org.apache.commons.httpclient.URI Java Examples

protected String getAbsoluteUri(HttpMethod method, String path) throws URIException {
    URI uri = method.getURI();
    if (path != null) {
        // reset query string
        uri.setQuery(null);
        if (path.startsWith("/")) {
            // path is absolute, replace method path
            uri.setPath(path);
        } else if (path.startsWith("http://") || path.startsWith("https://")) {
            return path;
        } else {
            // relative path, build new path
            String currentPath = method.getPath();
            int end = currentPath.lastIndexOf('/');
            if (end >= 0) {
                uri.setPath(currentPath.substring(0, end + 1) + path);
            } else {
                throw new URIException(uri.getURI());
            }
        }
    }
    return uri.getURI();
}
 

@BeforeEach
public void before() throws URIException {
    antiCsrfTokenNames = new ArrayList<>();
    antiCsrfTokenNames.add("token");
    antiCsrfTokenNames.add("csrfToken");

    extensionAntiCSRFMock = mock(ExtensionAntiCSRF.class);
    Mockito.lenient()
            .when(extensionAntiCSRFMock.getAntiCsrfTokenNames())
            .thenReturn(antiCsrfTokenNames);

    rule.setExtensionAntiCSRF(extensionAntiCSRFMock);
    rule.setCsrfIgnoreList("");
    rule.setCSRFIgnoreAttName("");
    rule.setCSRFIgnoreAttValue("");

    HttpRequestHeader requestHeader = new HttpRequestHeader();
    requestHeader.setURI(new URI("http://example.com", false));

    msg = new HttpMessage();
    msg.setRequestHeader(requestHeader);
}
 

/**
 * Returns a representation of the host name as used throughout ZAP. The representation contains
 * the scheme, the host and, if needed, the port. Method should be used to keep consistency
 * whenever displaying a node's hostname.
 *
 * <p>Example outputs:
 *
 * <ul>
 *   <li><i>http://example.org</i>
 *   <li><i>http://example.org:8080</i>
 *   <li><i>https://example.org</i>
 * </ul>
 *
 * @throws URIException
 */
public static String getHostName(URI uri) throws URIException {
    StringBuilder host = new StringBuilder();

    String scheme = uri.getScheme().toLowerCase();
    host.append(scheme).append("://").append(uri.getHost());
    int port = uri.getPort();
    if ((port != -1)
            && ((port == 80 && !"http".equals(scheme))
                    || (port == 443 && !"https".equals(scheme))
                    || (port != 80 && port != 443))) {
        host.append(":").append(port);
    }

    return host.toString();
}
 

public ScanTarget(URI uri) {
    this.uri = copyURI(uri);

    this.scheme = uri.getScheme();

    try {
        this.host = uri.getHost();
    } catch (URIException e) {
        throw new IllegalArgumentException("Failed to get host from URI: " + e.getMessage(), e);
    }

    this.port = getPort(scheme, uri.getPort());

    try {
        this.uri.setPath(null);
        this.uri.setQuery(null);
        this.uri.setFragment(null);
    } catch (URIException ignore) {
        // It's safe to set the URI query, path and fragment components to null.
    }

    this.stringRepresentation = createHostPortString(host, port);
    buildHtmlStringRepresentation();
}
 

@BeforeEach
public void setUp() throws URIException, NullPointerException {
    ImportWSDL.destroy();
    /* Retrieves singleton instance. */
    singleton = ImportWSDL.getInstance();

    /* Makes test request. */
    testRequest = new HttpMessage();
    HttpRequestHeader header = new HttpRequestHeader();
    header.setURI(new URI(TEST_URI, true));
    testRequest.setRequestHeader(header);
    HttpRequestBody body = new HttpRequestBody();
    body.append("test");
    body.setLength(4);
    testRequest.setRequestBody(body);

    /* Empty configuration object. */
    soapConfig = new SOAPMsgConfig();
    soapConfig.setWsdl(new Definitions());
    soapConfig.setSoapVersion(1);
    soapConfig.setParams(new HashMap<String, String>());
    soapConfig.setPort(new Port());
    soapConfig.setBindOp(new BindingOperation());
}
 

private JsonArray sendSearchRequest(String solrQuery,
    Function<InputStreamReader, JsonArray> function) throws IOException {
  JsonArray docsJson;
  GetMethod getMethod = new GetMethod();
  HttpClient httpClient = new HttpClient();
  try {
    getMethod.setURI(new URI(solrQuery, false));
    int statusCode = httpClient.executeMethod(getMethod);
    docsJson = function.apply(new InputStreamReader(getMethod.getResponseBodyAsStream()));
    if (statusCode != HttpStatus.SC_OK) {
      LOG.warning("Failed to execute query: " + solrQuery);
      throw new IOException("Search request status is not OK: " + statusCode);
    }
  } finally {
    getMethod.releaseConnection();
  }
  return docsJson;
}
 

/** scans the node for cross-domain mis-configurations */
@Override
public void scan() {
    if (docBuilder == null) {
        return;
    }

    try {
        // get the network details for the attack
        URI originalURI = this.getBaseMsg().getRequestHeader().getURI();

        scanAdobeCrossdomainPolicyFile(originalURI);

        scanSilverlightCrossdomainPolicyFile(originalURI);

    } catch (Exception e) {
        // needed to catch exceptions from the "finally" statement
        log.error(
                "Error scanning a node for Cross Domain misconfigurations: " + e.getMessage(),
                e);
    }
}
 

@Test
public void shouldRaiseMultipleAlertsIfRequestParamValuesUsedInAttributes() throws Exception {
    // Given
    HttpMessage msg = createMessage();
    msg.getRequestHeader()
            .setURI(
                    new URI(
                            "http://example.com/i.php?place=http://example.com/&name=fred",
                            false));
    msg.setResponseBody(
            "<html><meta http-equiv=\"refresh\" content=\"0; url=http://example.com/\"><img src=\"x.jpg\" alt=fred></img></html>");
    // When
    scanHttpResponseReceive(msg);
    // Then
    assertThat(alertsRaised.size(), equalTo(2));
    assertThat(alertsRaised.get(0).getParam(), equalTo("place"));
    assertThat(alertsRaised.get(1).getParam(), equalTo("name"));
}
 

@Test
public void emailAddressInURLParamValue() throws HttpMalformedHeaderException, URIException {

    // Given
    String sensitiveParamName = "docid";
    String sensitiveValue = "[email protected]";
    String testURI = URI + "?mailto=me&" + sensitiveParamName + "=" + sensitiveValue + "&hl=en";
    HttpMessage msg = createHttpMessageWithRespBody(testURI);

    // When
    scanHttpRequestSend(msg);

    // Then
    assertEquals(1, alertsRaised.size());
    assertEquals(sensitiveParamName, alertsRaised.get(0).getParam());
    assertEquals(sensitiveValue, alertsRaised.get(0).getEvidence());
    assertEquals(
            Constant.messages.getString(
                    InformationDisclosureInUrlScanRule.MESSAGE_PREFIX + "otherinfo.email"),
            alertsRaised.get(0).getOtherInfo());
}
 

@Test
public void detectExposureTo3rdPartyInSRC() throws HttpMalformedHeaderException, URIException {

    // Given
    String testURI = "https://example.com/foo?jsessionid=1A530637289A03B07199A44E8D531427";
    String body =
            "<html>\n<body>\n<h2>HTML Links</h2>\n"
                    + "<p><a href=\"default.jsp\">\n"
                    + " <img src=\"https://www.example.org/images/smiley.gif\" alt=\"HTML tutorial\" "
                    + "style=\"width:42px;height:42px;border:0;\">\n</a>"
                    + "</p>\n"
                    + "</body>\n</html>";
    HttpMessage msg = createHttpMessageWithRespBody(body);
    msg.getRequestHeader().setURI(new URI(testURI, false));

    // When
    scanHttpResponseReceive(msg);

    // Then
    assertEquals(2, alertsRaised.size());
}
 

@Test
public void shouldRaiseAlertIfCookieBasedOnGetParamDuringPost() throws Exception {
    // Given
    HttpMessage msg = createMessage();
    msg.getRequestHeader().setURI(new URI("http://example.com/i.php?place=evil", false));
    msg.getRequestHeader().setMethod(HttpRequestHeader.POST);
    TreeSet<HtmlParameter> formParams = new TreeSet<HtmlParameter>();
    formParams.add(new HtmlParameter(HtmlParameter.Type.form, "name", "jane"));
    msg.setFormParams(formParams);
    msg.getResponseHeader().setStatusCode(HttpStatusCode.FOUND);
    msg.getResponseHeader()
            .setHeader(HttpHeader.SET_COOKIE, "Set-Cookie: aCookie=evil; Secure");
    // When
    scanHttpResponseReceive(msg);
    // Then
    assertThat(alertsRaised.size(), equalTo(1));
    assertThat(alertsRaised.get(0).getParam(), equalTo("place"));
}
 

@Test
public void ignoreExposureToSelf() throws HttpMalformedHeaderException, URIException {

    // Given
    String testURI = "https://example.com/foo?jsessionid=1A530637289A03B07199A44E8D531427";
    String body =
            "<html>\n<body>\n<h2>HTML Links</h2>\n"
                    + "<p><a href=\"https://example.com/html/\">Testing ZAP</a>"
                    + "</p>\n"
                    + "</body>\n</html>";
    HttpMessage msg = createHttpMessageWithRespBody(body);
    msg.getRequestHeader().setURI(new URI(testURI, false));

    // When
    scanHttpResponseReceive(msg);

    // Then:
    // Passing means it detects the session ID in the URL (alert #1), but since the
    // origin of the href in the body is the same as the URL, it should not raise a
    // 2nd alert.
    assertEquals(1, alertsRaised.size());
}
 

@Test
public void containsSessionIdAsUrlParameterInHTTPSOnCustomPort()
        throws HttpMalformedHeaderException, URIException {

    // Given
    String testURI = "https://example.com:4443/foo?jsessionid=1a530637289b03x07199de8D531427";
    HttpMessage msg = createHttpMessageWithRespBody(BODY);
    msg.getRequestHeader().setURI(new URI(testURI, false));

    // When

    scanHttpResponseReceive(msg);

    // Then
    assertEquals(1, alertsRaised.size());
}
 

/**
 * Imports the API definition from a URI.
 *
 * @param uri the URI locating the API definition.
 * @param targetUrl the URL to override the URL defined in the API, might be {@code null}.
 * @param initViaUi {@code true} if the import is being done through the GUI, {@code false}
 *     otherwise.
 * @return the list of errors, if any. Returns {@code null} if the import is being done through
 *     the GUI.
 * @throws InvalidUrlException if the target URL is not valid.
 */
public List<String> importOpenApiDefinition(
        final URI uri, final String targetUrl, boolean initViaUi) {
    Requestor requestor = new Requestor(HttpSender.MANUAL_REQUEST_INITIATOR);
    requestor.addListener(new HistoryPersister());
    try {
        String path = uri.getPath();
        if (path == null) {
            path = "";
        }
        return importOpenApiDefinition(
                requestor.getResponseBody(uri),
                targetUrl,
                uri.getScheme() + "://" + uri.getAuthority() + path,
                initViaUi);
    } catch (IOException e) {
        if (initViaUi) {
            View.getSingleton()
                    .showWarningDialog(Constant.messages.getString("openapi.io.error"));
        }
        LOG.warn(e.getMessage(), e);
    }
    return null;
}
 

@Test
public void shouldRaiseAlertIfResponseIsTempRedirectHasLocationHeaderBasedOnGetParamDuringPost()
        throws Exception {
    // Given
    HttpMessage msg = createMessage();
    msg.getRequestHeader().setURI(new URI("http://example.com/i.php?place=evil.com", false));
    msg.getRequestHeader().setMethod(HttpRequestHeader.POST);
    TreeSet<HtmlParameter> formParams = new TreeSet<HtmlParameter>();
    formParams.add(new HtmlParameter(HtmlParameter.Type.form, "name", "jane"));
    msg.setFormParams(formParams);
    msg.getResponseHeader().setStatusCode(HttpStatusCode.FOUND);
    msg.getResponseHeader().setHeader(HttpHeader.LOCATION, "http://evil.com");
    // When
    scanHttpResponseReceive(msg);
    // Then
    assertThat(alertsRaised.size(), equalTo(1));
    assertThat(alertsRaised.get(0).getParam(), equalTo("place"));
}
 

/**
 * Tells whether or not the given URI is valid, by starting or not with the defined prefix.
 *
 * @param uri the uri to be validated
 * @return {@code true} if valid, that is, the {@code uri} starts with the {@code prefix},
 *     {@code false} otherwise
 */
public boolean isValid(URI uri) {
    if (uri == null) {
        return false;
    }

    String otherScheme = normalisedScheme(uri.getRawScheme());
    if (port != normalisedPort(otherScheme, uri.getPort())) {
        return false;
    }

    if (!scheme.equals(otherScheme)) {
        return false;
    }

    if (!hasSameHost(uri)) {
        return false;
    }

    if (!startsWith(uri.getRawPath(), path)) {
        return false;
    }

    return true;
}
 

private String getHost(HttpMethod httpMethod, HttpConnection httpConnection) {
    try {
        final URI uri = httpMethod.getURI();
        // if uri have schema
        if (uri.isAbsoluteURI()) {
            return HttpClient3RequestWrapper.getEndpoint(uri.getHost(), uri.getPort());
        }
        if (httpConnection != null) {
            final String host = httpConnection.getHost();
            final int port = HttpClient3RequestWrapper.getPort(httpConnection);
            return HttpClient3RequestWrapper.getEndpoint(host, port);
        }
    } catch (Exception e) {
        if (isDebug) {
            logger.debug("Failed to get host. httpMethod={}", httpMethod, e);
        }
    }
    return null;
}
 

public void recordClientScript(String url) {
    Extension extPnh =
            Control.getSingleton().getExtensionLoader().getExtension("ExtensionPlugNHack");
    if (extPnh != null) {
        Method method = null;
        try {
            URI uri = new URI(url, true);

            startClientRecording(url);

            method = extPnh.getClass().getMethod("launchAndRecordClient", URI.class);

            method.invoke(extPnh, uri);

        } catch (Exception e) {
            // Its an older version, so just dont try to use it
            e.printStackTrace();
        }
    }
}
 

private HttpMessage createScopedMessage(boolean isInScope) throws URIException {
    HttpMessage newMsg =
            new HttpMessage() {
                @Override
                public boolean isInScope() {
                    return isInScope;
                }
            };
    newMsg.getRequestHeader().setURI(new URI("http://", "localhost", "/", ""));
    newMsg.setResponseBody(
            "<html><head></head><body>"
                    + "<form name=\"someName\" data-no-csrf><input type=\"text\" name=\"name\"/><input type=\"submit\"/></form>"
                    + "</body></html>");
    return newMsg;
}
 

public URI getServerUrl() throws URIException {
    return new URI(
            webSocketTestServer.isSecure() ? "https" : "http",
            null,
            webSocketTestServer.getHostname(),
            webSocketTestServer.getListeningPort());
}
 

@Override
public boolean isValid(URI redirection) {
    if (!isValidForCurrentMode(redirection)) {
        isRequestValid = false;
        invalidRedirection = redirection;
        return false;
    }
    return true;
}
 

@Test
public void shouldNotRaiseAlertIfResponseContainsNoAttributes() throws Exception {
    // Given
    HttpMessage msg = createMessage();
    msg.getRequestHeader()
            .setURI(new URI("http://example.com/i.php?place=here&name=fred", false));
    msg.setResponseBody("<html><H1>Title</H1></html>");
    // When
    scanHttpResponseReceive(msg);
    // Then
    assertThat(alertsRaised.size(), equalTo(0));
}
 

private boolean isValidForCurrentMode(URI uri) {
    switch (Control.getSingleton().getMode()) {
        case safe:
            return false;
        case protect:
            return Model.getSingleton().getSession().isInScope(uri.toString());
        default:
            return true;
    }
}
 

public MonitoredPage startMonitoring(URI uri) throws HttpMalformedHeaderException {
    HttpMessage msg = new HttpMessage(uri);
    MonitoredPage page = new MonitoredPage(this.getUniqueId(), msg, new Date());
    this.monitoredPages.put(page.getId(), page);
    for (MonitoredPageListener listener : this.listeners) {
        listener.startMonitoringPageEvent(page);
    }
    return page;
}
 

@OnBefore
public static @Nullable TraceEntry onBefore(ThreadContext context,
        @SuppressWarnings("unused") @BindParameter @Nullable HostConfiguration hostConfiguration,
        @BindParameter @Nullable HttpMethod methodObj) {
    if (methodObj == null) {
        return null;
    }
    String method = methodObj.getName();
    if (method == null) {
        method = "";
    } else {
        method += " ";
    }
    String uri;
    try {
        URI uriObj = methodObj.getURI();
        if (uriObj == null) {
            uri = "";
        } else {
            uri = uriObj.getURI();
            if (uri == null) {
                uri = "";
            }
        }
    } catch (URIException e) {
        uri = "";
    }
    return context.startServiceCallEntry("HTTP", method + Uris.stripQueryString(uri),
            MessageSupplier.create("http client request: {}{}", method, uri),
            timerName);
}
 

static String normalizeSite(URI uri) {
    String lead = uri.getScheme() + "://";
    try {
        return lead + uri.getAuthority();
    } catch (URIException e) {
        if (logger.isDebugEnabled()) {
            logger.debug("Unable to get authority from: " + uri.toString(), e);
        }
        // Shouldn't happen, but sure fallback
        return ScanPanel.cleanSiteName(uri.toString(), true);
    }
}
 

private HttpMessage sendHiddenFileRequest(HiddenFile file) {
    HttpMessage testMsg = getNewMsg();
    try {
        URI baseUri = getBaseMsg().getRequestHeader().getURI();
        URI testUri =
                new URI(
                        baseUri.getScheme(),
                        null,
                        baseUri.getHost(),
                        baseUri.getPort(),
                        generatePath(baseUri.getPath(), file.getPath()));
        testMsg.getRequestHeader().setURI(testUri);
        sendAndReceive(testMsg);
        return testMsg;
    } catch (URIException uEx) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(
                    "An error occurred creating or setting a URI for the: "
                            + getName()
                            + " scanner. "
                            + uEx.getMessage(),
                    uEx);
        }
    } catch (IOException e) {
        LOG.warn(
                "An error occurred while checking ["
                        + testMsg.getRequestHeader().getMethod()
                        + "] ["
                        + testMsg.getRequestHeader().getURI()
                        + "] for "
                        + getName()
                        + " Caught "
                        + e.getClass().getName()
                        + " "
                        + e.getMessage());
    }
    return null;
}
 

private HttpMessage createMessage() throws URIException {
    HttpRequestHeader requestHeader = new HttpRequestHeader();
    requestHeader.setMethod("GET");
    requestHeader.setURI(new URI("https://example.com/fred/", false));

    HttpMessage msg = new HttpMessage();
    msg.setRequestHeader(requestHeader);
    return msg;
}
 

protected HttpMessage getMockHttpMessage() throws URIException {
    HistoryReference mockHistoryRef = mock(HistoryReference.class);

    HttpRequestHeader mockReqHeader = mock(HttpRequestHeader.class);
    when(mockReqHeader.getURI()).thenReturn(new URI("http", "example.com", "/", ""));

    HttpMessage mockMessage = mock(HttpMessage.class);
    when(mockMessage.getHistoryRef()).thenReturn(mockHistoryRef);
    when(mockMessage.getRequestHeader()).thenReturn(mockReqHeader);

    return mockMessage;
}
 

@Test
public void shouldRaiseAlertIfRequestParamsValuesUsedInAttributes() throws Exception {
    // Given
    HttpMessage msg = createMessage();
    msg.getRequestHeader()
            .setURI(new URI("http://example.com/i.php?place=here&name=fred", false));
    msg.setResponseBody("<html><img src=\"x.jpg\" alt=\"fred, here\")></img></html>");
    // When
    scanHttpResponseReceive(msg);
    // Then
    assertThat(alertsRaised.size(), equalTo(1));
    assertThat(alertsRaised.get(0).getParam(), equalTo("name"));
}