org.zaproxy.zap.extension.api.ApiResponseConversionUtils Maven / Gradle / Ivy
Show all versions of zap Show documentation
/*
* Zed Attack Proxy (ZAP) and its related class files.
*
* ZAP is an HTTP/HTTPS proxy for assessing web application security.
*
* Copyright 2013 The ZAP Development Team
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.zaproxy.zap.extension.api;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.zip.GZIPInputStream;
import net.sf.json.JSON;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.log4j.Logger;
import org.parosproxy.paros.db.DatabaseException;
import org.parosproxy.paros.model.HistoryReference;
import org.parosproxy.paros.network.HttpHeader;
import org.parosproxy.paros.network.HttpMessage;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.zaproxy.zap.utils.XMLStringUtil;
/**
* A class with utility methods to convert common (ZAP) objects into {@link ApiResponse} objects.
*
* @since 2.3.0
*/
public final class ApiResponseConversionUtils {
private static final Logger LOGGER = Logger.getLogger(ApiResponseConversionUtils.class);
private ApiResponseConversionUtils() {}
/**
* Converts the given HTTP message, of unknown type, into an {@code ApiResponseSet}.
*
* Prefer the use of {@link #httpMessageToSet(int, int, HttpMessage)}, which allows to
* provide the type of the message.
*
* @param historyId the ID of the message
* @param msg the HTTP message to be converted
* @return the {@code ApiResponseSet} with the ID, type and the HTTP message
*/
public static ApiResponseSet httpMessageToSet(int historyId, HttpMessage msg) {
return httpMessageToSet(historyId, -1, msg);
}
/**
* Converts the given HTTP message into an {@code ApiResponseSet}.
*
* @param historyId the ID of the message
* @param historyType the type of the message
* @param msg the HTTP message to be converted
* @return the {@code ApiResponseSet} with the ID, type and the HTTP message
* @since 2.6.0
*/
public static ApiResponseSet httpMessageToSet(
int historyId, int historyType, HttpMessage msg) {
Map map = new HashMap<>();
map.put("id", String.valueOf(historyId));
map.put("type", String.valueOf(historyType));
map.put("timestamp", String.valueOf(msg.getTimeSentMillis()));
map.put("rtt", String.valueOf(msg.getTimeElapsedMillis()));
map.put("cookieParams", msg.getCookieParamsAsString());
map.put("note", msg.getNote());
map.put("requestHeader", msg.getRequestHeader().toString());
map.put("requestBody", msg.getRequestBody().toString());
map.put("responseHeader", msg.getResponseHeader().toString());
if (HttpHeader.GZIP.equals(
msg.getResponseHeader().getHeader(HttpHeader.CONTENT_ENCODING))) {
// Uncompress gziped content
try (ByteArrayInputStream bais =
new ByteArrayInputStream(msg.getResponseBody().getBytes());
GZIPInputStream gis = new GZIPInputStream(bais);
InputStreamReader isr = new InputStreamReader(gis);
BufferedReader br = new BufferedReader(isr); ) {
StringBuilder sb = new StringBuilder();
String line = null;
while ((line = br.readLine()) != null) {
sb.append(line);
}
map.put("responseBody", sb.toString());
} catch (IOException e) {
LOGGER.error("Unable to uncompress gzip content: " + e.getMessage(), e);
map.put("responseBody", msg.getResponseBody().toString());
}
} else {
map.put("responseBody", msg.getResponseBody().toString());
}
List tags = Collections.emptyList();
try {
tags = HistoryReference.getTags(historyId);
} catch (DatabaseException e) {
LOGGER.warn("Failed to obtain the tags for message with ID " + historyId, e);
}
return new HttpMessageResponseSet(map, tags);
}
private static class HttpMessageResponseSet extends ApiResponseSet {
private final List tags;
public HttpMessageResponseSet(Map map, List tags) {
super("message", map);
this.tags = tags;
}
@Override
public JSON toJSON() {
JSONObject jo = (JSONObject) super.toJSON();
JSONArray array = new JSONArray();
array.addAll(tags);
jo.put("tags", array);
return jo;
}
@Override
public void toXML(Document doc, Element parent) {
super.toXML(doc, parent);
Element elTags = doc.createElement("tags");
parent.appendChild(elTags);
for (String tag : tags) {
Element el = doc.createElement("tag");
el.appendChild(doc.createTextNode(XMLStringUtil.escapeControlChrs(tag)));
elTags.appendChild(el);
}
}
@Override
public void toHTML(StringBuilder sb) {
sb.append("" + StringEscapeUtils.escapeHtml(this.getName()) + "
\n");
sb.append("\n");
for (Entry entry : getValues().entrySet()) {
appendRow(sb, entry.getKey(), entry.getValue());
sb.append("\n");
}
appendRow(sb, "tags", tagsToString(tags));
sb.append("
\n");
}
private static void appendRow(StringBuilder sb, String cell1, String cell2) {
sb.append("\n");
sb.append(cell1);
sb.append(" \n");
if (cell2 != null) {
sb.append(StringEscapeUtils.escapeHtml(cell2));
}
sb.append(" tags) {
if (tags == null || tags.isEmpty()) {
return "";
} else if (tags.size() == 1) {
return tags.get(0);
}
StringBuilder strBuilder = new StringBuilder();
for (String tag : tags) {
if (strBuilder.length() > 0) {
strBuilder.append(", ");
}
strBuilder.append(tag);
}
return strBuilder.toString();
}
}
}