Package org.zaproxy.zap.extension.authentication

Examples of org.zaproxy.zap.extension.authentication.ExtensionAuthentication

1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
      if (sqlInjectionFoundForUrl) {
        boolean loginUrl = false;
        //log.debug("### A SQL Injection may lead to auth bypass..");

        //are we dealing with a login url in any of the contexts?
        ExtensionAuthentication extAuth = (ExtensionAuthentication) Control.getSingleton()
            .getExtensionLoader().getExtension(ExtensionAuthentication.NAME);
        if (extAuth != null) {
          URI requestUri = getBaseMsg().getRequestHeader().getURI();

          //using the session, get the list of contexts for the url
          List<Context> contextList = extAuth.getModel().getSession().getContextsForUrl(requestUri.getURI());
 
          //now loop, and see if the url is a login url in each of the contexts in turn..
          for (Context context : contextList) {
            URI loginUri = extAuth.getLoginRequestURIForContext(context);
            if (loginUri != null) {
              if (requestUri.getScheme().equals(loginUri.getScheme())
                  && requestUri.getHost().equals(loginUri.getHost())
                  && requestUri.getPort() == loginUri.getPort()
                  && requestUri.getPath().equals(loginUri.getPath())) {
View Full Code Here
TOP

Related Classes of org.zaproxy.zap.extension.authentication.ExtensionAuthentication

  • org.zaproxy.zap.extension.ascanrules.TestSQLInjection
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.