Merge pull request #85 from thc202/release-1.8.0

Release 1.8.0

Author: psiinon

.travis.yml

@@ -1,7 +1,7 @@
 language: java
 
 jdk:
-  - oraclejdk8
+  - openjdk8
   - openjdk11
 
 before_cache:

CHANGELOG.md

@@ -4,6 +4,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.8.0] - 2020-01-23
+### Added
+- Core APIs.
+- APIs from add-ons:
+ - Access Control Testing;
+ - Export Report;
+ - Revisit;
+ - Wappalyzer - Technology Detection.
+
+### Changed
+- Core APIs updated for ZAP version 2.9.0.
+- Update APIs from add-ons:
+ - Alert Filters;
+ - OpenAPI Support;
+ - Replacer.
+
 ## [1.7.0] - 2019-06-13
 ### Added
 - Add API for SOAP Scanner add-on, version 3.
@@ -70,7 +86,7 @@ the API key) from being used with ZAP versions <= 2.5.0.
 ## [1.1.0] - 2017-03-09
 ### Added
 - Context Alert Filters API, for more information refer to the help page:
-https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAlertFiltersAlertFilter
+https://www.zaproxy.org/docs/desktop/addons/alert-filters/
 - The `Alert` now exposes the alert ID, message ID, and scanner ID.
 - Added confidence "False Positive" (enum `Alert.Confidence`).
 
@@ -99,6 +115,7 @@ of the alert (zaproxy/zaproxy#1341), older methods were deprecated.
  - First version as "stand alone library", it was migrated from the [zaproxy repository](https://github.com/zaproxy/zaproxy)
  and released to Maven Central.
 
+[1.8.0]: https://github.com/zaproxy/zap-api-java/compare/v1.7.0...v1.8.0
 [1.7.0]: https://github.com/zaproxy/zap-api-java/compare/v1.6.0...v1.7.0
 [1.6.0]: https://github.com/zaproxy/zap-api-java/compare/v1.5.0...v1.6.0
 [1.5.0]: https://github.com/zaproxy/zap-api-java/compare/v1.4.0...v1.5.0

README.md

@@ -5,7 +5,7 @@
 [![Build Status](https://api.travis-ci.com/zaproxy/zap-api-java.svg?branch=develop)](https://travis-ci.com/zaproxy/zap-api-java)
 [![Known Vulnerabilities](https://snyk.io/test/github/zaproxy/zap-api-java/badge.svg)](https://snyk.io/test/github/zaproxy/zap-api-java)
 
-The Java implementation to access the [OWASP ZAP API](https://github.com/zaproxy/zaproxy/wiki/ApiDetails). For more information
+The Java implementation to access the [OWASP ZAP API](https://www.zaproxy.org/docs/api/). For more information
 about OWASP ZAP consult the (main) [OWASP ZAP project](https://github.com/zaproxy/zaproxy/).
 
 This project produces two libraries:
@@ -22,16 +22,16 @@ can be obtained from [Maven Central](https://search.maven.org/) with following c
 
  * GroupId: `org.zaproxy`
  * ArtifactId: `zap-clientapi`
- * Version: `1.7.0`
+ * Version: `1.8.0`
 
 Previous releases are also available, more details can be found in [Maven Central](https://search.maven.org/search?q=g:org.zaproxy%20AND%20a:zap-clientapi&core=gav).
 
 ## Getting Help
 
 For help using OWASP ZAP API refer to:
   * [Examples](subprojects/zap-clientapi/src/examples/java/org/zaproxy/clientapi/examples) - collection of examples using the library;
-  * [OWASP ZAP User Group](https://groups.google.com/group/zaproxy-users) - for asking questions;
-  * IRC: irc.mozilla.org #websectools (eg [using Mibbit](http://chat.mibbit.com/?server=irc.mozilla.org%3A%2B6697&channel=%23websectools)) - chat with core ZAP developers (European office hours usually best)
+  * [API Documentation](https://www.zaproxy.org/docs/api/)
+  * [OWASP ZAP User Group](https://groups.google.com/group/zaproxy-users) - for asking questions
 
 ## Issues
 

build.gradle

@@ -20,8 +20,8 @@ subprojects {
 
     group = 'org.zaproxy'
 
-    version '1.7.0'
-    ext.versionBC = '1.6.0'
+    version '1.8.0'
+    ext.versionBC = '1.7.0'
 
     repositories {
         mavenCentral()

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/core/ClientApi.java

@@ -47,6 +47,7 @@
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import org.w3c.dom.Document;
+import org.zaproxy.clientapi.gen.AccessControl;
 import org.zaproxy.clientapi.gen.Acsrf;
 import org.zaproxy.clientapi.gen.AjaxSpider;
 import org.zaproxy.clientapi.gen.AlertFilter;
@@ -57,16 +58,20 @@
 import org.zaproxy.clientapi.gen.Break;
 import org.zaproxy.clientapi.gen.Context;
 import org.zaproxy.clientapi.gen.Core;
+import org.zaproxy.clientapi.gen.Exportreport;
 import org.zaproxy.clientapi.gen.ForcedUser;
 import org.zaproxy.clientapi.gen.HttpSessions;
 import org.zaproxy.clientapi.gen.ImportLogFiles;
 import org.zaproxy.clientapi.gen.Importurls;
+import org.zaproxy.clientapi.gen.LocalProxies;
 import org.zaproxy.clientapi.gen.Openapi;
 import org.zaproxy.clientapi.gen.Params;
 import org.zaproxy.clientapi.gen.Pnh;
 import org.zaproxy.clientapi.gen.Pscan;
 import org.zaproxy.clientapi.gen.Replacer;
 import org.zaproxy.clientapi.gen.Reveal;
+import org.zaproxy.clientapi.gen.Revisit;
+import org.zaproxy.clientapi.gen.RuleConfig;
 import org.zaproxy.clientapi.gen.Script;
 import org.zaproxy.clientapi.gen.Search;
 import org.zaproxy.clientapi.gen.Selenium;
@@ -75,6 +80,7 @@
 import org.zaproxy.clientapi.gen.Spider;
 import org.zaproxy.clientapi.gen.Stats;
 import org.zaproxy.clientapi.gen.Users;
+import org.zaproxy.clientapi.gen.Wappalyzer;
 import org.zaproxy.clientapi.gen.Websocket;
 
 public class ClientApi {
@@ -96,6 +102,7 @@ public class ClientApi {
     private DocumentBuilderFactory docBuilderFactory;
 
     // Note that any new API implementations added have to be added here manually
+    public AccessControl accessControl = new AccessControl(this);
     public Acsrf acsrf = new Acsrf(this);
     public AjaxSpider ajaxSpider = new AjaxSpider(this);
     public AlertFilter alertFilter = new AlertFilter(this);
@@ -107,16 +114,20 @@ public class ClientApi {
     public Break brk = new Break(this);
     public Context context = new Context(this);
     public Core core = new Core(this);
+    public Exportreport exportreport = new Exportreport(this);
     public ForcedUser forcedUser = new ForcedUser(this);
     public HttpSessions httpSessions = new HttpSessions(this);
     public ImportLogFiles logImportFiles = new ImportLogFiles(this);
     public Importurls importurls = new Importurls(this);
+    public LocalProxies localProxies = new LocalProxies(this);
     public Openapi openapi = new Openapi(this);
     public Params params = new Params(this);
     public Pnh pnh = new Pnh(this);
     public Pscan pscan = new Pscan(this);
     public Replacer replacer = new Replacer(this);
     public Reveal reveal = new Reveal(this);
+    public Revisit revisit = new Revisit(this);
+    public RuleConfig ruleConfig = new RuleConfig(this);
     public Search search = new Search(this);
     public Script script = new Script(this);
     public Selenium selenium = new Selenium(this);
@@ -125,6 +136,7 @@ public class ClientApi {
     public Spider spider = new Spider(this);
     public Stats stats = new Stats(this);
     public Users users = new Users(this);
+    public Wappalyzer wappalyzer = new Wappalyzer(this);
     public Websocket websocket = new Websocket(this);
 
     public ClientApi(String zapAddress, int zapPort) {

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/AccessControl.java

@@ -0,0 +1,103 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2020 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.clientapi.gen;
+
+import java.util.HashMap;
+import java.util.Map;
+import org.zaproxy.clientapi.core.ApiResponse;
+import org.zaproxy.clientapi.core.ClientApi;
+import org.zaproxy.clientapi.core.ClientApiException;
+
+/** This file was automatically generated. */
+@SuppressWarnings("javadoc")
+public class AccessControl {
+
+    private final ClientApi api;
+
+    public AccessControl(ClientApi api) {
+        this.api = api;
+    }
+
+    /**
+     * Gets the Access Control scan progress (percentage integer) for the given context ID.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse getScanProgress(String contextid) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("contextId", contextid);
+        return api.callApi("accessControl", "view", "getScanProgress", map);
+    }
+
+    /**
+     * Gets the Access Control scan status (description string) for the given context ID.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse getScanStatus(String contextid) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("contextId", contextid);
+        return api.callApi("accessControl", "view", "getScanStatus", map);
+    }
+
+    /**
+     * Starts an Access Control scan with the given context ID and user ID. (Optional parameters:
+     * user ID for Unauthenticated user, boolean identifying whether or not Alerts are raised, and
+     * the Risk level for the Alerts.) [This assumes the Access Control rules were previously
+     * established via ZAP gui and the necessary Context exported/imported.]
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse scan(
+            String contextid,
+            String userid,
+            String scanasunauthuser,
+            String raisealert,
+            String alertrisklevel)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("contextId", contextid);
+        map.put("userId", userid);
+        if (scanasunauthuser != null) {
+            map.put("scanAsUnAuthUser", scanasunauthuser);
+        }
+        if (raisealert != null) {
+            map.put("raiseAlert", raisealert);
+        }
+        if (alertrisklevel != null) {
+            map.put("alertRiskLevel", alertrisklevel);
+        }
+        return api.callApi("accessControl", "action", "scan", map);
+    }
+
+    /**
+     * Generates an Access Control report for the given context ID and saves it based on the
+     * provided filename (path).
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse writeHTMLreport(String contextid, String filename)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("contextId", contextid);
+        map.put("fileName", filename);
+        return api.callApi("accessControl", "action", "writeHTMLreport", map);
+    }
+}

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Alert.java

@@ -127,4 +127,105 @@ public ApiResponse deleteAlert(String id) throws ClientApiException {
         map.put("id", id);
         return api.callApi("alert", "action", "deleteAlert", map);
     }
+
+    /** Update the alert with the given ID, with the provided details. */
+    public ApiResponse updateAlert(
+            String id,
+            String name,
+            String riskid,
+            String confidenceid,
+            String description,
+            String param,
+            String attack,
+            String otherinfo,
+            String solution,
+            String references,
+            String evidence,
+            String cweid,
+            String wascid)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("id", id);
+        map.put("name", name);
+        map.put("riskId", riskid);
+        map.put("confidenceId", confidenceid);
+        map.put("description", description);
+        if (param != null) {
+            map.put("param", param);
+        }
+        if (attack != null) {
+            map.put("attack", attack);
+        }
+        if (otherinfo != null) {
+            map.put("otherInfo", otherinfo);
+        }
+        if (solution != null) {
+            map.put("solution", solution);
+        }
+        if (references != null) {
+            map.put("references", references);
+        }
+        if (evidence != null) {
+            map.put("evidence", evidence);
+        }
+        if (cweid != null) {
+            map.put("cweId", cweid);
+        }
+        if (wascid != null) {
+            map.put("wascId", wascid);
+        }
+        return api.callApi("alert", "action", "updateAlert", map);
+    }
+
+    /**
+     * Add an alert associated with the given message ID, with the provided details. (The ID of the
+     * created alert is returned.)
+     */
+    public ApiResponse addAlert(
+            String messageid,
+            String name,
+            String riskid,
+            String confidenceid,
+            String description,
+            String param,
+            String attack,
+            String otherinfo,
+            String solution,
+            String references,
+            String evidence,
+            String cweid,
+            String wascid)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("messageId", messageid);
+        map.put("name", name);
+        map.put("riskId", riskid);
+        map.put("confidenceId", confidenceid);
+        map.put("description", description);
+        if (param != null) {
+            map.put("param", param);
+        }
+        if (attack != null) {
+            map.put("attack", attack);
+        }
+        if (otherinfo != null) {
+            map.put("otherInfo", otherinfo);
+        }
+        if (solution != null) {
+            map.put("solution", solution);
+        }
+        if (references != null) {
+            map.put("references", references);
+        }
+        if (evidence != null) {
+            map.put("evidence", evidence);
+        }
+        if (cweid != null) {
+            map.put("cweId", cweid);
+        }
+        if (wascid != null) {
+            map.put("wascId", wascid);
+        }
+        return api.callApi("alert", "action", "addAlert", map);
+    }
 }