org.zaproxy.zap.extension.ruleconfig

Class RuleConfigParam

java.lang.Object

org.parosproxy.paros.common.AbstractParam

org.zaproxy.zap.extension.ruleconfig.RuleConfigParam

All Implemented Interfaces:

Cloneable

public class RuleConfigParam
extends AbstractParam

Manages the Rule Configurations saved in the configuration file.

It also exposes the names of the (core) rules that can be accessed by the scanners (through the Configuration set/used by the passive/active scans).

Since:

2.6.0

Field Summary

Fields

Modifier and Type	Field and Description
static String	RULE_COMMON_SLEEP_TIME The name of the rule to obtain the time, in seconds, for time-based attacks.
static String	RULE_COOKIE_IGNORE_LIST The name of the rule to obtain the string containing a comma separated list of cookies that should be ignored when checking for issues.
static String	RULE_CSRF_IGNORE_ATT_NAME The name of an HTML attribute that can be used to indicate that a form does not need an Anti CSRF Token.
static String	RULE_CSRF_IGNORE_ATT_VALUE The value of an HTML attribute named by 'rules.csrf.ignore.attname' that can be used to indicate that a form does not need an Anti CSRF Token.
static String	RULE_CSRF_IGNORE_LIST The name of the rule to obtain the string containing a comma separated list of names/IDs of forms that should be ignored when checking for CSRF issues.
static int	RULE_DEFAULT_COMMON_SLEEP_TIME The default time, in seconds, to use for time-based attacks
static String	RULE_DOMAINS_TRUSTED The name of the rule to obtain the string containing a comma separated list of URL regex patterns.
static String	RULE_DOMXSS_BROWSER_ID The name of the rule to obtain the ID of the browser to use in DOM XSS scans.

Constructor Summary

Constructors

Constructor and Description
RuleConfigParam()

Method Summary

Modifier and Type	Method and Description
void	addRuleConfig(RuleConfig rc)
void	addRuleConfig(String key, String defaultValue, String value)
List<RuleConfig>	getAllRuleConfigs()
RuleConfig	getRuleConfig(String key)
String	getRuleConfigDefaultValue(String key)
String	getRuleConfigValue(String key)
protected void	parse() Parses the configurations.
void	resetAllRuleConfigValues()
void	resetRuleConfigValue(String key)
void	setRuleConfigValue(String key, String value)

Methods inherited from class org.parosproxy.paros.common.AbstractParam

clone, getBoolean, getConfig, getInt, getInteger, getString, load, load, load, logConversionException, reset

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RULE_COMMON_SLEEP_TIME

public static final String RULE_COMMON_SLEEP_TIME

The name of the rule to obtain the time, in seconds, for time-based attacks.

See Also:

RULE_DEFAULT_COMMON_SLEEP_TIME, Constant Field Values

RULE_CSRF_IGNORE_LIST

public static final String RULE_CSRF_IGNORE_LIST

The name of the rule to obtain the string containing a comma separated list of names/IDs of forms that should be ignored when checking for CSRF issues.

See Also:

Constant Field Values

RULE_CSRF_IGNORE_ATT_NAME

public static final String RULE_CSRF_IGNORE_ATT_NAME

The name of an HTML attribute that can be used to indicate that a form does not need an Anti CSRF Token. If 'rules.csrf.ignore.attvalue' is specified then this must also match the attribute's value. If found any related alerts will be raised at INFO level.

See Also:

Constant Field Values

RULE_CSRF_IGNORE_ATT_VALUE

public static final String RULE_CSRF_IGNORE_ATT_VALUE

The value of an HTML attribute named by 'rules.csrf.ignore.attname' that can be used to indicate that a form does not need an Anti CSRF Token. If found any related alerts will be raised at INFO level.

See Also:

Constant Field Values

RULE_COOKIE_IGNORE_LIST

public static final String RULE_COOKIE_IGNORE_LIST

The name of the rule to obtain the string containing a comma separated list of cookies that should be ignored when checking for issues.

See Also:

Constant Field Values

RULE_DOMAINS_TRUSTED

public static final String RULE_DOMAINS_TRUSTED

The name of the rule to obtain the string containing a comma separated list of URL regex patterns. Any URLs that match the patterns will be considered trusted domains and the issues ignored.

Since:

2.8.0

See Also:

Constant Field Values

RULE_DOMXSS_BROWSER_ID

public static final String RULE_DOMXSS_BROWSER_ID

The name of the rule to obtain the ID of the browser to use in DOM XSS scans.

Since:

2.8.0

See Also:

Constant Field Values

RULE_DEFAULT_COMMON_SLEEP_TIME

public static final int RULE_DEFAULT_COMMON_SLEEP_TIME

The default time, in seconds, to use for time-based attacks

See Also:

RULE_COMMON_SLEEP_TIME, Constant Field Values

Constructor Detail

RuleConfigParam

public RuleConfigParam()

Method Detail

parse

protected void parse()

Description copied from class: AbstractParam

Parses the configurations.

Called each time the configurations are loaded.

Specified by:

parse in class AbstractParam

See Also:

AbstractParam.getConfig()

addRuleConfig

public void addRuleConfig(RuleConfig rc)

addRuleConfig

public void addRuleConfig(String key,
                          String defaultValue,
                          String value)

getRuleConfig

public RuleConfig getRuleConfig(String key)

getAllRuleConfigs

public List<RuleConfig> getAllRuleConfigs()

getRuleConfigValue

public String getRuleConfigValue(String key)

getRuleConfigDefaultValue

public String getRuleConfigDefaultValue(String key)

setRuleConfigValue

public void setRuleConfigValue(String key,
                               String value)

resetRuleConfigValue

public void resetRuleConfigValue(String key)

resetAllRuleConfigValues

public void resetAllRuleConfigValues()