From bf711fe45397885dbd597d8e63799b4f31a7f402 Mon Sep 17 00:00:00 2001 From: thc202 Date: Thu, 22 Jun 2017 23:57:09 +0100 Subject: [PATCH] Add replacer API Add the API of the add-on Replacer (to be released). --- src/zapv2/__init__.py | 2 ++ src/zapv2/replacer.py | 60 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 src/zapv2/replacer.py diff --git a/src/zapv2/__init__.py b/src/zapv2/__init__.py index 862261f..ce96b42 100644 --- a/src/zapv2/__init__.py +++ b/src/zapv2/__init__.py @@ -41,6 +41,7 @@ from .params import params from .pnh import pnh from .pscan import pscan +from .replacer import replacer from .reveal import reveal from .script import script from .search import search @@ -90,6 +91,7 @@ def __init__(self, proxies=None, apikey=None): self.params = params(self) self.pnh = pnh(self) self.pscan = pscan(self) + self.replacer = replacer(self) self.reveal = reveal(self) self.script = script(self) self.search = search(self) diff --git a/src/zapv2/replacer.py b/src/zapv2/replacer.py new file mode 100644 index 0000000..38651e1 --- /dev/null +++ b/src/zapv2/replacer.py @@ -0,0 +1,60 @@ +# Zed Attack Proxy (ZAP) and its related class files. +# +# ZAP is an HTTP/HTTPS proxy for assessing web application security. +# +# Copyright 2017 the ZAP development team +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +""" +This file was automatically generated. +""" + +import six + + +class replacer(object): + + def __init__(self, zap): + self.zap = zap + + @property + def rules(self): + """ + Returns full details of all of the rules + This component is optional and therefore the API will only work if it is installed + """ + return six.next(six.itervalues(self.zap._request(self.zap.base + 'replacer/view/rules/'))) + + def add_rule(self, description, enabled, matchtype, matchregex, matchstring, replacement, initiators=None, apikey=''): + """ + Adds a replacer rule. For the parameters: desc is a user friendly description, enabled is true or false, matchType is one of [REQ_HEADER, REQ_HEADER_STR, REQ_BODY_STR, RESP_HEADER, RESP_HEADER_STR, RESP_BODY_STR], matchRegex should be true if the matchString should be treated as a regex otherwise false, matchString is the string that will be matched against, replacement is the replacement string, initiators may be blank (for all initiators) or a comma separated list of integers as defined in HttpSender + This component is optional and therefore the API will only work if it is installed + """ + params = {'description': description, 'enabled': enabled, 'matchType': matchtype, 'matchRegex': matchregex, 'matchString': matchstring, 'replacement': replacement, 'apikey': apikey} + if initiators is not None: + params['initiators'] = initiators + return six.next(six.itervalues(self.zap._request(self.zap.base + 'replacer/action/addRule/', params))) + + def remove_rule(self, description, apikey=''): + """ + Removes the rule with the given description + This component is optional and therefore the API will only work if it is installed + """ + return six.next(six.itervalues(self.zap._request(self.zap.base + 'replacer/action/removeRule/', {'description': description, 'apikey': apikey}))) + + def set_enabled(self, description, bool, apikey=''): + """ + Enables or disables the rule with the given description based on the bool parameter + This component is optional and therefore the API will only work if it is installed + """ + return six.next(six.itervalues(self.zap._request(self.zap.base + 'replacer/action/setEnabled/', {'description': description, 'bool': bool, 'apikey': apikey})))