From 333e3049aaebe09d55e7d1e76602f4a9af5b30ea Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Tue, 17 Oct 2023 12:53:52 +0530 Subject: [PATCH 01/10] Update ServiceUtil.java --- src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index a0acb838..7d5211a5 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -143,7 +143,10 @@ public static boolean isValidUrl(String url, IAuthenticationProvider provider, P body.put(URL, url); HttpClient client = new HttpClient(proxy); - HttpResponse response = client.post(request_url, provider.getAuthorizationHeader(false), body.toString()); + Map requestHeaders= provider.getAuthorizationHeader(false); + requestHeaders.put("accept", "application/json"); + requestHeaders.put("Content-Type", "application/json"); + HttpResponse response = client.post(request_url, requestHeaders, body.toString()); if (response.isSuccess()) { JSONArtifact responseContent = response.getResponseBodyAsJSON(); From b662a41e22d895c9abab57bd759adbe0a2569410 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Thu, 19 Oct 2023 23:24:04 +0530 Subject: [PATCH 02/10] Update ServiceUtil.java --- src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index 7d5211a5..02ff0ead 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -144,7 +144,6 @@ public static boolean isValidUrl(String url, IAuthenticationProvider provider, P HttpClient client = new HttpClient(proxy); Map requestHeaders= provider.getAuthorizationHeader(false); - requestHeaders.put("accept", "application/json"); requestHeaders.put("Content-Type", "application/json"); HttpResponse response = client.post(request_url, requestHeaders, body.toString()); From 7da9c72bf4b128d5d47d873e12fb08186c468b8f Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Tue, 7 Nov 2023 23:48:35 +0530 Subject: [PATCH 03/10] Update ServiceUtil.java --- src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index 02ff0ead..6fc940ab 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -143,8 +143,8 @@ public static boolean isValidUrl(String url, IAuthenticationProvider provider, P body.put(URL, url); HttpClient client = new HttpClient(proxy); - Map requestHeaders= provider.getAuthorizationHeader(false); - requestHeaders.put("Content-Type", "application/json"); + Map requestHeaders= provider.getAuthorizationHeader(false); + requestHeaders.put("Content-Type", "application/json"); HttpResponse response = client.post(request_url, requestHeaders, body.toString()); if (response.isSuccess()) { From 1ffa948631a0edd31b91823ce6f16cedb11b8fa0 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Wed, 8 Nov 2023 12:50:24 +0530 Subject: [PATCH 04/10] ASA-2762 --- src/main/java/com/hcl/appscan/sdk/CoreConstants.java | 3 ++- src/main/java/com/hcl/appscan/sdk/messages.properties | 1 + .../java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java | 6 ++++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index f78f4462..a99bd617 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -126,7 +126,8 @@ public interface CoreConstants { String ERROR_SUBMITTING_SCAN = "error.submit.scan"; //$NON-NLS-1$ String ERROR_UPLOADING_FILE = "error.upload.file"; //$NON-NLS-1$ String ERROR_GETTING_INFO = "error.getting.info"; //$NON-NLS-1$ - String FORMAT_PARAMS = "FormatParams"; //$NON-NLS-1$ + String ERROR_URL_VALIDATION = "error.url.validation"; //$NON-NLS-1$ + String FORMAT_PARAMS = "FormatParams"; //$NON-NLS-1$ // ASE Status Messages String CREATING_JOB = "message.creating.job"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/messages.properties b/src/main/java/com/hcl/appscan/sdk/messages.properties index 248f0eea..a637bbce 100644 --- a/src/main/java/com/hcl/appscan/sdk/messages.properties +++ b/src/main/java/com/hcl/appscan/sdk/messages.properties @@ -50,6 +50,7 @@ error.dom.state=Bad DOM state. error.http=Response Code: {0}\nReason: {1} error.login.type.deprectated=The specified login type is deprecated. Please use API key and secret. error.getting.info=An error occurred getting information for {0} with id {1}. +error.url.validation = An error occurred while validating the URL. #Presence error.getting.presence.details=An error occurred retrieving details for Presence with id {0}. diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java index 393d19ea..aabf0726 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java @@ -10,6 +10,7 @@ import java.io.IOException; import java.util.Map; +import com.hcl.appscan.sdk.CoreConstants; import com.hcl.appscan.sdk.Messages; import com.hcl.appscan.sdk.error.InvalidTargetException; import com.hcl.appscan.sdk.error.ScannerException; @@ -17,6 +18,7 @@ import com.hcl.appscan.sdk.logging.IProgress; import com.hcl.appscan.sdk.scan.IScanServiceProvider; import com.hcl.appscan.sdk.scanners.ASoCScan; +import com.hcl.appscan.sdk.utils.ServiceUtil; public class DASTScan extends ASoCScan implements DASTConstants { @@ -42,6 +44,10 @@ public void run() throws ScannerException, InvalidTargetException { Map params = getProperties(); params.put(STARTING_URL, target); + if(!ServiceUtil.isValidUrl(params.get(STARTING_URL),getServiceProvider().getAuthenticationProvider())) { + throw new ScannerException(Messages.getMessage(CoreConstants.ERROR_URL_VALIDATION)); + } + String scanLoginType = null; if (params.get(LOGIN_TYPE) != null) { scanLoginType = params.get(LOGIN_TYPE); From 29e3bbd783c4a0a324eb1733fb5dc2c1facd640f Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 8 Nov 2023 12:57:38 +0530 Subject: [PATCH 05/10] Update DASTScan.java --- .../java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java index aabf0726..2ae76361 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java @@ -44,9 +44,9 @@ public void run() throws ScannerException, InvalidTargetException { Map params = getProperties(); params.put(STARTING_URL, target); - if(!ServiceUtil.isValidUrl(params.get(STARTING_URL),getServiceProvider().getAuthenticationProvider())) { - throw new ScannerException(Messages.getMessage(CoreConstants.ERROR_URL_VALIDATION)); - } + if(!ServiceUtil.isValidUrl(params.get(STARTING_URL),getServiceProvider().getAuthenticationProvider())) { + throw new ScannerException(Messages.getMessage(CoreConstants.ERROR_URL_VALIDATION)); + } String scanLoginType = null; if (params.get(LOGIN_TYPE) != null) { From ed2d60a22b7c4492a265a4343c61f0c7d76b2c9d Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Wed, 15 Nov 2023 15:57:32 +0530 Subject: [PATCH 06/10] handled the presence case --- .../com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java | 1 + .../java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java index d797ccd9..8f048d6a 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java @@ -13,6 +13,7 @@ public interface DASTConstants { String DYNAMIC_ANALYZER_WITH_FILE = "DynamicAnalyzerWithFile"; //$NON-NLS-1$ String SCAN_FILE = "ScanFile"; //$NON-NLS-1$ String SCAN_FILE_ID = "ScanFileId"; //$NON-NLS-1$ + String PRESENCE_ID = "PresenceId"; //$NON-NLS-1$ String STARTING_URL = "StartingUrl"; //$NON-NLS-1$ String TRAFFIC_FILE = "trafficFile"; String TRAFFIC_FILE_ID = "LoginSequenceFileId"; diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java index 2ae76361..c451a976 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java @@ -12,6 +12,7 @@ import com.hcl.appscan.sdk.CoreConstants; import com.hcl.appscan.sdk.Messages; +import com.hcl.appscan.sdk.auth.IAuthenticationProvider; import com.hcl.appscan.sdk.error.InvalidTargetException; import com.hcl.appscan.sdk.error.ScannerException; import com.hcl.appscan.sdk.logging.DefaultProgress; @@ -44,7 +45,8 @@ public void run() throws ScannerException, InvalidTargetException { Map params = getProperties(); params.put(STARTING_URL, target); - if(!ServiceUtil.isValidUrl(params.get(STARTING_URL),getServiceProvider().getAuthenticationProvider())) { + IAuthenticationProvider authProvider = getServiceProvider().getAuthenticationProvider(); + if(params.get(PRESENCE_ID).equals("") && !ServiceUtil.isValidUrl(params.get(STARTING_URL), authProvider, authProvider.getProxy())) { throw new ScannerException(Messages.getMessage(CoreConstants.ERROR_URL_VALIDATION)); } From 637c72912a405707c4d570970747f9c1c6e7b1a8 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Wed, 15 Nov 2023 15:59:10 +0530 Subject: [PATCH 07/10] Update DASTConstants.java --- .../com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java index 8f048d6a..70383b5b 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java @@ -13,7 +13,7 @@ public interface DASTConstants { String DYNAMIC_ANALYZER_WITH_FILE = "DynamicAnalyzerWithFile"; //$NON-NLS-1$ String SCAN_FILE = "ScanFile"; //$NON-NLS-1$ String SCAN_FILE_ID = "ScanFileId"; //$NON-NLS-1$ - String PRESENCE_ID = "PresenceId"; //$NON-NLS-1$ + String PRESENCE_ID = "PresenceId"; //$NON-NLS-1$ String STARTING_URL = "StartingUrl"; //$NON-NLS-1$ String TRAFFIC_FILE = "trafficFile"; String TRAFFIC_FILE_ID = "LoginSequenceFileId"; From b7ec663d82e856ff4391ee91dede8125bf78c7c0 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Wed, 15 Nov 2023 16:00:46 +0530 Subject: [PATCH 08/10] indentation issue --- .../java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java index c451a976..bfad9c64 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java @@ -46,9 +46,9 @@ public void run() throws ScannerException, InvalidTargetException { params.put(STARTING_URL, target); IAuthenticationProvider authProvider = getServiceProvider().getAuthenticationProvider(); - if(params.get(PRESENCE_ID).equals("") && !ServiceUtil.isValidUrl(params.get(STARTING_URL), authProvider, authProvider.getProxy())) { - throw new ScannerException(Messages.getMessage(CoreConstants.ERROR_URL_VALIDATION)); - } + if(params.get(PRESENCE_ID).equals("") && !ServiceUtil.isValidUrl(params.get(STARTING_URL), authProvider, authProvider.getProxy())) { + throw new ScannerException(Messages.getMessage(CoreConstants.ERROR_URL_VALIDATION)); + } String scanLoginType = null; if (params.get(LOGIN_TYPE) != null) { From 4512b127e25ff5232b3611d97a946646270d3c49 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 15 Nov 2023 16:10:45 +0530 Subject: [PATCH 09/10] Update DASTScan.java --- .../java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java index 43f41888..804d9843 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java @@ -45,8 +45,8 @@ public void run() throws ScannerException, InvalidTargetException { Map params = getProperties(); params.put(STARTING_URL, target); - IAuthenticationProvider authProvider = getServiceProvider().getAuthenticationProvider(); - if(params.get(PRESENCE_ID).equals("") && !ServiceUtil.isValidUrl(params.get(STARTING_URL), authProvider, authProvider.getProxy())) { + IAuthenticationProvider authProvider = getServiceProvider().getAuthenticationProvider(); + if(params.get(PRESENCE_ID).equals("") && !ServiceUtil.isValidUrl(params.get(STARTING_URL), authProvider, authProvider.getProxy())) { throw new ScannerException(Messages.getMessage(CoreConstants.ERROR_URL_VALIDATION)); } From 09e70856fd3b746b948daecc2d7031f7952eac7e Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Wed, 15 Nov 2023 16:51:17 +0530 Subject: [PATCH 10/10] Update DASTScan.java --- .../java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java index 804d9843..da3a46e1 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java @@ -46,7 +46,7 @@ public void run() throws ScannerException, InvalidTargetException { params.put(STARTING_URL, target); IAuthenticationProvider authProvider = getServiceProvider().getAuthenticationProvider(); - if(params.get(PRESENCE_ID).equals("") && !ServiceUtil.isValidUrl(params.get(STARTING_URL), authProvider, authProvider.getProxy())) { + if(params.get(PRESENCE_ID).isEmpty() && !ServiceUtil.isValidUrl(params.get(STARTING_URL), authProvider, authProvider.getProxy())) { throw new ScannerException(Messages.getMessage(CoreConstants.ERROR_URL_VALIDATION)); }