public interface Plugin extends Runnable
AbstractHostPlugin
, AbstractAppPlugin
, AbstractAppParamPlugin
implement this
interface and is a good starting point for writing new plugins.Modifier and Type | Interface and Description |
---|---|
static class |
Plugin.AlertThreshold |
static class |
Plugin.AttackStrength |
Modifier and Type | Method and Description |
---|---|
void |
cloneInto(Plugin plugin) |
void |
createParamIfNotExist() |
Plugin.AlertThreshold |
getAlertThreshold()
The alert threshold for this plugin, ie the level of certainty required to report an alert.
|
Plugin.AlertThreshold |
getAlertThreshold(boolean incDefault)
The alert threshold for this plugin, ie the level of certainty required to report an alert
|
Plugin.AlertThreshold[] |
getAlertThresholdsSupported()
Returns an array of the AlertThresholds supported.
|
Plugin.AttackStrength |
getAttackStrength()
Returns the AttackStrength, which is an indication of the relative number of requests the
plugin will make against a given target.
|
Plugin.AttackStrength |
getAttackStrength(boolean incDefault)
Returns the AttackStrength, which is an indication of the relative number of requests the
plugin will make against a given target
|
Plugin.AttackStrength[] |
getAttackStrengthsSupported()
Returns an array of the AttackStrengths supported.
|
int |
getCategory()
Gets the category of this scanner.
|
String |
getCodeName()
Code name is the plugin name used for dependency naming.
|
org.apache.commons.configuration.Configuration |
getConfig() |
int |
getCweId()
Gets the CWE ID of the issue(s) raised by the scanner.
|
int |
getDelayInMs() |
String[] |
getDependency()
The
names of dependencies of the plugin. |
String |
getDescription()
Default description of this plugin.
|
int |
getId()
Unique Paros ID of this plugin.
|
String |
getName()
Plugin name.
|
String |
getReference()
Reference document provided by this plugin.
|
int |
getRisk()
Gets the highest risk level of the alerts raised by the plugin.
|
String |
getSolution()
Default solution returned by this plugin.
|
AddOn.Status |
getStatus()
Gets the status of the plugin (as given by the corresponding add-on).
|
Date |
getTimeFinished() |
Date |
getTimeStarted() |
int |
getWascId()
Gets the WASC ID of the issue(s) raised by the scanner.
|
void |
init(HttpMessage msg,
HostProcess parent)
Initialises the plugin with the given message and host process.
|
boolean |
inScope(Tech tech)
Tells whether or not the given technology is enabled for the scan.
|
boolean |
isDepreciated() |
boolean |
isEnabled()
Tells whether or not the scanner is enabled.
|
boolean |
isVisible()
Tells whether or not the scanner can be selected and should be shown..
|
void |
loadFrom(org.apache.commons.configuration.Configuration conf) |
void |
notifyPluginCompleted(HostProcess parent)
Plugin must implement this to notify when completed.
|
void |
saveTo(org.apache.commons.configuration.Configuration conf) |
void |
scan()
Scans the target server using the message previously set during initialisation.
|
void |
setAlertThreshold(Plugin.AlertThreshold level)
Set the alert threshold for this plugin, ie the level of certainty required to report an
alert
|
void |
setAttackStrength(Plugin.AttackStrength level)
Set the attack strength for this plugin, ie the relative number of requests the plugin will
make against a given target.
|
void |
setConfig(org.apache.commons.configuration.Configuration config) |
void |
setDefaultAlertThreshold(Plugin.AlertThreshold level)
Set the default alert threshold for this plugin, ie the level of certainty required to report
an alert
|
void |
setDefaultAttackStrength(Plugin.AttackStrength strength)
Set the default attack strength for this plugin, ie the relative number of attacks that will
be performed
|
void |
setDelayInMs(int delay) |
void |
setEnabled(boolean enabled)
Sets whether or not the scanner is enabled.
|
void |
setTechSet(TechSet ts)
Sets the technologies enabled for the scan.
|
void |
setTimeFinished() |
void |
setTimeStarted() |
boolean |
targets(TechSet technologies)
Tells whether or not the scanner targets the given
technologies to be run. |
int getId()
String getName()
String getCodeName()
String getDescription()
int getRisk()
Alert.RISK_HIGH
,
Alert.RISK_MEDIUM
,
Alert.RISK_LOW
,
Alert.RISK_INFO
void init(HttpMessage msg, HostProcess parent)
msg
- the message to be scanned.parent
- the parent host process.void scan()
init(HttpMessage, HostProcess)
String[] getDependency()
names
of dependencies of the plugin.
The plugin will not run if the dependencies are not fulfilled nor run.
null
/empty if none.void setEnabled(boolean enabled)
enabled
- true
if the scanner should be enabled, false
otherwiseboolean isEnabled()
true
if the scanner is enabled, false
otherwiseint getCategory()
Category
String getSolution()
String getReference()
void notifyPluginCompleted(HostProcess parent)
parent
- the parent HostProcess
boolean isVisible()
true
if the scanner is visible, false
otherwisevoid setConfig(org.apache.commons.configuration.Configuration config)
org.apache.commons.configuration.Configuration getConfig()
void saveTo(org.apache.commons.configuration.Configuration conf)
void loadFrom(org.apache.commons.configuration.Configuration conf)
void cloneInto(Plugin plugin)
void createParamIfNotExist()
boolean isDepreciated()
int getDelayInMs()
void setDelayInMs(int delay)
Plugin.AlertThreshold getAlertThreshold(boolean incDefault)
incDefault
- if the DEFAULT level should be returned as DEFAULT as opposed to the value
of the default levelPlugin.AlertThreshold getAlertThreshold()
void setAlertThreshold(Plugin.AlertThreshold level)
level
- The alert threshold to set for this pluginvoid setDefaultAlertThreshold(Plugin.AlertThreshold level)
level
- The alert threshold to set for this pluginPlugin.AlertThreshold[] getAlertThresholdsSupported()
Plugin.AttackStrength getAttackStrength(boolean incDefault)
incDefault
- if the DEFAULT level should be returned as DEFAULT as opposed to the value
of the default levelPlugin.AttackStrength getAttackStrength()
void setAttackStrength(Plugin.AttackStrength level)
level
- The alert threshold to set for this pluginvoid setDefaultAttackStrength(Plugin.AttackStrength strength)
strength
- The attack strength to set for this pluginPlugin.AttackStrength[] getAttackStrengthsSupported()
void setTechSet(TechSet ts)
Called before initialising the plugin
.
ts
- the technologies enabled for the scanIllegalArgumentException
- (since 2.6.0) if the given parameter is null
.targets(TechSet)
boolean inScope(Tech tech)
Helper method to check if a technology is enabled before performing a test/scan.
tech
- the technology that will be checkedtrue
if the technology is enabled for the scan, false
otherwisetargets(TechSet)
boolean targets(TechSet technologies)
technologies
to be run. If the
scanner does not target a specific technology is should return, always, true
so the
scanner is run independently of the technologies enabled.
Scanners that target multiple technologies must check which technologies are enabled before performing the actual scans.
technologies
- the technologies that are enabled for the scan, never null
true
if the scanner is targeting the given technologies (or none at all),
false
otherwisesetTechSet(TechSet)
,
inScope(Tech)
void setTimeStarted()
Date getTimeStarted()
void setTimeFinished()
Date getTimeFinished()
int getCweId()
int getWascId()
AddOn.Status getStatus()
The status is automatically set by core code during initialisation.