Java Code Examples for org.apache.commons.httpclient.URI#getHost()

The following examples show how to use org.apache.commons.httpclient.URI#getHost() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ScanTarget.java    From zap-extensions with Apache License 2.0 6 votes vote down vote up
public ScanTarget(URI uri) {
    this.uri = copyURI(uri);

    this.scheme = uri.getScheme();

    try {
        this.host = uri.getHost();
    } catch (URIException e) {
        throw new IllegalArgumentException("Failed to get host from URI: " + e.getMessage(), e);
    }

    this.port = getPort(scheme, uri.getPort());

    try {
        this.uri.setPath(null);
        this.uri.setQuery(null);
        this.uri.setFragment(null);
    } catch (URIException ignore) {
        // It's safe to set the URI query, path and fragment components to null.
    }

    this.stringRepresentation = createHostPortString(host, port);
    buildHtmlStringRepresentation();
}
 
Example 2
Source File: InformationDisclosureReferrerScanRule.java    From zap-extensions with Apache License 2.0 6 votes vote down vote up
private boolean isRequestedURLSameDomainAsHTTPReferrer(String host, String referrerURL) {
    boolean result = false;
    if (referrerURL.startsWith("/")) {
        result = true;
    } else {
        try {
            URI referrerURI = new URI(referrerURL, true);
            if (referrerURI.getHost() != null
                    && referrerURI.getHost().toLowerCase().equals(host.toLowerCase())) {
                result = true;
            }
        } catch (URIException e) {
            logger.debug("Error: " + e.getMessage());
        }
    }
    return result;
}
 
Example 3
Source File: CrossDomainScriptInclusionScanRule.java    From zap-extensions with Apache License 2.0 5 votes vote down vote up
private boolean isScriptFromOtherDomain(String host, String scriptURL, HttpMessage msg) {
    if (!scriptURL.startsWith("//")
            && (scriptURL.startsWith("/")
                    || scriptURL.startsWith("./")
                    || scriptURL.startsWith("../"))) {
        return false;
    }
    boolean otherDomain = false;
    try {
        URI scriptURI = new URI(scriptURL, true);
        String scriptURIStr = scriptURI.toString();
        String scriptHost = scriptURI.getHost();
        if (scriptHost != null && !scriptHost.toLowerCase().equals(host.toLowerCase())) {
            otherDomain = true;
        }
        if (otherDomain && !Plugin.AlertThreshold.LOW.equals(this.getAlertThreshold())) {
            // Get a list of contexts that contain the original URL
            List<Context> contextList =
                    getModel()
                            .getSession()
                            .getContextsForUrl(msg.getRequestHeader().getURI().toString());
            for (Context context : contextList) {
                if (context.isInContext(scriptURIStr)) {
                    // The scriptURI is in a context that the original URI is in
                    // At MEDIUM and HIGH Threshold consider this an OK cross domain inclusion
                    return false; // No need to loop further
                }
            }
        }
    } catch (URIException e) {
        logger.debug("Error: " + e.getMessage());
    }
    return otherDomain;
}
 
Example 4
Source File: HiddenFilesScanRule.java    From zap-extensions with Apache License 2.0 5 votes vote down vote up
private HttpMessage sendHiddenFileRequest(HiddenFile file) {
    HttpMessage testMsg = getNewMsg();
    try {
        URI baseUri = getBaseMsg().getRequestHeader().getURI();
        URI testUri =
                new URI(
                        baseUri.getScheme(),
                        null,
                        baseUri.getHost(),
                        baseUri.getPort(),
                        generatePath(baseUri.getPath(), file.getPath()));
        testMsg.getRequestHeader().setURI(testUri);
        sendAndReceive(testMsg);
        return testMsg;
    } catch (URIException uEx) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(
                    "An error occurred creating or setting a URI for the: "
                            + getName()
                            + " scanner. "
                            + uEx.getMessage(),
                    uEx);
        }
    } catch (IOException e) {
        LOG.warn(
                "An error occurred while checking ["
                        + testMsg.getRequestHeader().getMethod()
                        + "] ["
                        + testMsg.getRequestHeader().getURI()
                        + "] for "
                        + getName()
                        + " Caught "
                        + e.getClass().getName()
                        + " "
                        + e.getMessage());
    }
    return null;
}
 
Example 5
Source File: SsoUtil.java    From iaf with Apache License 2.0 5 votes vote down vote up
public static void addSsoCredential(HttpMethod method, HttpState state, String defaultForwardHost) {
	try {
		String name=SsoUtil.getSsoTokenName();
		String value=SsoUtil.getSsoToken();
		if (StringUtils.isEmpty(value)) {
			if (log.isDebugEnabled()) log.debug("no value for SsoCredential ["+name+"]");
		} else {
			if (log.isDebugEnabled()) log.debug("constructing SsoCredentialCookie ["+name+"]");
			Cookie ssoCookie = new Cookie();
			ssoCookie.setName(name);
		
			ssoCookie.setValue(value);
			String forwardHost;
			try {
				URI uri = method.getURI();
				forwardHost = uri.getHost();
				if (StringUtils.isEmpty(forwardHost)) {
					if (log.isDebugEnabled()) log.debug("did not find host from URI ["+uri.getURI()+"], will use default ["+defaultForwardHost+"] for SSO credential cookie");
					forwardHost=defaultForwardHost;
				}
			} catch (Throwable t) {
				log.warn("could not extract host from URI", t);
				forwardHost = defaultForwardHost;					
			}
			ssoCookie.setDomain(forwardHost);
			// path must have a value, otherwise cookie is not appended to request
			ssoCookie.setPath("/");
			if (log.isDebugEnabled()) log.debug("set SSOcookie attributes: domain ["+ssoCookie.getDomain()+"] path ["+ssoCookie.getPath()+"]");
			state.addCookie(ssoCookie);
		}
		
	} catch (Exception e) {
		log.warn("could not obtain SsoToken: "+e.getMessage());
	}
}