-
-
Notifications
You must be signed in to change notification settings - Fork 697
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#8721 having some trouble #5769
base: main
Are you sure you want to change the base?
Changes from all commits
7e0955c
78abab5
b5b53e2
e86d8e7
31a65ee
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -32,15 +32,15 @@ | |
import org.zaproxy.zap.utils.Stats; | ||
|
||
public class AttackThread extends Thread { | ||
|
||
public enum Progress { | ||
notstarted, | ||
started, | ||
spider, | ||
ajaxspider, | ||
ascan, | ||
failed, | ||
complete, | ||
failed, | ||
notstarted, | ||
paused, | ||
spider, | ||
started, | ||
stopped | ||
} | ||
|
||
|
@@ -49,8 +49,14 @@ public enum Progress { | |
private TraditionalSpider traditionalSpider; | ||
private PlugableSpider plugableSpider; | ||
private boolean stopAttack = false; | ||
private boolean useStdSpider; | ||
private boolean pauseAttack = false; | ||
private boolean resumeAttack = false; | ||
|
||
private boolean currentlyAttacking = false; | ||
|
||
|
||
private boolean useStdSpider; | ||
//! s | ||
private static final Logger LOGGER = LogManager.getLogger(AttackThread.class); | ||
|
||
private static final HttpRequestConfig REQ_CONFIG = | ||
|
@@ -74,9 +80,13 @@ public void setPlugableSpider(PlugableSpider plugableSpider) { | |
this.plugableSpider = plugableSpider; | ||
} | ||
|
||
// running causes everything to be started. As a result stopAttack and pauseAttack are to be set to false | ||
@Override | ||
public void run() { | ||
stopAttack = false; | ||
pauseAttack = false; | ||
currentlyAttacking = true; | ||
|
||
boolean completed = false; | ||
try { | ||
Stats.incCounter("stats.quickstart.attack"); | ||
|
@@ -89,11 +99,22 @@ public void run() { | |
// the problem | ||
return; | ||
} | ||
|
||
// what the heck am I supposed to do here? | ||
if (stopAttack) { | ||
LOGGER.debug("Attack stopped manually"); | ||
extension.notifyProgress(Progress.stopped); | ||
return; | ||
} | ||
|
||
if (pauseAttack) { | ||
LOGGER.debug("Attack paused manually"); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Use error and you will even see them in the output tab :) |
||
// extension.notifyProgress(Progress.paused); | ||
return; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. These pause checks outside the "wait loops" should wait instead of return (which would behave like stopping). |
||
} | ||
|
||
|
||
|
||
Target target = new Target(startNode); | ||
target.setRecurse(true); | ||
if (plugableSpider != null) { | ||
|
@@ -121,7 +142,15 @@ public void run() { | |
if (this.stopAttack) { | ||
spiderScan.stopScan(); | ||
break; | ||
} else if (this.pauseAttack) { | ||
spiderScan.pauseScan(); | ||
break; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Don't break here nor in the resume. |
||
} else if (this.resumeAttack) { | ||
LOGGER.debug("running resume scan"); | ||
spiderScan.resumeScan(); | ||
break; | ||
} | ||
|
||
extension.notifyProgress(Progress.spider, spiderScan.getProgress()); | ||
} | ||
} catch (InterruptedException e) { | ||
|
@@ -133,6 +162,13 @@ public void run() { | |
return; | ||
} | ||
|
||
if (pauseAttack) { | ||
LOGGER.debug("Attack paused manually jesse2"); | ||
// extension.notifyProgress(Progress.paused); | ||
return; | ||
} | ||
|
||
|
||
// Pause after the spider seems to help | ||
sleep(2000); | ||
} | ||
|
@@ -143,6 +179,12 @@ public void run() { | |
return; | ||
} | ||
|
||
if (pauseAttack) { | ||
LOGGER.debug("Attack paused manually jesse3"); | ||
// extension.notifyProgress(Progress.paused); | ||
return; | ||
} | ||
|
||
// optionally invoke ajax spider here | ||
if (plugableSpider != null && plugableSpider.isSelected()) { | ||
plugableSpider.startScan(this.url.toURI()); | ||
|
@@ -195,6 +237,10 @@ public void run() { | |
sleep(500); | ||
if (this.stopAttack) { | ||
extAscan.stopScan(scanId); | ||
} else if (this.pauseAttack) { | ||
extAscan.pauseScan(scanId); | ||
} else if (this.resumeAttack) { | ||
extAscan.resumeScan(scanId); | ||
} | ||
extension.notifyProgress(Progress.ascan, ascan.getProgress()); | ||
} | ||
|
@@ -215,6 +261,9 @@ public void run() { | |
} else if (stopAttack) { | ||
LOGGER.debug("Attack stopped manually"); | ||
extension.notifyProgress(Progress.stopped); | ||
} else if (pauseAttack) { | ||
LOGGER.debug("Attack paused manually Jesse5"); | ||
// extension.notifyProgress(Progress.paused); | ||
} else { | ||
LOGGER.debug("Attack completed"); | ||
extension.notifyProgress(Progress.complete); | ||
|
@@ -225,4 +274,23 @@ public void run() { | |
public void stopAttack() { | ||
this.stopAttack = true; | ||
} | ||
|
||
public void togglePauseAttack() { | ||
LOGGER.debug("paused inside the toggle"); | ||
|
||
this.pauseAttack = true; | ||
this.resumeAttack = false; | ||
// this.currentlyAttacking = true; | ||
} | ||
|
||
public boolean returnPauseState() { | ||
return this.pauseAttack; | ||
// this.currentlyAttacking = true; | ||
} | ||
|
||
public void resumeAttack() { | ||
LOGGER.debug("we are changing the variables inside"); | ||
this.pauseAttack = false; | ||
// this.resumeAttack = true; | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -40,6 +40,11 @@ public interface Scan { | |
|
||
void stopScan(); | ||
|
||
void pauseScan(); | ||
|
||
void resumeScan(); | ||
|
||
|
||
int getProgress(); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do you have two variables for this? Either it's paused or not. Trying to keep track of 4 possible values is just a headache
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was trying to find a good trigger for unpausing and I wasn't sure how to best have it trigger. Right now there is a check to see if it is stopped which triggers the stopscan feature and I needed things for pause and resume scan. The issue though was if I just check if pauseAttack is false, I risk causing trouble in the code where it will try to resume scan.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn’t paused false be the same as resumed true?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, starting out, both are false. This means it is just starting. But once the pause button is pressed, pause is true and resume is false and ideally pausing happens. Then, when resume happens, pause is false but resume is true which ideally should cause the app to resume instead of using start.