Update APIs of add-ons and core

CHANGELOG.md

@@ -5,6 +5,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased] 
+### Added
+- Add the APIs of the following add-ons:
+  - Client Side Integration version 0.20.0;
+  - Postman Support version 0.7.0.
+
+### Changed
+- Update core APIs for 2.17.
+- Update the APIs of the following add-ons:
+  - Automation Framework version 0.58.0;
+  - Passive Scanner version 0.6.0;
+  - Selenium version 15.43.0;
+  - Spider version 0.18.0.
 
 ## [1.16.0] - 2025-02-03
 ### Added

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/core/ClientApi.java

@@ -60,6 +60,8 @@
 import org.zaproxy.clientapi.gen.Automation;
 import org.zaproxy.clientapi.gen.Autoupdate;
 import org.zaproxy.clientapi.gen.Break;
+import org.zaproxy.clientapi.gen.Client;
+import org.zaproxy.clientapi.gen.ClientSpider;
 import org.zaproxy.clientapi.gen.Context;
 import org.zaproxy.clientapi.gen.Core;
 import org.zaproxy.clientapi.gen.Exim;
@@ -71,6 +73,7 @@
 import org.zaproxy.clientapi.gen.Openapi;
 import org.zaproxy.clientapi.gen.Params;
 import org.zaproxy.clientapi.gen.Pnh;
+import org.zaproxy.clientapi.gen.Postman;
 import org.zaproxy.clientapi.gen.Pscan;
 import org.zaproxy.clientapi.gen.Replacer;
 import org.zaproxy.clientapi.gen.Reports;
@@ -119,6 +122,8 @@ public class ClientApi {
     public Automation automation = new Automation(this);
     public Autoupdate autoupdate = new Autoupdate(this);
     public Break brk = new Break(this);
+    public Client client = new Client(this);
+    public ClientSpider clientSpider = new ClientSpider(this);
     public Context context = new Context(this);
     public Core core = new Core(this);
     public Exim exim = new Exim(this);
@@ -148,6 +153,7 @@ public class ClientApi {
     public Openapi openapi = new Openapi(this);
     public Params params = new Params(this);
     public Pnh pnh = new Pnh(this);
+    public Postman postman = new Postman(this);
     public Pscan pscan = new Pscan(this);
     public Replacer replacer = new Replacer(this);
     public Reports reports = new Reports(this);

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Alert.java

@@ -61,6 +61,21 @@ public ApiResponse alerts(String baseurl, String start, String count, String ris
     public ApiResponse alerts(
             String baseurl, String start, String count, String riskid, String contextname)
             throws ClientApiException {
+        return alerts(baseurl, start, count, riskid, null, null);
+    }
+
+    /**
+     * Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with
+     * 'start' position and 'count' of alerts
+     */
+    public ApiResponse alerts(
+            String baseurl,
+            String start,
+            String count,
+            String riskid,
+            String contextname,
+            String falsepositive)
+            throws ClientApiException {
         Map<String, String> map = new HashMap<>();
         if (baseurl != null) {
             map.put("baseurl", baseurl);
@@ -77,6 +92,9 @@ public ApiResponse alerts(
         if (contextname != null) {
             map.put("contextName", contextname);
         }
+        if (falsepositive != null) {
+            map.put("falsePositive", falsepositive);
+        }
         return api.callApi("alert", "view", "alerts", map);
     }
 

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Ascan.java

@@ -216,6 +216,11 @@ public ApiResponse optionEncodeCookieValues() throws ClientApiException {
         return api.callApi("ascan", "view", "optionEncodeCookieValues", null);
     }
 
+    /** Tells whether or not the active scanner should exclude anti-csrf tokens from the scan. */
+    public ApiResponse optionExcludeAntiCsrfTokens() throws ClientApiException {
+        return api.callApi("ascan", "view", "optionExcludeAntiCsrfTokens", null);
+    }
+
     /**
      * Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID,
      * with the ID of the scan rule that's sending the requests.
@@ -224,6 +229,14 @@ public ApiResponse optionInjectPluginIdInHeader() throws ClientApiException {
         return api.callApi("ascan", "view", "optionInjectPluginIdInHeader", null);
     }
 
+    /**
+     * Tells whether or not the temporary HTTP messages sent while active scanning should be
+     * persisted.
+     */
+    public ApiResponse optionPersistTemporaryMessages() throws ClientApiException {
+        return api.callApi("ascan", "view", "optionPersistTemporaryMessages", null);
+    }
+
     public ApiResponse optionPromptInAttackMode() throws ClientApiException {
         return api.callApi("ascan", "view", "optionPromptInAttackMode", null);
     }
@@ -643,6 +656,13 @@ public ApiResponse setOptionEncodeCookieValues(boolean bool) throws ClientApiExc
         return api.callApi("ascan", "action", "setOptionEncodeCookieValues", map);
     }
 
+    /** Sets whether or not the active scanner should exclude anti-csrf tokens from the scan. */
+    public ApiResponse setOptionExcludeAntiCsrfTokens(boolean bool) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("Boolean", Boolean.toString(bool));
+        return api.callApi("ascan", "action", "setOptionExcludeAntiCsrfTokens", map);
+    }
+
     public ApiResponse setOptionHandleAntiCSRFTokens(boolean bool) throws ClientApiException {
         Map<String, String> map = new HashMap<>();
         map.put("Boolean", Boolean.toString(bool));
@@ -702,6 +722,16 @@ public ApiResponse setOptionMaxScansInUI(int i) throws ClientApiException {
         return api.callApi("ascan", "action", "setOptionMaxScansInUI", map);
     }
 
+    /**
+     * Sets whether or not the temporary HTTP messages sent while active scanning should be
+     * persisted.
+     */
+    public ApiResponse setOptionPersistTemporaryMessages(boolean bool) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("Boolean", Boolean.toString(bool));
+        return api.callApi("ascan", "action", "setOptionPersistTemporaryMessages", map);
+    }
+
     public ApiResponse setOptionPromptInAttackMode(boolean bool) throws ClientApiException {
         Map<String, String> map = new HashMap<>();
         map.put("Boolean", Boolean.toString(bool));

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Automation.java

@@ -35,21 +35,44 @@ public Automation(ClientApi api) {
         this.api = api;
     }
 
-    /** This component is optional and therefore the API will only work if it is installed */
+    /**
+     * Returns the progress details for the specified planId
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
     public ApiResponse planProgress(String planid) throws ClientApiException {
         Map<String, String> map = new HashMap<>();
         map.put("planId", planid);
         return api.callApi("automation", "view", "planProgress", map);
     }
 
-    /** This component is optional and therefore the API will only work if it is installed */
+    /**
+     * Loads and asynchronously runs the plan in the specified file, returning a planId
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
     public ApiResponse runPlan(String filepath) throws ClientApiException {
         Map<String, String> map = new HashMap<>();
         map.put("filePath", filepath);
         return api.callApi("automation", "action", "runPlan", map);
     }
 
-    /** This component is optional and therefore the API will only work if it is installed */
+    /**
+     * Stops the running plan identified by the planId
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse stopPlan(String planid) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("planId", planid);
+        return api.callApi("automation", "action", "stopPlan", map);
+    }
+
+    /**
+     * Ends the currently running delay job, if any
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
     public ApiResponse endDelayJob() throws ClientApiException {
         return api.callApi("automation", "action", "endDelayJob", null);
     }

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Client.java

@@ -0,0 +1,76 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2025 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.clientapi.gen;
+
+import java.util.HashMap;
+import java.util.Map;
+import org.zaproxy.clientapi.core.ApiResponse;
+import org.zaproxy.clientapi.core.ClientApi;
+import org.zaproxy.clientapi.core.ClientApiException;
+
+/** This file was automatically generated. */
+@SuppressWarnings("javadoc")
+public class Client {
+
+    private final ClientApi api;
+
+    public Client(ClientApi api) {
+        this.api = api;
+    }
+
+    /** This component is optional and therefore the API will only work if it is installed */
+    public ApiResponse reportObject(String objectjson) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("objectJson", objectjson);
+        return api.callApi("client", "action", "reportObject", map);
+    }
+
+    /** This component is optional and therefore the API will only work if it is installed */
+    public ApiResponse reportEvent(String eventjson) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("eventJson", eventjson);
+        return api.callApi("client", "action", "reportEvent", map);
+    }
+
+    /** This component is optional and therefore the API will only work if it is installed */
+    public ApiResponse reportZestStatement(String statementjson) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("statementJson", statementjson);
+        return api.callApi("client", "action", "reportZestStatement", map);
+    }
+
+    /** This component is optional and therefore the API will only work if it is installed */
+    public ApiResponse reportZestScript(String scriptjson) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("scriptJson", scriptjson);
+        return api.callApi("client", "action", "reportZestScript", map);
+    }
+
+    /**
+     * Exports the Client Map to a file.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse exportClientMap(String pathyaml) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("pathYaml", pathyaml);
+        return api.callApi("client", "action", "exportClientMap", map);
+    }
+}

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/ClientSpider.java

@@ -0,0 +1,106 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2025 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.clientapi.gen;
+
+import java.util.HashMap;
+import java.util.Map;
+import org.zaproxy.clientapi.core.ApiResponse;
+import org.zaproxy.clientapi.core.ClientApi;
+import org.zaproxy.clientapi.core.ClientApiException;
+
+/** This file was automatically generated. */
+@SuppressWarnings("javadoc")
+public class ClientSpider {
+
+    private final ClientApi api;
+
+    public ClientSpider(ClientApi api) {
+        this.api = api;
+    }
+
+    /**
+     * Gets the status of a client spider scan.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse status(String scanid) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("scanId", scanid);
+        return api.callApi("clientSpider", "view", "status", map);
+    }
+
+    /**
+     * Starts a client spider scan.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse scan(
+            String browser,
+            String url,
+            String contextname,
+            String username,
+            String subtreeonly,
+            String maxcrawldepth,
+            String pageloadtime,
+            String numberofbrowsers,
+            String scopecheck)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        if (browser != null) {
+            map.put("browser", browser);
+        }
+        if (url != null) {
+            map.put("url", url);
+        }
+        if (contextname != null) {
+            map.put("contextName", contextname);
+        }
+        if (username != null) {
+            map.put("userName", username);
+        }
+        if (subtreeonly != null) {
+            map.put("subtreeOnly", subtreeonly);
+        }
+        if (maxcrawldepth != null) {
+            map.put("maxCrawlDepth", maxcrawldepth);
+        }
+        if (pageloadtime != null) {
+            map.put("pageLoadTime", pageloadtime);
+        }
+        if (numberofbrowsers != null) {
+            map.put("numberOfBrowsers", numberofbrowsers);
+        }
+        if (scopecheck != null) {
+            map.put("scopeCheck", scopecheck);
+        }
+        return api.callApi("clientSpider", "action", "scan", map);
+    }
+
+    /**
+     * Stops a client spider scan.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse stop(String scanid) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("scanId", scanid);
+        return api.callApi("clientSpider", "action", "stop", map);
+    }
+}