.size(), equalTo(1)); assertThat(alertsRaised.get(0).getParam(), equalTo("place")); }
Example #12
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void ignoreExposureToSelf() throws HttpMalformedHeaderException, URIException { // Given String testURI = ""; String body = "<html>\n<body>\n<h2>HTML Links</h2>\n" + "<p><a href=\"\">Testing ZAP</a>" + "</p>\n" + "</body>\n</html>"; HttpMessage msg = createHttpMessageWithRespBody(body); msg.getRequestHeader().setURI(new URI(testURI, false)); // When scanHttpResponseReceive(msg); // Then: // Passing means it detects the session ID in the URL (alert #1), but since the // origin of the href in the body is the same as the URL, it should not raise a // 2nd alert. assertEquals(1, alertsRaised.size()); }
Example #13
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void containsSessionIdAsUrlParameterInHTTPSOnCustomPort() throws HttpMalformedHeaderException, URIException { // Given String testURI = ""; HttpMessage msg = createHttpMessageWithRespBody(BODY); msg.getRequestHeader().setURI(new URI(testURI, false)); // When scanHttpResponseReceive(msg); // Then assertEquals(1, alertsRaised.size()); }
Example #14
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
/** * Imports the API definition from a URI. * * @param uri the URI locating the API definition. * @param targetUrl the URL to override the URL defined in the API, might be {@code null}. * @param initViaUi {@code true} if the import is being done through the GUI, {@code false} * otherwise. * @return the list of errors, if any. Returns {@code null} if the import is being done through * the GUI. * @throws InvalidUrlException if the target URL is not valid. */ public List<String> importOpenApiDefinition( final URI uri, final String targetUrl, boolean initViaUi) { Requestor requestor = new Requestor(HttpSender.MANUAL_REQUEST_INITIATOR); requestor.addListener(new HistoryPersister()); try { String path = uri.getPath(); if (path == null) { path = ""; } return importOpenApiDefinition( requestor.getResponseBody(uri), targetUrl, uri.getScheme() + "://" + uri.getAuthority() + path, initViaUi); } catch (IOException e) { if (initViaUi) { View.getSingleton() .showWarningDialog(Constant.messages.getString("")); } LOG.warn(e.getMessage(), e); } return null; }
Example #15
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void shouldRaiseAlertIfResponseIsTempRedirectHasLocationHeaderBasedOnGetParamDuringPost() throws Exception { // Given HttpMessage msg = createMessage(); msg.getRequestHeader().setURI(new URI("", false)); msg.getRequestHeader().setMethod(HttpRequestHeader.POST); TreeSet<HtmlParameter> formParams = new TreeSet<HtmlParameter>(); formParams.add(new HtmlParameter(HtmlParameter.Type.form, "name", "jane")); msg.setFormParams(formParams); msg.getResponseHeader().setStatusCode(HttpStatusCode.FOUND); msg.getResponseHeader().setHeader(HttpHeader.LOCATION, ""); // When scanHttpResponseReceive(msg); // Then assertThat(alertsRaised.size(), equalTo(1)); assertThat(alertsRaised.get(0).getParam(), equalTo("place")); }
Example #16
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
/** * Tells whether or not the given URI is valid, by starting or not with the defined prefix. * * @param uri the uri to be validated * @return {@code true} if valid, that is, the {@code uri} starts with the {@code prefix}, * {@code false} otherwise */ public boolean isValid(URI uri) { if (uri == null) { return false; } String otherScheme = normalisedScheme(uri.getRawScheme()); if (port != normalisedPort(otherScheme, uri.getPort())) { return false; } if (!scheme.equals(otherScheme)) { return false; } if (!hasSameHost(uri)) { return false; } if (!startsWith(uri.getRawPath(), path)) { return false; } return true; }
Example #17
Source File: From pinpoint with Apache License 2.0 | 6 votes |
private String getHost(HttpMethod httpMethod, HttpConnection httpConnection) { try { final URI uri = httpMethod.getURI(); // if uri have schema if (uri.isAbsoluteURI()) { return HttpClient3RequestWrapper.getEndpoint(uri.getHost(), uri.getPort()); } if (httpConnection != null) { final String host = httpConnection.getHost(); final int port = HttpClient3RequestWrapper.getPort(httpConnection); return HttpClient3RequestWrapper.getEndpoint(host, port); } } catch (Exception e) { if (isDebug) { logger.debug("Failed to get host. httpMethod={}", httpMethod, e); } } return null; }
Example #18
Source File: From zap-extensions with Apache License 2.0 | 6 votes |
public void recordClientScript(String url) { Extension extPnh = Control.getSingleton().getExtensionLoader().getExtension("ExtensionPlugNHack"); if (extPnh != null) { Method method = null; try { URI uri = new URI(url, true); startClientRecording(url); method = extPnh.getClass().getMethod("launchAndRecordClient", URI.class); method.invoke(extPnh, uri); } catch (Exception e) { // Its an older version, so just dont try to use it e.printStackTrace(); } } }
Example #19
Source File: From zap-extensions with Apache License 2.0 | 5 votes |
private HttpMessage createScopedMessage(boolean isInScope) throws URIException { HttpMessage newMsg = new HttpMessage() { @Override public boolean isInScope() { return isInScope; } }; newMsg.getRequestHeader().setURI(new URI("http://", "localhost", "/", "")); newMsg.setResponseBody( "<html><head></head><body>" + "<form name=\"someName\" data-no-csrf><input type=\"text\" name=\"name\"/><input type=\"submit\"/></form>" + "</body></html>"); return newMsg; }
Example #20
Source File: From zap-extensions with Apache License 2.0 | 5 votes |
public URI getServerUrl() throws URIException { return new URI( webSocketTestServer.isSecure() ? "https" : "http", null, webSocketTestServer.getHostname(), webSocketTestServer.getListeningPort()); }
Example #21
Source File: From zap-extensions with Apache License 2.0 | 5 votes |
@Override public boolean isValid(URI redirection) { if (!isValidForCurrentMode(redirection)) { isRequestValid = false; invalidRedirection = redirection; return false; } return true; }
Example #22
Source File: From zap-extensions with Apache License 2.0 | 5 votes |
@Test public void shouldNotRaiseAlertIfResponseContainsNoAttributes() throws Exception { // Given HttpMessage msg = createMessage(); msg.getRequestHeader() .setURI(new URI("", false)); msg.setResponseBody("<html><H1>Title</H1></html>"); // When scanHttpResponseReceive(msg); // Then assertThat(alertsRaised.size(), equalTo(0)); }
Example #23
Source File: From zap-extensions with Apache License 2.0 | 5 votes |
private boolean isValidForCurrentMode(URI uri) { switch (Control.getSingleton().getMode()) { case safe: return false; case protect: return Model.getSingleton().getSession().isInScope(uri.toString()); default: return true; } }
Example #24
Source File: From zap-extensions with Apache License 2.0 | 5 votes |
public MonitoredPage startMonitoring(URI uri) throws HttpMalformedHeaderException { HttpMessage msg = new HttpMessage(uri); MonitoredPage page = new MonitoredPage(this.getUniqueId(), msg, new Date()); this.monitoredPages.put(page.getId(), page); for (MonitoredPageListener listener : this.listeners) { listener.startMonitoringPageEvent(page); } return page; }
Example #25
Source File: From glowroot with Apache License 2.0 | 5 votes |
@OnBefore public static @Nullable TraceEntry onBefore(ThreadContext context, @SuppressWarnings("unused") @BindParameter @Nullable HostConfiguration hostConfiguration, @BindParameter @Nullable HttpMethod methodObj) { if (methodObj == null) { return null; } String method = methodObj.getName(); if (method == null) { method = ""; } else { method += " "; } String uri; try { URI uriObj = methodObj.getURI(); if (uriObj == null) { uri = ""; } else { uri = uriObj.getURI(); if (uri == null) { uri = ""; } } } catch (URIException e) { uri = ""; } return context.startServiceCallEntry("HTTP", method + Uris.stripQueryString(uri), MessageSupplier.create("http client request: {}{}", method, uri), timerName); }
Example #26
Source File: From zap-extensions with Apache License 2.0 | 5 votes |
static String normalizeSite(URI uri) { String lead = uri.getScheme() + "://"; try { return lead + uri.getAuthority(); } catch (URIException e) { if (logger.isDebugEnabled()) { logger.debug("Unable to get authority from: " + uri.toString(), e); } // Shouldn't happen, but sure fallback return ScanPanel.cleanSiteName(uri.toString(), true); } }
Example #27
Source File: From zap-extensions with Apache License 2.0 | 5 votes |
private HttpMessage sendHiddenFileRequest(HiddenFile file) { HttpMessage testMsg = getNewMsg(); try { URI baseUri = getBaseMsg().getRequestHeader().getURI(); URI testUri = new URI( baseUri.getScheme(), null, baseUri.getHost(), baseUri.getPort(), generatePath(baseUri.getPath(), file.getPath())); testMsg.getRequestHeader().setURI(testUri); sendAndReceive(testMsg); return testMsg; } catch (URIException uEx) { if (LOG.isDebugEnabled()) { LOG.debug( "An error occurred creating or setting a URI for the: " + getName() + " scanner. " + uEx.getMessage(), uEx); } } catch (IOException e) { LOG.warn( "An error occurred while checking [" + testMsg.getRequestHeader().getMethod() + "] [" + testMsg.getRequestHeader().getURI() + "] for " + getName() + " Caught " + e.getClass().getName() + " " + e.getMessage()); } return null; }
Example #28
Source File: From zap-extensions with Apache License 2.0 | 5 votes |
private HttpMessage createMessage() throws URIException { HttpRequestHeader requestHeader = new HttpRequestHeader(); requestHeader.setMethod("GET"); requestHeader.setURI(new URI("", false)); HttpMessage msg = new HttpMessage(); msg.setRequestHeader(requestHeader); return msg; }
Example #29
Source File: From zap-extensions with Apache License 2.0 | 5 votes |
protected HttpMessage getMockHttpMessage() throws URIException { HistoryReference mockHistoryRef = mock(HistoryReference.class); HttpRequestHeader mockReqHeader = mock(HttpRequestHeader.class); when(mockReqHeader.getURI()).thenReturn(new URI("http", "", "/", "")); HttpMessage mockMessage = mock(HttpMessage.class); when(mockMessage.getHistoryRef()).thenReturn(mockHistoryRef); when(mockMessage.getRequestHeader()).thenReturn(mockReqHeader); return mockMessage; }
Example #30
Source File: From zap-extensions with Apache License 2.0 | 5 votes |
@Test public void shouldRaiseAlertIfRequestParamsValuesUsedInAttributes() throws Exception { // Given HttpMessage msg = createMessage(); msg.getRequestHeader() .setURI(new URI("", false)); msg.setResponseBody("<html><img src=\"x.jpg\" alt=\"fred, here\")></img></html>"); // When scanHttpResponseReceive(msg); // Then assertThat(alertsRaised.size(), equalTo(1)); assertThat(alertsRaised.get(0).getParam(), equalTo("name")); }