List of usage examples for org.apache.commons.httpclient URI clone
@Override public synchronized Object clone() throws CloneNotSupportedException
From source file:org.parosproxy.paros.core.scanner.Analyser.java
/** * Analyse a single folder entity. Results are stored into * mAnalysedEntityTable.//from w ww . ja v a 2s. c o m */ private void analyse(StructuralNode node) throws Exception { // if analysed already, return; // move to host part if (node.getHistoryReference() == null) { return; } if (!parent.nodeInScope(node.getName())) { return; } // ZAP: Removed unnecessary cast. HttpMessage baseMsg = node.getHistoryReference().getHttpMessage(); URI baseUri = (URI) baseMsg.getRequestHeader().getURI().clone(); baseUri.setQuery(null); //System.out.println("analysing: " + baseUri.toString()); // already exist one. no need to test if (mapVisited.get(baseUri.toString()) != null) { return; } String path = getRandomPathSuffix(node, baseUri); HttpMessage msg = baseMsg.cloneRequest(); URI uri = (URI) baseUri.clone(); uri.setPath(path); msg.getRequestHeader().setURI(uri); //System.out.println("analysing 2: " + uri); sendAndReceive(msg); // standard RFC response, no further check is needed if (msg.getResponseHeader().getStatusCode() == HttpStatusCode.NOT_FOUND) { addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_RFC); return; } if (HttpStatusCode.isRedirection(msg.getResponseHeader().getStatusCode())) { addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_REDIRECT); return; } if (msg.getResponseHeader().getStatusCode() != HttpStatusCode.OK) { addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_NON_RFC); return; } HttpMessage msg2 = baseMsg.cloneRequest(); URI uri2 = msg2.getRequestHeader().getURI(); String path2 = getRandomPathSuffix(node, uri2); uri2 = (URI) baseUri.clone(); uri2.setPath(path2); msg2.getRequestHeader().setURI(uri2); sendAndReceive(msg2); // remove HTML HEAD as this may contain expiry time which dynamic changes String resBody1 = msg.getResponseBody().toString().replaceAll(p_REMOVE_HEADER, ""); String resBody2 = msg2.getResponseBody().toString().replaceAll(p_REMOVE_HEADER, ""); // check if page is static. If so, remember this static page if (resBody1.equals(resBody2)) { msg.getResponseBody().setBody(resBody1); addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_STATIC); return; } // else check if page is dynamic but deterministic resBody1 = resBody1.replaceAll(getPathRegex(uri), "").replaceAll("\\s[012]\\d:[0-5]\\d:[0-5]\\d\\s", ""); resBody2 = resBody2.replaceAll(getPathRegex(uri2), "").replaceAll("\\s[012]\\d:[0-5]\\d:[0-5]\\d\\s", ""); if (resBody1.equals(resBody2)) { msg.getResponseBody().setBody(resBody1); addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_DYNAMIC_BUT_DETERMINISTIC); return; } // else mark app "undeterministic". addAnalysedHost(baseUri, msg, SampleResponse.ERROR_PAGE_UNDETERMINISTIC); }
From source file:org.parosproxy.paros.core.scanner.Analyser.java
private String getPathRegex(URI uri) throws URIException { URI newUri;/* w w w . j av a2 s . c o m*/ // ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient try { newUri = (URI) uri.clone(); } catch (CloneNotSupportedException e) { throw new URIException(e.getMessage()); } String query = newUri.getQuery(); StringBuilder sb = new StringBuilder(100); // case should be sensitive //sb.append("(?i)"); newUri.setQuery(null); sb.append(newUri.toString().replaceAll("\\.", "\\.")); if (query != null) { String queryPattern = "(\\?" + query + ")?"; sb.append(queryPattern); } return sb.toString(); }
From source file:org.parosproxy.paros.core.scanner.Kb.java
public synchronized void add(URI uri, String key, Object value) { // ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient try {/*from w w w.j a v a 2s . c om*/ uri = (URI) uri.clone(); } catch (CloneNotSupportedException e1) { return; } // ZAP: Removed variable (TreeMap map). try { uri.setQuery(null); } catch (URIException e) { // ZAP: Added logging. logger.error(e.getMessage(), e); return; } // ZAP: Moved to after the try catch block. String uriKey = uri.toString(); // ZAP: Added the type arguments. TreeMap<String, Object> map = mapURI.get(uriKey); if (map == null) { // ZAP: Added the type argument. map = new TreeMap<>(); mapURI.put(uriKey, map); } // ZAP: Removed else branch. add(map, key, value); }
From source file:org.parosproxy.paros.core.scanner.Kb.java
public synchronized Vector<Object> getList(URI uri, String key) { // ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient try {/*from w w w. ja v a 2 s .com*/ uri = (URI) uri.clone(); } catch (CloneNotSupportedException e1) { return null; } // ZAP: Removed variable (TreeMap map). try { uri.setQuery(null); } catch (URIException e) { // ZAP: Added logging. logger.error(e.getMessage(), e); return null; } // ZAP: Moved to after the try catch block. String uriKey = uri.toString(); // ZAP: Added the type argument and removed the instanceof. TreeMap<String, Object> map = mapURI.get(uriKey); if (map == null) { return null; } // ZAP: Removed else branch. return getList(map, key); }
From source file:org.parosproxy.paros.extension.filter.FilterLogGetQuery.java
@Override public void onHttpRequestSend(HttpMessage httpMessage) { HttpRequestHeader reqHeader = httpMessage.getRequestHeader(); if (reqHeader != null && reqHeader.isText() && !reqHeader.isImage()) { if (reqHeader.getMethod().equalsIgnoreCase(HttpRequestHeader.GET)) { try { URI uri = reqHeader.getURI(); // ZAP: Removed unused variable (int pos). String firstline; URI newURI = (URI) uri.clone(); String query = newURI.getQuery(); if (query != null) { newURI.setQuery(null); firstline = newURI.toString(); // ZAP: Added type arguments. Hashtable<String, String> param = parseParameter(query); writeLogFile(firstline, param); } else { firstline = uri.toString(); writeLogFile(firstline, null); }/*from ww w .j av a 2s . c om*/ } catch (Exception aa) { logger.error(aa.getMessage(), aa); } } } }
From source file:org.parosproxy.paros.extension.filter.FilterLogPostQuery.java
@Override public void onHttpRequestSend(HttpMessage httpMessage) { HttpRequestHeader reqHeader = httpMessage.getRequestHeader(); if (reqHeader != null && reqHeader.isText() && !reqHeader.isImage()) { if (reqHeader.getMethod().equalsIgnoreCase(HttpRequestHeader.POST)) { try { URI uri = reqHeader.getURI(); // ZAP: Removed unused variable (int pos). String firstline; URI newURI = (URI) uri.clone(); String query = httpMessage.getRequestBody().toString(); if (query != null) { newURI.setQuery(null); firstline = newURI.toString(); // ZAP: Added type arguments. Hashtable<String, String> param = parseParameter(query); writeLogFile(firstline, param); } else { firstline = uri.toString(); writeLogFile(firstline, null); }//from ww w .j a v a 2 s.c o m } catch (Exception e) { logger.error(e.getMessage(), e); } } } }
From source file:org.zaproxy.zap.extension.bruteforce.ScanTarget.java
private static URI copyURI(URI uri) { try {/* w ww.j a va 2 s . c o m*/ return (URI) uri.clone(); } catch (CloneNotSupportedException ignore) { // Doesn't actually throw the exception. return null; } }