org.parosproxy.paros.core.scanner

Class HostProcess

java.lang.Object

org.parosproxy.paros.core.scanner.HostProcess

All Implemented Interfaces:

Runnable

public class HostProcess
extends Object
implements Runnable

Constructor Summary

Constructors

Constructor and Description
HostProcess(String hostAndPort, Scanner parentScanner, ScannerParam scannerParam, ConnectionParam connectionParam, ScanPolicy scanPolicy) Deprecated. Use HostProcess(String, Scanner, ScannerParam, ConnectionParam, ScanPolicy, RuleConfigParam) instead. It will be removed in a future version.
HostProcess(String hostAndPort, Scanner parentScanner, ScannerParam scannerParam, ConnectionParam connectionParam, ScanPolicy scanPolicy, RuleConfigParam ruleConfigParam) Constructs a HostProcess.

Method Summary

Modifier and Type	Method and Description
void	addStartNode(StructuralNode startNode) Adds the given node, to start scanning from.
void	alertFound(Alert alert)
int	getAlertCount() Gets the alert count.
Analyser	getAnalyser() Give back the current process's Analyzer
List<Plugin>	getCompleted()
Context	getContext()
String	getHostAndPort()
HttpSender	getHttpSender()
int	getNewAlertCount()
List<Plugin>	getPending()
int	getPercentageComplete()
int	getPluginRequestCount(int pluginId) Gets the request count of the plugin with the given ID.
PluginStats	getPluginStats(int pluginId) Gets the stats of the Plugin with the given ID.
int	getRequestCount() Gets the count of requests sent (and received) by all Plugins and the Analyser.
List<Plugin>	getRunning()
ScannerParam	getScannerParam() Gets the scanner parameters.
String	getSkippedReason(Plugin plugin) Gets the reason why the given plugin was skipped.
TechSet	getTechSet() Gets the technologies to be used in the scan.
int	getTestCurrentCount(Plugin plugin) ZAP: method to get back the current progress status of a specific plugin
int	getTestTotalCount() Gets the number of messages that will be scanned.
boolean	handleAntiCsrfTokens()
protected boolean	isCustomPage(HttpMessage msg, CustomPage.Type cpType) Tells whether or not the message matches the specific CustomPage.Type.
boolean	isPaused() Check if the current host scan has been paused
boolean	isSkipped(Plugin plugin) Tells whether or not the given plugin was skipped (either programmatically or by the user).
boolean	isStop() Check if the current host scan has been stopped
protected boolean	nodeInScope(String nodeName)
void	notifyNewMessage(HttpMessage msg) Notifies interested parties that a new message was sent (and received).
void	notifyNewMessage(Plugin plugin) Notifies that the given plugin sent (and received) a non-HTTP message.
void	notifyNewMessage(Plugin plugin, HttpMessage message) Notifies that the given plugin sent (and received) the given HTTP message.
protected void	performScannerHookAfterScan(HttpMessage msg, AbstractPlugin plugin) ZAP: abstract plugin will call this method in order to invoke any extensions that have hooked into the active scanner
protected void	performScannerHookBeforeScan(HttpMessage msg, AbstractPlugin plugin) ZAP: abstract plugin will call this method in order to invoke any extensions that have hooked into the active scanner
void	pluginSkipped(int pluginId, String reason) Skips the plugin with the given ID with the given reason.
void	pluginSkipped(Plugin plugin) Skips the given plugin.
void	pluginSkipped(Plugin plugin, String reason) Skips the given plugin with the given reason.
void	run() Main execution method
void	setContext(Context context)
void	setPluginRequestCount(int pluginId, int reqCount) Deprecated. (2.5.0) No longer used/needed, Plugin's request count is automatically updated/maintained by HostProcess.
void	setStartNode(StructuralNode startNode) Sets the initial starting node.
void	setTechSet(TechSet techSet) Sets the technologies to be used in the scan.
void	setTestCurrentCount(Plugin plugin, int value) Deprecated. (2.5.0) No longer used/needed, Plugin's progress is automatically updated/maintained by HostProcess.
void	setUser(User user) Set the user to scan as.
void	stop() Stop the current scanning process

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HostProcess

@Deprecated
public HostProcess(String hostAndPort,
                               Scanner parentScanner,
                               ScannerParam scannerParam,
                               ConnectionParam connectionParam,
                               ScanPolicy scanPolicy)

Deprecated. Use HostProcess(String, Scanner, ScannerParam, ConnectionParam, ScanPolicy, RuleConfigParam) instead. It will be removed in a future version.

Constructs a HostProcess, with no rules' configurations.

Parameters:

hostAndPort - the host:port value of the site that need to be processed

parentScanner - the scanner instance which instantiated this process

scannerParam - the session scanner parameters

connectionParam - the connection parameters

scanPolicy - the scan policy

HostProcess

public HostProcess(String hostAndPort,
                   Scanner parentScanner,
                   ScannerParam scannerParam,
                   ConnectionParam connectionParam,
                   ScanPolicy scanPolicy,
                   RuleConfigParam ruleConfigParam)

Constructs a HostProcess.

Parameters:

hostAndPort - the host:port value of the site that need to be processed

parentScanner - the scanner instance which instantiated this process

scannerParam - the session scanner parameters

connectionParam - the connection parameters

scanPolicy - the scan policy

ruleConfigParam - the rules' configurations, might be null.

Since:

2.6.0

Method Detail

setStartNode

public void setStartNode(StructuralNode startNode)

Sets the initial starting node.

Nodes previously added are removed.

Parameters:

startNode - the start node we should start from

See Also:

addStartNode(StructuralNode)

addStartNode

public void addStartNode(StructuralNode startNode)

Adds the given node, to start scanning from.

Parameters:

startNode - a start node.

See Also:

setStartNode(StructuralNode)

stop

public void stop()

Stop the current scanning process

run

public void run()

Main execution method

Specified by:

run in interface Runnable

nodeInScope

protected boolean nodeInScope(String nodeName)

getTestTotalCount

public int getTestTotalCount()

Gets the number of messages that will be scanned.

Returns:

the number of messages that will be scanned.

getTestCurrentCount

public int getTestCurrentCount(Plugin plugin)

ZAP: method to get back the current progress status of a specific plugin

Parameters:

plugin - the plugin we're asking the progress

Returns:

the current managed test count

setTestCurrentCount

@Deprecated
public void setTestCurrentCount(Plugin plugin,
                                            int value)

Deprecated. (2.5.0) No longer used/needed, Plugin's progress is automatically updated/maintained by HostProcess.

Parameters:

plugin - unused

value - unused

getHttpSender

public HttpSender getHttpSender()

Returns:

Returns the httpSender.

isStop

public boolean isStop()

Check if the current host scan has been stopped

Returns:

true if the process has been stopped

isPaused

public boolean isPaused()

Check if the current host scan has been paused

Returns:

true if the process has been paused

getPercentageComplete

public int getPercentageComplete()

notifyNewMessage

public void notifyNewMessage(HttpMessage msg)

Notifies interested parties that a new message was sent (and received).

Plugins should call notifyNewMessage(Plugin) or notifyNewMessage(Plugin, HttpMessage), instead.

Parameters:

msg - the new HTTP message

Since:

1.2.0

notifyNewMessage

public void notifyNewMessage(Plugin plugin,
                             HttpMessage message)

Notifies that the given plugin sent (and received) the given HTTP message.

Parameters:

plugin - the plugin that sent the message

message - the message sent

Throws:

IllegalArgumentException - if the given plugin is null.

Since:

2.5.0

See Also:

notifyNewMessage(Plugin)

notifyNewMessage

public void notifyNewMessage(Plugin plugin)

Notifies that the given plugin sent (and received) a non-HTTP message.

The call to this method has no effect if there's no Plugin with the given ID (or, it was not yet started).

Parameters:

plugin - the plugin that sent a non-HTTP message

Throws:

IllegalArgumentException - if the given parameter is null.

Since:

2.5.0

See Also:

notifyNewMessage(Plugin, HttpMessage)

alertFound

public void alertFound(Alert alert)

getNewAlertCount

public int getNewAlertCount()

getAlertCount

public int getAlertCount()

Gets the alert count.

Returns:

the alert count.

Since:

2.7.0

getAnalyser

public Analyser getAnalyser()

Give back the current process's Analyzer

Returns:

the HTTP analyzer

handleAntiCsrfTokens

public boolean handleAntiCsrfTokens()

pluginSkipped

public void pluginSkipped(Plugin plugin)

Skips the given plugin.

Note: Whenever possible callers should use pluginSkipped(Plugin, String) instead.

Parameters:

plugin - the plugin that will be skipped, must not be null

Since:

2.4.0

pluginSkipped

public void pluginSkipped(int pluginId,
                          String reason)

Skips the plugin with the given ID with the given reason.

Ideally the reason should be internationalised as it is shown in the GUI.

Parameters:

pluginId - the ID of the plugin that will be skipped.

reason - the reason why the plugin was skipped, might be null.

Since:

2.7.0

See Also:

pluginSkipped(Plugin, String)

pluginSkipped

public void pluginSkipped(Plugin plugin,
                          String reason)

Skips the given plugin with the given reason.

Ideally the reason should be internationalised as it is shown in the GUI.

Parameters:

plugin - the plugin that will be skipped, must not be null

reason - the reason why the plugin was skipped, might be null

Since:

2.6.0

isSkipped

public boolean isSkipped(Plugin plugin)

Tells whether or not the given plugin was skipped (either programmatically or by the user).

Parameters:

plugin - the plugin that will be checked

Returns:

true if plugin was skipped, false otherwise

Since:

2.4.0

See Also:

getSkippedReason(Plugin)

getSkippedReason

public String getSkippedReason(Plugin plugin)

Gets the reason why the given plugin was skipped.

Parameters:

plugin - the plugin that will be checked

Returns:

the reason why the given plugin was skipped, might be null if not skipped or there's no reason

Since:

2.6.0

See Also:

isSkipped(Plugin)

getScannerParam

public ScannerParam getScannerParam()

Gets the scanner parameters.

Note: Not part of the public API.

Returns:

the scanner parameters.

getPending

public List<Plugin> getPending()

getRunning

public List<Plugin> getRunning()

getCompleted

public List<Plugin> getCompleted()

setUser

public void setUser(User user)

Set the user to scan as. If null then the current session will be used.

Parameters:

user - the user to scan as

getTechSet

public TechSet getTechSet()

Gets the technologies to be used in the scan.

Returns:

the technologies, never null (since 2.6.0)

Since:

2.4.0

setTechSet

public void setTechSet(TechSet techSet)

Sets the technologies to be used in the scan.

Parameters:

techSet - the technologies to be used during the scan

Throws:

IllegalArgumentException - (since 2.6.0) if the given parameter is null.

Since:

2.4.0

performScannerHookBeforeScan

protected void performScannerHookBeforeScan(HttpMessage msg,
                                            AbstractPlugin plugin)

ZAP: abstract plugin will call this method in order to invoke any extensions that have hooked into the active scanner

Parameters:

msg - the message being scanned

plugin - the plugin being run

performScannerHookAfterScan

protected void performScannerHookAfterScan(HttpMessage msg,
                                           AbstractPlugin plugin)

ZAP: abstract plugin will call this method in order to invoke any extensions that have hooked into the active scanner

Parameters:

msg - the message being scanned

plugin - the plugin being run

getHostAndPort

public String getHostAndPort()

setPluginRequestCount

@Deprecated
public void setPluginRequestCount(int pluginId,
                                              int reqCount)

Deprecated. (2.5.0) No longer used/needed, Plugin's request count is automatically updated/maintained by HostProcess.

Parameters:

pluginId - the ID of the plugin

reqCount - the number of requests sent

getPluginRequestCount

public int getPluginRequestCount(int pluginId)

Gets the request count of the plugin with the given ID.

Parameters:

pluginId - the ID of the plugin

Returns:

the request count

Since:

2.4.3

See Also:

getRequestCount()

getRequestCount

public int getRequestCount()

Gets the count of requests sent (and received) by all Plugins and the Analyser.

Returns:

the count of request sent

Since:

2.5.0

See Also:

getPluginRequestCount(int), getAnalyser()

getPluginStats

public PluginStats getPluginStats(int pluginId)

Gets the stats of the Plugin with the given ID.

Parameters:

pluginId - the ID of the plugin.

Returns:

the stats of the plugin, or null if not found.

Since:

2.7.0

isCustomPage

protected boolean isCustomPage(HttpMessage msg,
                               CustomPage.Type cpType)

Tells whether or not the message matches the specific CustomPage.Type. (Does not leverage Analyzer).

Parameters:

msg - the message that will be checked

cpType - the custom page type to be checked

Returns:

true if the message matches, false otherwise

Since:

2.10.0

getContext

public Context getContext()

setContext

public void setContext(Context context)