Java Code Examples for org.apache.commons.httpclient.URI#getAuthority()

The following examples show how to use org.apache.commons.httpclient.URI#getAuthority() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SourceCodeDisclosureWEBINF.java    From zap-extensions with Apache License 2.0 5 votes vote down vote up
/**
 * gets a candidate URI for a given class path.
 *
 * @param classname
 * @return
 * @throws URIException
 */
private URI getClassURI(URI hostURI, String classname) throws URIException {
    return new URI(
            hostURI.getScheme()
                    + "://"
                    + hostURI.getAuthority()
                    + "/WEB-INF/classes/"
                    + classname.replaceAll("\\.", "/")
                    + ".class",
            false);
}
 
Example 2
Source File: SourceCodeDisclosureWEBINF.java    From zap-extensions with Apache License 2.0 5 votes vote down vote up
private URI getPropsFileURI(URI hostURI, String propsfilename) throws URIException {
    return new URI(
            hostURI.getScheme()
                    + "://"
                    + hostURI.getAuthority()
                    + "/WEB-INF/classes/"
                    + propsfilename,
            false);
}
 
Example 3
Source File: ExtensionWappalyzer.java    From zap-extensions with Apache License 2.0 5 votes vote down vote up
static String normalizeSite(URI uri) {
    String lead = uri.getScheme() + "://";
    try {
        return lead + uri.getAuthority();
    } catch (URIException e) {
        if (logger.isDebugEnabled()) {
            logger.debug("Unable to get authority from: " + uri.toString(), e);
        }
        // Shouldn't happen, but sure fallback
        return ScanPanel.cleanSiteName(uri.toString(), true);
    }
}
 
Example 4
Source File: CrossDomainScanner.java    From zap-extensions with Apache License 2.0 4 votes vote down vote up
private void scanSilverlightCrossdomainPolicyFile(URI originalURI)
        throws IOException, XPathExpressionException {
    // retrieve the Silverlight client access policy file, and assess it.
    HttpMessage clientaccesspolicymessage =
            new HttpMessage(
                    new URI(
                            originalURI.getScheme(),
                            originalURI.getAuthority(),
                            "/" + SILVERLIGHT_CROSS_DOMAIN_POLICY_FILE,
                            null,
                            null));
    sendAndReceive(clientaccesspolicymessage, false);

    if (clientaccesspolicymessage.getResponseBody().length() == 0) {
        return;
    }

    byte[] clientaccesspolicymessagebytes =
            clientaccesspolicymessage.getResponseBody().getBytes();

    // parse the file. If it's not parseable, it might have been because of a 404
    try {
        // work around the "no protocol" issue by wrapping the content in a ByteArrayInputStream
        Document silverlightXmldoc =
                docBuilder.parse(
                        new InputSource(
                                new ByteArrayInputStream(clientaccesspolicymessagebytes)));
        XPathExpression exprAllowFromUri =
                xpath.compile(
                        "/access-policy/cross-domain-access/policy/allow-from/domain/@uri"); // gets the uri attributes
        // check the "allow-from" policies
        NodeList exprAllowFromUriNodes =
                (NodeList) exprAllowFromUri.evaluate(silverlightXmldoc, XPathConstants.NODESET);
        for (int i = 0; i < exprAllowFromUriNodes.getLength(); i++) {
            String uri = exprAllowFromUriNodes.item(i).getNodeValue();
            if (uri.equals("*")) {
                // tut, tut, tut.
                if (log.isDebugEnabled())
                    log.debug(
                            "Bingo! "
                                    + SILVERLIGHT_CROSS_DOMAIN_POLICY_FILE
                                    + ", at /access-policy/cross-domain-access/policy/allow-from/domain/@uri");
                newAlert()
                        .setConfidence(Alert.CONFIDENCE_MEDIUM)
                        .setName(
                                Constant.messages.getString(
                                        MESSAGE_PREFIX_SILVERLIGHT + "name"))
                        .setDescription(
                                Constant.messages.getString(
                                        MESSAGE_PREFIX_SILVERLIGHT + "desc"))
                        .setOtherInfo(
                                Constant.messages.getString(
                                        MESSAGE_PREFIX_SILVERLIGHT + "extrainfo"))
                        .setSolution(
                                Constant.messages.getString(
                                        MESSAGE_PREFIX_SILVERLIGHT + "soln"))
                        .setEvidence("<domain uri=\"*\"")
                        .setMessage(clientaccesspolicymessage)
                        .raise();
            }
        }

    } catch (SAXException | IOException e) {
        // Could well be a 404 or equivalent
        log.debug(
                "An error occurred trying to parse "
                        + SILVERLIGHT_CROSS_DOMAIN_POLICY_FILE
                        + " as XML: "
                        + e);
    }
}
 
Example 5
Source File: PopupMenuCallGraph.java    From zap-extensions with Apache License 2.0 4 votes vote down vote up
@Override
public void performAction(HttpMessage httpMessage) {
    // get the URI of the message
    String uri = null;
    String sitePattern = ".*";
    String title = null;
    if (httpMessage != null) {
        try {
            uri = httpMessage.getRequestHeader().getURI().getURI();
        } catch (Exception e1) {
            log.debug("The URI is not valid");
        }
    }

    switch (nodeType) {
        case ALL_SITES:
            log.debug("Doing stuff for the entire site, given message: " + uri);
            sitePattern = ".*";
            title = POPUP_MENU_ALL_SITES;
            break;
        case ONE_SITE:
            log.debug("Doing stuff for the subtree, given message: " + uri);
            // parse out the scheme and authority, which is what we will use to filter
            // requests for a single site.
            try {
                // sitePattern = httpMessage.getRequestHeader().getURI().getAboveHierPath()
                // + "/.*";
                URI x = httpMessage.getRequestHeader().getURI();
                sitePattern = x.getScheme() + "://" + x.getAuthority() + "/.*";
                title = sitePattern;
            } catch (URIException e) {
                sitePattern = "";
                title = Constant.messages.getString("callgraph.title.unknownsite");
                log.error("The URL is invalid");
            }
            break;
    }
    // now create the frame and display it.
    if (log.isDebugEnabled())
        log.debug("Creating regular expression based on ^" + sitePattern + "$");
    Pattern urlPattern = Pattern.compile("^" + sitePattern + "$", Pattern.CASE_INSENSITIVE);

    CallGraphFrame dialog = getCallGraphFrame(title, urlPattern);
    dialog.setVisible(true);
}