Java Code Examples for org.apache.commons.httpclient.URI#getHost()
The following examples show how to use
org.apache.commons.httpclient.URI#getHost() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ScanTarget.java From zap-extensions with Apache License 2.0 | 6 votes |
|
public ScanTarget(URI uri) {
this.uri = copyURI(uri);
this.scheme = uri.getScheme();
try {
this.host = uri.getHost();
} catch (URIException e) {
throw new IllegalArgumentException("Failed to get host from URI: " + e.getMessage(), e);
}
this.port = getPort(scheme, uri.getPort());
try {
this.uri.setPath(null);
this.uri.setQuery(null);
this.uri.setFragment(null);
} catch (URIException ignore) {
// It's safe to set the URI query, path and fragment components to null.
}
this.stringRepresentation = createHostPortString(host, port);
buildHtmlStringRepresentation();
}
Example 2
| Source File: InformationDisclosureReferrerScanRule.java From zap-extensions with Apache License 2.0 | 6 votes |
|
private boolean isRequestedURLSameDomainAsHTTPReferrer(String host, String referrerURL) {
boolean result = false;
if (referrerURL.startsWith("/")) {
result = true;
} else {
try {
URI referrerURI = new URI(referrerURL, true);
if (referrerURI.getHost() != null
&& referrerURI.getHost().toLowerCase().equals(host.toLowerCase())) {
result = true;
}
} catch (URIException e) {
logger.debug("Error: " + e.getMessage());
}
}
return result;
}
Example 3
| Source File: CrossDomainScriptInclusionScanRule.java From zap-extensions with Apache License 2.0 | 5 votes |
|
private boolean isScriptFromOtherDomain(String host, String scriptURL, HttpMessage msg) {
if (!scriptURL.startsWith("//")
&& (scriptURL.startsWith("/")
|| scriptURL.startsWith("./")
|| scriptURL.startsWith("../"))) {
return false;
}
boolean otherDomain = false;
try {
URI scriptURI = new URI(scriptURL, true);
String scriptURIStr = scriptURI.toString();
String scriptHost = scriptURI.getHost();
if (scriptHost != null && !scriptHost.toLowerCase().equals(host.toLowerCase())) {
otherDomain = true;
}
if (otherDomain && !Plugin.AlertThreshold.LOW.equals(this.getAlertThreshold())) {
// Get a list of contexts that contain the original URL
List<Context> contextList =
getModel()
.getSession()
.getContextsForUrl(msg.getRequestHeader().getURI().toString());
for (Context context : contextList) {
if (context.isInContext(scriptURIStr)) {
// The scriptURI is in a context that the original URI is in
// At MEDIUM and HIGH Threshold consider this an OK cross domain inclusion
return false; // No need to loop further
}
}
}
} catch (URIException e) {
logger.debug("Error: " + e.getMessage());
}
return otherDomain;
}
Example 4
| Source File: HiddenFilesScanRule.java From zap-extensions with Apache License 2.0 | 5 votes |
|
private HttpMessage sendHiddenFileRequest(HiddenFile file) {
HttpMessage testMsg = getNewMsg();
try {
URI baseUri = getBaseMsg().getRequestHeader().getURI();
URI testUri =
new URI(
baseUri.getScheme(),
null,
baseUri.getHost(),
baseUri.getPort(),
generatePath(baseUri.getPath(), file.getPath()));
testMsg.getRequestHeader().setURI(testUri);
sendAndReceive(testMsg);
return testMsg;
} catch (URIException uEx) {
if (LOG.isDebugEnabled()) {
LOG.debug(
"An error occurred creating or setting a URI for the: "
+ getName()
+ " scanner. "
+ uEx.getMessage(),
uEx);
}
} catch (IOException e) {
LOG.warn(
"An error occurred while checking ["
+ testMsg.getRequestHeader().getMethod()
+ "] ["
+ testMsg.getRequestHeader().getURI()
+ "] for "
+ getName()
+ " Caught "
+ e.getClass().getName()
+ " "
+ e.getMessage());
}
return null;
}
Example 5
| Source File: SsoUtil.java From iaf with Apache License 2.0 | 5 votes |
|
public static void addSsoCredential(HttpMethod method, HttpState state, String defaultForwardHost) {
try {
String name=SsoUtil.getSsoTokenName();
String value=SsoUtil.getSsoToken();
if (StringUtils.isEmpty(value)) {
if (log.isDebugEnabled()) log.debug("no value for SsoCredential ["+name+"]");
} else {
if (log.isDebugEnabled()) log.debug("constructing SsoCredentialCookie ["+name+"]");
Cookie ssoCookie = new Cookie();
ssoCookie.setName(name);
ssoCookie.setValue(value);
String forwardHost;
try {
URI uri = method.getURI();
forwardHost = uri.getHost();
if (StringUtils.isEmpty(forwardHost)) {
if (log.isDebugEnabled()) log.debug("did not find host from URI ["+uri.getURI()+"], will use default ["+defaultForwardHost+"] for SSO credential cookie");
forwardHost=defaultForwardHost;
}
} catch (Throwable t) {
log.warn("could not extract host from URI", t);
forwardHost = defaultForwardHost;
}
ssoCookie.setDomain(forwardHost);
// path must have a value, otherwise cookie is not appended to request
ssoCookie.setPath("/");
if (log.isDebugEnabled()) log.debug("set SSOcookie attributes: domain ["+ssoCookie.getDomain()+"] path ["+ssoCookie.getPath()+"]");
state.addCookie(ssoCookie);
}
} catch (Exception e) {
log.warn("could not obtain SsoToken: "+e.getMessage());
}
}
