Merge pull request #48 from thc202/regen-2.9.0

Regenerate APIs

Author: psiinon

CHANGELOG.md

@@ -6,6 +6,18 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 ## [Unreleased]
 ### Added
 - Core APIs from ZAP version 2.8.0.
+- APIs from add-ons:
+ - Access Control Testing;
+ - Export Report;
+ - Revisit;
+ - Wappalyzer - Technology Detection.
+
+### Changed
+- Core APIs updated for ZAP version 2.9.0.
+- Update APIs from add-ons:
+ - Alert Filters;
+ - OpenAPI Support;
+ - Replacer.
 
 ## [0.0.15] - 2019-06-14
 ### Added

src/zapv2/__init__.py

@@ -25,6 +25,7 @@
 import requests
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
 
+from .accessControl import accessControl
 from .acsrf import acsrf
 from .alert import alert
 from .alertFilter import alertFilter
@@ -36,6 +37,7 @@
 from .brk import brk
 from .context import context
 from .core import core
+from .exportreport import exportreport
 from .forcedUser import forcedUser
 from .httpSessions import httpSessions
 from .importLogFiles import importLogFiles
@@ -47,6 +49,7 @@
 from .pscan import pscan
 from .replacer import replacer
 from .reveal import reveal
+from .revisit import revisit
 from .ruleConfig import ruleConfig
 from .script import script
 from .search import search
@@ -56,6 +59,7 @@
 from .spider import spider
 from .stats import stats
 from .users import users
+from .wappalyzer import wappalyzer
 from .websocket import websocket
 
 
@@ -83,6 +87,7 @@ def __init__(self, proxies=None, apikey=None, validate_status_code=False):
         self.__apikey = apikey
         self.__validate_status_code=validate_status_code
 
+        self.accessControl = accessControl(self)
         self.acsrf = acsrf(self)
         self.alert = alert(self)
         self.alertFilter = alertFilter(self)
@@ -94,6 +99,7 @@ def __init__(self, proxies=None, apikey=None, validate_status_code=False):
         self.brk = brk(self)
         self.context = context(self)
         self.core = core(self)
+        self.exportreport = exportreport(self)
         self.forcedUser = forcedUser(self)
         self.httpsessions = httpSessions(self)
         self.importLogFiles = importLogFiles(self)
@@ -105,6 +111,7 @@ def __init__(self, proxies=None, apikey=None, validate_status_code=False):
         self.pscan = pscan(self)
         self.replacer = replacer(self)
         self.reveal = reveal(self)
+        self.revisit = revisit(self)
         self.ruleConfig = ruleConfig(self)
         self.script = script(self)
         self.search = search(self)
@@ -114,6 +121,7 @@ def __init__(self, proxies=None, apikey=None, validate_status_code=False):
         self.spider = spider(self)
         self.stats = stats(self)
         self.users = users(self)
+        self.wappalyzer = wappalyzer(self)
         self.websocket = websocket(self)
 
         # not very nice, but prevents warnings when accessing the ZAP API via https

src/zapv2/accessControl.py

@@ -0,0 +1,63 @@
+# Zed Attack Proxy (ZAP) and its related class files.
+#
+# ZAP is an HTTP/HTTPS proxy for assessing web application security.
+#
+# Copyright 2020 the ZAP development team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+This file was automatically generated.
+"""
+
+import six
+
+
+class accessControl(object):
+
+    def __init__(self, zap):
+        self.zap = zap
+
+    def get_scan_progress(self, contextid):
+        """
+        Gets the Access Control scan progress (percentage integer) for the given context ID.
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'accessControl/view/getScanProgress/', {'contextId': contextid})))
+
+    def get_scan_status(self, contextid):
+        """
+        Gets the Access Control scan status (description string) for the given context ID.
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'accessControl/view/getScanStatus/', {'contextId': contextid})))
+
+    def scan(self, contextid, userid, scanasunauthuser=None, raisealert=None, alertrisklevel=None, apikey=''):
+        """
+        Starts an Access Control scan with the given context ID and user ID. (Optional parameters: user ID for Unauthenticated user, boolean identifying whether or not Alerts are raised, and the Risk level for the Alerts.) [This assumes the Access Control rules were previously established via ZAP gui and the necessary Context exported/imported.]
+        This component is optional and therefore the API will only work if it is installed
+        """
+        params = {'contextId': contextid, 'userId': userid, 'apikey': apikey}
+        if scanasunauthuser is not None:
+            params['scanAsUnAuthUser'] = scanasunauthuser
+        if raisealert is not None:
+            params['raiseAlert'] = raisealert
+        if alertrisklevel is not None:
+            params['alertRiskLevel'] = alertrisklevel
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'accessControl/action/scan/', params)))
+
+    def write_htm_lreport(self, contextid, filename, apikey=''):
+        """
+        Generates an Access Control report for the given context ID and saves it based on the provided filename (path). 
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'accessControl/action/writeHTMLreport/', {'contextId': contextid, 'fileName': filename, 'apikey': apikey})))

src/zapv2/alert.py

@@ -101,3 +101,49 @@ def delete_alert(self, id, apikey=''):
         Deletes the alert with the given ID. 
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/deleteAlert/', {'id': id, 'apikey': apikey})))
+
+    def update_alert(self, id, name, riskid, confidenceid, description, param=None, attack=None, otherinfo=None, solution=None, references=None, evidence=None, cweid=None, wascid=None, apikey=''):
+        """
+        Update the alert with the given ID, with the provided details.
+        """
+        params = {'id': id, 'name': name, 'riskId': riskid, 'confidenceId': confidenceid, 'description': description, 'apikey': apikey}
+        if param is not None:
+            params['param'] = param
+        if attack is not None:
+            params['attack'] = attack
+        if otherinfo is not None:
+            params['otherInfo'] = otherinfo
+        if solution is not None:
+            params['solution'] = solution
+        if references is not None:
+            params['references'] = references
+        if evidence is not None:
+            params['evidence'] = evidence
+        if cweid is not None:
+            params['cweId'] = cweid
+        if wascid is not None:
+            params['wascId'] = wascid
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/updateAlert/', params)))
+
+    def add_alert(self, messageid, name, riskid, confidenceid, description, param=None, attack=None, otherinfo=None, solution=None, references=None, evidence=None, cweid=None, wascid=None, apikey=''):
+        """
+        Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.)
+        """
+        params = {'messageId': messageid, 'name': name, 'riskId': riskid, 'confidenceId': confidenceid, 'description': description, 'apikey': apikey}
+        if param is not None:
+            params['param'] = param
+        if attack is not None:
+            params['attack'] = attack
+        if otherinfo is not None:
+            params['otherInfo'] = otherinfo
+        if solution is not None:
+            params['solution'] = solution
+        if references is not None:
+            params['references'] = references
+        if evidence is not None:
+            params['evidence'] = evidence
+        if cweid is not None:
+            params['cweId'] = cweid
+        if wascid is not None:
+            params['wascId'] = wascid
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/addAlert/', params)))

src/zapv2/alertFilter.py

@@ -34,7 +34,15 @@ def alert_filter_list(self, contextid):
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/view/alertFilterList/', {'contextId': contextid})))
 
-    def add_alert_filter(self, contextid, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, apikey=''):
+    @property
+    def global_alert_filter_list(self):
+        """
+        Lists the global alert filters.
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/view/globalAlertFilterList/')))
+
+    def add_alert_filter(self, contextid, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, parameterisregex=None, attack=None, attackisregex=None, evidence=None, evidenceisregex=None, apikey=''):
         """
         Adds a new alert filter for the context with the given ID. 
         This component is optional and therefore the API will only work if it is installed
@@ -48,9 +56,19 @@ def add_alert_filter(self, contextid, ruleid, newlevel, url=None, urlisregex=Non
             params['parameter'] = parameter
         if enabled is not None:
             params['enabled'] = enabled
+        if parameterisregex is not None:
+            params['parameterIsRegex'] = parameterisregex
+        if attack is not None:
+            params['attack'] = attack
+        if attackisregex is not None:
+            params['attackIsRegex'] = attackisregex
+        if evidence is not None:
+            params['evidence'] = evidence
+        if evidenceisregex is not None:
+            params['evidenceIsRegex'] = evidenceisregex
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/addAlertFilter/', params)))
 
-    def remove_alert_filter(self, contextid, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, apikey=''):
+    def remove_alert_filter(self, contextid, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, parameterisregex=None, attack=None, attackisregex=None, evidence=None, evidenceisregex=None, apikey=''):
         """
         Removes an alert filter from the context with the given ID.
         This component is optional and therefore the API will only work if it is installed
@@ -64,4 +82,66 @@ def remove_alert_filter(self, contextid, ruleid, newlevel, url=None, urlisregex=
             params['parameter'] = parameter
         if enabled is not None:
             params['enabled'] = enabled
+        if parameterisregex is not None:
+            params['parameterIsRegex'] = parameterisregex
+        if attack is not None:
+            params['attack'] = attack
+        if attackisregex is not None:
+            params['attackIsRegex'] = attackisregex
+        if evidence is not None:
+            params['evidence'] = evidence
+        if evidenceisregex is not None:
+            params['evidenceIsRegex'] = evidenceisregex
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/removeAlertFilter/', params)))
+
+    def add_global_alert_filter(self, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, parameterisregex=None, attack=None, attackisregex=None, evidence=None, evidenceisregex=None, apikey=''):
+        """
+        Adds a new global alert filter. 
+        This component is optional and therefore the API will only work if it is installed
+        """
+        params = {'ruleId': ruleid, 'newLevel': newlevel, 'apikey': apikey}
+        if url is not None:
+            params['url'] = url
+        if urlisregex is not None:
+            params['urlIsRegex'] = urlisregex
+        if parameter is not None:
+            params['parameter'] = parameter
+        if enabled is not None:
+            params['enabled'] = enabled
+        if parameterisregex is not None:
+            params['parameterIsRegex'] = parameterisregex
+        if attack is not None:
+            params['attack'] = attack
+        if attackisregex is not None:
+            params['attackIsRegex'] = attackisregex
+        if evidence is not None:
+            params['evidence'] = evidence
+        if evidenceisregex is not None:
+            params['evidenceIsRegex'] = evidenceisregex
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/addGlobalAlertFilter/', params)))
+
+    def remove_global_alert_filter(self, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, parameterisregex=None, attack=None, attackisregex=None, evidence=None, evidenceisregex=None, apikey=''):
+        """
+        Removes a global alert filter.
+        This component is optional and therefore the API will only work if it is installed
+        """
+        params = {'ruleId': ruleid, 'newLevel': newlevel, 'apikey': apikey}
+        if url is not None:
+            params['url'] = url
+        if urlisregex is not None:
+            params['urlIsRegex'] = urlisregex
+        if parameter is not None:
+            params['parameter'] = parameter
+        if enabled is not None:
+            params['enabled'] = enabled
+        if parameterisregex is not None:
+            params['parameterIsRegex'] = parameterisregex
+        if attack is not None:
+            params['attack'] = attack
+        if attackisregex is not None:
+            params['attackIsRegex'] = attackisregex
+        if evidence is not None:
+            params['evidence'] = evidence
+        if evidenceisregex is not None:
+            params['evidenceIsRegex'] = evidenceisregex
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alertFilter/action/removeGlobalAlertFilter/', params)))

src/zapv2/autoupdate.py

@@ -136,7 +136,7 @@ def download_latest_release(self, apikey=''):
 
     def install_addon(self, id, apikey=''):
         """
-        Installs or updates the specified add-on, returning when complete (ie not asynchronously)
+        Installs or updates the specified add-on, returning when complete (i.e. not asynchronously)
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/installAddon/', {'id': id, 'apikey': apikey})))
 

src/zapv2/brk.py

@@ -75,7 +75,7 @@ def set_http_message(self, httpheader, httpbody=None, apikey=''):
 
     def cont(self, apikey=''):
         """
-        Submits the currently intercepted message and unsets the global request/response break points
+        Submits the currently intercepted message and unsets the global request/response breakpoints
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/action/continue/', {'apikey': apikey})))
 
@@ -93,12 +93,12 @@ def drop(self, apikey=''):
 
     def add_http_breakpoint(self, string, location, match, inverse, ignorecase, apikey=''):
         """
-        Adds a custom HTTP breakpont. The string is the string to match. Location may be one of: url, request_header, request_body, response_header or response_body. Match may be: contains or regex. Inverse (match) may be true or false. Lastly, ignorecase (when matching the string) may be true or false.  
+        Adds a custom HTTP breakpoint. The string is the string to match. Location may be one of: url, request_header, request_body, response_header or response_body. Match may be: contains or regex. Inverse (match) may be true or false. Lastly, ignorecase (when matching the string) may be true or false.  
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/action/addHttpBreakpoint/', {'string': string, 'location': location, 'match': match, 'inverse': inverse, 'ignorecase': ignorecase, 'apikey': apikey})))
 
     def remove_http_breakpoint(self, string, location, match, inverse, ignorecase, apikey=''):
         """
-        Removes the specified break point
+        Removes the specified breakpoint
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'break/action/removeHttpBreakpoint/', {'string': string, 'location': location, 'match': match, 'inverse': inverse, 'ignorecase': ignorecase, 'apikey': apikey})))

src/zapv2/core.py

@@ -321,7 +321,7 @@ def load_session(self, name, apikey=''):
 
     def save_session(self, name, overwrite=None, apikey=''):
         """
-        Saves the session with the name supplied, optionally overwriting existing files. If a relative path is specified it will be resolved against the "session" directory in ZAP "home" dir.
+        Saves the session.
         """
         params = {'name': name, 'apikey': apikey}
         if overwrite is not None:

src/zapv2/exportreport.py

@@ -0,0 +1,46 @@
+# Zed Attack Proxy (ZAP) and its related class files.
+#
+# ZAP is an HTTP/HTTPS proxy for assessing web application security.
+#
+# Copyright 2020 the ZAP development team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+This file was automatically generated.
+"""
+
+import six
+
+
+class exportreport(object):
+
+    def __init__(self, zap):
+        self.zap = zap
+
+    @property
+    def formats(self):
+        """
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'exportreport/view/formats/')))
+
+    def generate(self, absolutepath, fileextension, sourcedetails, alertseverity, alertdetails, scanid=None, includepassivealerts=None, apikey=''):
+        """
+        This component is optional and therefore the API will only work if it is installed
+        """
+        params = {'absolutePath': absolutepath, 'fileExtension': fileextension, 'sourceDetails': sourcedetails, 'alertSeverity': alertseverity, 'alertDetails': alertdetails, 'apikey': apikey}
+        if scanid is not None:
+            params['scanId'] = scanid
+        if includepassivealerts is not None:
+            params['includePassiveAlerts'] = includepassivealerts
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'exportreport/action/generate/', params)))