Class AbstractAppParamPlugin
- java.lang.Object
-
- org.parosproxy.paros.core.scanner.AbstractPlugin
-
- org.parosproxy.paros.core.scanner.AbstractAppPlugin
-
- org.parosproxy.paros.core.scanner.AbstractAppParamPlugin
-
- All Implemented Interfaces:
java.lang.Comparable<java.lang.Object>
,java.lang.Runnable
,Plugin
,ExampleAlertProvider
- Direct Known Subclasses:
ScriptsActiveScanner
public abstract class AbstractAppParamPlugin extends AbstractAppPlugin
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.parosproxy.paros.core.scanner.AbstractPlugin
AbstractPlugin.AlertBuilder
-
Nested classes/interfaces inherited from interface org.parosproxy.paros.core.scanner.Plugin
Plugin.AlertThreshold, Plugin.AttackStrength
-
-
Field Summary
-
Fields inherited from class org.parosproxy.paros.core.scanner.AbstractPlugin
CRLF, PATTERN_PARAM
-
-
Constructor Summary
Constructors Constructor Description AbstractAppParamPlugin()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected InputVectorBuilder
getBuilder()
protected AbstractPlugin.AlertBuilder
newAlert()
Returns a new alert builder.void
scan()
Scans the target server using the message previously set during initialisation.protected void
scan(java.util.List<NameValuePair> nameValuePairs)
Scans the current message using the list ofNameValuePair
s handled by the current variant.void
scan(HttpMessage msg, java.lang.String param, java.lang.String value)
Plugin method that need to be implemented for the specific test.void
scan(HttpMessage msg, NameValuePair originalParam)
General method for a specific Parameter scanning, which allows developers to access all the settings specific of the parameters like the place/type where the name/value pair has been retrieved.protected java.lang.String
setEscapedParameter(HttpMessage message, java.lang.String param, java.lang.String value)
Sets the parameter into the givenmessage
.protected java.lang.String
setParameter(HttpMessage message, java.lang.String param, java.lang.String value)
Sets the parameter into the givenmessage
.protected void
setParameters(HttpMessage message, java.util.List<InputVector> inputVectors)
Sets the parameters into the givenmessage
.-
Methods inherited from class org.parosproxy.paros.core.scanner.AbstractAppPlugin
notifyPluginCompleted
-
Methods inherited from class org.parosproxy.paros.core.scanner.AbstractPlugin
bingo, bingo, bingo, bingo, bingo, bingo, cloneInto, compareTo, createParamIfNotExist, equals, getAlertTags, getAlertThreshold, getAlertThreshold, getAlertThresholdsSupported, getAttackStrength, getAttackStrength, getAttackStrengthsSupported, getBaseMsg, getCodeName, getConfig, getCweId, getDelayInMs, getDependency, getDisplayName, getHTMLEncode, getKb, getLog, getLogger, getNewMsg, getParent, getProperty, getRisk, getStatus, getTechSet, getTimeFinished, getTimeStarted, getURLDecode, getURLEncode, getWascId, hashCode, init, init, inScope, isAnyInScope, isClientError, isDepreciated, isEnabled, isFileExist, isPage200, isPage404, isPage500, isPageAuthIssue, isPageOther, isServerError, isStop, isSuccess, isVisible, loadFrom, matchBodyPattern, matchHeaderPattern, run, saveTo, sendAndReceive, sendAndReceive, sendAndReceive, setAlertThreshold, setAttackStrength, setConfig, setDefaultAlertThreshold, setDefaultAttackStrength, setDelayInMs, setEnabled, setProperty, setStatus, setTechSet, setTimeFinished, setTimeStarted, stripOff, targets, updateRequestContentLength, writeProgress
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.parosproxy.paros.core.scanner.Plugin
getCategory, getDescription, getExampleAlerts, getId, getName, getReference, getSolution
-
-
-
-
Method Detail
-
scan
public void scan()
Description copied from interface:Plugin
Scans the target server using the message previously set during initialisation.- See Also:
Plugin.init(HttpMessage, HostProcess)
-
scan
protected void scan(java.util.List<NameValuePair> nameValuePairs)
Scans the current message using the list ofNameValuePair
s handled by the current variant. This method should be overridden for the use-cases of manipulating multiple parameters in aHttpMessage
.By default this method calls
scan(HttpMessage, NameValuePair)
for eachNameValuePair
.- Parameters:
nameValuePairs
- list of parameters handled by the current variant- Since:
- 2.11.0
- See Also:
setParameters(HttpMessage, List)
-
scan
public void scan(HttpMessage msg, java.lang.String param, java.lang.String value)
Plugin method that need to be implemented for the specific test. The passed message is a copy which maintains only the Request's information so if the plugin need to manage the original Response body a getBaseMsg() call should be done. the param name and the value are the original value retrieved by the crawler and the current applied Variant.- Parameters:
msg
- a copy of the HTTP message currently under scanningparam
- the name of the parameter under testingvalue
- the clean value (no escaping is needed)
-
scan
public void scan(HttpMessage msg, NameValuePair originalParam)
General method for a specific Parameter scanning, which allows developers to access all the settings specific of the parameters like the place/type where the name/value pair has been retrieved. This method can be overridden so that plugins that need a more deep access to the parameter context can benefit about this possibility.- Parameters:
msg
- a copy of the HTTP message currently under scanningoriginalParam
- the parameter pair with all the context informations
-
setParameter
protected java.lang.String setParameter(HttpMessage message, java.lang.String param, java.lang.String value)
Sets the parameter into the givenmessage
. If both parameter name and value arenull
, the parameter will be removed.- Parameters:
message
- the message that will be changedparam
- the name of the parametervalue
- the value of the parameter- Returns:
- the parameter set
- See Also:
setEscapedParameter(HttpMessage, String, String)
-
setEscapedParameter
protected java.lang.String setEscapedParameter(HttpMessage message, java.lang.String param, java.lang.String value)
Sets the parameter into the givenmessage
. If both parameter name and value arenull
, the parameter will be removed.The value is expected to be properly encoded/escaped.
- Parameters:
message
- the message that will be changedparam
- the name of the parametervalue
- the value of the parameter- Returns:
- the parameter set
- See Also:
setParameter(HttpMessage, String, String)
-
getBuilder
protected InputVectorBuilder getBuilder()
- Returns:
InputVectorBuilder
which is used to build theInputVector
which is used bysetParameters(HttpMessage, List)
- Since:
- 2.11.0
-
setParameters
protected void setParameters(HttpMessage message, java.util.List<InputVector> inputVectors)
- Parameters:
message
- the message that will be changedinputVectors
- list of the parameters- Since:
- 2.11.0
-
newAlert
protected AbstractPlugin.AlertBuilder newAlert()
Returns a new alert builder.By default the alert builder sets the following fields of the alert:
- Plugin ID - using
Plugin.getId()
- Name - using
Plugin.getName()
- Risk - using
AbstractPlugin.getRisk()
- Description - using
Plugin.getDescription()
- Solution - using
Plugin.getSolution()
- Reference - using
Plugin.getReference()
- CWE ID - using
AbstractPlugin.getCweId()
- WASC ID - using
AbstractPlugin.getWascId()
- URI - from the alert message
- Alert Tags - using
AbstractPlugin.getAlertTags()
Since 2.12.0 it also sets the input vector and parameter.
- Overrides:
newAlert
in classAbstractPlugin
- Returns:
- the alert builder.
- Plugin ID - using
-
-