diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d4d8be..8043e70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Added +- Add the APIs of the following add-ons: + - Client Side Integration version 0.20.0; + - Postman Support version 0.7.0. + +### Changed +- Update core APIs for 2.17. +- Update the APIs of the following add-ons: + - Automation Framework version 0.58.0; + - Passive Scanner version 0.6.0; + - Selenium version 15.43.0; + - Spider version 0.18.0. ## [1.16.0] - 2025-02-03 ### Added diff --git a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/core/ClientApi.java b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/core/ClientApi.java index 7f27a9a..e57e7a7 100644 --- a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/core/ClientApi.java +++ b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/core/ClientApi.java @@ -60,6 +60,8 @@ import org.zaproxy.clientapi.gen.Automation; import org.zaproxy.clientapi.gen.Autoupdate; import org.zaproxy.clientapi.gen.Break; +import org.zaproxy.clientapi.gen.Client; +import org.zaproxy.clientapi.gen.ClientSpider; import org.zaproxy.clientapi.gen.Context; import org.zaproxy.clientapi.gen.Core; import org.zaproxy.clientapi.gen.Exim; @@ -71,6 +73,7 @@ import org.zaproxy.clientapi.gen.Openapi; import org.zaproxy.clientapi.gen.Params; import org.zaproxy.clientapi.gen.Pnh; +import org.zaproxy.clientapi.gen.Postman; import org.zaproxy.clientapi.gen.Pscan; import org.zaproxy.clientapi.gen.Replacer; import org.zaproxy.clientapi.gen.Reports; @@ -119,6 +122,8 @@ public class ClientApi { public Automation automation = new Automation(this); public Autoupdate autoupdate = new Autoupdate(this); public Break brk = new Break(this); + public Client client = new Client(this); + public ClientSpider clientSpider = new ClientSpider(this); public Context context = new Context(this); public Core core = new Core(this); public Exim exim = new Exim(this); @@ -148,6 +153,7 @@ public class ClientApi { public Openapi openapi = new Openapi(this); public Params params = new Params(this); public Pnh pnh = new Pnh(this); + public Postman postman = new Postman(this); public Pscan pscan = new Pscan(this); public Replacer replacer = new Replacer(this); public Reports reports = new Reports(this); diff --git a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Alert.java b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Alert.java index f583720..5bd6940 100644 --- a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Alert.java +++ b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Alert.java @@ -61,6 +61,21 @@ public ApiResponse alerts(String baseurl, String start, String count, String ris public ApiResponse alerts( String baseurl, String start, String count, String riskid, String contextname) throws ClientApiException { + return alerts(baseurl, start, count, riskid, null, null); + } + + /** + * Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with + * 'start' position and 'count' of alerts + */ + public ApiResponse alerts( + String baseurl, + String start, + String count, + String riskid, + String contextname, + String falsepositive) + throws ClientApiException { Map map = new HashMap<>(); if (baseurl != null) { map.put("baseurl", baseurl); @@ -77,6 +92,9 @@ public ApiResponse alerts( if (contextname != null) { map.put("contextName", contextname); } + if (falsepositive != null) { + map.put("falsePositive", falsepositive); + } return api.callApi("alert", "view", "alerts", map); } diff --git a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Ascan.java b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Ascan.java index 2954fae..ad4929b 100644 --- a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Ascan.java +++ b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Ascan.java @@ -216,6 +216,11 @@ public ApiResponse optionEncodeCookieValues() throws ClientApiException { return api.callApi("ascan", "view", "optionEncodeCookieValues", null); } + /** Tells whether or not the active scanner should exclude anti-csrf tokens from the scan. */ + public ApiResponse optionExcludeAntiCsrfTokens() throws ClientApiException { + return api.callApi("ascan", "view", "optionExcludeAntiCsrfTokens", null); + } + /** * Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, * with the ID of the scan rule that's sending the requests. @@ -224,6 +229,14 @@ public ApiResponse optionInjectPluginIdInHeader() throws ClientApiException { return api.callApi("ascan", "view", "optionInjectPluginIdInHeader", null); } + /** + * Tells whether or not the temporary HTTP messages sent while active scanning should be + * persisted. + */ + public ApiResponse optionPersistTemporaryMessages() throws ClientApiException { + return api.callApi("ascan", "view", "optionPersistTemporaryMessages", null); + } + public ApiResponse optionPromptInAttackMode() throws ClientApiException { return api.callApi("ascan", "view", "optionPromptInAttackMode", null); } @@ -643,6 +656,13 @@ public ApiResponse setOptionEncodeCookieValues(boolean bool) throws ClientApiExc return api.callApi("ascan", "action", "setOptionEncodeCookieValues", map); } + /** Sets whether or not the active scanner should exclude anti-csrf tokens from the scan. */ + public ApiResponse setOptionExcludeAntiCsrfTokens(boolean bool) throws ClientApiException { + Map map = new HashMap<>(); + map.put("Boolean", Boolean.toString(bool)); + return api.callApi("ascan", "action", "setOptionExcludeAntiCsrfTokens", map); + } + public ApiResponse setOptionHandleAntiCSRFTokens(boolean bool) throws ClientApiException { Map map = new HashMap<>(); map.put("Boolean", Boolean.toString(bool)); @@ -702,6 +722,16 @@ public ApiResponse setOptionMaxScansInUI(int i) throws ClientApiException { return api.callApi("ascan", "action", "setOptionMaxScansInUI", map); } + /** + * Sets whether or not the temporary HTTP messages sent while active scanning should be + * persisted. + */ + public ApiResponse setOptionPersistTemporaryMessages(boolean bool) throws ClientApiException { + Map map = new HashMap<>(); + map.put("Boolean", Boolean.toString(bool)); + return api.callApi("ascan", "action", "setOptionPersistTemporaryMessages", map); + } + public ApiResponse setOptionPromptInAttackMode(boolean bool) throws ClientApiException { Map map = new HashMap<>(); map.put("Boolean", Boolean.toString(bool)); diff --git a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Automation.java b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Automation.java index 36efd80..8b3f141 100644 --- a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Automation.java +++ b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Automation.java @@ -35,21 +35,44 @@ public Automation(ClientApi api) { this.api = api; } - /** This component is optional and therefore the API will only work if it is installed */ + /** + * Returns the progress details for the specified planId + * + *

This component is optional and therefore the API will only work if it is installed + */ public ApiResponse planProgress(String planid) throws ClientApiException { Map map = new HashMap<>(); map.put("planId", planid); return api.callApi("automation", "view", "planProgress", map); } - /** This component is optional and therefore the API will only work if it is installed */ + /** + * Loads and asynchronously runs the plan in the specified file, returning a planId + * + *

This component is optional and therefore the API will only work if it is installed + */ public ApiResponse runPlan(String filepath) throws ClientApiException { Map map = new HashMap<>(); map.put("filePath", filepath); return api.callApi("automation", "action", "runPlan", map); } - /** This component is optional and therefore the API will only work if it is installed */ + /** + * Stops the running plan identified by the planId + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse stopPlan(String planid) throws ClientApiException { + Map map = new HashMap<>(); + map.put("planId", planid); + return api.callApi("automation", "action", "stopPlan", map); + } + + /** + * Ends the currently running delay job, if any + * + *

This component is optional and therefore the API will only work if it is installed + */ public ApiResponse endDelayJob() throws ClientApiException { return api.callApi("automation", "action", "endDelayJob", null); } diff --git a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Client.java b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Client.java new file mode 100644 index 0000000..1d843de --- /dev/null +++ b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Client.java @@ -0,0 +1,76 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2025 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.clientapi.gen; + +import java.util.HashMap; +import java.util.Map; +import org.zaproxy.clientapi.core.ApiResponse; +import org.zaproxy.clientapi.core.ClientApi; +import org.zaproxy.clientapi.core.ClientApiException; + +/** This file was automatically generated. */ +@SuppressWarnings("javadoc") +public class Client { + + private final ClientApi api; + + public Client(ClientApi api) { + this.api = api; + } + + /** This component is optional and therefore the API will only work if it is installed */ + public ApiResponse reportObject(String objectjson) throws ClientApiException { + Map map = new HashMap<>(); + map.put("objectJson", objectjson); + return api.callApi("client", "action", "reportObject", map); + } + + /** This component is optional and therefore the API will only work if it is installed */ + public ApiResponse reportEvent(String eventjson) throws ClientApiException { + Map map = new HashMap<>(); + map.put("eventJson", eventjson); + return api.callApi("client", "action", "reportEvent", map); + } + + /** This component is optional and therefore the API will only work if it is installed */ + public ApiResponse reportZestStatement(String statementjson) throws ClientApiException { + Map map = new HashMap<>(); + map.put("statementJson", statementjson); + return api.callApi("client", "action", "reportZestStatement", map); + } + + /** This component is optional and therefore the API will only work if it is installed */ + public ApiResponse reportZestScript(String scriptjson) throws ClientApiException { + Map map = new HashMap<>(); + map.put("scriptJson", scriptjson); + return api.callApi("client", "action", "reportZestScript", map); + } + + /** + * Exports the Client Map to a file. + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse exportClientMap(String pathyaml) throws ClientApiException { + Map map = new HashMap<>(); + map.put("pathYaml", pathyaml); + return api.callApi("client", "action", "exportClientMap", map); + } +} diff --git a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/ClientSpider.java b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/ClientSpider.java new file mode 100644 index 0000000..a1176fe --- /dev/null +++ b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/ClientSpider.java @@ -0,0 +1,106 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2025 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.clientapi.gen; + +import java.util.HashMap; +import java.util.Map; +import org.zaproxy.clientapi.core.ApiResponse; +import org.zaproxy.clientapi.core.ClientApi; +import org.zaproxy.clientapi.core.ClientApiException; + +/** This file was automatically generated. */ +@SuppressWarnings("javadoc") +public class ClientSpider { + + private final ClientApi api; + + public ClientSpider(ClientApi api) { + this.api = api; + } + + /** + * Gets the status of a client spider scan. + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse status(String scanid) throws ClientApiException { + Map map = new HashMap<>(); + map.put("scanId", scanid); + return api.callApi("clientSpider", "view", "status", map); + } + + /** + * Starts a client spider scan. + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse scan( + String browser, + String url, + String contextname, + String username, + String subtreeonly, + String maxcrawldepth, + String pageloadtime, + String numberofbrowsers, + String scopecheck) + throws ClientApiException { + Map map = new HashMap<>(); + if (browser != null) { + map.put("browser", browser); + } + if (url != null) { + map.put("url", url); + } + if (contextname != null) { + map.put("contextName", contextname); + } + if (username != null) { + map.put("userName", username); + } + if (subtreeonly != null) { + map.put("subtreeOnly", subtreeonly); + } + if (maxcrawldepth != null) { + map.put("maxCrawlDepth", maxcrawldepth); + } + if (pageloadtime != null) { + map.put("pageLoadTime", pageloadtime); + } + if (numberofbrowsers != null) { + map.put("numberOfBrowsers", numberofbrowsers); + } + if (scopecheck != null) { + map.put("scopeCheck", scopecheck); + } + return api.callApi("clientSpider", "action", "scan", map); + } + + /** + * Stops a client spider scan. + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse stop(String scanid) throws ClientApiException { + Map map = new HashMap<>(); + map.put("scanId", scanid); + return api.callApi("clientSpider", "action", "stop", map); + } +} diff --git a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Postman.java b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Postman.java new file mode 100644 index 0000000..f8b46bd --- /dev/null +++ b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Postman.java @@ -0,0 +1,59 @@ +/* + * Zed Attack Proxy (ZAP) and its related class files. + * + * ZAP is an HTTP/HTTPS proxy for assessing web application security. + * + * Copyright 2025 The ZAP Development Team + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.zaproxy.clientapi.gen; + +import java.util.HashMap; +import java.util.Map; +import org.zaproxy.clientapi.core.ApiResponse; +import org.zaproxy.clientapi.core.ClientApi; +import org.zaproxy.clientapi.core.ClientApiException; + +/** This file was automatically generated. */ +@SuppressWarnings("javadoc") +public class Postman { + + private final ClientApi api; + + public Postman(ClientApi api) { + this.api = api; + } + + /** + * Imports a Postman collection from a file. + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse importFile(String file) throws ClientApiException { + Map map = new HashMap<>(); + map.put("file", file); + return api.callApi("postman", "action", "importFile", map); + } + + /** + * Imports a Postman collection from a URL. + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse importUrl(String url) throws ClientApiException { + Map map = new HashMap<>(); + map.put("url", url); + return api.callApi("postman", "action", "importUrl", map); + } +} diff --git a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Pscan.java b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Pscan.java index 6a4b2d1..e97caa1 100644 --- a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Pscan.java +++ b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Pscan.java @@ -93,6 +93,15 @@ public ApiResponse maxAlertsPerRule() throws ClientApiException { return api.callApi("pscan", "view", "maxAlertsPerRule", null); } + /** + * Gets the maximum body size in bytes that the passive scanner will scan. + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse maxBodySizeInBytes() throws ClientApiException { + return api.callApi("pscan", "view", "maxBodySizeInBytes", null); + } + /** * Sets whether or not the passive scanning is enabled (Note: the enabled state is not * persisted). @@ -180,6 +189,17 @@ public ApiResponse setMaxAlertsPerRule(String maxalerts) throws ClientApiExcepti return api.callApi("pscan", "action", "setMaxAlertsPerRule", map); } + /** + * Sets the maximum body size in bytes that the passive scanner will scan. + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse setMaxBodySizeInBytes(String maxsize) throws ClientApiException { + Map map = new HashMap<>(); + map.put("maxSize", maxsize); + return api.callApi("pscan", "action", "setMaxBodySizeInBytes", map); + } + /** * Disables all passive scan tags. * diff --git a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Selenium.java b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Selenium.java index 0b9fcb3..63e8f54 100644 --- a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Selenium.java +++ b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Selenium.java @@ -59,6 +59,24 @@ public ApiResponse optionChromeDriverPath() throws ClientApiException { return api.callApi("selenium", "view", "optionChromeDriverPath", null); } + /** + * Returns the current path to Edge binary + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse optionEdgeBinaryPath() throws ClientApiException { + return api.callApi("selenium", "view", "optionEdgeBinaryPath", null); + } + + /** + * Returns the current path to EdgeDriver + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse optionEdgeDriverPath() throws ClientApiException { + return api.callApi("selenium", "view", "optionEdgeDriverPath", null); + } + /** * Returns the current path to Firefox binary * @@ -132,6 +150,28 @@ public ApiResponse setOptionChromeDriverPath(String string) throws ClientApiExce return api.callApi("selenium", "action", "setOptionChromeDriverPath", map); } + /** + * Sets the current path to Edge binary + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse setOptionEdgeBinaryPath(String string) throws ClientApiException { + Map map = new HashMap<>(); + map.put("String", string); + return api.callApi("selenium", "action", "setOptionEdgeBinaryPath", map); + } + + /** + * Sets the current path to EdgeDriver + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse setOptionEdgeDriverPath(String string) throws ClientApiException { + Map map = new HashMap<>(); + map.put("String", string); + return api.callApi("selenium", "action", "setOptionEdgeDriverPath", map); + } + /** * Sets the current path to Firefox binary * diff --git a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Spider.java b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Spider.java index 4240ed2..2c98443 100644 --- a/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Spider.java +++ b/subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Spider.java @@ -161,7 +161,7 @@ public ApiResponse optionMaxDuration() throws ClientApiException { } /** - * Gets the maximum size, in bytes, that a response might have to be parsed. + * Gets the maximum size, in bytes, that a response might have to be parsed, or 0 for unlimited. * *

This component is optional and therefore the API will only work if it is installed */ @@ -213,6 +213,15 @@ public ApiResponse optionHandleODataParametersVisited() throws ClientApiExceptio return api.callApi("spider", "view", "optionHandleODataParametersVisited", null); } + /** + * Gets whether or not the spider should attempt to avoid logout related paths/functionality. + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse optionLogoutAvoidance() throws ClientApiException { + return api.callApi("spider", "view", "optionLogoutAvoidance", null); + } + /** This component is optional and therefore the API will only work if it is installed */ public ApiResponse optionParseComments() throws ClientApiException { return api.callApi("spider", "view", "optionParseComments", null); @@ -513,6 +522,17 @@ public ApiResponse setOptionHandleODataParametersVisited(boolean bool) return api.callApi("spider", "action", "setOptionHandleODataParametersVisited", map); } + /** + * Sets whether or not the Spider should attempt to avoid logout related paths/functionality. + * + *

This component is optional and therefore the API will only work if it is installed + */ + public ApiResponse setOptionLogoutAvoidance(boolean bool) throws ClientApiException { + Map map = new HashMap<>(); + map.put("Boolean", Boolean.toString(bool)); + return api.callApi("spider", "action", "setOptionLogoutAvoidance", map); + } + /** * Sets the maximum number of child nodes (per node) that can be crawled, 0 means no limit. *