Package org.parosproxy.paros.core.scanner

Examples of org.parosproxy.paros.core.scanner.Alert


      }
    }
  }
 
  private void raiseAlert(HttpMessage msg, int id, String cookie) {
      Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
          "Cookie set without HttpOnly flag");
          alert.setDetail(
            "A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. " +
            "If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. " +
            "If this is a session cookie then session hijacking may be possible.",
            msg.getRequestHeader().getURI().toString(),
            cookie, "", "",
View Full Code Here


      }
    }
  }
   
  private void raiseAlert(HttpMessage msg, int id, String xContentTypeOption) {
    Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
          getName());
          alert.setDetail(
            getDescription(), // Desc
              msg.getRequestHeader().getURI().toString(), // URL
              xContentTypeOption,
              "", // Attack
              getOtherInfo(), // OtherInfo
View Full Code Here

    int risk = Alert.RISK_LOW;
    if (incScript) {
      name = "Secure page includes mixed content, including scripts";
      risk = Alert.RISK_MEDIUM;
    }
      Alert alert = new Alert(getPluginId(), risk, Alert.WARNING, name);
      alert.setDetail(
          "The page includes mixed content, ie content accessed via http instead of https.",
          msg.getRequestHeader().getURI().toString(),
          "", first, all,
          "A page that is available over TLS must be comprised completely of content which is transmitted over TLS. \n" +
          "The page must not contain any content that is transmitted over unencrypted HTTP.\n" +
View Full Code Here

      }
    }
  }

  private void raiseAlert(HttpMessage msg, int id, String crossDomainScript) {
    Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
          getName());
          alert.setDetail(
              "The page at the following URL includes one or more script files from a third-party domain",
              msg.getRequestHeader().getURI().toString(),
              crossDomainScript,
              "",
              "",
View Full Code Here

      }
    }
  }
 
  private void raiseAlert(HttpMessage msg, int id, String cookie) {
      Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
          "Cookie set without secure flag");
          alert.setDetail(
              "A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.",
              msg.getRequestHeader().getURI().toString(),
              cookie, "", "",
              "Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted tunnel. " +
                            "Ensure that the secure flag is set for cookies containing such sensitive information.",
View Full Code Here

                //getKb().add("sessionId/name", sessionIdName);

                // Raise an alert according to Passive Scan Rule model
                // description, uri, param, attack, otherInfo,
                // solution, reference, evidence, cweId, wascId, msg
                Alert alert = new Alert(getPluginId(), getRisk(), Alert.WARNING, getName());
                alert.setDetail(
                        getDescription(),
                        uri,
                        sessionIdName,
                        sessionIdValue,
                        "",
View Full Code Here

                if (host.compareToIgnoreCase(linkHostName) != 0) {

                    // Raise an alert according to Passive Scan Rule model
                    // description, uri, param, attack, otherInfo,
                    // solution, reference, evidence, cweId, wascId, msg
                    Alert alert = new Alert(getPluginId(), risk, Alert.WARNING, getRefererAlert());
                    alert.setDetail(
                            getRefererDescription(),
                            msg.getRequestHeader().getURI().getURI(),
                            "N/A",
                            linkHostName,
                            "",
View Full Code Here

    String issue = "Content-Type header empty";
    if (isContentTypeMissing){
      issue = "Content-Type header missing";
    }
   
    Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
          getName());
          alert.setDetail(
            issue,
              msg.getRequestHeader().getURI().toString(),
              contentType,
              "",
              "",
View Full Code Here

            }
            sbTxtFound.append(matcher.group()).append("\n");
        }

        if (sbTxtFound.length() != 0) {
            Alert alert = new Alert(getPluginId(), this.getRisk(), Alert.WARNING, this.getName());

            alert.setDetail(
                    this.getDescription(),
                    msg.getRequestHeader().getURI().toString(),
                    "",
                    firstOne,
                    sbTxtFound.toString(),
View Full Code Here

        return false;
    }

  @Override
  public Alert getAlert(HttpMessage msg) {
      Alert alert = new Alert(10000, Alert.RISK_MEDIUM, Alert.WARNING,
          "Password Autocomplete in browser");
      alert.setDetail(
        "AUTOCOMPLETE attribute is not disabled in HTML FORM/INPUT element containing password type input.  Passwords may be stored in browsers and retrieved.",
        msg.getRequestHeader().getURI().toString(),
        "param", "otherInfo",
        "Turn off AUTOCOMPLETE attribute in form or individual input elements containing password by using AUTOCOMPLETE='OFF'",
            "http://msdn.microsoft.com/library/default.asp?url=/workshop/author/forms/autocomplete_ovr.asp",
View Full Code Here

TOP

Related Classes of org.parosproxy.paros.core.scanner.Alert

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.