@@ -52,6 +52,9 @@ def scan_policy_names(self):
52
52
53
53
@property
54
54
def excluded_from_scan (self ):
55
+ """
56
+ Gets the regexes of URLs excluded from the active scans.
57
+ """
55
58
return next (self .zap ._request (self .zap .base + 'ascan/view/excludedFromScan/' ).itervalues ())
56
59
57
60
def scanners (self , scanpolicyname = None , policyid = None ):
@@ -74,6 +77,27 @@ def policies(self, scanpolicyname=None, policyid=None):
74
77
def attack_mode_queue (self ):
75
78
return next (self .zap ._request (self .zap .base + 'ascan/view/attackModeQueue/' ).itervalues ())
76
79
80
+ @property
81
+ def excluded_params (self ):
82
+ """
83
+ Gets all the parameters that are excluded. For each parameter the following are shown: the name, the URL, and the parameter type.
84
+ """
85
+ return next (self .zap ._request (self .zap .base + 'ascan/view/excludedParams/' ).itervalues ())
86
+
87
+ @property
88
+ def option_excluded_param_list (self ):
89
+ """
90
+ Use view excludedParams instead.
91
+ """
92
+ return next (self .zap ._request (self .zap .base + 'ascan/view/optionExcludedParamList/' ).itervalues ())
93
+
94
+ @property
95
+ def excluded_param_types (self ):
96
+ """
97
+ Gets all the types of excluded parameters. For each type the following are shown: the ID and the name.
98
+ """
99
+ return next (self .zap ._request (self .zap .base + 'ascan/view/excludedParamTypes/' ).itervalues ())
100
+
77
101
@property
78
102
def option_attack_policy (self ):
79
103
return next (self .zap ._request (self .zap .base + 'ascan/view/optionAttackPolicy/' ).itervalues ())
@@ -86,10 +110,6 @@ def option_default_policy(self):
86
110
def option_delay_in_ms (self ):
87
111
return next (self .zap ._request (self .zap .base + 'ascan/view/optionDelayInMs/' ).itervalues ())
88
112
89
- @property
90
- def option_excluded_param_list (self ):
91
- return next (self .zap ._request (self .zap .base + 'ascan/view/optionExcludedParamList/' ).itervalues ())
92
-
93
113
@property
94
114
def option_handle_anti_csrf_tokens (self ):
95
115
return next (self .zap ._request (self .zap .base + 'ascan/view/optionHandleAntiCSRFTokens/' ).itervalues ())
@@ -106,6 +126,14 @@ def option_max_chart_time_in_mins(self):
106
126
def option_max_results_to_list (self ):
107
127
return next (self .zap ._request (self .zap .base + 'ascan/view/optionMaxResultsToList/' ).itervalues ())
108
128
129
+ @property
130
+ def option_max_rule_duration_in_mins (self ):
131
+ return next (self .zap ._request (self .zap .base + 'ascan/view/optionMaxRuleDurationInMins/' ).itervalues ())
132
+
133
+ @property
134
+ def option_max_scan_duration_in_mins (self ):
135
+ return next (self .zap ._request (self .zap .base + 'ascan/view/optionMaxScanDurationInMins/' ).itervalues ())
136
+
109
137
@property
110
138
def option_max_scans_in_ui (self ):
111
139
return next (self .zap ._request (self .zap .base + 'ascan/view/optionMaxScansInUI/' ).itervalues ())
@@ -128,6 +156,9 @@ def option_allow_attack_on_start(self):
128
156
129
157
@property
130
158
def option_inject_plugin_id_in_header (self ):
159
+ """
160
+ Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.
161
+ """
131
162
return next (self .zap ._request (self .zap .base + 'ascan/view/optionInjectPluginIdInHeader/' ).itervalues ())
132
163
133
164
@property
@@ -153,8 +184,13 @@ def option_scan_headers_all_requests(self):
153
184
def option_show_advanced_dialog (self ):
154
185
return next (self .zap ._request (self .zap .base + 'ascan/view/optionShowAdvancedDialog/' ).itervalues ())
155
186
156
- def scan (self , url , recurse = None , inscopeonly = None , scanpolicyname = None , method = None , postdata = None , apikey = '' ):
157
- params = {'url' : url , 'apikey' : apikey }
187
+ def scan (self , url = None , recurse = None , inscopeonly = None , scanpolicyname = None , method = None , postdata = None , contextid = None , apikey = '' ):
188
+ """
189
+ Runs the active scanner against the given URL and/or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if a Context is specified), the parameter 'scanPolicyName' allows to specify the scan policy (if none is given it uses the default scan policy), the parameters 'method' and 'postData' allow to select a given request in conjunction with the given URL.
190
+ """
191
+ params = {'apikey' : apikey }
192
+ if url is not None :
193
+ params ['url' ] = url
158
194
if recurse is not None :
159
195
params ['recurse' ] = recurse
160
196
if inscopeonly is not None :
@@ -165,13 +201,21 @@ def scan(self, url, recurse=None, inscopeonly=None, scanpolicyname=None, method=
165
201
params ['method' ] = method
166
202
if postdata is not None :
167
203
params ['postData' ] = postdata
204
+ if contextid is not None :
205
+ params ['contextId' ] = contextid
168
206
return next (self .zap ._request (self .zap .base + 'ascan/action/scan/' , params ).itervalues ())
169
207
170
- def scan_as_user (self , url , contextid , userid , recurse = None , scanpolicyname = None , method = None , postdata = None , apikey = '' ):
208
+ def scan_as_user (self , url = None , contextid = None , userid = None , recurse = None , scanpolicyname = None , method = None , postdata = None , apikey = '' ):
171
209
"""
172
210
Active Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.
173
211
"""
174
- params = {'url' : url , 'contextId' : contextid , 'userId' : userid , 'apikey' : apikey }
212
+ params = {'apikey' : apikey }
213
+ if url is not None :
214
+ params ['url' ] = url
215
+ if contextid is not None :
216
+ params ['contextId' ] = contextid
217
+ if userid is not None :
218
+ params ['userId' ] = userid
175
219
if recurse is not None :
176
220
params ['recurse' ] = recurse
177
221
if scanpolicyname is not None :
@@ -207,9 +251,15 @@ def remove_all_scans(self, apikey=''):
207
251
return next (self .zap ._request (self .zap .base + 'ascan/action/removeAllScans/' , {'apikey' : apikey }).itervalues ())
208
252
209
253
def clear_excluded_from_scan (self , apikey = '' ):
254
+ """
255
+ Clears the regexes of URLs excluded from the active scans.
256
+ """
210
257
return next (self .zap ._request (self .zap .base + 'ascan/action/clearExcludedFromScan/' , {'apikey' : apikey }).itervalues ())
211
258
212
259
def exclude_from_scan (self , regex , apikey = '' ):
260
+ """
261
+ Adds a regex of URLs that should be excluded from the active scans.
262
+ """
213
263
return next (self .zap ._request (self .zap .base + 'ascan/action/excludeFromScan/' , {'regex' : regex , 'apikey' : apikey }).itervalues ())
214
264
215
265
def enable_all_scanners (self , scanpolicyname = None , apikey = '' ):
@@ -266,12 +316,55 @@ def set_scanner_alert_threshold(self, id, alertthreshold, scanpolicyname=None, a
266
316
params ['scanPolicyName' ] = scanpolicyname
267
317
return next (self .zap ._request (self .zap .base + 'ascan/action/setScannerAlertThreshold/' , params ).itervalues ())
268
318
269
- def add_scan_policy (self , scanpolicyname , apikey = '' ):
270
- return next (self .zap ._request (self .zap .base + 'ascan/action/addScanPolicy/' , {'scanPolicyName' : scanpolicyname , 'apikey' : apikey }).itervalues ())
319
+ def add_scan_policy (self , scanpolicyname , alertthreshold = None , attackstrength = None , apikey = '' ):
320
+ params = {'scanPolicyName' : scanpolicyname , 'apikey' : apikey }
321
+ if alertthreshold is not None :
322
+ params ['alertThreshold' ] = alertthreshold
323
+ if attackstrength is not None :
324
+ params ['attackStrength' ] = attackstrength
325
+ return next (self .zap ._request (self .zap .base + 'ascan/action/addScanPolicy/' , params ).itervalues ())
271
326
272
327
def remove_scan_policy (self , scanpolicyname , apikey = '' ):
273
328
return next (self .zap ._request (self .zap .base + 'ascan/action/removeScanPolicy/' , {'scanPolicyName' : scanpolicyname , 'apikey' : apikey }).itervalues ())
274
329
330
+ def update_scan_policy (self , scanpolicyname , alertthreshold = None , attackstrength = None , apikey = '' ):
331
+ params = {'scanPolicyName' : scanpolicyname , 'apikey' : apikey }
332
+ if alertthreshold is not None :
333
+ params ['alertThreshold' ] = alertthreshold
334
+ if attackstrength is not None :
335
+ params ['attackStrength' ] = attackstrength
336
+ return next (self .zap ._request (self .zap .base + 'ascan/action/updateScanPolicy/' , params ).itervalues ())
337
+
338
+ def add_excluded_param (self , name , type = None , url = None , apikey = '' ):
339
+ """
340
+ Adds a new parameter excluded from the scan, using the specified name. Optionally sets if the new entry applies to a specific URL (default, all URLs) and sets the ID of the type of the parameter (default, ID of any type). The type IDs can be obtained with the view excludedParamTypes.
341
+ """
342
+ params = {'name' : name , 'apikey' : apikey }
343
+ if type is not None :
344
+ params ['type' ] = type
345
+ if url is not None :
346
+ params ['url' ] = url
347
+ return next (self .zap ._request (self .zap .base + 'ascan/action/addExcludedParam/' , params ).itervalues ())
348
+
349
+ def modify_excluded_param (self , idx , name = None , type = None , url = None , apikey = '' ):
350
+ """
351
+ Modifies a parameter excluded from the scan. Allows to modify the name, the URL and the type of parameter. The parameter is selected with its index, which can be obtained with the view excludedParams.
352
+ """
353
+ params = {'idx' : idx , 'apikey' : apikey }
354
+ if name is not None :
355
+ params ['name' ] = name
356
+ if type is not None :
357
+ params ['type' ] = type
358
+ if url is not None :
359
+ params ['url' ] = url
360
+ return next (self .zap ._request (self .zap .base + 'ascan/action/modifyExcludedParam/' , params ).itervalues ())
361
+
362
+ def remove_excluded_param (self , idx , apikey = '' ):
363
+ """
364
+ Removes a parameter excluded from the scan, with the given index. The index can be obtained with the view excludedParams.
365
+ """
366
+ return next (self .zap ._request (self .zap .base + 'ascan/action/removeExcludedParam/' , {'idx' : idx , 'apikey' : apikey }).itervalues ())
367
+
275
368
def set_option_attack_policy (self , string , apikey = '' ):
276
369
return next (self .zap ._request (self .zap .base + 'ascan/action/setOptionAttackPolicy/' , {'String' : string , 'apikey' : apikey }).itervalues ())
277
370
@@ -291,6 +384,9 @@ def set_option_host_per_scan(self, integer, apikey=''):
291
384
return next (self .zap ._request (self .zap .base + 'ascan/action/setOptionHostPerScan/' , {'Integer' : integer , 'apikey' : apikey }).itervalues ())
292
385
293
386
def set_option_inject_plugin_id_in_header (self , boolean , apikey = '' ):
387
+ """
388
+ Sets whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.
389
+ """
294
390
return next (self .zap ._request (self .zap .base + 'ascan/action/setOptionInjectPluginIdInHeader/' , {'Boolean' : boolean , 'apikey' : apikey }).itervalues ())
295
391
296
392
def set_option_max_chart_time_in_mins (self , integer , apikey = '' ):
@@ -299,6 +395,12 @@ def set_option_max_chart_time_in_mins(self, integer, apikey=''):
299
395
def set_option_max_results_to_list (self , integer , apikey = '' ):
300
396
return next (self .zap ._request (self .zap .base + 'ascan/action/setOptionMaxResultsToList/' , {'Integer' : integer , 'apikey' : apikey }).itervalues ())
301
397
398
+ def set_option_max_rule_duration_in_mins (self , integer , apikey = '' ):
399
+ return next (self .zap ._request (self .zap .base + 'ascan/action/setOptionMaxRuleDurationInMins/' , {'Integer' : integer , 'apikey' : apikey }).itervalues ())
400
+
401
+ def set_option_max_scan_duration_in_mins (self , integer , apikey = '' ):
402
+ return next (self .zap ._request (self .zap .base + 'ascan/action/setOptionMaxScanDurationInMins/' , {'Integer' : integer , 'apikey' : apikey }).itervalues ())
403
+
302
404
def set_option_max_scans_in_ui (self , integer , apikey = '' ):
303
405
return next (self .zap ._request (self .zap .base + 'ascan/action/setOptionMaxScansInUI/' , {'Integer' : integer , 'apikey' : apikey }).itervalues ())
304
406
0 commit comments