Skip to content

Commit ebc1e7a

Browse files
authored
Merge pull request #12 from psiinon/2.6.0
Updated for the new 2.6.0 api calls (all generated)
2 parents 7595ee3 + f0a93a7 commit ebc1e7a

File tree

10 files changed

+468
-69
lines changed

10 files changed

+468
-69
lines changed

src/zapv2/acsrf.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,25 +27,25 @@ def __init__(self, zap):
2727
@property
2828
def option_tokens_names(self):
2929
"""
30-
Lists the names of all anti CSRF tokens
30+
Lists the names of all anti-CSRF tokens
3131
"""
3232
return next(self.zap._request(self.zap.base + 'acsrf/view/optionTokensNames/').itervalues())
3333

3434
def add_option_token(self, string, apikey=''):
3535
"""
36-
Adds an anti CSRF token with the given name, enabled by default
36+
Adds an anti-CSRF token with the given name, enabled by default
3737
"""
3838
return next(self.zap._request(self.zap.base + 'acsrf/action/addOptionToken/', {'String' : string, 'apikey' : apikey}).itervalues())
3939

4040
def remove_option_token(self, string, apikey=''):
4141
"""
42-
Removes the anti CSRF token with the given name
42+
Removes the anti-CSRF token with the given name
4343
"""
4444
return next(self.zap._request(self.zap.base + 'acsrf/action/removeOptionToken/', {'String' : string, 'apikey' : apikey}).itervalues())
4545

4646
def gen_form(self, hrefid, apikey=''):
4747
"""
48-
Generate a form for testing lack of anti CSRF tokens - typically invoked via ZAP
48+
Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP
4949
"""
5050
return (self.zap._request_other(self.zap.base_other + 'acsrf/other/genForm/', {'hrefId' : hrefid, 'apikey' : apikey}))
5151

src/zapv2/ajaxSpider.py

Lines changed: 29 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -31,11 +31,16 @@ def status(self):
3131
"""
3232
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/status/').itervalues())
3333

34-
def results(self, start='', count=''):
34+
def results(self, start=None, count=None):
3535
"""
3636
This component is optional and therefore the API will only work if it is installed
3737
"""
38-
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/results/', {'start' : start, 'count' : count}).itervalues())
38+
params = {}
39+
if start is not None:
40+
params['start'] = start
41+
if count is not None:
42+
params['count'] = count
43+
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/results/', params).itervalues())
3944

4045
@property
4146
def number_of_results(self):
@@ -45,39 +50,18 @@ def number_of_results(self):
4550
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/numberOfResults/').itervalues())
4651

4752
@property
48-
def option_browser_id(self):
49-
"""
50-
This component is optional and therefore the API will only work if it is installed
51-
"""
52-
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionBrowserId/').itervalues())
53-
54-
@property
55-
def option_config_version_key(self):
53+
def full_results(self):
5654
"""
5755
This component is optional and therefore the API will only work if it is installed
5856
"""
59-
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionConfigVersionKey/').itervalues())
57+
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/fullResults/').itervalues())
6058

6159
@property
62-
def option_current_version(self):
63-
"""
64-
This component is optional and therefore the API will only work if it is installed
65-
"""
66-
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionCurrentVersion/').itervalues())
67-
68-
@property
69-
def option_elems(self):
70-
"""
71-
This component is optional and therefore the API will only work if it is installed
72-
"""
73-
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionElems/').itervalues())
74-
75-
@property
76-
def option_elems_names(self):
60+
def option_browser_id(self):
7761
"""
7862
This component is optional and therefore the API will only work if it is installed
7963
"""
80-
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionElemsNames/').itervalues())
64+
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionBrowserId/').itervalues())
8165

8266
@property
8367
def option_event_wait(self):
@@ -142,17 +126,31 @@ def option_random_inputs(self):
142126
"""
143127
return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionRandomInputs/').itervalues())
144128

145-
def scan(self, url='', inscope='', contextname='', subtreeonly='', apikey=''):
129+
def scan(self, url=None, inscope=None, contextname=None, subtreeonly=None, apikey=''):
146130
"""
147131
This component is optional and therefore the API will only work if it is installed
148132
"""
149-
return next(self.zap._request(self.zap.base + 'ajaxSpider/action/scan/', {'url' : url, 'inScope' : inscope, 'contextName' : contextname, 'subtreeOnly' : subtreeonly, 'apikey' : apikey}).itervalues())
133+
params = {'apikey' : apikey}
134+
if url is not None:
135+
params['url'] = url
136+
if inscope is not None:
137+
params['inScope'] = inscope
138+
if contextname is not None:
139+
params['contextName'] = contextname
140+
if subtreeonly is not None:
141+
params['subtreeOnly'] = subtreeonly
142+
return next(self.zap._request(self.zap.base + 'ajaxSpider/action/scan/', params).itervalues())
150143

151-
def scan_as_user(self, contextname, username, url='', subtreeonly='', apikey=''):
144+
def scan_as_user(self, contextname, username, url=None, subtreeonly=None, apikey=''):
152145
"""
153146
This component is optional and therefore the API will only work if it is installed
154147
"""
155-
return next(self.zap._request(self.zap.base + 'ajaxSpider/action/scanAsUser/', {'contextName' : contextname, 'userName' : username, 'url' : url, 'subtreeOnly' : subtreeonly, 'apikey' : apikey}).itervalues())
148+
params = {'contextName' : contextname, 'userName' : username, 'apikey' : apikey}
149+
if url is not None:
150+
params['url'] = url
151+
if subtreeonly is not None:
152+
params['subtreeOnly'] = subtreeonly
153+
return next(self.zap._request(self.zap.base + 'ajaxSpider/action/scanAsUser/', params).itervalues())
156154

157155
def stop(self, apikey=''):
158156
"""

src/zapv2/ascan.py

Lines changed: 112 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,9 @@ def scan_policy_names(self):
5252

5353
@property
5454
def excluded_from_scan(self):
55+
"""
56+
Gets the regexes of URLs excluded from the active scans.
57+
"""
5558
return next(self.zap._request(self.zap.base + 'ascan/view/excludedFromScan/').itervalues())
5659

5760
def scanners(self, scanpolicyname=None, policyid=None):
@@ -74,6 +77,27 @@ def policies(self, scanpolicyname=None, policyid=None):
7477
def attack_mode_queue(self):
7578
return next(self.zap._request(self.zap.base + 'ascan/view/attackModeQueue/').itervalues())
7679

80+
@property
81+
def excluded_params(self):
82+
"""
83+
Gets all the parameters that are excluded. For each parameter the following are shown: the name, the URL, and the parameter type.
84+
"""
85+
return next(self.zap._request(self.zap.base + 'ascan/view/excludedParams/').itervalues())
86+
87+
@property
88+
def option_excluded_param_list(self):
89+
"""
90+
Use view excludedParams instead.
91+
"""
92+
return next(self.zap._request(self.zap.base + 'ascan/view/optionExcludedParamList/').itervalues())
93+
94+
@property
95+
def excluded_param_types(self):
96+
"""
97+
Gets all the types of excluded parameters. For each type the following are shown: the ID and the name.
98+
"""
99+
return next(self.zap._request(self.zap.base + 'ascan/view/excludedParamTypes/').itervalues())
100+
77101
@property
78102
def option_attack_policy(self):
79103
return next(self.zap._request(self.zap.base + 'ascan/view/optionAttackPolicy/').itervalues())
@@ -86,10 +110,6 @@ def option_default_policy(self):
86110
def option_delay_in_ms(self):
87111
return next(self.zap._request(self.zap.base + 'ascan/view/optionDelayInMs/').itervalues())
88112

89-
@property
90-
def option_excluded_param_list(self):
91-
return next(self.zap._request(self.zap.base + 'ascan/view/optionExcludedParamList/').itervalues())
92-
93113
@property
94114
def option_handle_anti_csrf_tokens(self):
95115
return next(self.zap._request(self.zap.base + 'ascan/view/optionHandleAntiCSRFTokens/').itervalues())
@@ -106,6 +126,14 @@ def option_max_chart_time_in_mins(self):
106126
def option_max_results_to_list(self):
107127
return next(self.zap._request(self.zap.base + 'ascan/view/optionMaxResultsToList/').itervalues())
108128

129+
@property
130+
def option_max_rule_duration_in_mins(self):
131+
return next(self.zap._request(self.zap.base + 'ascan/view/optionMaxRuleDurationInMins/').itervalues())
132+
133+
@property
134+
def option_max_scan_duration_in_mins(self):
135+
return next(self.zap._request(self.zap.base + 'ascan/view/optionMaxScanDurationInMins/').itervalues())
136+
109137
@property
110138
def option_max_scans_in_ui(self):
111139
return next(self.zap._request(self.zap.base + 'ascan/view/optionMaxScansInUI/').itervalues())
@@ -128,6 +156,9 @@ def option_allow_attack_on_start(self):
128156

129157
@property
130158
def option_inject_plugin_id_in_header(self):
159+
"""
160+
Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.
161+
"""
131162
return next(self.zap._request(self.zap.base + 'ascan/view/optionInjectPluginIdInHeader/').itervalues())
132163

133164
@property
@@ -153,8 +184,13 @@ def option_scan_headers_all_requests(self):
153184
def option_show_advanced_dialog(self):
154185
return next(self.zap._request(self.zap.base + 'ascan/view/optionShowAdvancedDialog/').itervalues())
155186

156-
def scan(self, url, recurse=None, inscopeonly=None, scanpolicyname=None, method=None, postdata=None, apikey=''):
157-
params = {'url' : url, 'apikey' : apikey}
187+
def scan(self, url=None, recurse=None, inscopeonly=None, scanpolicyname=None, method=None, postdata=None, contextid=None, apikey=''):
188+
"""
189+
Runs the active scanner against the given URL and/or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if a Context is specified), the parameter 'scanPolicyName' allows to specify the scan policy (if none is given it uses the default scan policy), the parameters 'method' and 'postData' allow to select a given request in conjunction with the given URL.
190+
"""
191+
params = {'apikey' : apikey}
192+
if url is not None:
193+
params['url'] = url
158194
if recurse is not None:
159195
params['recurse'] = recurse
160196
if inscopeonly is not None:
@@ -165,13 +201,21 @@ def scan(self, url, recurse=None, inscopeonly=None, scanpolicyname=None, method=
165201
params['method'] = method
166202
if postdata is not None:
167203
params['postData'] = postdata
204+
if contextid is not None:
205+
params['contextId'] = contextid
168206
return next(self.zap._request(self.zap.base + 'ascan/action/scan/', params).itervalues())
169207

170-
def scan_as_user(self, url, contextid, userid, recurse=None, scanpolicyname=None, method=None, postdata=None, apikey=''):
208+
def scan_as_user(self, url=None, contextid=None, userid=None, recurse=None, scanpolicyname=None, method=None, postdata=None, apikey=''):
171209
"""
172210
Active Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.
173211
"""
174-
params = {'url' : url, 'contextId' : contextid, 'userId' : userid, 'apikey' : apikey}
212+
params = {'apikey' : apikey}
213+
if url is not None:
214+
params['url'] = url
215+
if contextid is not None:
216+
params['contextId'] = contextid
217+
if userid is not None:
218+
params['userId'] = userid
175219
if recurse is not None:
176220
params['recurse'] = recurse
177221
if scanpolicyname is not None:
@@ -207,9 +251,15 @@ def remove_all_scans(self, apikey=''):
207251
return next(self.zap._request(self.zap.base + 'ascan/action/removeAllScans/', {'apikey' : apikey}).itervalues())
208252

209253
def clear_excluded_from_scan(self, apikey=''):
254+
"""
255+
Clears the regexes of URLs excluded from the active scans.
256+
"""
210257
return next(self.zap._request(self.zap.base + 'ascan/action/clearExcludedFromScan/', {'apikey' : apikey}).itervalues())
211258

212259
def exclude_from_scan(self, regex, apikey=''):
260+
"""
261+
Adds a regex of URLs that should be excluded from the active scans.
262+
"""
213263
return next(self.zap._request(self.zap.base + 'ascan/action/excludeFromScan/', {'regex' : regex, 'apikey' : apikey}).itervalues())
214264

215265
def enable_all_scanners(self, scanpolicyname=None, apikey=''):
@@ -266,12 +316,55 @@ def set_scanner_alert_threshold(self, id, alertthreshold, scanpolicyname=None, a
266316
params['scanPolicyName'] = scanpolicyname
267317
return next(self.zap._request(self.zap.base + 'ascan/action/setScannerAlertThreshold/', params).itervalues())
268318

269-
def add_scan_policy(self, scanpolicyname, apikey=''):
270-
return next(self.zap._request(self.zap.base + 'ascan/action/addScanPolicy/', {'scanPolicyName' : scanpolicyname, 'apikey' : apikey}).itervalues())
319+
def add_scan_policy(self, scanpolicyname, alertthreshold=None, attackstrength=None, apikey=''):
320+
params = {'scanPolicyName' : scanpolicyname, 'apikey' : apikey}
321+
if alertthreshold is not None:
322+
params['alertThreshold'] = alertthreshold
323+
if attackstrength is not None:
324+
params['attackStrength'] = attackstrength
325+
return next(self.zap._request(self.zap.base + 'ascan/action/addScanPolicy/', params).itervalues())
271326

272327
def remove_scan_policy(self, scanpolicyname, apikey=''):
273328
return next(self.zap._request(self.zap.base + 'ascan/action/removeScanPolicy/', {'scanPolicyName' : scanpolicyname, 'apikey' : apikey}).itervalues())
274329

330+
def update_scan_policy(self, scanpolicyname, alertthreshold=None, attackstrength=None, apikey=''):
331+
params = {'scanPolicyName' : scanpolicyname, 'apikey' : apikey}
332+
if alertthreshold is not None:
333+
params['alertThreshold'] = alertthreshold
334+
if attackstrength is not None:
335+
params['attackStrength'] = attackstrength
336+
return next(self.zap._request(self.zap.base + 'ascan/action/updateScanPolicy/', params).itervalues())
337+
338+
def add_excluded_param(self, name, type=None, url=None, apikey=''):
339+
"""
340+
Adds a new parameter excluded from the scan, using the specified name. Optionally sets if the new entry applies to a specific URL (default, all URLs) and sets the ID of the type of the parameter (default, ID of any type). The type IDs can be obtained with the view excludedParamTypes.
341+
"""
342+
params = {'name' : name, 'apikey' : apikey}
343+
if type is not None:
344+
params['type'] = type
345+
if url is not None:
346+
params['url'] = url
347+
return next(self.zap._request(self.zap.base + 'ascan/action/addExcludedParam/', params).itervalues())
348+
349+
def modify_excluded_param(self, idx, name=None, type=None, url=None, apikey=''):
350+
"""
351+
Modifies a parameter excluded from the scan. Allows to modify the name, the URL and the type of parameter. The parameter is selected with its index, which can be obtained with the view excludedParams.
352+
"""
353+
params = {'idx' : idx, 'apikey' : apikey}
354+
if name is not None:
355+
params['name'] = name
356+
if type is not None:
357+
params['type'] = type
358+
if url is not None:
359+
params['url'] = url
360+
return next(self.zap._request(self.zap.base + 'ascan/action/modifyExcludedParam/', params).itervalues())
361+
362+
def remove_excluded_param(self, idx, apikey=''):
363+
"""
364+
Removes a parameter excluded from the scan, with the given index. The index can be obtained with the view excludedParams.
365+
"""
366+
return next(self.zap._request(self.zap.base + 'ascan/action/removeExcludedParam/', {'idx' : idx, 'apikey' : apikey}).itervalues())
367+
275368
def set_option_attack_policy(self, string, apikey=''):
276369
return next(self.zap._request(self.zap.base + 'ascan/action/setOptionAttackPolicy/', {'String' : string, 'apikey' : apikey}).itervalues())
277370

@@ -291,6 +384,9 @@ def set_option_host_per_scan(self, integer, apikey=''):
291384
return next(self.zap._request(self.zap.base + 'ascan/action/setOptionHostPerScan/', {'Integer' : integer, 'apikey' : apikey}).itervalues())
292385

293386
def set_option_inject_plugin_id_in_header(self, boolean, apikey=''):
387+
"""
388+
Sets whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.
389+
"""
294390
return next(self.zap._request(self.zap.base + 'ascan/action/setOptionInjectPluginIdInHeader/', {'Boolean' : boolean, 'apikey' : apikey}).itervalues())
295391

296392
def set_option_max_chart_time_in_mins(self, integer, apikey=''):
@@ -299,6 +395,12 @@ def set_option_max_chart_time_in_mins(self, integer, apikey=''):
299395
def set_option_max_results_to_list(self, integer, apikey=''):
300396
return next(self.zap._request(self.zap.base + 'ascan/action/setOptionMaxResultsToList/', {'Integer' : integer, 'apikey' : apikey}).itervalues())
301397

398+
def set_option_max_rule_duration_in_mins(self, integer, apikey=''):
399+
return next(self.zap._request(self.zap.base + 'ascan/action/setOptionMaxRuleDurationInMins/', {'Integer' : integer, 'apikey' : apikey}).itervalues())
400+
401+
def set_option_max_scan_duration_in_mins(self, integer, apikey=''):
402+
return next(self.zap._request(self.zap.base + 'ascan/action/setOptionMaxScanDurationInMins/', {'Integer' : integer, 'apikey' : apikey}).itervalues())
403+
302404
def set_option_max_scans_in_ui(self, integer, apikey=''):
303405
return next(self.zap._request(self.zap.base + 'ascan/action/setOptionMaxScansInUI/', {'Integer' : integer, 'apikey' : apikey}).itervalues())
304406

0 commit comments

Comments
 (0)