public abstract class AbstractAppParamPlugin extends AbstractAppPlugin
Plugin.AlertThreshold, Plugin.AttackStrength
CRLF, PATTERN_PARAM
Constructor and Description |
---|
AbstractAppParamPlugin() |
Modifier and Type | Method and Description |
---|---|
void |
scan()
Scans the target server using the message previously set during initialisation.
|
void |
scan(HttpMessage msg,
NameValuePair originalParam)
General method for a specific Parameter scanning, which allows developers to access all the
settings specific of the parameters like the place/type where the name/value pair has been
retrieved.
|
abstract void |
scan(HttpMessage msg,
String param,
String value)
Plugin method that need to be implemented for the specific test.
|
protected String |
setEscapedParameter(HttpMessage message,
String param,
String value)
Sets the parameter into the given
message . |
protected String |
setParameter(HttpMessage message,
String param,
String value)
Sets the parameter into the given
message . |
notifyPluginCompleted
bingo, bingo, bingo, bingo, bingo, bingo, cloneInto, compareTo, createParamIfNotExist, equals, getAlertThreshold, getAlertThreshold, getAlertThresholdsSupported, getAttackStrength, getAttackStrength, getAttackStrengthsSupported, getBaseMsg, getCodeName, getConfig, getCweId, getDelayInMs, getDependency, getHTMLEncode, getKb, getLog, getNewMsg, getParent, getProperty, getRisk, getStatus, getTechSet, getTimeFinished, getTimeStarted, getURLDecode, getURLEncode, getWascId, hashCode, init, init, inScope, isAnyInScope, isDepreciated, isEnabled, isFileExist, isStop, isVisible, loadFrom, matchBodyPattern, matchHeaderPattern, run, saveTo, sendAndReceive, sendAndReceive, sendAndReceive, setAlertThreshold, setAttackStrength, setConfig, setDefaultAlertThreshold, setDefaultAttackStrength, setDelayInMs, setEnabled, setProperty, setStatus, setTechSet, setTimeFinished, setTimeStarted, stripOff, targets, writeProgress
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
getCategory, getDescription, getId, getName, getReference, getSolution
public void scan()
Plugin
Plugin.init(HttpMessage, HostProcess)
public abstract void scan(HttpMessage msg, String param, String value)
msg
- a copy of the HTTP message currently under scanningparam
- the name of the parameter under testingvalue
- the clean value (no escaping is needed)public void scan(HttpMessage msg, NameValuePair originalParam)
msg
- a copy of the HTTP message currently under scanningoriginalParam
- the parameter pair with all the context informationsprotected String setParameter(HttpMessage message, String param, String value)
message
. If both parameter name and value are
null
, the parameter will be removed.message
- the message that will be changedparam
- the name of the parametervalue
- the value of the parametersetEscapedParameter(HttpMessage, String, String)
protected String setEscapedParameter(HttpMessage message, String param, String value)
message
. If both parameter name and value are
null
, the parameter will be removed.
The value is expected to be properly encoded/escaped.
message
- the message that will be changedparam
- the name of the parametervalue
- the value of the parametersetParameter(HttpMessage, String, String)