org.apache.commons.httpclient.URIException Java Examples
The following examples show how to use
org.apache.commons.httpclient.URIException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: GitLabSecurityRealm.java From gitlab-oauth-plugin with MIT License | 7 votes |
/** * Returns the proxy to be used when connecting to the given URI. */ private HttpHost getProxy(HttpUriRequest method) throws URIException { Jenkins jenkins = Jenkins.getInstance(); ProxyConfiguration proxy = jenkins.proxy; if (proxy == null) { return null; // defensive check } Proxy p = proxy.createProxy(method.getURI().getHost()); switch (p.type()) { case DIRECT: return null; // no proxy case HTTP: InetSocketAddress sa = (InetSocketAddress) p.address(); return new HttpHost(sa.getHostName(), sa.getPort()); case SOCKS: default: return null; // not supported yet } }
Example #2
Source File: MockStorageInterface.java From hadoop with Apache License 2.0 | 6 votes |
private String fullUriString(String relativePath, boolean withTrailingSlash) { String fullUri; String baseUri = this.baseUri; if (!baseUri.endsWith("/")) { baseUri += "/"; } if (withTrailingSlash && !relativePath.equals("") && !relativePath.endsWith("/")) { relativePath += "/"; } try { fullUri = baseUri + URIUtil.encodePath(relativePath); } catch (URIException e) { throw new RuntimeException("problem encoding fullUri", e); } return fullUri; }
Example #3
Source File: InfoSessionIdUrlScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void ignoreExposureToBookmark() throws HttpMalformedHeaderException, URIException { // Given String testURI = "https://example.com/foo?jsessionid=1A530637289A03B07199A44E8D531427"; String body = "<html>\n<body>\n<h2>HTML Links</h2>\n" + "<h2 id=\"C4\">Chapter 4</h2>" + "<p><a href=\"#C4\">Jump to Chapter 4</a></p>\n" + "</body>\n</html>"; HttpMessage msg = createHttpMessageWithRespBody(body); msg.getRequestHeader().setURI(new URI(testURI, false)); // When scanHttpResponseReceive(msg); // Then: // Passing means it detects the session ID in the URL (alert #1), but since the // href in the body is also self relative, it should not raise a 2nd alert. assertEquals(1, alertsRaised.size()); }
Example #4
Source File: UsableURIFactoryTest.java From webarchive-commons with Apache License 2.0 | 6 votes |
/** * Test for doubly-encoded sequences. * See <a href="https://sourceforge.net/tracker/index.php?func=detail&aid=966219&group_id=73833&atid=539099">[ 966219 ] UURI doubly-encodes %XX sequences</a>. * @throws URIException */ public final void testDoubleEncoding() throws URIException { final char ae = '\u00E6'; final String uri = "http://archive.org/DIR WITH SPACES/home" + ae + ".html"; final String encodedUri = "http://archive.org/DIR%20WITH%20SPACES/home%E6.html"; UsableURI uuri = UsableURIFactory.getInstance(uri, "ISO-8859-1"); assertEquals("single encoding", encodedUri, uuri.toString()); // Dbl-encodes. uuri = UsableURIFactory.getInstance(uuri.toString(), "ISO-8859-1"); uuri = UsableURIFactory.getInstance(uuri.toString(), "ISO-8859-1"); assertEquals("double encoding", encodedUri, uuri.toString()); // Do default utf-8 test. uuri = UsableURIFactory.getInstance(uri); final String encodedUtf8Uri = "http://archive.org/DIR%20WITH%20SPACES/home%C3%A6.html"; assertEquals("Not equal utf8", encodedUtf8Uri, uuri.toString()); // Now dbl-encode. uuri = UsableURIFactory.getInstance(uuri.toString()); uuri = UsableURIFactory.getInstance(uuri.toString()); assertEquals("Not equal (dbl-encoding) utf8", encodedUtf8Uri, uuri.toString()); }
Example #5
Source File: InformationDisclosureSuspiciousCommentsScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void shouldAlertOnSuspiciousCommentInHtmlComments() throws HttpMalformedHeaderException, URIException { // Given String body = "<h1>Some text <!--Some Html comment FixMe: DO something --></h1>\n" + "<b>No script here</b>\n"; HttpMessage msg = createHttpMessageWithRespBody(body, "text/html;charset=ISO-8859-1"); assertTrue(msg.getResponseHeader().isText()); assertFalse(msg.getResponseHeader().isJavaScript()); // When scanHttpResponseReceive(msg); // Then assertEquals(1, alertsRaised.size()); }
Example #6
Source File: ScanTarget.java From zap-extensions with Apache License 2.0 | 6 votes |
public ScanTarget(URI uri) { this.uri = copyURI(uri); this.scheme = uri.getScheme(); try { this.host = uri.getHost(); } catch (URIException e) { throw new IllegalArgumentException("Failed to get host from URI: " + e.getMessage(), e); } this.port = getPort(scheme, uri.getPort()); try { this.uri.setPath(null); this.uri.setQuery(null); this.uri.setFragment(null); } catch (URIException ignore) { // It's safe to set the URI query, path and fragment components to null. } this.stringRepresentation = createHostPortString(host, port); buildHtmlStringRepresentation(); }
Example #7
Source File: InfoSessionIdUrlScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void detectExposureTo3rdPartyUnquotedHREF() throws HttpMalformedHeaderException, URIException { // Given String testURI = "https://example.com/foo?jsessionid=1A530637289A03B07199A44E8D531427"; String body = "<html>\n<body>\n<h2>HTML Links</h2>\n" + "<p><a href=https://www.example.org/html/hello>Testing ZAP</a>" + "</p>\n" + "</body>\n</html>"; HttpMessage msg = createHttpMessageWithRespBody(body); msg.getRequestHeader().setURI(new URI(testURI, false)); // When scanHttpResponseReceive(msg); // Then assertEquals(2, alertsRaised.size()); }
Example #8
Source File: MessageContentUnitTest.java From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void shouldGetHostNode() throws URIException, DatabaseException, HttpMalformedHeaderException { // Given URI hostUri1 = new URI("https", null, defaultHostName.toString(), -1, "/first"); WebSocketChannelDTO channel = getWebSocketChannelDTO(1, defaultHostName.toString(), hostUri1.toString()); TreeNode hostNode = new WebSocketNode(root, new HostFolderContent(namer, channel)); TreeNode messageNode = new WebSocketNode( hostNode, new MessageContent(namer, getTextOutgoingMessage(channel, "Test", 1))); // When List<TreeNode> actualHostList = messageNode.getHostNodes(new ArrayList<>()); // Then assertEquals(1, actualHostList.size()); assertEquals(hostNode, actualHostList.get(0)); }
Example #9
Source File: WebSocketProxy.java From zap-extensions with Apache License 2.0 | 6 votes |
private String getStatsBaseKey() { if (statsBaseKey == null) { // Make our best attempt at getting the same host name that other stats will use HistoryReference hsr = getHandshakeReference(); if (hsr != null) { try { statsBaseKey = SessionStructure.getHostName(hsr.getURI()); } catch (URIException e) { // Unlikely, but just in case statsBaseKey = "http://" + host; } } else { statsBaseKey = "http://" + host; } } return statsBaseKey; }
Example #10
Source File: InformationDisclosureReferrerScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 6 votes |
protected HttpMessage createHttpMessageWithRespBody(String testReferer) throws HttpMalformedHeaderException, URIException { HttpRequestHeader requestHeader = new HttpRequestHeader(); requestHeader.setURI(new URI(URI, false)); requestHeader.setHeader("Referer", testReferer); HttpMessage msg = new HttpMessage(); msg.setRequestHeader(requestHeader); msg.setResponseBody(BODY); msg.setResponseHeader( "HTTP/1.1 200 OK\r\n" + "Server: Apache-Coyote/1.1\r\n" + "Content-Type: text/plain\r\n" + "Content-Length: " + BODY.length() + "\r\n"); return msg; }
Example #11
Source File: SourceCodeDisclosureCVE20121823.java From zap-extensions with Apache License 2.0 | 6 votes |
private static URI createAttackUri(URI originalURI, String attackParam) { StringBuilder strBuilder = new StringBuilder(); strBuilder .append(originalURI.getScheme()) .append("://") .append(originalURI.getEscapedAuthority()); strBuilder .append(originalURI.getRawPath() != null ? originalURI.getEscapedPath() : "/") .append(attackParam); String uri = strBuilder.toString(); try { return new URI(uri, true); } catch (URIException e) { log.warn("Failed to create attack URI [" + uri + "], cause: " + e.getMessage()); } return null; }
Example #12
Source File: InfoSessionIdUrlScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void ignoreExposureToSelfRelativeLink() throws HttpMalformedHeaderException, URIException { // Given String testURI = "https://example.com/foo?jsessionid=1A530637289A03B07199A44E8D531427"; String body = "<html>\n<body>\n<h2>HTML Links</h2>\n" + "<p><a href=\"default.jsp\">\n" + " <img src=\"smiley.gif\" alt=\"HTML tutorial\" " + "style=\"width:42px;height:42px;border:0;\">\n</a>" + "</p>\n" + "</body>\n</html>"; HttpMessage msg = createHttpMessageWithRespBody(body); msg.getRequestHeader().setURI(new URI(testURI, false)); // When scanHttpResponseReceive(msg); // Then: // Passing means it detects the session ID in the URL (alert #1), but since the // href in the body is self relative, it should not raise a 2nd alert. assertEquals(1, alertsRaised.size()); }
Example #13
Source File: HttpClientConnection.java From knopflerfish.org with BSD 3-Clause "New" or "Revised" License | 6 votes |
HttpClientConnection(final BundleContext bc, final String url, final int mode, final boolean timeouts) throws URIException { this.bc = bc; uri = new URI(url, false); // assume not escaped URIs ProxySelector.configureProxy(bc, client, url); final String timeoutString = bc.getProperty(TIMEOUT); if (timeoutString != null) { try { client.getParams().setSoTimeout(Integer.parseInt(timeoutString)); } catch (NumberFormatException e) { throw new RuntimeException("Invalid timeout " + timeoutString); } } }
Example #14
Source File: InfoSessionIdUrlScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 6 votes |
@Test @Disabled(value = "Scanner does not look for session IDs in the response embedded in HREFs") public void containsSessionIdInResponseHREFParams() throws HttpMalformedHeaderException, URIException { // Given String testURI = "http://tld.gtld/fred?foo=bar"; String body = "<html>\n<body>\n<h2>HTML Links</h2>\n" + "<p><a href=\"https://www.example.org/html/?jsessionid=1A530637289A03B07199A44E8D531427\">Testing ZAP</a>" + "</p>\n" + "</body>\n</html>"; HttpMessage msg = createHttpMessageWithRespBody(body); msg.getRequestHeader().setURI(new URI(testURI, false)); // When scanHttpResponseReceive(msg); // Then assertEquals(1, alertsRaised.size()); }
Example #15
Source File: SolrQueryHTTPClient.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
protected JSONResult postSolrQuery(HttpClient httpClient, String url, JSONObject body, SolrJsonProcessor<?> jsonProcessor, String spellCheckParams) throws UnsupportedEncodingException, IOException, HttpException, URIException, JSONException { JSONObject json = postQuery(httpClient, url, body); if (spellCheckParams != null) { SpellCheckDecisionManager manager = new SpellCheckDecisionManager(json, url, body, spellCheckParams); if (manager.isCollate()) { json = postQuery(httpClient, manager.getUrl(), body); } json.put("spellcheck", manager.getSpellCheckJsonValue()); } JSONResult results = jsonProcessor.getResult(json); if (s_logger.isDebugEnabled()) { s_logger.debug("Sent :" + url); s_logger.debug(" with: " + body.toString()); s_logger.debug("Got: " + results.getNumberFound() + " in " + results.getQueryTime() + " ms"); } return results; }
Example #16
Source File: UriUtils.java From zap-extensions with Apache License 2.0 | 6 votes |
/** * Returns a representation of the host name as used throughout ZAP. The representation contains * the scheme, the host and, if needed, the port. Method should be used to keep consistency * whenever displaying a node's hostname. * * <p>Example outputs: * * <ul> * <li><i>http://example.org</i> * <li><i>http://example.org:8080</i> * <li><i>https://example.org</i> * </ul> * * @throws URIException */ public static String getHostName(URI uri) throws URIException { StringBuilder host = new StringBuilder(); String scheme = uri.getScheme().toLowerCase(); host.append(scheme).append("://").append(uri.getHost()); int port = uri.getPort(); if ((port != -1) && ((port == 80 && !"http".equals(scheme)) || (port == 443 && !"https".equals(scheme)) || (port != 80 && port != 443))) { host.append(":").append(port); } return host.toString(); }
Example #17
Source File: InformationDisclosureReferrerScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void shouldRaiseAlertWhenSsnInReferer() throws HttpMalformedHeaderException, URIException { // Given String sensitiveParamName = "docid"; String sensitiveValue = "000-00-0000"; String testReferer = "http://example.org/?" + sensitiveParamName + "=" + sensitiveValue + "&hl=en"; HttpMessage msg = createHttpMessageWithRespBody(testReferer); // When scanHttpRequestSend(msg); // Then assertEquals(1, alertsRaised.size()); assertEquals(sensitiveValue, alertsRaised.get(0).getEvidence()); assertEquals( Constant.messages.getString( InformationDisclosureReferrerScanRule.MESSAGE_PREFIX + "otherinfo.ssn"), alertsRaised.get(0).getOtherInfo()); }
Example #18
Source File: CacheableScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 6 votes |
@Test public void shouldRaiseAlertStoreAndCacheableWhenStaleRetrieveAllowed() throws URIException, HttpMalformedHeaderException { // Given HttpMessage msg = createMessage(); msg.setResponseHeader( "HTTP/1.1 200 OK\r\n" + "Cache-Control: public\r\n" + "Expires: Wed, 02 Oct 2019 06:00:00 GMT\r\n" + "Date: Wed, 02 Oct 2019 07:00:00 GMT"); // When scanHttpResponseReceive(msg); // Then assertStoreAndCacheable(""); }
Example #19
Source File: CsrfCountermeasuresScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 6 votes |
@BeforeEach public void before() throws URIException { antiCsrfTokenNames = new ArrayList<>(); antiCsrfTokenNames.add("token"); antiCsrfTokenNames.add("csrfToken"); extensionAntiCSRFMock = mock(ExtensionAntiCSRF.class); Mockito.lenient() .when(extensionAntiCSRFMock.getAntiCsrfTokenNames()) .thenReturn(antiCsrfTokenNames); rule.setExtensionAntiCSRF(extensionAntiCSRFMock); rule.setCsrfIgnoreList(""); rule.setCSRFIgnoreAttName(""); rule.setCSRFIgnoreAttValue(""); HttpRequestHeader requestHeader = new HttpRequestHeader(); requestHeader.setURI(new URI("http://example.com", false)); msg = new HttpMessage(); msg.setRequestHeader(requestHeader); }
Example #20
Source File: InformationDisclosureReferrerScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 5 votes |
@Test public void shouldRaiseAlertWhenCreditCardInReferer() throws HttpMalformedHeaderException, URIException { // Given String sensitiveParamName = "docid"; String sensitiveValue = "6011000990139424"; String testReferer = "http://example.org/?" + sensitiveParamName + "=" + sensitiveValue + "&hl=en"; HttpMessage msg = createHttpMessageWithRespBody(testReferer); // When scanHttpRequestSend(msg); // Then assertEquals(1, alertsRaised.size()); assertEquals(sensitiveValue, alertsRaised.get(0).getEvidence()); assertEquals( Constant.messages.getString( InformationDisclosureReferrerScanRule.MESSAGE_PREFIX + "otherinfo.cc") + '\n' + "Bank Identification Number: 601100" + '\n' + "Brand: DISCOVER" + '\n' + "Category: PLATINUM" + '\n' + "Issuer: DISCOVER", alertsRaised.get(0).getOtherInfo()); }
Example #21
Source File: ImportFromAbstractDialog.java From zap-extensions with Apache License 2.0 | 5 votes |
/** @return the Schema Uri, might be {@code null} */ protected URI getSchemaUri() { try { return new URI(fieldFrom.getText(), true); } catch (URIException e) { showWarningDialog( Constant.messages.getString( MESSAGE_PREFIX + "url.invalid", fieldFrom.getText(), e.getMessage())); return null; } }
Example #22
Source File: CacheableScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 5 votes |
private HttpMessage createMessageBasicAuthorization() throws URIException { HttpRequestHeader requestHeader = new HttpRequestHeader(); requestHeader.setMethod("GET"); requestHeader.setURI(new URI("https://example.com/fred/", false)); requestHeader.addHeader(HttpHeader.AUTHORIZATION, "basic"); HttpMessage msg = new HttpMessage(); msg.setRequestHeader(requestHeader); return msg; }
Example #23
Source File: CsrfCountermeasuresScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 5 votes |
@Test public void shouldRaiseAlertWhenThresholdLowAndMessageOutOfScope() throws URIException { // Given rule.setCSRFIgnoreAttName("ignore"); HttpMessage msg = createScopedMessage(false); // When rule.setConfig(new ZapXmlConfiguration()); rule.setAlertThreshold(AlertThreshold.LOW); scanHttpResponseReceive(msg); // Then assertEquals(1, alertsRaised.size()); }
Example #24
Source File: SURTTokenizer.java From webarchive-commons with Apache License 2.0 | 5 votes |
/** * constructor * * @param url String URL * @throws URIException */ public SURTTokenizer(final String url) throws URIException { if(url.startsWith("(")) { remainder = url; } else { remainder = getKey(url,false); } }
Example #25
Source File: HttpEncodingTools.java From elasticsearch-hadoop with Apache License 2.0 | 5 votes |
/** * Splits the given string on the first '?' then encodes the first half as a path (ignoring slashes and colons) * and the second half as a query segment (ignoring questionmarks, equals signs, etc...). * * @deprecated Prefer to use {@link HttpEncodingTools#encode(String)} instead for encoding specific * pieces of the URI. This method does not escape certain reserved characters, like '/', ':', '=', and '?'. * As such, this is not safe to use on URIs that may contain these reserved characters in the wrong places. */ @Deprecated public static String encodeUri(String uri) { try { return URIUtil.encodePathQuery(uri); } catch (URIException ex) { throw new EsHadoopIllegalArgumentException("Cannot escape uri [" + uri + "]", ex); } }
Example #26
Source File: RetireUtil.java From zap-extensions with Apache License 2.0 | 5 votes |
public static String getFileName(URI uri) { try { return uri.getName(); } catch (URIException e) { LOGGER.warn("There was an error parsing the URI", e); } return null; }
Example #27
Source File: InsecureFormLoadScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 5 votes |
@Test public void shouldNotRaiseAlertIfFormActionIsInsecure() throws URIException { // Given HttpMessage msg = createMessage(); msg.setResponseBody( "<html><form name=\"someform\" action=\"http://example.com/processform\"></form</html>"); // When scanHttpResponseReceive(msg); // Then assertThat(alertsRaised.size(), equalTo(0)); }
Example #28
Source File: UsableURIFactoryTest.java From webarchive-commons with Apache License 2.0 | 5 votes |
public void testSchemelessRelative() throws URIException { UsableURI base = UsableURIFactory.getInstance("http://www.itsnicethat.com/articles/laura-hobson"); UsableURI test1 = UsableURIFactory.getInstance(base, "//www.facebook.com/plugins/like.php"); assertEquals("schemaless relative 1", "http://www.facebook.com/plugins/like.php", test1.toString()); // reported by Erin Staniland UsableURI test2 = UsableURIFactory.getInstance(base, "//www.facebook.com/plugins/like.php?href=http://www.itsnicethat.com/articles/laura-hobson"); assertEquals("schemeless relative 2", "http://www.facebook.com/plugins/like.php?href=http://www.itsnicethat.com/articles/laura-hobson", test2.toString()); }
Example #29
Source File: InsecureFormPostScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 5 votes |
@Test public void shouldRaiseAlertIfResponseFormIsInsecure() throws URIException { // Given HttpMessage msg = createMessage(); msg.setResponseBody( "<html><form name=\"someform\" action=\"http://example.com/processform\"></form</html>"); // When scanHttpResponseReceive(msg); // Then assertThat(alertsRaised.size(), equalTo(1)); }
Example #30
Source File: XBackendServerInformationLeakScanRuleUnitTest.java From zap-extensions with Apache License 2.0 | 5 votes |
private HttpMessage createMessage() throws URIException { HttpRequestHeader requestHeader = new HttpRequestHeader(); requestHeader.setURI(new URI("http://example.com", false)); HttpMessage msg = new HttpMessage(); msg.setRequestHeader(requestHeader); return msg; }