Package org.parosproxy.paros.core.scanner

Examples of org.parosproxy.paros.core.scanner.Alert

65
66
67
68
69
70
71
72
73
74
75
76
77
      }
    }
  }
 
  private void raiseAlert(HttpMessage msg, int id, String cookie) {
      Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
          "Cookie set without HttpOnly flag");
          alert.setDetail(
            "A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. " +
            "If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. " +
            "If this is a session cookie then session hijacking may be possible.",
            msg.getRequestHeader().getURI().toString(),
            cookie, "", "",
View Full Code Here
60
61
62
63
64
65
66
67
68
69
70
71
72
      }
    }
  }
   
  private void raiseAlert(HttpMessage msg, int id, String xContentTypeOption) {
    Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
          getName());
          alert.setDetail(
            getDescription(), // Desc
              msg.getRequestHeader().getURI().toString(), // URL
              xContentTypeOption,
              "", // Attack
              getOtherInfo(), // OtherInfo
View Full Code Here
114
115
116
117
118
119
120
121
122
123
124
125
    int risk = Alert.RISK_LOW;
    if (incScript) {
      name = "Secure page includes mixed content, including scripts";
      risk = Alert.RISK_MEDIUM;
    }
      Alert alert = new Alert(getPluginId(), risk, Alert.WARNING, name);
      alert.setDetail(
          "The page includes mixed content, ie content accessed via http instead of https.",
          msg.getRequestHeader().getURI().toString(),
          "", first, all,
          "A page that is available over TLS must be comprised completely of content which is transmitted over TLS. \n" +
          "The page must not contain any content that is transmitted over unencrypted HTTP.\n" +
View Full Code Here
54
55
56
57
58
59
60
61
62
63
64
65
66
      }
    }
  }

  private void raiseAlert(HttpMessage msg, int id, String crossDomainScript) {
    Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
          getName());
          alert.setDetail(
              "The page at the following URL includes one or more script files from a third-party domain",
              msg.getRequestHeader().getURI().toString(),
              crossDomainScript,
              "",
              "",
View Full Code Here
70
71
72
73
74
75
76
77
78
79
80
81
82
      }
    }
  }
 
  private void raiseAlert(HttpMessage msg, int id, String cookie) {
      Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
          "Cookie set without secure flag");
          alert.setDetail(
              "A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.",
              msg.getRequestHeader().getURI().toString(),
              cookie, "", "",
              "Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted tunnel. " +
                            "Ensure that the secure flag is set for cookies containing such sensitive information.",
View Full Code Here
185
186
187
188
189
190
191
192
193
194
195
196
                //getKb().add("sessionId/name", sessionIdName);

                // Raise an alert according to Passive Scan Rule model
                // description, uri, param, attack, otherInfo,
                // solution, reference, evidence, cweId, wascId, msg
                Alert alert = new Alert(getPluginId(), getRisk(), Alert.WARNING, getName());
                alert.setDetail(
                        getDescription(),
                        uri,
                        sessionIdName,
                        sessionIdValue,
                        "",
View Full Code Here
278
279
280
281
282
283
284
285
286
287
288
289
                if (host.compareToIgnoreCase(linkHostName) != 0) {

                    // Raise an alert according to Passive Scan Rule model
                    // description, uri, param, attack, otherInfo,
                    // solution, reference, evidence, cweId, wascId, msg
                    Alert alert = new Alert(getPluginId(), risk, Alert.WARNING, getRefererAlert());
                    alert.setDetail(
                            getRefererDescription(),
                            msg.getRequestHeader().getURI().getURI(),
                            "N/A",
                            linkHostName,
                            "",
View Full Code Here
55
56
57
58
59
60
61
62
63
64
65
66
67
    String issue = "Content-Type header empty";
    if (isContentTypeMissing){
      issue = "Content-Type header missing";
    }
   
    Alert alert = new Alert(getPluginId(), Alert.RISK_LOW, Alert.WARNING,
          getName());
          alert.setDetail(
            issue,
              msg.getRequestHeader().getURI().toString(),
              contentType,
              "",
              "",
View Full Code Here
110
111
112
113
114
115
116
117
118
119
120
121
122
            }
            sbTxtFound.append(matcher.group()).append("\n");
        }

        if (sbTxtFound.length() != 0) {
            Alert alert = new Alert(getPluginId(), this.getRisk(), Alert.WARNING, this.getName());

            alert.setDetail(
                    this.getDescription(),
                    msg.getRequestHeader().getURI().toString(),
                    "",
                    firstOne,
                    sbTxtFound.toString(),
View Full Code Here
155
156
157
158
159
160
161
162
163
164
165
166
167
        return false;
    }

  @Override
  public Alert getAlert(HttpMessage msg) {
      Alert alert = new Alert(10000, Alert.RISK_MEDIUM, Alert.WARNING,
          "Password Autocomplete in browser");
      alert.setDetail(
        "AUTOCOMPLETE attribute is not disabled in HTML FORM/INPUT element containing password type input.  Passwords may be stored in browsers and retrieved.",
        msg.getRequestHeader().getURI().toString(),
        "param", "otherInfo",
        "Turn off AUTOCOMPLETE attribute in form or individual input elements containing password by using AUTOCOMPLETE='OFF'",
            "http://msdn.microsoft.com/library/default.asp?url=/workshop/author/forms/autocomplete_ovr.asp",
View Full Code Here
TOP

Related Classes of org.parosproxy.paros.core.scanner.Alert

  • org.parosproxy.paros.extension.report.ReportLastScan
  • org.parosproxy.paros.extension.scanner.AlertPanel
  • org.parosproxy.paros.extension.scanner.AlertTreeModel
  • org.parosproxy.paros.extension.scanner.AlertViewPanel
  • org.parosproxy.paros.extension.scanner.ExtensionScanner
  • org.parosproxy.paros.extension.scanner.PopupMenuAlertEdit
  • org.parosproxy.paros.extension.scanner.PopupMenuResend
  • org.parosproxy.paros.model.HistoryReference
  • org.zaproxy.zap.extension.history.AlertAddDialog
  • org.zaproxy.zap.extension.pscan.ProxyListenerPassiveScan
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.