All Downloads are FREE. Search and download functionalities are using the official Maven repository.
  • Log In
  • Register

    • org.zaproxy.zap.extension.spider.SpiderScanController Maven / Gradle / Ivy

    Go to download

    The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

    There is a newer version: 2.15.0
    Show newest version
    /*
 * Zed Attack Proxy (ZAP) and its related class files.
 *
 * ZAP is an HTTP/HTTPS proxy for assessing web application security.
 *
 * Copyright 2014 The ZAP Development Team
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.zaproxy.zap.extension.spider;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.commons.httpclient.URI;
import org.apache.log4j.Logger;
import org.zaproxy.zap.model.ScanController;
import org.zaproxy.zap.model.Target;
import org.zaproxy.zap.spider.SpiderParam;
import org.zaproxy.zap.spider.filters.FetchFilter;
import org.zaproxy.zap.spider.filters.MaxChildrenFetchFilter;
import org.zaproxy.zap.spider.filters.MaxChildrenParseFilter;
import org.zaproxy.zap.spider.filters.ParseFilter;
import org.zaproxy.zap.spider.parser.SpiderParser;
import org.zaproxy.zap.users.User;

public class SpiderScanController implements ScanController {

    private static final Logger log = Logger.getLogger(SpiderScanController.class);

    private ExtensionSpider extension;

    /**
     * The {@code Lock} for exclusive access of instance variables related to multiple active scans.
     *
     * @see #spiderScanMap
     * @see #scanIdCounter
     */
    private final Lock spiderScansLock;

    /**
     * The counter used to give an unique ID to active scans.
     *
     * 
    Note: All accesses (both write and read) should be done while holding the
     * {@code Lock} {@code spiderScansLock}.
     *
     * @see #spiderScansLock
     * @see #startScan(String, Target, User, Object[])
     */
    private int scanIdCounter;

    /**
     * A map that contains all {@code SpiderScan}s created (and not yet removed). Used to control
     * (i.e. pause/resume and stop) the multiple active scans and get its results. The instance
     * variable is never {@code null}. The map key is the ID of the scan.
     *
     * 
    Note: All accesses (both write and read) should be done while holding the
     * {@code Lock} {@code spiderScansLock}.
     *
     * @see #spiderScansLock
     * @see #startScan(String, Target, User, Object[])
     * @see #scanIdCounter
     */
    private Map spiderScanMap;

    /**
     * An ordered list of all of the {@code SpiderScan}s created (and not yet removed). Used to get
     * provide the 'last' scan for client using the 'old' API that didn't support concurrent scans.
     */
    private List spiderScanList;

    public SpiderScanController(ExtensionSpider extension) {
        this.spiderScansLock = new ReentrantLock();
        this.extension = extension;
        this.spiderScanMap = new HashMap<>();
        this.spiderScanList = new ArrayList();
    }

    @Override
    public int startScan(String name, Target target, User user, Object[] contextSpecificObjects) {
        spiderScansLock.lock();
        try {
            int id = this.scanIdCounter++;

            SpiderParam spiderParams = extension.getSpiderParam();
            List customSpiderParsers = new ArrayList();
            List customFetchFilters = new ArrayList();
            List customParseFilters = new ArrayList();
            URI startUri = null;

            if (contextSpecificObjects != null) {
                for (Object obj : contextSpecificObjects) {
                    if (obj instanceof SpiderParam) {
                        log.debug("Setting custom spider params");
                        spiderParams = (SpiderParam) obj;
                    } else if (obj instanceof SpiderParser) {
                        customSpiderParsers.add((SpiderParser) obj);
                    } else if (obj instanceof FetchFilter) {
                        customFetchFilters.add((FetchFilter) obj);
                    } else if (obj instanceof ParseFilter) {
                        customParseFilters.add((ParseFilter) obj);
                    } else if (obj instanceof URI) {
                        startUri = (URI) obj;
                    } else {
                        log.error(
                                "Unexpected contextSpecificObject: "
                                        + obj.getClass().getCanonicalName());
                    }
                }
            }

            if (spiderParams.getMaxChildren() > 0) {
                // Add the filters to filter on maximum number of children
                MaxChildrenFetchFilter maxChildrenFetchFilter = new MaxChildrenFetchFilter();
                maxChildrenFetchFilter.setMaxChildren(spiderParams.getMaxChildren());
                maxChildrenFetchFilter.setModel(extension.getModel());

                MaxChildrenParseFilter maxChildrenParseFilter =
                        new MaxChildrenParseFilter(extension.getMessages());
                maxChildrenParseFilter.setMaxChildren(spiderParams.getMaxChildren());
                maxChildrenParseFilter.setModel(extension.getModel());

                customFetchFilters.add(maxChildrenFetchFilter);
                customParseFilters.add(maxChildrenParseFilter);
            }

            SpiderScan scan =
                    new SpiderScan(extension, spiderParams, target, startUri, user, id, name);
            scan.setCustomSpiderParsers(customSpiderParsers);
            scan.setCustomFetchFilters(customFetchFilters);
            scan.setCustomParseFilters(customParseFilters);

            this.spiderScanMap.put(id, scan);
            this.spiderScanList.add(scan);
            scan.start();

            return id;
        } finally {
            spiderScansLock.unlock();
        }
    }

    @Override
    public SpiderScan getScan(int id) {
        return this.spiderScanMap.get(id);
    }

    @Override
    public SpiderScan getLastScan() {
        spiderScansLock.lock();
        try {
            if (spiderScanList.size() == 0) {
                return null;
            }
            return spiderScanList.get(spiderScanList.size() - 1);
        } finally {
            spiderScansLock.unlock();
        }
    }

    @Override
    public List getAllScans() {
        List list = new ArrayList();
        spiderScansLock.lock();
        try {
            for (SpiderScan scan : spiderScanList) {
                list.add(scan);
            }
            return list;
        } finally {
            spiderScansLock.unlock();
        }
    }

    @Override
    public List getActiveScans() {
        List list = new ArrayList();
        spiderScansLock.lock();
        try {
            for (SpiderScan scan : spiderScanList) {
                if (!scan.isStopped()) {
                    list.add(scan);
                }
            }
            return list;
        } finally {
            spiderScansLock.unlock();
        }
    }

    @Override
    public SpiderScan removeScan(int id) {
        spiderScansLock.lock();

        try {
            SpiderScan ascan = this.spiderScanMap.get(id);
            if (!spiderScanMap.containsKey(id)) {
                // throw new IllegalArgumentException("Unknown id " + id);
                return null;
            }
            ascan.stopScan();
            ascan.clear();
            spiderScanMap.remove(id);
            spiderScanList.remove(ascan);
            return ascan;
        } finally {
            spiderScansLock.unlock();
        }
    }

    public int getTotalNumberScans() {
        return spiderScanMap.size();
    }

    @Override
    public void stopAllScans() {
        spiderScansLock.lock();
        try {
            for (SpiderScan scan : spiderScanMap.values()) {
                scan.stopScan();
            }
        } finally {
            spiderScansLock.unlock();
        }
    }

    @Override
    public void pauseAllScans() {
        spiderScansLock.lock();
        try {
            for (SpiderScan scan : spiderScanMap.values()) {
                scan.pauseScan();
            }
        } finally {
            spiderScansLock.unlock();
        }
    }

    @Override
    public void resumeAllScans() {
        spiderScansLock.lock();
        try {
            for (SpiderScan scan : spiderScanMap.values()) {
                scan.resumeScan();
            }
        } finally {
            spiderScansLock.unlock();
        }
    }

    @Override
    public int removeAllScans() {
        spiderScansLock.lock();
        try {
            int count = 0;
            for (Iterator it = spiderScanMap.values().iterator(); it.hasNext(); ) {
                SpiderScan ascan = it.next();
                ascan.stopScan();
                ascan.clear();
                it.remove();
                spiderScanList.remove(ascan);
                count++;
            }
            return count;
        } finally {
            spiderScansLock.unlock();
        }
    }

    @Override
    public int removeFinishedScans() {
        spiderScansLock.lock();
        try {
            int count = 0;
            for (Iterator it = spiderScanMap.values().iterator(); it.hasNext(); ) {
                SpiderScan scan = it.next();
                if (scan.isStopped()) {
                    scan.stopScan();
                    scan.clear();
                    it.remove();
                    spiderScanList.remove(scan);
                    count++;
                }
            }
            return count;
        } finally {
            spiderScansLock.unlock();
        }
    }

    @Override
    public void stopScan(int id) {
        spiderScansLock.lock();
        try {
            if (this.spiderScanMap.containsKey(id)) {
                this.spiderScanMap.get(id).stopScan();
            }
        } finally {
            spiderScansLock.unlock();
        }
    }

    @Override
    public void pauseScan(int id) {
        spiderScansLock.lock();
        try {
            if (this.spiderScanMap.containsKey(id)) {
                this.spiderScanMap.get(id).pauseScan();
            }
        } finally {
            spiderScansLock.unlock();
        }
    }

    @Override
    public void resumeScan(int id) {
        spiderScansLock.lock();
        try {
            if (this.spiderScanMap.containsKey(id)) {
                this.spiderScanMap.get(id).resumeScan();
            }
        } finally {
            spiderScansLock.unlock();
        }
    }

    public void reset() {
        this.removeAllScans();
        spiderScansLock.lock();
        try {
            this.scanIdCounter = 0;
        } finally {
            spiderScansLock.unlock();
        }
    }
}




    © 2015 - 2025 Weber Informatics LLC | Privacy Policy