Package org.zaproxy.zap.extension.authentication

Examples of org.zaproxy.zap.extension.authentication.ExtensionAuthentication


      if (sqlInjectionFoundForUrl) {
        boolean loginUrl = false;
        //log.debug("### A SQL Injection may lead to auth bypass..");

        //are we dealing with a login url in any of the contexts?
        ExtensionAuthentication extAuth = (ExtensionAuthentication) Control.getSingleton()
            .getExtensionLoader().getExtension(ExtensionAuthentication.NAME);
        if (extAuth != null) {
          URI requestUri = getBaseMsg().getRequestHeader().getURI();

          //using the session, get the list of contexts for the url
          List<Context> contextList = extAuth.getModel().getSession().getContextsForUrl(requestUri.getURI());
 
          //now loop, and see if the url is a login url in each of the contexts in turn..
          for (Context context : contextList) {
            URI loginUri = extAuth.getLoginRequestURIForContext(context);
            if (loginUri != null) {
              if (requestUri.getScheme().equals(loginUri.getScheme())
                  && requestUri.getHost().equals(loginUri.getHost())
                  && requestUri.getPort() == loginUri.getPort()
                  && requestUri.getPath().equals(loginUri.getPath())) {
View Full Code Here

TOP

Related Classes of org.zaproxy.zap.extension.authentication.ExtensionAuthentication

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.