Java Code Examples for org.apache.commons.httpclient.URI#getAuthority()
The following examples show how to use
org.apache.commons.httpclient.URI#getAuthority() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SourceCodeDisclosureWEBINF.java From zap-extensions with Apache License 2.0 | 5 votes |
|
/**
* gets a candidate URI for a given class path.
*
* @param classname
* @return
* @throws URIException
*/
private URI getClassURI(URI hostURI, String classname) throws URIException {
return new URI(
hostURI.getScheme()
+ "://"
+ hostURI.getAuthority()
+ "/WEB-INF/classes/"
+ classname.replaceAll("\\.", "/")
+ ".class",
false);
}
Example 2
| Source File: SourceCodeDisclosureWEBINF.java From zap-extensions with Apache License 2.0 | 5 votes |
|
private URI getPropsFileURI(URI hostURI, String propsfilename) throws URIException {
return new URI(
hostURI.getScheme()
+ "://"
+ hostURI.getAuthority()
+ "/WEB-INF/classes/"
+ propsfilename,
false);
}
Example 3
| Source File: ExtensionWappalyzer.java From zap-extensions with Apache License 2.0 | 5 votes |
|
static String normalizeSite(URI uri) {
String lead = uri.getScheme() + "://";
try {
return lead + uri.getAuthority();
} catch (URIException e) {
if (logger.isDebugEnabled()) {
logger.debug("Unable to get authority from: " + uri.toString(), e);
}
// Shouldn't happen, but sure fallback
return ScanPanel.cleanSiteName(uri.toString(), true);
}
}
Example 4
| Source File: CrossDomainScanner.java From zap-extensions with Apache License 2.0 | 4 votes |
|
private void scanSilverlightCrossdomainPolicyFile(URI originalURI)
throws IOException, XPathExpressionException {
// retrieve the Silverlight client access policy file, and assess it.
HttpMessage clientaccesspolicymessage =
new HttpMessage(
new URI(
originalURI.getScheme(),
originalURI.getAuthority(),
"/" + SILVERLIGHT_CROSS_DOMAIN_POLICY_FILE,
null,
null));
sendAndReceive(clientaccesspolicymessage, false);
if (clientaccesspolicymessage.getResponseBody().length() == 0) {
return;
}
byte[] clientaccesspolicymessagebytes =
clientaccesspolicymessage.getResponseBody().getBytes();
// parse the file. If it's not parseable, it might have been because of a 404
try {
// work around the "no protocol" issue by wrapping the content in a ByteArrayInputStream
Document silverlightXmldoc =
docBuilder.parse(
new InputSource(
new ByteArrayInputStream(clientaccesspolicymessagebytes)));
XPathExpression exprAllowFromUri =
xpath.compile(
"/access-policy/cross-domain-access/policy/allow-from/domain/@uri"); // gets the uri attributes
// check the "allow-from" policies
NodeList exprAllowFromUriNodes =
(NodeList) exprAllowFromUri.evaluate(silverlightXmldoc, XPathConstants.NODESET);
for (int i = 0; i < exprAllowFromUriNodes.getLength(); i++) {
String uri = exprAllowFromUriNodes.item(i).getNodeValue();
if (uri.equals("*")) {
// tut, tut, tut.
if (log.isDebugEnabled())
log.debug(
"Bingo! "
+ SILVERLIGHT_CROSS_DOMAIN_POLICY_FILE
+ ", at /access-policy/cross-domain-access/policy/allow-from/domain/@uri");
newAlert()
.setConfidence(Alert.CONFIDENCE_MEDIUM)
.setName(
Constant.messages.getString(
MESSAGE_PREFIX_SILVERLIGHT + "name"))
.setDescription(
Constant.messages.getString(
MESSAGE_PREFIX_SILVERLIGHT + "desc"))
.setOtherInfo(
Constant.messages.getString(
MESSAGE_PREFIX_SILVERLIGHT + "extrainfo"))
.setSolution(
Constant.messages.getString(
MESSAGE_PREFIX_SILVERLIGHT + "soln"))
.setEvidence("<domain uri=\"*\"")
.setMessage(clientaccesspolicymessage)
.raise();
}
}
} catch (SAXException | IOException e) {
// Could well be a 404 or equivalent
log.debug(
"An error occurred trying to parse "
+ SILVERLIGHT_CROSS_DOMAIN_POLICY_FILE
+ " as XML: "
+ e);
}
}
Example 5
| Source File: PopupMenuCallGraph.java From zap-extensions with Apache License 2.0 | 4 votes |
|
@Override
public void performAction(HttpMessage httpMessage) {
// get the URI of the message
String uri = null;
String sitePattern = ".*";
String title = null;
if (httpMessage != null) {
try {
uri = httpMessage.getRequestHeader().getURI().getURI();
} catch (Exception e1) {
log.debug("The URI is not valid");
}
}
switch (nodeType) {
case ALL_SITES:
log.debug("Doing stuff for the entire site, given message: " + uri);
sitePattern = ".*";
title = POPUP_MENU_ALL_SITES;
break;
case ONE_SITE:
log.debug("Doing stuff for the subtree, given message: " + uri);
// parse out the scheme and authority, which is what we will use to filter
// requests for a single site.
try {
// sitePattern = httpMessage.getRequestHeader().getURI().getAboveHierPath()
// + "/.*";
URI x = httpMessage.getRequestHeader().getURI();
sitePattern = x.getScheme() + "://" + x.getAuthority() + "/.*";
title = sitePattern;
} catch (URIException e) {
sitePattern = "";
title = Constant.messages.getString("callgraph.title.unknownsite");
log.error("The URL is invalid");
}
break;
}
// now create the frame and display it.
if (log.isDebugEnabled())
log.debug("Creating regular expression based on ^" + sitePattern + "$");
Pattern urlPattern = Pattern.compile("^" + sitePattern + "$", Pattern.CASE_INSENSITIVE);
CallGraphFrame dialog = getCallGraphFrame(title, urlPattern);
dialog.setVisible(true);
}
