Merge pull request #89 from thc202/release-1.9.0

Release 1.9.0

Author: kingthorin

CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.9.0] - 2020-12-18
+### Added
+- Add API from GraphQL add-on.
+
+### Changed
+- Core APIs updated for ZAP version 2.10.0.
+- Update API from AJAX Spider add.on.
+
 ## [1.8.0] - 2020-01-23
 ### Added
 - Core APIs.
@@ -115,6 +123,7 @@ of the alert (zaproxy/zaproxy#1341), older methods were deprecated.
  - First version as "stand alone library", it was migrated from the [zaproxy repository](https://github.com/zaproxy/zaproxy)
  and released to Maven Central.
 
+[1.9.0]: https://github.com/zaproxy/zap-api-java/compare/v1.8.0...v1.9.0
 [1.8.0]: https://github.com/zaproxy/zap-api-java/compare/v1.7.0...v1.8.0
 [1.7.0]: https://github.com/zaproxy/zap-api-java/compare/v1.6.0...v1.7.0
 [1.6.0]: https://github.com/zaproxy/zap-api-java/compare/v1.5.0...v1.6.0

README.md

@@ -22,7 +22,7 @@ can be obtained from [Maven Central](https://search.maven.org/) with following c
 
  * GroupId: `org.zaproxy`
  * ArtifactId: `zap-clientapi`
- * Version: `1.8.0`
+ * Version: `1.9.0`
 
 Previous releases are also available, more details can be found in [Maven Central](https://search.maven.org/search?q=g:org.zaproxy%20AND%20a:zap-clientapi&core=gav).
 

build.gradle

@@ -20,8 +20,8 @@ subprojects {
 
     group = 'org.zaproxy'
 
-    version '1.8.0'
-    ext.versionBC = '1.7.0'
+    version '1.9.0'
+    ext.versionBC = '1.8.0'
 
     repositories {
         mavenCentral()

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Acsrf.java

@@ -41,6 +41,11 @@ public ApiResponse optionTokensNames() throws ClientApiException {
         return api.callApi("acsrf", "view", "optionTokensNames", null);
     }
 
+    /** Define if ZAP should detect CSRF tokens by searching for partial matches */
+    public ApiResponse optionPartialMatchingEnabled() throws ClientApiException {
+        return api.callApi("acsrf", "view", "optionPartialMatchingEnabled", null);
+    }
+
     /** Adds an anti-CSRF token with the given name, enabled by default */
     public ApiResponse addOptionToken(String string) throws ClientApiException {
         Map<String, String> map = new HashMap<>();
@@ -55,6 +60,13 @@ public ApiResponse removeOptionToken(String string) throws ClientApiException {
         return api.callApi("acsrf", "action", "removeOptionToken", map);
     }
 
+    /** Define if ZAP should detect CSRF tokens by searching for partial matches. */
+    public ApiResponse setOptionPartialMatchingEnabled(boolean bool) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("Boolean", Boolean.toString(bool));
+        return api.callApi("acsrf", "action", "setOptionPartialMatchingEnabled", map);
+    }
+
     /** Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP */
     public byte[] genForm(String hrefid) throws ClientApiException {
         Map<String, String> map = new HashMap<>();

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/AjaxSpider.java

@@ -36,6 +36,11 @@ public AjaxSpider(ClientApi api) {
         this.api = api;
     }
 
+    /** This component is optional and therefore the API will only work if it is installed */
+    public ApiResponse allowedResources() throws ClientApiException {
+        return api.callApi("ajaxSpider", "view", "allowedResources", null);
+    }
+
     /** This component is optional and therefore the API will only work if it is installed */
     public ApiResponse status() throws ClientApiException {
         return api.callApi("ajaxSpider", "view", "status", null);
@@ -114,10 +119,7 @@ public ApiResponse optionRandomInputs() throws ClientApiException {
     }
 
     /**
-     * Runs the spider against the given URL and/or context, optionally, spidering everything in
-     * scope. The parameter 'contextName' can be used to constrain the scan to a Context, the option
-     * 'in scope' is ignored if a context was also specified. The parameter 'subtreeOnly' allows to
-     * restrict the spider under a site's subtree (using the specified 'url').
+     * Runs the AJAX Spider against a given target.
      *
      * <p>This component is optional and therefore the API will only work if it is installed
      */
@@ -140,10 +142,7 @@ public ApiResponse scan(String url, String inscope, String contextname, String s
     }
 
     /**
-     * Runs the spider from the perspective of a User, obtained using the given context name and
-     * user name. The parameter 'url' allows to specify the starting point for the spider, otherwise
-     * it's used an existing URL from the context (if any). The parameter 'subtreeOnly' allows to
-     * restrict the spider under a site's subtree (using the specified 'url').
+     * Runs the AJAX Spider from the perspective of a User of the web application.
      *
      * <p>This component is optional and therefore the API will only work if it is installed
      */
@@ -167,6 +166,32 @@ public ApiResponse stop() throws ClientApiException {
         return api.callApi("ajaxSpider", "action", "stop", null);
     }
 
+    /** This component is optional and therefore the API will only work if it is installed */
+    public ApiResponse addAllowedResource(String regex, String enabled) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("regex", regex);
+        if (enabled != null) {
+            map.put("enabled", enabled);
+        }
+        return api.callApi("ajaxSpider", "action", "addAllowedResource", map);
+    }
+
+    /** This component is optional and therefore the API will only work if it is installed */
+    public ApiResponse removeAllowedResource(String regex) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("regex", regex);
+        return api.callApi("ajaxSpider", "action", "removeAllowedResource", map);
+    }
+
+    /** This component is optional and therefore the API will only work if it is installed */
+    public ApiResponse setEnabledAllowedResource(String regex, String enabled)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("regex", regex);
+        map.put("enabled", enabled);
+        return api.callApi("ajaxSpider", "action", "setEnabledAllowedResource", map);
+    }
+
     /** This component is optional and therefore the API will only work if it is installed */
     public ApiResponse setOptionBrowserId(String string) throws ClientApiException {
         Map<String, String> map = new HashMap<>();

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Alert.java

@@ -128,6 +128,23 @@ public ApiResponse deleteAlert(String id) throws ClientApiException {
         return api.callApi("alert", "action", "deleteAlert", map);
     }
 
+    /** Update the confidence of the alerts. */
+    public ApiResponse updateAlertsConfidence(String ids, String confidenceid)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("ids", ids);
+        map.put("confidenceId", confidenceid);
+        return api.callApi("alert", "action", "updateAlertsConfidence", map);
+    }
+
+    /** Update the risk of the alerts. */
+    public ApiResponse updateAlertsRisk(String ids, String riskid) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("ids", ids);
+        map.put("riskId", riskid);
+        return api.callApi("alert", "action", "updateAlertsRisk", map);
+    }
+
     /** Update the alert with the given ID, with the provided details. */
     public ApiResponse updateAlert(
             String id,

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Context.java

@@ -116,6 +116,40 @@ public ApiResponse setContextRegexs(String contextname, String incregexs, String
         return api.callApi("context", "action", "setContextRegexs", map);
     }
 
+    /**
+     * Set the checking strategy for a context - this defines how ZAP checks that a request is
+     * authenticated
+     */
+    public ApiResponse setContextCheckingStrategy(
+            String contextname,
+            String checkingstrategy,
+            String pollurl,
+            String polldata,
+            String pollheaders,
+            String pollfrequency,
+            String pollfrequencyunits)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("contextName", contextname);
+        map.put("checkingStrategy", checkingstrategy);
+        if (pollurl != null) {
+            map.put("pollUrl", pollurl);
+        }
+        if (polldata != null) {
+            map.put("pollData", polldata);
+        }
+        if (pollheaders != null) {
+            map.put("pollHeaders", pollheaders);
+        }
+        if (pollfrequency != null) {
+            map.put("pollFrequency", pollfrequency);
+        }
+        if (pollfrequencyunits != null) {
+            map.put("pollFrequencyUnits", pollfrequencyunits);
+        }
+        return api.callApi("context", "action", "setContextCheckingStrategy", map);
+    }
+
     /** Creates a new context with the given name in the current session */
     public ApiResponse newContext(String contextname) throws ClientApiException {
         Map<String, String> map = new HashMap<>();

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Core.java

@@ -322,6 +322,11 @@ public ApiResponse optionUseProxyChainAuth() throws ClientApiException {
         return api.callApi("core", "view", "optionUseProxyChainAuth", null);
     }
 
+    /** Gets whether or not the SOCKS proxy should be used. */
+    public ApiResponse optionUseSocksProxy() throws ClientApiException {
+        return api.callApi("core", "view", "optionUseSocksProxy", null);
+    }
+
     /**
      * Convenient and simple action to access a URL, optionally following redirections. Returns the
      * request sent and response received and followed redirections, if any. Other actions are
@@ -688,6 +693,13 @@ public ApiResponse setOptionUseProxyChainAuth(boolean bool) throws ClientApiExce
         return api.callApi("core", "action", "setOptionUseProxyChainAuth", map);
     }
 
+    /** Sets whether or not the SOCKS proxy should be used. */
+    public ApiResponse setOptionUseSocksProxy(boolean bool) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("Boolean", Boolean.toString(bool));
+        return api.callApi("core", "action", "setOptionUseSocksProxy", map);
+    }
+
     public byte[] proxypac() throws ClientApiException {
         return api.callApiOther("core", "other", "proxy.pac", null);
     }