Package org.zaproxy.zap.extension.ascanrules

Source Code of org.zaproxy.zap.extension.ascanrules.TestPersistentXSSPrime

/*
* Zed Attack Proxy (ZAP) and its related class files.
*
* ZAP is an HTTP/HTTPS proxy for assessing web application security.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*   http://www.apache.org/licenses/LICENSE-2.0
*  
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.zaproxy.zap.extension.ascanrules;

import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.core.scanner.AbstractAppParamPlugin;
import org.parosproxy.paros.core.scanner.Alert;
import org.parosproxy.paros.core.scanner.Category;
import org.parosproxy.paros.network.HttpMessage;

public class TestPersistentXSSPrime extends AbstractAppParamPlugin {

    private static Logger log = Logger.getLogger(TestPersistentXSSPrime.class);
 
    @Override
    public int getId() {
        return 40016;
    }

    @Override
    public String getName() {
      return Constant.messages.getString("ascanrules.pxss.prime.name");
    }

    @Override
    public String[] getDependency() {
        return null;
    }

    @Override
    public String getDescription() {
        return "N/A";
    }

    @Override
    public int getCategory() {
        return Category.INJECTION;
    }

    @Override
    public String getSolution() {
        return "N/A";
    }

    @Override
    public String getReference() {
        return "N/A";
    }

    @Override
    public void init() {
    }
   
    @Override
    public void scan(HttpMessage msg, String param, String value) {
    try {
      HttpMessage msg1 = msg.cloneRequest();
      this.setParameter(msg1, param, PersistentXSSUtils.getUniqueValue(msg1, param));
      if (log.isDebugEnabled()) {
        log.debug("Prime msg=" + msg1.getRequestHeader().getURI() + " param=" + param);
      }
        sendAndReceive(msg1, false);
    } catch (Exception e) {
      log.error(e.getMessage(), e);
    }
  }

  @Override
  public int getRisk() {
    return Alert.RISK_INFO;
  }

  @Override
  public int getCweId() {
    return 79;
  }

  @Override
  public int getWascId() {
    return 8;
  }
}
TOP

Related Classes of org.zaproxy.zap.extension.ascanrules.TestPersistentXSSPrime

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.