Java Code Examples for org.apache.commons.httpclient.URI

The following examples show how to use org.apache.commons.httpclient.URI. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
protected String getAbsoluteUri(HttpMethod method, String path) throws URIException {
    URI uri = method.getURI();
    if (path != null) {
        // reset query string
        uri.setQuery(null);
        if (path.startsWith("/")) {
            // path is absolute, replace method path
            uri.setPath(path);
        } else if (path.startsWith("http://") || path.startsWith("https://")) {
            return path;
        } else {
            // relative path, build new path
            String currentPath = method.getPath();
            int end = currentPath.lastIndexOf('/');
            if (end >= 0) {
                uri.setPath(currentPath.substring(0, end + 1) + path);
            } else {
                throw new URIException(uri.getURI());
            }
        }
    }
    return uri.getURI();
}
 
Example 2
@Test
public void containsSessionIdAsUrlParameterInHTTPSOnCustomPort()
        throws HttpMalformedHeaderException, URIException {

    // Given
    String testURI = "https://example.com:4443/foo?jsessionid=1a530637289b03x07199de8D531427";
    HttpMessage msg = createHttpMessageWithRespBody(BODY);
    msg.getRequestHeader().setURI(new URI(testURI, false));

    // When

    scanHttpResponseReceive(msg);

    // Then
    assertEquals(1, alertsRaised.size());
}
 
Example 3
Source Project: zap-extensions   Source File: ExtensionOpenApi.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Imports the API definition from a URI.
 *
 * @param uri the URI locating the API definition.
 * @param targetUrl the URL to override the URL defined in the API, might be {@code null}.
 * @param initViaUi {@code true} if the import is being done through the GUI, {@code false}
 *     otherwise.
 * @return the list of errors, if any. Returns {@code null} if the import is being done through
 *     the GUI.
 * @throws InvalidUrlException if the target URL is not valid.
 */
public List<String> importOpenApiDefinition(
        final URI uri, final String targetUrl, boolean initViaUi) {
    Requestor requestor = new Requestor(HttpSender.MANUAL_REQUEST_INITIATOR);
    requestor.addListener(new HistoryPersister());
    try {
        String path = uri.getPath();
        if (path == null) {
            path = "";
        }
        return importOpenApiDefinition(
                requestor.getResponseBody(uri),
                targetUrl,
                uri.getScheme() + "://" + uri.getAuthority() + path,
                initViaUi);
    } catch (IOException e) {
        if (initViaUi) {
            View.getSingleton()
                    .showWarningDialog(Constant.messages.getString("openapi.io.error"));
        }
        LOG.warn(e.getMessage(), e);
    }
    return null;
}
 
Example 4
private String getHost(HttpMethod httpMethod, HttpConnection httpConnection) {
    try {
        final URI uri = httpMethod.getURI();
        // if uri have schema
        if (uri.isAbsoluteURI()) {
            return HttpClient3RequestWrapper.getEndpoint(uri.getHost(), uri.getPort());
        }
        if (httpConnection != null) {
            final String host = httpConnection.getHost();
            final int port = HttpClient3RequestWrapper.getPort(httpConnection);
            return HttpClient3RequestWrapper.getEndpoint(host, port);
        }
    } catch (Exception e) {
        if (isDebug) {
            logger.debug("Failed to get host. httpMethod={}", httpMethod, e);
        }
    }
    return null;
}
 
Example 5
Source Project: zap-extensions   Source File: ExtensionZest.java    License: Apache License 2.0 6 votes vote down vote up
public void recordClientScript(String url) {
    Extension extPnh =
            Control.getSingleton().getExtensionLoader().getExtension("ExtensionPlugNHack");
    if (extPnh != null) {
        Method method = null;
        try {
            URI uri = new URI(url, true);

            startClientRecording(url);

            method = extPnh.getClass().getMethod("launchAndRecordClient", URI.class);

            method.invoke(extPnh, uri);

        } catch (Exception e) {
            // Its an older version, so just dont try to use it
            e.printStackTrace();
        }
    }
}
 
Example 6
@Test
public void shouldRaiseMultipleAlertsIfRequestParamValuesUsedInAttributes() throws Exception {
    // Given
    HttpMessage msg = createMessage();
    msg.getRequestHeader()
            .setURI(
                    new URI(
                            "http://example.com/i.php?place=http://example.com/&name=fred",
                            false));
    msg.setResponseBody(
            "<html><meta http-equiv=\"refresh\" content=\"0; url=http://example.com/\"><img src=\"x.jpg\" alt=fred></img></html>");
    // When
    scanHttpResponseReceive(msg);
    // Then
    assertThat(alertsRaised.size(), equalTo(2));
    assertThat(alertsRaised.get(0).getParam(), equalTo("place"));
    assertThat(alertsRaised.get(1).getParam(), equalTo("name"));
}
 
Example 7
Source Project: zap-extensions   Source File: UriUtils.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Returns a representation of the host name as used throughout ZAP. The representation contains
 * the scheme, the host and, if needed, the port. Method should be used to keep consistency
 * whenever displaying a node's hostname.
 *
 * <p>Example outputs:
 *
 * <ul>
 *   <li><i>http://example.org</i>
 *   <li><i>http://example.org:8080</i>
 *   <li><i>https://example.org</i>
 * </ul>
 *
 * @throws URIException
 */
public static String getHostName(URI uri) throws URIException {
    StringBuilder host = new StringBuilder();

    String scheme = uri.getScheme().toLowerCase();
    host.append(scheme).append("://").append(uri.getHost());
    int port = uri.getPort();
    if ((port != -1)
            && ((port == 80 && !"http".equals(scheme))
                    || (port == 443 && !"https".equals(scheme))
                    || (port != 80 && port != 443))) {
        host.append(":").append(port);
    }

    return host.toString();
}
 
Example 8
@Test
public void emailAddressInURLParamValue() throws HttpMalformedHeaderException, URIException {

    // Given
    String sensitiveParamName = "docid";
    String sensitiveValue = "[email protected]";
    String testURI = URI + "?mailto=me&" + sensitiveParamName + "=" + sensitiveValue + "&hl=en";
    HttpMessage msg = createHttpMessageWithRespBody(testURI);

    // When
    scanHttpRequestSend(msg);

    // Then
    assertEquals(1, alertsRaised.size());
    assertEquals(sensitiveParamName, alertsRaised.get(0).getParam());
    assertEquals(sensitiveValue, alertsRaised.get(0).getEvidence());
    assertEquals(
            Constant.messages.getString(
                    InformationDisclosureInUrlScanRule.MESSAGE_PREFIX + "otherinfo.email"),
            alertsRaised.get(0).getOtherInfo());
}
 
Example 9
@Test
public void shouldRaiseAlertIfResponseIsTempRedirectHasLocationHeaderBasedOnGetParamDuringPost()
        throws Exception {
    // Given
    HttpMessage msg = createMessage();
    msg.getRequestHeader().setURI(new URI("http://example.com/i.php?place=evil.com", false));
    msg.getRequestHeader().setMethod(HttpRequestHeader.POST);
    TreeSet<HtmlParameter> formParams = new TreeSet<HtmlParameter>();
    formParams.add(new HtmlParameter(HtmlParameter.Type.form, "name", "jane"));
    msg.setFormParams(formParams);
    msg.getResponseHeader().setStatusCode(HttpStatusCode.FOUND);
    msg.getResponseHeader().setHeader(HttpHeader.LOCATION, "http://evil.com");
    // When
    scanHttpResponseReceive(msg);
    // Then
    assertThat(alertsRaised.size(), equalTo(1));
    assertThat(alertsRaised.get(0).getParam(), equalTo("place"));
}
 
Example 10
@Test
public void detectExposureTo3rdPartyInSRC() throws HttpMalformedHeaderException, URIException {

    // Given
    String testURI = "https://example.com/foo?jsessionid=1A530637289A03B07199A44E8D531427";
    String body =
            "<html>\n<body>\n<h2>HTML Links</h2>\n"
                    + "<p><a href=\"default.jsp\">\n"
                    + " <img src=\"https://www.example.org/images/smiley.gif\" alt=\"HTML tutorial\" "
                    + "style=\"width:42px;height:42px;border:0;\">\n</a>"
                    + "</p>\n"
                    + "</body>\n</html>";
    HttpMessage msg = createHttpMessageWithRespBody(body);
    msg.getRequestHeader().setURI(new URI(testURI, false));

    // When
    scanHttpResponseReceive(msg);

    // Then
    assertEquals(2, alertsRaised.size());
}
 
Example 11
Source Project: zap-extensions   Source File: CrossDomainScanner.java    License: Apache License 2.0 6 votes vote down vote up
/** scans the node for cross-domain mis-configurations */
@Override
public void scan() {
    if (docBuilder == null) {
        return;
    }

    try {
        // get the network details for the attack
        URI originalURI = this.getBaseMsg().getRequestHeader().getURI();

        scanAdobeCrossdomainPolicyFile(originalURI);

        scanSilverlightCrossdomainPolicyFile(originalURI);

    } catch (Exception e) {
        // needed to catch exceptions from the "finally" statement
        log.error(
                "Error scanning a node for Cross Domain misconfigurations: " + e.getMessage(),
                e);
    }
}
 
Example 12
Source Project: swellrt   Source File: SolrSearchProviderImpl.java    License: Apache License 2.0 6 votes vote down vote up
private JsonArray sendSearchRequest(String solrQuery,
    Function<InputStreamReader, JsonArray> function) throws IOException {
  JsonArray docsJson;
  GetMethod getMethod = new GetMethod();
  HttpClient httpClient = new HttpClient();
  try {
    getMethod.setURI(new URI(solrQuery, false));
    int statusCode = httpClient.executeMethod(getMethod);
    docsJson = function.apply(new InputStreamReader(getMethod.getResponseBodyAsStream()));
    if (statusCode != HttpStatus.SC_OK) {
      LOG.warning("Failed to execute query: " + solrQuery);
      throw new IOException("Search request status is not OK: " + statusCode);
    }
  } finally {
    getMethod.releaseConnection();
  }
  return docsJson;
}
 
Example 13
@BeforeEach
public void before() throws URIException {
    antiCsrfTokenNames = new ArrayList<>();
    antiCsrfTokenNames.add("token");
    antiCsrfTokenNames.add("csrfToken");

    extensionAntiCSRFMock = mock(ExtensionAntiCSRF.class);
    Mockito.lenient()
            .when(extensionAntiCSRFMock.getAntiCsrfTokenNames())
            .thenReturn(antiCsrfTokenNames);

    rule.setExtensionAntiCSRF(extensionAntiCSRFMock);
    rule.setCsrfIgnoreList("");
    rule.setCSRFIgnoreAttName("");
    rule.setCSRFIgnoreAttValue("");

    HttpRequestHeader requestHeader = new HttpRequestHeader();
    requestHeader.setURI(new URI("http://example.com", false));

    msg = new HttpMessage();
    msg.setRequestHeader(requestHeader);
}
 
Example 14
Source Project: zap-extensions   Source File: ScanTarget.java    License: Apache License 2.0 6 votes vote down vote up
public ScanTarget(URI uri) {
    this.uri = copyURI(uri);

    this.scheme = uri.getScheme();

    try {
        this.host = uri.getHost();
    } catch (URIException e) {
        throw new IllegalArgumentException("Failed to get host from URI: " + e.getMessage(), e);
    }

    this.port = getPort(scheme, uri.getPort());

    try {
        this.uri.setPath(null);
        this.uri.setQuery(null);
        this.uri.setFragment(null);
    } catch (URIException ignore) {
        // It's safe to set the URI query, path and fragment components to null.
    }

    this.stringRepresentation = createHostPortString(host, port);
    buildHtmlStringRepresentation();
}
 
Example 15
Source Project: zap-extensions   Source File: ImportWSDLTestCase.java    License: Apache License 2.0 6 votes vote down vote up
@BeforeEach
public void setUp() throws URIException, NullPointerException {
    ImportWSDL.destroy();
    /* Retrieves singleton instance. */
    singleton = ImportWSDL.getInstance();

    /* Makes test request. */
    testRequest = new HttpMessage();
    HttpRequestHeader header = new HttpRequestHeader();
    header.setURI(new URI(TEST_URI, true));
    testRequest.setRequestHeader(header);
    HttpRequestBody body = new HttpRequestBody();
    body.append("test");
    body.setLength(4);
    testRequest.setRequestBody(body);

    /* Empty configuration object. */
    soapConfig = new SOAPMsgConfig();
    soapConfig.setWsdl(new Definitions());
    soapConfig.setSoapVersion(1);
    soapConfig.setParams(new HashMap<String, String>());
    soapConfig.setPort(new Port());
    soapConfig.setBindOp(new BindingOperation());
}
 
Example 16
@Test
public void shouldRaiseAlertIfCookieBasedOnGetParamDuringPost() throws Exception {
    // Given
    HttpMessage msg = createMessage();
    msg.getRequestHeader().setURI(new URI("http://example.com/i.php?place=evil", false));
    msg.getRequestHeader().setMethod(HttpRequestHeader.POST);
    TreeSet<HtmlParameter> formParams = new TreeSet<HtmlParameter>();
    formParams.add(new HtmlParameter(HtmlParameter.Type.form, "name", "jane"));
    msg.setFormParams(formParams);
    msg.getResponseHeader().setStatusCode(HttpStatusCode.FOUND);
    msg.getResponseHeader()
            .setHeader(HttpHeader.SET_COOKIE, "Set-Cookie: aCookie=evil; Secure");
    // When
    scanHttpResponseReceive(msg);
    // Then
    assertThat(alertsRaised.size(), equalTo(1));
    assertThat(alertsRaised.get(0).getParam(), equalTo("place"));
}
 
Example 17
@Test
public void ignoreExposureToSelf() throws HttpMalformedHeaderException, URIException {

    // Given
    String testURI = "https://example.com/foo?jsessionid=1A530637289A03B07199A44E8D531427";
    String body =
            "<html>\n<body>\n<h2>HTML Links</h2>\n"
                    + "<p><a href=\"https://example.com/html/\">Testing ZAP</a>"
                    + "</p>\n"
                    + "</body>\n</html>";
    HttpMessage msg = createHttpMessageWithRespBody(body);
    msg.getRequestHeader().setURI(new URI(testURI, false));

    // When
    scanHttpResponseReceive(msg);

    // Then:
    // Passing means it detects the session ID in the URL (alert #1), but since the
    // origin of the href in the body is the same as the URL, it should not raise a
    // 2nd alert.
    assertEquals(1, alertsRaised.size());
}
 
Example 18
Source Project: zap-extensions   Source File: HttpPrefixUriValidator.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Tells whether or not the given URI is valid, by starting or not with the defined prefix.
 *
 * @param uri the uri to be validated
 * @return {@code true} if valid, that is, the {@code uri} starts with the {@code prefix},
 *     {@code false} otherwise
 */
public boolean isValid(URI uri) {
    if (uri == null) {
        return false;
    }

    String otherScheme = normalisedScheme(uri.getRawScheme());
    if (port != normalisedPort(otherScheme, uri.getPort())) {
        return false;
    }

    if (!scheme.equals(otherScheme)) {
        return false;
    }

    if (!hasSameHost(uri)) {
        return false;
    }

    if (!startsWith(uri.getRawPath(), path)) {
        return false;
    }

    return true;
}
 
Example 19
Source Project: glowroot   Source File: ApacheHttpClient3xAspect.java    License: Apache License 2.0 5 votes vote down vote up
@OnBefore
public static @Nullable TraceEntry onBefore(ThreadContext context,
        @SuppressWarnings("unused") @BindParameter @Nullable HostConfiguration hostConfiguration,
        @BindParameter @Nullable HttpMethod methodObj) {
    if (methodObj == null) {
        return null;
    }
    String method = methodObj.getName();
    if (method == null) {
        method = "";
    } else {
        method += " ";
    }
    String uri;
    try {
        URI uriObj = methodObj.getURI();
        if (uriObj == null) {
            uri = "";
        } else {
            uri = uriObj.getURI();
            if (uri == null) {
                uri = "";
            }
        }
    } catch (URIException e) {
        uri = "";
    }
    return context.startServiceCallEntry("HTTP", method + Uris.stripQueryString(uri),
            MessageSupplier.create("http client request: {}{}", method, uri),
            timerName);
}
 
Example 20
Source Project: davmail   Source File: DavExchangeSession.java    License: GNU General Public License v2.0 5 votes vote down vote up
@Override
public void buildSessionInfo(java.net.URI uri) throws DavMailException {
    buildMailPath(uri);

    // get base http mailbox http urls
    getWellKnownFolders();
}
 
Example 21
Source Project: RDFS   Source File: JobEndNotifier.java    License: Apache License 2.0 5 votes vote down vote up
private static int httpNotification(String uri) throws IOException {
  URI url = new URI(uri, false);
  HttpClient m_client = new HttpClient();
  HttpMethod method = new GetMethod(url.getEscapedURI());
  method.setRequestHeader("Accept", "*/*");
  return m_client.executeMethod(method);
}
 
Example 22
@Test
public void containsCFIDAsUrlParameter() throws HttpMalformedHeaderException, URIException {

    // Given
    String testURI = "http://example.com/foo?CFiD=1A530637289A03B07199A44E8D531427";
    HttpMessage msg = createHttpMessageWithRespBody(BODY);
    msg.getRequestHeader().setURI(new URI(testURI, false));

    // When
    scanHttpResponseReceive(msg);

    // Then
    assertEquals(1, alertsRaised.size());
}
 
Example 23
/**
 * Set http client current host configuration.
 *
 * @param httpClient current Http client
 * @param url        target url
 * @throws DavMailException on error
 */
public static void setClientHost(HttpClient httpClient, String url) throws DavMailException {
    try {
        HostConfiguration hostConfig = httpClient.getHostConfiguration();
        URI httpURI = new URI(url, true);
        hostConfig.setHost(httpURI);
    } catch (URIException e) {
        throw new DavMailException("LOG_INVALID_URL", url);
    }
}
 
Example 24
@Test
public void shouldNotRaiseAlertIfResponseMetaIsNotContentType() throws Exception {
    // Given
    HttpMessage msg = createMessage();
    msg.getRequestHeader().setURI(new URI("http://example.com/i.php?cs=utf-8", false));
    msg.setResponseBody("<html><META http-equiv=\"info\" content=\"Someinfo\"></html>");
    // When
    scanHttpResponseReceive(msg);
    // Then
    assertThat(alertsRaised.size(), equalTo(0));
}
 
Example 25
/**
 * Retrieve Proxy Selector
 *
 * @param uri target uri
 * @return proxy selector
 */
private static List<Proxy> getProxyForURI(java.net.URI uri) {
    LOGGER.debug("get Default proxy selector");
    ProxySelector proxySelector = ProxySelector.getDefault();
    LOGGER.debug("getProxyForURI(" + uri + ')');
    List<Proxy> proxies = proxySelector.select(uri);
    LOGGER.debug("got system proxies:" + proxies);
    return proxies;
}
 
Example 26
/**
 * Execute method, redirect once if returned status is redirect.
 *
 * @param httpClient http client
 * @param method http method
 * @return status
 * @throws IOException on error
 */
protected static int executeMethodFollowRedirectOnce(HttpClient httpClient, HttpMethod method) throws IOException {
    int status = httpClient.executeMethod(method);

    // need to follow redirects (once) on public folders
    if (isRedirect(status)) {
        method.releaseConnection();
        URI targetUri = new URI(method.getResponseHeader("Location").getValue(), true);
        checkExpiredSession(targetUri.getQuery());
        method.setURI(targetUri);
        status = httpClient.executeMethod(method);
    }
    return status;
}
 
Example 27
private HttpMessage createMessage() throws URIException {
    HttpRequestHeader requestHeader = new HttpRequestHeader();
    requestHeader.setURI(new URI("http://example.com", false));

    HttpMessage msg = new HttpMessage();
    msg.setRequestHeader(requestHeader);
    msg.getResponseHeader().setStatusCode(HttpStatusCode.OK);
    msg.getResponseHeader().setHeader(HttpResponseHeader.CONTENT_TYPE, "text/html");
    return msg;
}
 
Example 28
@Test
public void givenRedirectHeadersWithLargeBodyThenAlertRaised() {
    // Given
    msg.getResponseHeader().setStatusCode(HttpStatusCode.MOVED_PERMANENTLY);
    msg.getResponseHeader().setHeader(HttpHeader.LOCATION, URI);
    msg.setResponseBody(new byte[ALLOWABLE_BODY_SIZE + 1]);

    // When
    scanHttpResponseReceive(msg);

    // Then
    assertThat(alertsRaised.size(), is(1));
    assertBigRedirectAlertAttributes(alertsRaised.get(0));
}
 
Example 29
/**
 * Send Request to the repository
 */
protected HttpMethod sendRemoteRequest(Request req) throws AuthenticationException, IOException
{
    if (logger.isDebugEnabled())
    {
        logger.debug("");
        logger.debug("* Request: " + req.getMethod() + " " + req.getFullUri() + (req.getBody() == null ? "" : "\n" + new String(req.getBody(), "UTF-8")));
    }

    HttpMethod method = createMethod(req);

    // execute method
    executeMethod(method);

    // Deal with redirect
    if(isRedirect(method))
    {
        Header locationHeader = method.getResponseHeader("location");
        if (locationHeader != null)
        {
            String redirectLocation = locationHeader.getValue();
            method.setURI(new URI(redirectLocation, true));
            httpClient.executeMethod(method);
        }
    }

    return method;
}
 
Example 30
@Test
public void shouldRaiseAlertIfRequestParamValuesUsedInMetaRefresh() throws Exception {
    // Given
    HttpMessage msg = createMessage();
    msg.getRequestHeader()
            .setURI(new URI("http://example.com/i.php?place=http://example.com/", false));
    msg.setResponseBody(
            "<html><meta http-equiv=\"refresh\" content=\"0; url=http://example.com/\"></html>");
    // When
    scanHttpResponseReceive(msg);
    // Then
    assertThat(alertsRaised.size(), equalTo(1));
    assertThat(alertsRaised.get(0).getParam(), equalTo("place"));
}