StructuralNodeModifier.java

/*
 * Zed Attack Proxy (ZAP) and its related class files.
 * 
 * ZAP is an HTTP/HTTPS proxy for assessing web application security.
 * 
 * Copyright The ZAP Development Team
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); 
 * you may not use this file except in compliance with the License. 
 * You may obtain a copy of the License at 
 * 
 *   http://www.apache.org/licenses/LICENSE-2.0 
 *   
 * Unless required by applicable law or agreed to in writing, software 
 * distributed under the License is distributed on an "AS IS" BASIS, 
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
 * See the License for the specific language governing permissions and 
 * limitations under the License. 
 */
package org.zaproxy.zap.model;

import java.util.regex.Pattern;

import net.sf.json.JSONObject;

import org.zaproxy.zap.utils.Enableable;
/**
 * Represents a rule for modifying the structure of an app as it is represented in the Sites tree
 * 
 * Data driven nodes are nodes that represent URL path elements that come from a database
 * For example with http://www.example.com/a/b/c we normally assume that 'a', 'b' and 'c' are part of the 
 * structure of the application. However if 'b' is actually a value retrieved from a db then we should treat 
 * all such nodes as the same, so:
 * 	http://www.example.com/a/b/c
 * 	http://www.example.com/a/ddd/c
 * 	http://www.example.com/a/eee/c
 * are the same as far as the application structure is concerned - theres no point attacking all 3 as the same code
 * will be behind them.
 * 
 * Structural parameters are parameters (as opposed to URL path elements) that actually define part of the
 * structure of an app. These are most commonly found in 'single page apps' where:
 * 	http://www.example.com/a/b?page=c
 * 	http://www.example.com/a/b?page=d
 * 	http://www.example.com/a/b?page=e
 * all represent different pages with different functionality.
 * In this case the 'page' parameter should be treated as being 'structural' rather than data
 * 
 * @author simon
 * @since 2.4.3
 */
public class StructuralNodeModifier extends Enableable implements Cloneable {
	public enum Type {DataDrivenNode, StructuralParameter}
	
	private static final String CONFIG_NAME = "name";
	private static final String CONFIG_TYPE = "type";
	private static final String CONFIG_PATTERN = "pattern";

	private Type type;
	private Pattern pattern;
	private String name;
	
	public StructuralNodeModifier(Type type, Pattern pattern, String name) {
		super();
		this.type = type;
		this.pattern = pattern;
		this.name = name;
	}

	public StructuralNodeModifier(String config) {
		super();
		JSONObject json = JSONObject.fromObject(config);
		this.name = json.getString(CONFIG_NAME);
		this.type = Type.valueOf(json.getString(CONFIG_TYPE));
		if (json.containsKey(CONFIG_TYPE)) {
			pattern = Pattern.compile(json.getString(CONFIG_PATTERN));
		}
	}

	public Type getType() {
		return type;
	}

	public Pattern getPattern() {
		return pattern;
	}
	public void setPattern(Pattern pattern) {
		this.pattern = pattern;
	}
	public String getName() {
		return name;
	}
	public void setName(String name) {
		this.name = name;
	}
	@Override
	public StructuralNodeModifier clone() {
		return new StructuralNodeModifier(type, Pattern.compile(pattern.toString()), name);
	}

	public String getConfig() {
		JSONObject json = new JSONObject();
		json.put(CONFIG_TYPE, this.getType().name());
		json.put(CONFIG_NAME, this.getName());
		if (getPattern() != null) {
			json.put(CONFIG_PATTERN, this.getPattern().pattern());
		}
		return json.toString();
	}
	
}