MCPcopy Index your code
hub / github.com/API-Security/APIKit / doPassiveScan

Method doPassiveScan

src/main/java/burp/PassiveScanner.java:31–47  ·  view source on GitHub ↗
(IHttpRequestResponse httpRequestResponse)

Source from the content-addressed store, hash-verified

29 }
30
31 @Override
32 public List<IScanIssue> doPassiveScan(IHttpRequestResponse httpRequestResponse) {
33 URL httpRequestURL = BurpExtender.getHelpers().analyzeRequest(httpRequestResponse).getUrl();
34 String requestUrl = CommonUtils.getUrlWithoutFilename(httpRequestURL);
35
36 // 目前检测的查重是将 http://user:pass@host:port/deep/path/filename?query#fragment
37 // 归一化为 http://host:port/deep/path 后检测是否扫描过, 如果未来有对 query 有相关检测需求, 可以在修改 Common.getUrlWithoutFilename
38
39 if (this.scanedUrl.get(requestUrl) <= 0) {
40 this.scanedUrl.add(requestUrl);
41 } else {
42 return null; // 检测到重复, 直接返回
43 }
44
45 ArrayList<ApiType> apiTypes = this.apiScanner.detect(httpRequestResponse, true);
46 return this.parseApiDocument(apiTypes);
47 }
48
49 public List<IScanIssue> parseApiDocument(ArrayList<ApiType> apiTypes) {
50 List<IScanIssue> issues = new ArrayList<>();

Callers

nothing calls this directly

Calls 7

getHelpersMethod · 0.95
getUrlWithoutFilenameMethod · 0.95
parseApiDocumentMethod · 0.95
getMethod · 0.80
detectMethod · 0.80
getUrlMethod · 0.45
addMethod · 0.45

Tested by

no test coverage detected