org.zaproxy.zap.extension.ascan

Class ScriptsActiveScanner

java.lang.Object

org.parosproxy.paros.core.scanner.AbstractPlugin

org.parosproxy.paros.core.scanner.AbstractAppPlugin

org.parosproxy.paros.core.scanner.AbstractAppParamPlugin

org.zaproxy.zap.extension.ascan.ScriptsActiveScanner

All Implemented Interfaces:

Comparable<Object>, Runnable, Plugin, ExampleAlertProvider

public class ScriptsActiveScanner
extends AbstractAppParamPlugin

Nested Class Summary

Nested classes/interfaces inherited from class org.parosproxy.paros.core.scanner.AbstractPlugin

AbstractPlugin.AlertBuilder

Nested classes/interfaces inherited from interface org.parosproxy.paros.core.scanner.Plugin

Plugin.AlertThreshold, Plugin.AttackStrength

Field Summary

Fields inherited from class org.parosproxy.paros.core.scanner.AbstractPlugin

CRLF, PATTERN_PARAM

Constructor Summary

Constructors

Constructor and Description
ScriptsActiveScanner()

Method Summary

Modifier and Type	Method and Description
int	getCategory() Gets the category of this scanner.
int	getCweId() Gets the CWE ID of the issue(s) raised by the scanner.
String[]	getDependency() Returns no dependencies by default.
String	getDescription() Default description of this plugin.
int	getId() Unique Paros ID of this plugin.
String	getName() Plugin name.
String	getReference() Reference document provided by this plugin.
int	getRisk() Gets the highest risk level of the alerts raised by the plugin.
String	getSolution() Default solution returned by this plugin.
int	getWascId() Gets the WASC ID of the issue(s) raised by the scanner.
void	init() Finishes the initialisation of the plugin, subclasses should add any initialisation logic/code to this method.
boolean	isPage200(HttpMessage msg) Tells whether or not the message matches CustomPage.Type.OK_200 definitions.
boolean	isPage404(HttpMessage msg) Tells whether or not the message matches a CustomPage.Type.NOTFOUND_404 definition.
boolean	isPage500(HttpMessage msg) Tells whether or not the message matches CustomPage.Type.ERROR_500 definitions.
boolean	isPageOther(HttpMessage msg) Tells whether or not the message matches CustomPage.Type.OTHER definitions.
boolean	isStop() Check if this test should be stopped.
AbstractPlugin.AlertBuilder	newAlert() Returns a new alert builder.
void	raiseAlert(int risk, int confidence, String name, String description, String uri, String param, String attack, String otherInfo, String solution, String evidence, int cweId, int wascId, HttpMessage msg) Deprecated. (2.9.0) Use newAlert() to build and raise alerts.
void	raiseAlert(int risk, int confidence, String name, String description, String uri, String param, String attack, String otherInfo, String solution, String evidence, String reference, int cweId, int wascId, HttpMessage msg) Deprecated. (2.9.0) Use newAlert() to build and raise alerts.
void	scan() Scans the target server using the message previously set during initialisation.
void	scan(HttpMessage msg, String param, String value) Plugin method that need to be implemented for the specific test.
void	sendAndReceive(HttpMessage msg) Sends and receives the given message, always following redirections.
void	sendAndReceive(HttpMessage msg, boolean isFollowRedirect) Sends and receives the given message, optionally following redirections.
void	sendAndReceive(HttpMessage msg, boolean isFollowRedirect, boolean handleAntiCSRF) Sends and receives the given message, optionally following redirections and optionally regenerating anti-CSRF token, if any.
String	setParam(HttpMessage msg, String param, String value)

Methods inherited from class org.parosproxy.paros.core.scanner.AbstractAppParamPlugin

getBuilder, scan, scan, setEscapedParameter, setParameter, setParameters

Methods inherited from class org.parosproxy.paros.core.scanner.AbstractAppPlugin

notifyPluginCompleted

Methods inherited from class org.parosproxy.paros.core.scanner.AbstractPlugin

bingo, bingo, bingo, bingo, bingo, bingo, cloneInto, compareTo, createParamIfNotExist, equals, getAlertTags, getAlertThreshold, getAlertThreshold, getAlertThresholdsSupported, getAttackStrength, getAttackStrength, getAttackStrengthsSupported, getBaseMsg, getCodeName, getConfig, getDelayInMs, getHTMLEncode, getKb, getLog, getLogger, getNewMsg, getParent, getProperty, getStatus, getTechSet, getTimeFinished, getTimeStarted, getURLDecode, getURLEncode, hashCode, init, inScope, isAnyInScope, isClientError, isDepreciated, isEnabled, isFileExist, isServerError, isSuccess, isVisible, loadFrom, matchBodyPattern, matchHeaderPattern, run, saveTo, setAlertThreshold, setAttackStrength, setConfig, setDefaultAlertThreshold, setDefaultAttackStrength, setDelayInMs, setEnabled, setProperty, setStatus, setTechSet, setTimeFinished, setTimeStarted, stripOff, targets, writeProgress

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.parosproxy.paros.core.scanner.Plugin

getExampleAlerts

Constructor Detail

ScriptsActiveScanner

public ScriptsActiveScanner()

Method Detail

getId

public int getId()

Description copied from interface: Plugin

Unique Paros ID of this plugin.

Returns:

the ID

getName

public String getName()

Description copied from interface: Plugin

Plugin name. This is the human readable plugin name for display.

Returns:

the internationalised name

getDependency

public String[] getDependency()

Description copied from class: AbstractPlugin

Returns no dependencies by default.

Specified by:

getDependency in interface Plugin

Overrides:

getDependency in class AbstractPlugin

Returns:

an empty array (that is, no dependencies)

getDescription

public String getDescription()

Description copied from interface: Plugin

Default description of this plugin.

Returns:

the description

getCategory

public int getCategory()

Description copied from interface: Plugin

Gets the category of this scanner.

Returns:

the category of the scanner

See Also:

Category

getSolution

public String getSolution()

Description copied from interface: Plugin

Default solution returned by this plugin.

Returns:

the solution

getReference

public String getReference()

Description copied from interface: Plugin

Reference document provided by this plugin.

Returns:

the references

init

public void init()

Description copied from class: AbstractPlugin

Finishes the initialisation of the plugin, subclasses should add any initialisation logic/code to this method.

Called after the plugin has been initialised with the message being scanned. By default it does nothing.

Since 2.5.0 it is no longer abstract.

Overrides:

init in class AbstractPlugin

See Also:

AbstractPlugin.init(HttpMessage, HostProcess)

scan

public void scan()

Description copied from interface: Plugin

Scans the target server using the message previously set during initialisation.

Specified by:

scan in interface Plugin

Overrides:

scan in class AbstractAppParamPlugin

See Also:

Plugin.init(HttpMessage, HostProcess)

scan

public void scan(HttpMessage msg,
                 String param,
                 String value)

Description copied from class: AbstractAppParamPlugin

Plugin method that need to be implemented for the specific test. The passed message is a copy which maintains only the Request's information so if the plugin need to manage the original Response body a getBaseMsg() call should be done. the param name and the value are the original value retrieved by the crawler and the current applied Variant.

Overrides:

scan in class AbstractAppParamPlugin

Parameters:

msg - a copy of the HTTP message currently under scanning

param - the name of the parameter under testing

value - the clean value (no escaping is needed)

isStop

public boolean isStop()

Description copied from class: AbstractPlugin

Check if this test should be stopped. It should be checked periodically in Plugin (e.g. when in loops) so the HostProcess can stop this Plugin cleanly.

Overrides:

isStop in class AbstractPlugin

Returns:

true if the scanner should stop, false otherwise

setParam

public String setParam(HttpMessage msg,
                       String param,
                       String value)

sendAndReceive

public void sendAndReceive(HttpMessage msg)
                    throws org.apache.commons.httpclient.HttpException,
                           IOException

Description copied from class: AbstractPlugin

Sends and receives the given message, always following redirections.

The following changes are made to the request before being sent:

• The anti-CSRF token contained in the message will be handled/regenerated, if any;
• The request headers HttpHeader.IF_MODIFIED_SINCE and HttpHeader.IF_NONE_MATCH are removed, to always obtain a fresh response;
• The header HttpHeader.CONTENT_LENGTH is updated, to match the length of the request body.
• Changes done by HttpSenderListener (for example, scripts).

Overrides:

sendAndReceive in class AbstractPlugin

Parameters:

msg - the message to be sent and received

Throws:

org.apache.commons.httpclient.HttpException - if a HTTP error occurred

IOException - if an I/O error occurred (for example, read time out)

See Also:

AbstractPlugin.sendAndReceive(HttpMessage, boolean), AbstractPlugin.sendAndReceive(HttpMessage, boolean, boolean)

sendAndReceive

public void sendAndReceive(HttpMessage msg,
                           boolean isFollowRedirect)
                    throws org.apache.commons.httpclient.HttpException,
                           IOException

Description copied from class: AbstractPlugin

Sends and receives the given message, optionally following redirections.

The following changes are made to the request before being sent:

• The anti-CSRF token contained in the message will be handled/regenerated, if any;
• The request headers HttpHeader.IF_MODIFIED_SINCE and HttpHeader.IF_NONE_MATCH are removed, to always obtain a fresh response;
• The header HttpHeader.CONTENT_LENGTH is updated, to match the length of the request body.
• Changes done by HttpSenderListener (for example, scripts).

Overrides:

sendAndReceive in class AbstractPlugin

Parameters:

msg - the message to be sent and received

isFollowRedirect - true if redirections should be followed, false otherwise

Throws:

org.apache.commons.httpclient.HttpException - if a HTTP error occurred

IOException - if an I/O error occurred (for example, read time out)

See Also:

AbstractPlugin.sendAndReceive(HttpMessage), AbstractPlugin.sendAndReceive(HttpMessage, boolean, boolean)

sendAndReceive

public void sendAndReceive(HttpMessage msg,
                           boolean isFollowRedirect,
                           boolean handleAntiCSRF)
                    throws org.apache.commons.httpclient.HttpException,
                           IOException

Description copied from class: AbstractPlugin

Sends and receives the given message, optionally following redirections and optionally regenerating anti-CSRF token, if any.

The following changes are made to the request before being sent:

• The request headers HttpHeader.IF_MODIFIED_SINCE and HttpHeader.IF_NONE_MATCH are removed, to always obtain a fresh response;
• The header HttpHeader.CONTENT_LENGTH is updated, to match the length of the request body.
• Changes done by HttpSenderListener (for example, scripts).

Overrides:

sendAndReceive in class AbstractPlugin

Parameters:

msg - the message to be sent and received

isFollowRedirect - true if redirections should be followed, false otherwise

handleAntiCSRF - true if the anti-CSRF token present in the request should be handled/regenerated, false otherwise

Throws:

org.apache.commons.httpclient.HttpException - if a HTTP error occurred

IOException - if an I/O error occurred (for example, read time out)

See Also:

AbstractPlugin.sendAndReceive(HttpMessage), AbstractPlugin.sendAndReceive(HttpMessage, boolean)

newAlert

public AbstractPlugin.AlertBuilder newAlert()

Description copied from class: AbstractPlugin

Returns a new alert builder.

By default the alert builder sets the following fields of the alert:

• Plugin ID - using Plugin.getId()
• Name - using Plugin.getName()
• Risk - using AbstractPlugin.getRisk()
• Description - using Plugin.getDescription()
• Solution - using Plugin.getSolution()
• Reference - using Plugin.getReference()
• CWE ID - using AbstractPlugin.getCweId()
• WASC ID - using AbstractPlugin.getWascId()
• URI - from the alert message
• Alert Tags - using AbstractPlugin.getAlertTags()

Overrides:

newAlert in class AbstractPlugin

Returns:

the alert builder.

Since:

2.9.0

raiseAlert

@Deprecated
public void raiseAlert(int risk,
                                   int confidence,
                                   String name,
                                   String description,
                                   String uri,
                                   String param,
                                   String attack,
                                   String otherInfo,
                                   String solution,
                                   String evidence,
                                   int cweId,
                                   int wascId,
                                   HttpMessage msg)

Deprecated. (2.9.0) Use newAlert() to build and raise alerts.

raiseAlert

@Deprecated
public void raiseAlert(int risk,
                                   int confidence,
                                   String name,
                                   String description,
                                   String uri,
                                   String param,
                                   String attack,
                                   String otherInfo,
                                   String solution,
                                   String evidence,
                                   String reference,
                                   int cweId,
                                   int wascId,
                                   HttpMessage msg)

Deprecated. (2.9.0) Use newAlert() to build and raise alerts.

getRisk

public int getRisk()

Description copied from interface: Plugin

Gets the highest risk level of the alerts raised by the plugin.

Specified by:

getRisk in interface Plugin

Overrides:

getRisk in class AbstractPlugin

Returns:

the highest risk level of the alerts raised by the plugin.

See Also:

Alert.RISK_HIGH, Alert.RISK_MEDIUM, Alert.RISK_LOW, Alert.RISK_INFO

getCweId

public int getCweId()

Description copied from interface: Plugin

Gets the CWE ID of the issue(s) raised by the scanner.

Specified by:

getCweId in interface Plugin

Overrides:

getCweId in class AbstractPlugin

Returns:

the CWE ID, -1 if unknown.

See Also:

CWE - Common Weakness Enumeration

getWascId

public int getWascId()

Description copied from interface: Plugin

Gets the WASC ID of the issue(s) raised by the scanner.

Specified by:

getWascId in interface Plugin

Overrides:

getWascId in class AbstractPlugin

Returns:

the WASC ID, -1 if unknown.

See Also:

The WASC Threat Classification

isPage200

public boolean isPage200(HttpMessage msg)

Description copied from class: AbstractPlugin

Tells whether or not the message matches CustomPage.Type.OK_200 definitions. Falls back to use Analyser which analyzes specific behavior and status codes. Checks if the message matches CustomPage.Type.ERROR_500 or CusotmPage.Type.NOTFOUND_404 first, in case the user is trying to override something.

Overrides:

isPage200 in class AbstractPlugin

Parameters:

msg - the message that will be checked

Returns:

true if the message matches, false otherwise

isPage404

public boolean isPage404(HttpMessage msg)

Description copied from class: AbstractPlugin

Tells whether or not the message matches a CustomPage.Type.NOTFOUND_404 definition. Falls back to Analyser. Checks if the message matches CustomPage.Type.OK_200 or CustomPage.Type.ERROR_500 first, in case the user is trying to override something.

Overrides:

isPage404 in class AbstractPlugin

Parameters:

msg - the message that will be checked

Returns:

true if the message matches, false otherwise

isPage500

public boolean isPage500(HttpMessage msg)

Description copied from class: AbstractPlugin

Tells whether or not the message matches CustomPage.Type.ERROR_500 definitions. Falls back to simply checking the response status code for "500 - Internal Server Error". Checks if the message matches CustomPage.Type.OK_200 or CusotmPage.Type.NOTFOUND_404 first, in case the user is trying to override something.

Overrides:

isPage500 in class AbstractPlugin

Parameters:

msg - the message that will be checked

Returns:

true if the message matches, false otherwise

isPageOther

public boolean isPageOther(HttpMessage msg)

Description copied from class: AbstractPlugin

Tells whether or not the message matches CustomPage.Type.OTHER definitions.

Overrides:

isPageOther in class AbstractPlugin

Parameters:

msg - the message that will be checked

Returns:

true if the message matches, false otherwise