All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.parosproxy.paros.core.scanner.Kb Maven / Gradle / Ivy

Go to download

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

There is a newer version: 2.15.0
Show newest version
/*
 *
 * Paros and its related class files.
 *
 * Paros is an HTTP/HTTPS proxy for assessing web application security.
 * Copyright (C) 2003-2004 Chinotec Technologies Company
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the Clarified Artistic License
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * Clarified Artistic License for more details.
 *
 * You should have received a copy of the Clarified Artistic License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
// ZAP: 2012/04/25 Added type arguments to generic types, removed variables,
// added logger and other minor changes.
// ZAP: 2012/05/04 Catch CloneNotSupportedException whenever an Uri is cloned,
//              as introduced with version 3.1 of HttpClient
// ZAP: 2016/09/20 JavaDoc tweaks
// ZAP: 2018/02/14 Remove unnecessary boxing / unboxing
// ZAP: 2019/06/01 Normalise line endings.
// ZAP: 2019/06/05 Normalise format/style.
package org.parosproxy.paros.core.scanner;

import java.util.TreeMap;
import java.util.Vector;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.URIException;
import org.apache.log4j.Logger;

/**
 * Knowledge base records the properties or result found during a scan. It is mainly used to share
 * result among plugin when dependency arise.
 *
 * 
There are 2 types of Kb: 1. key = name. result = value. This represents kb applicable over the
 * entire host. 2. key = url (path without query) and name. result = value. This represents kb
 * applicable for specific path only.
 */
public class Kb {

    // ZAP: Added logger.
    private static final Logger logger = Logger.getLogger(Kb.class);

    // KB related
    // ZAP: Added the type arguments.
    private TreeMap mapKb = new TreeMap<>();
    // ZAP: Added the type arguments.
    private TreeMap> mapURI = new TreeMap<>();

    /**
     * Get a list of the values matching the key.
     *
     * @param key the key for the knowledge base list entry
     * @return null if there is no previous values.
     */
    // ZAP: Added the type argument.
    public synchronized Vector getList(String key) {
        return getList(mapKb, key);
    }

    /**
     * Add the key value pair to KB. Only unique value will be added to KB.
     *
     * @param key the key for the knowledge base entry
     * @param value the value of the new entry
     */
    public synchronized void add(String key, Object value) {
        add(mapKb, key, value);
    }

    public synchronized Object get(String key) {
        // ZAP: Added the type argument.
        Vector v = getList(key);
        if (v == null || v.size() == 0) {
            return null;
        }

        return v.get(0);
    }

    /**
     * Get the first item in KB matching the key as a String.
     *
     * @param key the key for the knowledge base entry
     * @return the entry, or {@code null} if not a {@code String} or does not exist
     */
    public String getString(String key) {
        Object obj = get(key);
        if (obj != null && obj instanceof String) {
            return (String) obj;
        }
        return null;
    }

    public boolean getBoolean(String key) {
        Object obj = get(key);
        if (obj != null && obj instanceof Boolean) {
            return (Boolean) obj;
        }
        return false;
    }

    public synchronized void add(URI uri, String key, Object value) {
        // ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient
        try {
            uri = (URI) uri.clone();
        } catch (CloneNotSupportedException e1) {
            return;
        }

        // ZAP: Removed variable (TreeMap map).
        try {
            uri.setQuery(null);
        } catch (URIException e) {
            // ZAP: Added logging.
            logger.error(e.getMessage(), e);
            return;
        }
        // ZAP: Moved to after the try catch block.
        String uriKey = uri.toString();
        // ZAP: Added the type arguments.
        TreeMap map = mapURI.get(uriKey);
        if (map == null) {
            // ZAP: Added the type argument.
            map = new TreeMap<>();
            mapURI.put(uriKey, map);
        } // ZAP: Removed else branch.

        add(map, key, value);
    }

    public synchronized Vector getList(URI uri, String key) {
        // ZAP: catch CloneNotSupportedException as introduced with version 3.1 of HttpClient
        try {
            uri = (URI) uri.clone();
        } catch (CloneNotSupportedException e1) {
            return null;
        }

        // ZAP: Removed variable (TreeMap map).
        try {
            uri.setQuery(null);
        } catch (URIException e) {
            // ZAP: Added logging.
            logger.error(e.getMessage(), e);
            return null;
        }
        // ZAP: Moved to after the try catch block.
        String uriKey = uri.toString();
        // ZAP: Added the type argument and removed the instanceof.
        TreeMap map = mapURI.get(uriKey);
        if (map == null) {
            return null;
        } // ZAP: Removed else branch.

        return getList(map, key);
    }

    public synchronized Object get(URI uri, String key) {
        // ZAP: Added the type argument.
        Vector v = getList(uri, key);
        if (v == null || v.size() == 0) {
            return null;
        }

        return v.get(0);
    }

    public String getString(URI uri, String key) {
        Object obj = get(uri, key);
        if (obj != null && obj instanceof String) {
            return (String) obj;
        }
        return null;
    }

    public boolean getBoolean(URI uri, String key) {
        Object obj = get(uri, key);
        if (obj != null && obj instanceof Boolean) {
            return (Boolean) obj;
        }
        return false;
    }

    /**
     * Generic method for adding into a map
     *
     * @param map the map of the knowledge base entries
     * @param key the key for the knowledge base entry
     * @param value the value of the entry
     */
    // ZAP: Added the type arguments.
    private void add(TreeMap map, String key, Object value) {
        // ZAP: Added the type argument.
        Vector v = getList(map, key);
        if (v == null) {
            // ZAP: Added the type argument.
            v = new Vector<>();
            synchronized (map) {
                map.put(key, v);
            }
        }
        if (!v.contains(value)) {
            v.add(value);
        }
    }

    /**
     * Generic method for getting values out of a map
     *
     * @param map the map of the knowledge base entries
     * @param key the key for the knowledge base entry
     * @return the values of the entry, might be {@code null}
     */
    // ZAP: Added the type arguments and @SuppressWarnings annotation.
    @SuppressWarnings("unchecked")
    private Vector getList(TreeMap map, String key) {
        Object obj = null;
        synchronized (map) {
            obj = map.get(key);
        }

        if (obj != null && obj instanceof Vector) {
            // ZAP: Added the type argument.
            return (Vector) obj;
        }
        return null;
    }
}
 















© 2015 - 2024 Weber Informatics LLC | Privacy Policy