Logo Search packages:      
Sourcecode: paros version File versions  Download package

org::parosproxy::paros::core::scanner::plugin::TestInfoSessionIdURL Class Reference

Inheritance diagram for org::parosproxy::paros::core::scanner::plugin::TestInfoSessionIdURL:

org::parosproxy::paros::core::scanner::AbstractAppPlugin org::parosproxy::paros::core::scanner::AbstractPlugin org::parosproxy::paros::core::scanner::Plugin

List of all members.

Detailed Description

To change the template for this generated type comment go to Window - Preferences - Java - Code Generation - Code and Comments

Definition at line 38 of file TestInfoSessionIdURL.java.

Public Member Functions

int compareTo (Object obj)
void createParamIfNotExist ()
boolean equals (Object obj)
int getCategory ()
String getCodeName ()
Configuration getConfig ()
String[] getDependency ()
String getDescription ()
int getId ()
String getName ()
String getProperty (String key)
String getReference ()
String getSolution ()
void init (HttpMessage msg, HostProcess parent)
void init ()
boolean isEnabled ()
boolean isVisible ()
void notifyPluginCompleted (HostProcess parent)
void run ()
void scan ()
void setConfig (Configuration config)
void setEnabled (boolean enabled)
void setProperty (String key, String value)

Static Public Member Functions

static String getHTMLEncode (String msg)
static String getURLDecode (String msg)
static String getURLEncode (String msg)

Protected Member Functions

void bingo (int risk, int reliability, String name, String description, String uri, String param, String otherInfo, String solution, HttpMessage msg)
void bingo (int risk, int reliability, String uri, String param, String otherInfo, HttpMessage msg)
HttpMessage getBaseMsg ()
Kb getKb ()
Log getLog ()
HttpMessage getNewMsg ()
HostProcess getParent ()
boolean isFileExist (HttpMessage msg)
boolean isStop ()
boolean matchBodyPattern (HttpMessage msg, Pattern pattern, StringBuffer sb)
boolean matchHeaderPattern (HttpMessage msg, String header, Pattern pattern)
void sendAndReceive (HttpMessage msg, boolean isFollowRedirect) throws HttpException, IOException
void sendAndReceive (HttpMessage msg) throws HttpException, IOException
String stripOff (String body, String pattern)
void writeProgress (String msg)

Static Protected Attributes

static final String CRLF = "\r\n"
static final int PATTERN_PARAM = Pattern.CASE_INSENSITIVE | Pattern.MULTILINE

Private Member Functions

void checkSessionIDExposure (HttpMessage msg) throws URIException

Static Private Attributes

static final String alertReferer = "Referer expose session ID"
static final String descReferer = "Hyperlink to other host name is found. As session ID URL rewrite is used, it may be disclosed in referer header to external host."
static final String paramHostHttp = "http://([\\w\\.\\-_]+)"
static final String paramHostHttps = "https://([\\w\\.\\-_]+)"
static final String solutionReferer = "This is a risk if the session ID is sensitive and the hyperlink refer to an external host. For secure content, put session ID in secured session cookie."
static final Pattern[] staticLinkCheck
static Pattern staticSessionIDApache = Pattern.compile("(SESSIONID)=\\w+", PATTERN_PARAM)
static Pattern staticSessionIDASP = Pattern.compile("(ASPSESSIONID)=\\w+", PATTERN_PARAM)
static Pattern staticSessionIDColdFusion = Pattern.compile("(CFTOKEN)=\\w+", PATTERN_PARAM)
static Pattern staticSessionIDJava = Pattern.compile("(JSESSIONID)=\\w+", PATTERN_PARAM)
static Pattern staticSessionIDJW = Pattern.compile("(JWSESSIONID)=\\w+", PATTERN_PARAM)
static Pattern[] staticSessionIDList
static Pattern staticSessionIDPHP1 = Pattern.compile("(PHPSESSION)=\\w+", PATTERN_PARAM)
static Pattern staticSessionIDPHP2 = Pattern.compile("(PHPSESSID)=\\w+", PATTERN_PARAM)
static Pattern staticSessionIDWebLogic = Pattern.compile("(WebLogicSession)=\\w+", PATTERN_PARAM)

The documentation for this class was generated from the following file:

Generated by  Doxygen 1.6.0   Back to index