├── .gitignore
├── README.md
├── lib
    └── zap-api-1.2.0.jar
├── pom.xml
├── proxy.iml
└── src
    ├── main
        ├── java
        │   └── net
        │   │   └── continuumsecurity
        │   │       └── proxy
        │   │           ├── Authentication.java
        │   │           ├── ContextModifier.java
        │   │           ├── HarUtils.java
        │   │           ├── LoggingProxy.java
        │   │           ├── ProxyException.java
        │   │           ├── ScanningProxy.java
        │   │           ├── Spider.java
        │   │           ├── ZAProxyScanner.java
        │   │           └── model
        │   │               ├── AuthenticationMethod.java
        │   │               ├── Context.java
        │   │               ├── ScanInfo.java
        │   │               ├── ScanResponse.java
        │   │               ├── ScannerInfo.java
        │   │               ├── Script.java
        │   │               └── User.java
        └── resources
        │   ├── extendedapi-alpha-1.zap
        │   └── extendedapi-alpha-2.zap
    └── test
        ├── java
            └── net
            │   └── continuumsecurity
            │       └── proxy
            │           ├── SpiderTest.java
            │           ├── TestEnvironment.java
            │           ├── TestHarUtils.java
            │           └── ZAProxyScannerTest.java
        └── resources
            └── ropeytasks-0.1.war


/.gitignore:
--------------------------------------------------------------------------------
1 | # Created by .ignore support plugin (hsz.mobi)
2 | .idea/
3 | *.iml
4 | target/


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | zap-java-api
 2 | ============
 3 | 
 4 | Java client library for OWASP ZAP.  In addition to scanning and spidering, it also provides programmatic access to the proxy.
 5 | 
 6 | The core functionality is in [ZAProxyScanner.java](https://github.com/continuumsecurity/zap-java-api/blob/master/src/main/java/net/continuumsecurity/proxy/ZAProxyScanner.java)
 7 | 
 8 | To build
 9 | ========
10 | 
11 | 	mvn package -DskipTests


--------------------------------------------------------------------------------
/lib/zap-api-1.2.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iriusrisk/zap-java-api/4f9fe090a073345e9ae33b40ff0e378662a7c2a8/lib/zap-api-1.2.0.jar


--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project xmlns="http://maven.apache.org/POM/4.0.0"
 3 |          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 5 |     <modelVersion>4.0.0</modelVersion>
 6 | 
 7 |     <groupId>net.continuumsecurity</groupId>
 8 |     <artifactId>zap-java-api</artifactId>
 9 |     <version>2.6.0</version>
10 | 
11 |     <build>
12 |         <plugins>
13 |             <plugin>
14 |                 <groupId>org.apache.maven.plugins</groupId>
15 |                 <artifactId>maven-compiler-plugin</artifactId>
16 |                 <version>3.1</version>
17 |                 <configuration>
18 |                     <source>1.6</source>
19 |                     <target>1.6</target>
20 |                 </configuration>
21 |             </plugin>
22 |         </plugins>
23 |     </build>
24 | 
25 |     <dependencies>
26 |         <dependency>
27 |             <groupId>org.hamcrest</groupId>
28 |             <artifactId>hamcrest-all</artifactId>
29 |             <version>1.3</version>
30 |         </dependency>
31 |         <dependency>
32 |             <groupId>org.mortbay.jetty</groupId>
33 |             <artifactId>jetty</artifactId>
34 |             <version>6.1.26</version>
35 |             <scope>test</scope>
36 |         </dependency>
37 |         <dependency>
38 |             <groupId>org.codehaus.jackson</groupId>
39 |             <artifactId>jackson-mapper-asl</artifactId>
40 |             <version>1.9.12</version>
41 |         </dependency>
42 |         <dependency>
43 |             <groupId>junit</groupId>
44 |             <artifactId>junit</artifactId>
45 |             <version>4.11</version>
46 |             <scope>test</scope>
47 |         </dependency>
48 |         <dependency>
49 |             <groupId>org.seleniumhq.selenium</groupId>
50 |             <artifactId>selenium-java</artifactId>
51 |             <version>2.32.0</version>
52 |         </dependency>
53 |         <dependency>
54 |             <groupId>org.zaproxy</groupId>
55 |             <artifactId>zap-clientapi</artifactId>
56 |             <version>1.2.0</version>
57 |         </dependency>
58 |         <dependency>
59 |             <groupId>edu.umass.cs.benchlab</groupId>
60 |             <artifactId>harlib</artifactId>
61 |             <version>1.1.2</version>
62 |         </dependency>
63 |     </dependencies>
64 | 
65 | </project>
66 | 


--------------------------------------------------------------------------------
/proxy.iml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
 3 |   <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_6" inherit-compiler-output="false">
 4 |     <output url="file://$MODULE_DIR$/target/classes" />
 5 |     <output-test url="file://$MODULE_DIR$/target/test-classes" />
 6 |     <content url="file://$MODULE_DIR$">
 7 |       <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
 8 |       <sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
 9 |       <sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
10 |       <sourceFolder url="file://$MODULE_DIR$/src/test/resources" type="java-test-resource" />
11 |       <excludeFolder url="file://$MODULE_DIR$/target" />
12 |     </content>
13 |     <orderEntry type="inheritedJdk" />
14 |     <orderEntry type="sourceFolder" forTests="false" />
15 |     <orderEntry type="library" name="Maven: org.hamcrest:hamcrest-all:1.3" level="project" />
16 |     <orderEntry type="library" scope="TEST" name="Maven: org.mortbay.jetty:jetty:6.1.26" level="project" />
17 |     <orderEntry type="library" scope="TEST" name="Maven: org.mortbay.jetty:jetty-util:6.1.26" level="project" />
18 |     <orderEntry type="library" scope="TEST" name="Maven: org.mortbay.jetty:servlet-api:2.5-20081211" level="project" />
19 |     <orderEntry type="library" name="Maven: org.codehaus.jackson:jackson-mapper-asl:1.9.12" level="project" />
20 |     <orderEntry type="library" name="Maven: org.codehaus.jackson:jackson-core-asl:1.9.12" level="project" />
21 |     <orderEntry type="library" scope="TEST" name="Maven: junit:junit:4.11" level="project" />
22 |     <orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest-core:1.3" level="project" />
23 |     <orderEntry type="library" name="Maven: org.seleniumhq.selenium:selenium-java:2.32.0" level="project" />
24 |     <orderEntry type="library" name="Maven: org.seleniumhq.selenium:selenium-android-driver:2.32.0" level="project" />
25 |     <orderEntry type="library" name="Maven: org.seleniumhq.selenium:selenium-remote-driver:2.32.0" level="project" />
26 |     <orderEntry type="library" name="Maven: cglib:cglib-nodep:2.1_3" level="project" />
27 |     <orderEntry type="library" name="Maven: org.json:json:20080701" level="project" />
28 |     <orderEntry type="library" name="Maven: com.google.guava:guava:14.0" level="project" />
29 |     <orderEntry type="library" name="Maven: org.seleniumhq.selenium:selenium-chrome-driver:2.32.0" level="project" />
30 |     <orderEntry type="library" name="Maven: org.seleniumhq.selenium:selenium-htmlunit-driver:2.32.0" level="project" />
31 |     <orderEntry type="library" name="Maven: org.seleniumhq.selenium:selenium-api:2.32.0" level="project" />
32 |     <orderEntry type="library" name="Maven: net.sourceforge.htmlunit:htmlunit:2.12" level="project" />
33 |     <orderEntry type="library" name="Maven: xalan:xalan:2.7.1" level="project" />
34 |     <orderEntry type="library" name="Maven: xalan:serializer:2.7.1" level="project" />
35 |     <orderEntry type="library" name="Maven: commons-collections:commons-collections:3.2.1" level="project" />
36 |     <orderEntry type="library" name="Maven: org.apache.commons:commons-lang3:3.1" level="project" />
37 |     <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpmime:4.2.3" level="project" />
38 |     <orderEntry type="library" name="Maven: commons-codec:commons-codec:1.7" level="project" />
39 |     <orderEntry type="library" name="Maven: net.sourceforge.htmlunit:htmlunit-core-js:2.12" level="project" />
40 |     <orderEntry type="library" name="Maven: xerces:xercesImpl:2.10.0" level="project" />
41 |     <orderEntry type="library" name="Maven: xml-apis:xml-apis:1.4.01" level="project" />
42 |     <orderEntry type="library" name="Maven: net.sourceforge.nekohtml:nekohtml:1.9.18" level="project" />
43 |     <orderEntry type="library" name="Maven: net.sourceforge.cssparser:cssparser:0.9.9" level="project" />
44 |     <orderEntry type="library" name="Maven: org.w3c.css:sac:1.3" level="project" />
45 |     <orderEntry type="library" name="Maven: commons-logging:commons-logging:1.1.1" level="project" />
46 |     <orderEntry type="library" name="Maven: org.eclipse.jetty:jetty-websocket:8.1.9.v20130131" level="project" />
47 |     <orderEntry type="library" name="Maven: org.eclipse.jetty:jetty-util:8.1.9.v20130131" level="project" />
48 |     <orderEntry type="library" name="Maven: org.eclipse.jetty:jetty-io:8.1.9.v20130131" level="project" />
49 |     <orderEntry type="library" name="Maven: org.eclipse.jetty:jetty-http:8.1.9.v20130131" level="project" />
50 |     <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpclient:4.2.1" level="project" />
51 |     <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpcore:4.2.1" level="project" />
52 |     <orderEntry type="library" name="Maven: org.seleniumhq.selenium:selenium-firefox-driver:2.32.0" level="project" />
53 |     <orderEntry type="library" name="Maven: commons-io:commons-io:2.2" level="project" />
54 |     <orderEntry type="library" name="Maven: org.apache.commons:commons-exec:1.1" level="project" />
55 |     <orderEntry type="library" name="Maven: org.seleniumhq.selenium:selenium-ie-driver:2.32.0" level="project" />
56 |     <orderEntry type="library" name="Maven: net.java.dev.jna:jna:3.4.0" level="project" />
57 |     <orderEntry type="library" name="Maven: net.java.dev.jna:platform:3.4.0" level="project" />
58 |     <orderEntry type="library" name="Maven: org.seleniumhq.selenium:selenium-iphone-driver:2.32.0" level="project" />
59 |     <orderEntry type="library" name="Maven: org.seleniumhq.selenium:selenium-safari-driver:2.32.0" level="project" />
60 |     <orderEntry type="library" name="Maven: org.seleniumhq.selenium:selenium-support:2.32.0" level="project" />
61 |     <orderEntry type="library" name="Maven: org.webbitserver:webbit:0.4.14" level="project" />
62 |     <orderEntry type="library" name="Maven: io.netty:netty:3.5.2.Final" level="project" />
63 |     <orderEntry type="library" name="Maven: org.zaproxy:zap-clientapi:1.2.0" level="project" />
64 |     <orderEntry type="library" name="Maven: org.jdom:jdom:1.1.3" level="project" />
65 |     <orderEntry type="library" name="Maven: edu.umass.cs.benchlab:harlib:1.1.2" level="project" />
66 |   </component>
67 | </module>


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/Authentication.java:
--------------------------------------------------------------------------------
  1 | package net.continuumsecurity.proxy;
  2 | 
  3 | import net.continuumsecurity.proxy.model.User;
  4 | 
  5 | import java.io.IOException;
  6 | import java.io.UnsupportedEncodingException;
  7 | import java.util.List;
  8 | import java.util.Map;
  9 | 
 10 | public interface Authentication {
 11 |     /**
 12 |      * Returns the supported authentication methods by ZAP.
 13 |      * @return list of supported authentication methods.
 14 |      * @throws ProxyException
 15 |      */
 16 |     List<String> getSupportedAuthenticationMethods() throws ProxyException;
 17 | 
 18 |     /**
 19 |      * Returns logged in indicator pattern for the given context.
 20 |      * @param contextId Id of the context.
 21 |      * @return Logged in indicator for the given context.
 22 |      * @throws ProxyException
 23 |      */
 24 |     String getLoggedInIndicator(String contextId) throws ProxyException;
 25 | 
 26 |     /**
 27 |      * Returns logged out indicator pattern for the given context.
 28 |      * @param contextId Id of the context.
 29 |      * @return Logged out indicator for the given context.
 30 |      * @throws ProxyException
 31 |      */
 32 |     String getLoggedOutIndicator(String contextId) throws ProxyException;
 33 | 
 34 |     /**
 35 |      * Sets the logged in indicator to a given context.
 36 |      * @param contextId Id of a context.
 37 |      * @param loggedInIndicatorRegex Regex pattern for logged in indicator.
 38 |      * @throws ProxyException
 39 |      */
 40 |     void setLoggedInIndicator(String contextId, String loggedInIndicatorRegex) throws ProxyException;
 41 | 
 42 |     /**
 43 |      * Sets the logged out indicator to a given context.
 44 |      * @param contextId Id of a context.
 45 |      * @param loggedOutIndicatorRegex Regex pattern for logged out indicator.
 46 |      * @throws ProxyException
 47 |      */
 48 |     void setLoggedOutIndicator(String contextId, String loggedOutIndicatorRegex) throws ProxyException;
 49 | 
 50 |     /**
 51 |      * Returns authentication method for a given context.
 52 |      * @param contextId Id of a context.
 53 |      * @return Authentication method details for the given context id.
 54 |      * @throws ProxyException
 55 |      */
 56 |     Map<String, String> getAuthenticationMethodInfo(String contextId) throws ProxyException;
 57 | 
 58 |     /**
 59 |      * Returns the list of authentication config parameters.
 60 |      * Each config parameter is a map with keys "name" and "mandatory", holding the values name of the configuration parameter and whether it is mandatory/optional respectively.
 61 |      * @param authMethod Valid authentication method name.
 62 |      * @return List of configuration parameters for the given authentication method name.
 63 |      * @throws ProxyException
 64 |      */
 65 |     List<Map<String, String>> getAuthMethodConfigParameters(String authMethod) throws ProxyException;
 66 | 
 67 |     /**
 68 |      * Sets the authentication method for a given context with given configuration parameters.
 69 |      * @param contextId Id of a context.
 70 |      * @param authMethodName Valid authentication method name.
 71 |      * @param authMethodConfigParams Authentication method configuration parameters such as loginUrl, loginRequestData formBasedAuthentication method, and hostName, port, realm for httpBasedAuthentication method.
 72 |      * @throws ProxyException
 73 |      */
 74 |     void setAuthenticationMethod(String contextId, String authMethodName, String authMethodConfigParams) throws ProxyException;
 75 | 
 76 |     /**
 77 |      * Sets the formBasedAuthentication to given context id with the loginUrl and loginRequestData.
 78 |      * Example loginRequestData: "username={%username%}&password={%password%}"
 79 |      * @param contextId Id of the context.
 80 |      * @param loginUrl Login URL.
 81 |      * @param loginRequestData Login request data with form field names for username and password.
 82 |      * @throws ProxyException
 83 |      * @throws UnsupportedEncodingException
 84 |      */
 85 |     void setFormBasedAuthentication(String contextId, String loginUrl, String loginRequestData) throws ProxyException, UnsupportedEncodingException;
 86 | 
 87 |     /**
 88 |      * Sets the HTTP/NTLM authentication to given context id with hostname, realm and port.
 89 |      * @param contextId Id of the context.
 90 |      * @param hostname Hostname.
 91 |      * @param realm Realm.
 92 |      * @param portNumber Port number.
 93 |      * @throws ProxyException
 94 |      */
 95 |     void setHttpAuthentication(String contextId, String hostname, String realm, String portNumber) throws ProxyException, UnsupportedEncodingException;
 96 | 
 97 |     /**
 98 |      * Sets the HTTP/NTLM authentication to given context id with hostname, realm.
 99 |      * @param contextId Id of the context.
100 |      * @param hostname Hostname.
101 |      * @param realm Realm.
102 |      * @throws ProxyException
103 |      */
104 |     void setHttpAuthentication(String contextId, String hostname, String realm) throws ProxyException, UnsupportedEncodingException;
105 | 
106 |     /**
107 |      * Sets the manual authentication to the given context id.
108 |      * @param contextId Id of the context.
109 |      * @throws ProxyException
110 |      */
111 |     void setManualAuthentication(String contextId) throws ProxyException;
112 | 
113 |     /**
114 |      * Sets the script based authentication to the given context id with the script name and config parameters.
115 |      * @param contextId Id of the context.
116 |      * @param scriptName Name of the script.
117 |      * @param scriptConfigParams Script config parameters.
118 |      * @throws ProxyException
119 |      */
120 |     void setScriptBasedAuthentication(String contextId, String scriptName, String scriptConfigParams) throws ProxyException, UnsupportedEncodingException;
121 | 
122 |     /**
123 |      * Returns list of {@link User}s for a given context.
124 |      * @param contextId Id of the context.
125 |      * @return List of {@link User}s
126 |      * @throws ProxyException
127 |      * @throws IOException
128 |      */
129 |     List<User> getUsersList(String contextId) throws ProxyException, IOException;
130 | 
131 |     /**
132 |      * Returns the {@link User} info for a given context id and user id.
133 |      * @param contextId Id of a context.
134 |      * @param userId Id of a user.
135 |      * @return {@link User} info.
136 |      * @throws ProxyException
137 |      * @throws IOException
138 |      */
139 |     User getUserById(String contextId, String userId) throws ProxyException, IOException;
140 | 
141 |     /**
142 |      * Returns list of config parameters of authentication credentials for a given context id.
143 |      * Each item in the list is a map with keys "name" and "mandatory".
144 |      * @param contextId Id of a context.
145 |      * @return List of authentication credentials configuration parameters.
146 |      * @throws ProxyException
147 |      */
148 |     List<Map<String, String>> getAuthenticationCredentialsConfigParams(String contextId) throws ProxyException;
149 | 
150 |     /**
151 |      * Returns the authentication credentials as a map with key value pairs for a given context id and user id.
152 |      * @param contextId Id of a context.
153 |      * @param userId Id of a user.
154 |      * @return Authentication credentials.
155 |      * @throws ProxyException
156 |      */
157 |     Map<String, String> getAuthenticationCredentials(String contextId, String userId) throws ProxyException;
158 | 
159 |     /**
160 |      * Creates a new {@link User} for a given context and returns the user id.
161 |      * @param contextId Id of a context.
162 |      * @param name Name of the user.
163 |      * @return User id.
164 |      * @throws ProxyException
165 |      */
166 |     String newUser(String contextId, String name) throws ProxyException;
167 | 
168 |     /**
169 |      * Removes a {@link User} using the given context id and user id.
170 |      * @param contextId Id of a {@link net.continuumsecurity.proxy.model.Context}
171 |      * @param userId Id of a {@link User}
172 |      * @throws ProxyException
173 |      */
174 |     void removeUser(String contextId, String userId) throws ProxyException;
175 | 
176 |     /**
177 |      * Sets the authCredentialsConfigParams to the given context and user.
178 |      * Bu default, authCredentialsConfigParams uses key value separator "=" and key value pair separator "&".
179 |      * Make sure that values provided for authCredentialsConfigParams are URL encoded using "UTF-8".
180 |      * @param contextId Id of the context.
181 |      * @param userId Id of the user.
182 |      * @param authCredentialsConfigParams Authentication credentials config parameters.
183 |      * @throws ProxyException
184 |      */
185 |     void setAuthenticationCredentials(String contextId, String userId, String authCredentialsConfigParams) throws ProxyException;
186 | 
187 |     /**
188 |      * Enables a {@link User} for a given {@link net.continuumsecurity.proxy.model.Context} id and user id.
189 |      * @param contextId Id of a {@link net.continuumsecurity.proxy.model.Context}
190 |      * @param userId Id of a {@link User}
191 |      * @param enabled Boolean value to enable/disable the user.
192 |      * @throws ProxyException
193 |      */
194 |     void setUserEnabled(String contextId, String userId, boolean enabled) throws ProxyException;
195 | 
196 |     /**
197 |      * Sets a name to the user for the given context id and user id.
198 |      * @param contextId Id of a {@link net.continuumsecurity.proxy.model.Context}
199 |      * @param userId Id of a {@link User}
200 |      * @param name User name.
201 |      * @throws ProxyException
202 |      */
203 |     void setUserName(String contextId, String userId, String name) throws ProxyException;
204 | 
205 |     /**
206 |      * Returns the forced user id for a given context.
207 |      * @param contextId Id of a context.
208 |      * @return Id of a forced {@link User}
209 |      * @throws ProxyException
210 |      */
211 |     String getForcedUserId(String contextId) throws ProxyException;
212 | 
213 |     /**
214 |      * Returns true if forced user mode is enabled. Otherwise returns false.
215 |      * @return true if forced user mode is enabled.
216 |      * @throws ProxyException
217 |      */
218 |     boolean isForcedUserModeEnabled() throws ProxyException;
219 | 
220 |     /**
221 |      * Enables/disables the forced user mode.
222 |      * @param forcedUserModeEnabled flag to enable/disable forced user mode.
223 |      * @throws ProxyException
224 |      */
225 |     void setForcedUserModeEnabled(boolean forcedUserModeEnabled) throws ProxyException;
226 | 
227 |     /**
228 |      * Sets a {@link User} id as forced user for the given {@link net.continuumsecurity.proxy.model.Context}
229 |      * @param contextId Id of a context.
230 |      * @param userId Id of a user.
231 |      * @throws ProxyException
232 |      */
233 |     void setForcedUser(String contextId, String userId) throws ProxyException;
234 | 
235 |     /**
236 |      * Returns list of supported session management methods.
237 |      * @return List of supported session management methods.
238 |      * @throws ProxyException
239 |      */
240 |     List<String> getSupportedSessionManagementMethods() throws ProxyException;
241 | 
242 |     /**
243 |      * Returns session management method selected for the given context.
244 |      * @param contextId Id of a context.
245 |      * @return Session management method for a given context.
246 |      * @throws ProxyException
247 |      */
248 |     String getSessionManagementMethod(String contextId) throws ProxyException;
249 | 
250 |     /**
251 |      * Sets the given session management method and config params for a given context.
252 |      * @param contextId Id of a context.
253 |      * @param sessionManagementMethodName Session management method name.
254 |      * @param methodConfigParams Session management method config parameters.
255 |      * @throws ProxyException
256 |      */
257 |     void setSessionManagementMethod(String contextId, String sessionManagementMethodName, String methodConfigParams) throws ProxyException;
258 | }
259 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/ContextModifier.java:
--------------------------------------------------------------------------------
1 | package net.continuumsecurity.proxy;
2 | 
3 | public interface ContextModifier {
4 |     void setIncludeInContext(String contextName, String regex);
5 | }
6 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/HarUtils.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy;
 2 | 
 3 | import edu.umass.cs.benchlab.har.HarHeader;
 4 | import edu.umass.cs.benchlab.har.HarRequest;
 5 | 
 6 | public class HarUtils {
 7 |     public static HarRequest changeCookieValue(HarRequest request,String name,String value) {
 8 |         String patternMulti = "([; ]" + name + ")=[^;]*(.*)";
 9 |         String patternStart = "^(" + name + ")=[^;]*(.*)";
10 | 
11 |         for (HarHeader header : request.getHeaders().getHeaders()) {
12 |             if (header.getName().equalsIgnoreCase("COOKIE")) {
13 |                 if (header.getValue() != null) {
14 |                     String updated = header.getValue().replaceAll(patternMulti, "$1=" + value + "$2");
15 |                     if (updated.equals(header.getValue())) {
16 |                         updated = header.getValue().replaceAll(patternStart, "$1=" + value + "$2");
17 |                     }
18 |                     header.setValue(updated);
19 |                 }
20 |             }
21 |         }
22 |         return request;
23 |     }
24 | }
25 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/LoggingProxy.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy;
 2 | 
 3 | 
 4 | import edu.umass.cs.benchlab.har.HarEntry;
 5 | import edu.umass.cs.benchlab.har.HarRequest;
 6 | import org.openqa.selenium.Proxy;
 7 | 
 8 | import java.net.UnknownHostException;
 9 | import java.util.List;
10 | 
11 | 
12 | public interface LoggingProxy {
13 |     /*
14 |         Call newSession(string, string) on the ZAP api
15 |     */
16 | 	void clear() throws ProxyException;
17 | 
18 |     /*
19 |         Get the history of all requests and responses, populated into HarEntrys.  A HarEntry consists of a HarRequest and HarResponse, all of the fields
20 |         of these classes, and the classes they contain should be correctly populated.
21 |      */
22 | 	List<HarEntry> getHistory() throws ProxyException;
23 | 
24 |     /*
25 |         As above, but only get a range of records
26 |      */
27 |     List<HarEntry> getHistory(int start, int count) throws ProxyException;
28 | 
29 |     /*
30 |         How many records are available to fetch?
31 |      */
32 |     int getHistoryCount() throws ProxyException;
33 | 
34 | 
35 |     /*
36 |         Search through all the HarRequests for the given regex.  The search should be performed on all request headers as well as post body.
37 |         When a match is found, return the entire HarEntry (request and response).
38 |      */
39 | 	List<HarEntry> findInRequestHistory(String regex) throws ProxyException;
40 | 
41 |     /*
42 |        Search through all HarResponses for the given regex, this must include response headers and content.
43 |      */
44 | 	List<HarEntry> findInResponseHistory(String regex) throws ProxyException;
45 | 
46 |     List<HarEntry> findInResponseHistory(String regex,List<HarEntry> entries);
47 |     /*
48 |        Make a request using the HarRequest data and follow redirects if specified.  Return all the resulting request/responses.
49 |      */
50 | 	List<HarEntry> makeRequest(HarRequest request, boolean followRedirect) throws ProxyException;
51 | 
52 |     /*
53 |        Return the details of the proxy in Selenium format: org.openqa.selenium.Proxy
54 |      */
55 | 	Proxy getSeleniumProxy() throws UnknownHostException;
56 | 
57 |     public void setAttackMode() throws ProxyException;
58 | 
59 | }
60 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/ProxyException.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy;
 2 | 
 3 | public class ProxyException extends RuntimeException {
 4 | 
 5 |     private static final long serialVersionUID = -8089119902100465025L;
 6 | 
 7 |     public ProxyException() {
 8 |         super();
 9 |     }
10 | 
11 |     public ProxyException(String message) {
12 |         super(message);
13 |     }
14 | 
15 |     public ProxyException(String message, Throwable cause) {
16 |         super(message, cause);
17 |     }
18 | 
19 |     public ProxyException(Throwable cause) {
20 |         super(cause);
21 |     }
22 | }
23 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/ScanningProxy.java:
--------------------------------------------------------------------------------
  1 | package net.continuumsecurity.proxy;
  2 | 
  3 | import net.continuumsecurity.proxy.model.Context;
  4 | import net.continuumsecurity.proxy.model.Script;
  5 | import org.zaproxy.clientapi.core.Alert;
  6 | 
  7 | import java.io.IOException;
  8 | import java.util.List;
  9 | import java.util.regex.Pattern;
 10 | 
 11 | public interface ScanningProxy extends LoggingProxy {
 12 | 
 13 |     /*
 14 |          Return all results as a list of org.zaproxy.clientapi.core.Alert
 15 |      */
 16 |     List<Alert> getAlerts() throws ProxyException;
 17 | 
 18 |     /*
 19 |         As above, but for a specific range of records
 20 |      */
 21 |     List<Alert> getAlerts(int start, int count) throws ProxyException;
 22 | 
 23 |     /*
 24 |         The number of available alerts
 25 |      */
 26 |     int getAlertsCount() throws ProxyException;
 27 | 
 28 |     public void deleteAlerts() throws ProxyException;
 29 |     /*
 30 |         Perform an active scan of everything that was logged by the proxy
 31 |      */
 32 |     public void scan(String url) throws ProxyException;
 33 | 
 34 |     /*
 35 |         Return the percentage completion of the current scan
 36 |      */
 37 |     public int getScanProgress(int scanId) throws ProxyException;
 38 | 
 39 |     public int getLastScannerScanId() throws ProxyException;
 40 | 
 41 |     public byte[] getXmlReport() throws ProxyException;
 42 | 
 43 |     public byte[] getHtmlReport() throws ProxyException;
 44 | 
 45 |     void setScannerAttackStrength(String scannerId, String strength) throws ProxyException;
 46 | 
 47 |     void setScannerAlertThreshold(String scannerId, String threshold) throws ProxyException;
 48 | 
 49 |     public void setEnableScanners(String ids, boolean enabled) throws ProxyException;
 50 | 
 51 |     public void disableAllScanners() throws ProxyException;
 52 | 
 53 |     public void enableAllScanners() throws ProxyException;
 54 | 
 55 |     public void setEnablePassiveScan(boolean enabled) throws ProxyException;
 56 | 
 57 |     public void excludeFromScanner(String regex) throws ProxyException;
 58 | 
 59 |     /**
 60 |      * Shuts down ZAP.
 61 |      * @throws ProxyException
 62 |      */
 63 |     public void shutdown() throws ProxyException;
 64 | 
 65 |     /**
 66 |      * Enables handling of anti CSRF tokens during active scanning.
 67 |      * @param enabled Boolean flag to enable / disable handling of anti CSRF tokens during active scan.
 68 |      * @throws ProxyException
 69 |      */
 70 |     public void setOptionHandleAntiCSRFTokens(boolean enabled) throws ProxyException;
 71 | 
 72 |     /**
 73 |      * Creates a new context with given context name and sets it in scope if @param inScope is true.
 74 |      *
 75 |      * @param contextName Name of the context.
 76 |      * @param inScope     true to set context in scope.
 77 |      * @throws ProxyException
 78 |      */
 79 |     void createContext(String contextName, boolean inScope) throws ProxyException;
 80 | 
 81 |     /**
 82 |      * Adds include regex to the given context.
 83 |      *
 84 |      * @param contextName Name of the context.
 85 |      * @param regex        Regex to include in context.
 86 |      * @throws ProxyException
 87 |      */
 88 |     void includeRegexInContext(String contextName, Pattern regex) throws ProxyException;
 89 | 
 90 |     /**
 91 |      * Adds include parent url to the given content.
 92 |      * @param contextName Name of the context.
 93 |      * @param parentUrl Parent URL to include in context.
 94 |      * @throws ProxyException
 95 |      */
 96 |     void includeUrlTreeInContext(String contextName, String parentUrl) throws ProxyException;
 97 | 
 98 |     /**
 99 |      * Add exclude regex to the given context.
100 |      * @param contextName Name of the context.
101 |      * @param regex Regex to exclude from context.
102 |      * @throws ProxyException
103 |      */
104 |     void excludeRegexFromContext(String contextName, Pattern regex) throws ProxyException;
105 | 
106 |     /**
107 |      * Add exclude regex to the given context.
108 |      * @param contextName Name of the context.
109 |      * @param parentUrl Parent URL to exclude from context.
110 |      * @throws ProxyException
111 |      */
112 |     void excludeParentUrlFromContext(String contextName, String parentUrl) throws ProxyException;
113 | 
114 |     /**
115 |      * Returns Context details for a given context name.
116 |      * @param contextName Name of context.
117 |      * @return Context details for the given context
118 |      * @throws ProxyException
119 |      */
120 |     Context getContextInfo(String contextName) throws ProxyException, IOException;
121 | 
122 |     /**
123 |      * Returns list of context names.
124 |      * @return List of context names.
125 |      * @throws ProxyException
126 |      */
127 |     List<String> getContexts() throws ProxyException;
128 | 
129 |     /**
130 |      * Sets the given context in or out of scope.
131 |      * @param contextName Name of the context.
132 |      * @param inScope true - Sets the context in scope. false - Sets the context out of scope.
133 |      * @throws ProxyException
134 |      */
135 |     void setContextInScope(String contextName, boolean inScope) throws ProxyException;
136 | 
137 |     /**
138 |      * Returns the list of included regexs for the given context.
139 |      * @param contextName Name of the context.
140 |      * @return List of include regexs.
141 |      * @throws ProxyException
142 |      */
143 |     List<String> getIncludedRegexs(String contextName) throws ProxyException;
144 | 
145 |     /**
146 |      * Returns the list of excluded regexs for the given context.
147 |      * @param contextName Name of the context.
148 |      * @return List of exclude regexs.
149 |      * @throws ProxyException
150 |      */
151 |     List<String> getExcludedRegexs(String contextName) throws ProxyException;
152 | 
153 |     /**
154 |      * Returns the list of Anti CSRF token names.
155 |      * @return List of Anti CSRF token names.
156 |      * @throws ProxyException
157 |      */
158 |     List<String> getAntiCsrfTokenNames() throws ProxyException;
159 | 
160 |     /**
161 |      * Adds an anti CSRF token with the given name, enabled by default.
162 |      * @param tokenName Anti CSRF token name.
163 |      * @throws ProxyException
164 |      */
165 |     void addAntiCsrfToken(String tokenName) throws ProxyException;
166 | 
167 |     /**
168 |      * Removes the anti CSRF token with the given name.
169 |      * @param tokenName Anti CSRF token name.
170 |      * @throws ProxyException
171 |      */
172 |     void removeAntiCsrfToken(String tokenName) throws ProxyException;
173 | 
174 |     /**
175 |      * Returns the list of scripting engines that ZAP supports.
176 |      * @return List of script engines.
177 |      * @throws ProxyException
178 |      */
179 |     List<String> listEngines() throws ProxyException;
180 | 
181 |     /**
182 |      * Returns the list of scripts loaded into ZAP.
183 |      * @return List of scripts.
184 |      * @throws ProxyException
185 |      */
186 |     List<Script> listScripts() throws ProxyException;
187 | 
188 |     /**
189 |      * Disables the script, if the script name is a valid one.
190 |      * @param scriptName Name of the script.
191 |      * @throws ProxyException
192 |      */
193 |     void disableScript(String scriptName) throws ProxyException;
194 | 
195 |     /**
196 |      * Enables the script, if the script name is a valid one.
197 |      * @param scriptName Name of the script.
198 |      * @throws ProxyException
199 |      */
200 |     void enableScript(String scriptName) throws ProxyException;
201 | 
202 |     /**
203 |      * Loads a script into ZAP session.
204 |      * @param scriptName Name of the script.
205 |      * @param scriptType Type of the script such as authentication, httpsender, etc.
206 |      * @param scriptEngine Script engine such as Rhino, Mozilla Zest, etc.
207 |      * @param fileName Name of the file including the full path.
208 |      * @throws ProxyException
209 |      */
210 |     void loadScript(String scriptName, String scriptType, String scriptEngine, String fileName) throws ProxyException;
211 | 
212 |     /**
213 |      * Loads a script into ZAP session.
214 |      * @param scriptName Name of the script.
215 |      * @param scriptType Type of the script such as authentication, httpsender, etc.
216 |      * @param scriptEngine Script engine such Rhino, Mozilla Zest, etc.
217 |      * @param fileName Name of the file including the full path.
218 |      * @param scriptDescription Script description.
219 |      * @throws ProxyException
220 |      */
221 |     void loadScript(String scriptName, String scriptType, String scriptEngine, String fileName, String scriptDescription) throws ProxyException;
222 | 
223 |     /**
224 |      * Removes the script with given name.
225 |      * @param scriptName Name of the script.
226 |      * @throws ProxyException
227 |      */
228 |     void removeScript(String scriptName) throws ProxyException;
229 | 
230 |     /**
231 |      * Runs a stand alone script with the given name.
232 |      * @param scriptName Name of the script.
233 |      * @throws ProxyException
234 |      */
235 |     void runStandAloneScript(String scriptName) throws ProxyException;
236 | 
237 |    /**
238 |     * Performs the Active Scan with the given parameters and configuration.
239 |     * @param url Url to active scan.
240 |     * @param contextId Id of the context.
241 |     * @param userId Id of the user.
242 |     * @param recurse Flag to perform the active scan recursively.
243 |     * @throws ProxyException
244 |     */
245 |     void scanAsUser(String url, String contextId, String userId, boolean recurse) throws ProxyException;
246 | }
247 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/Spider.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy;
 2 | 
 3 | import java.util.List;
 4 | 
 5 | public interface Spider {
 6 |     public void spider(String url);
 7 |     public void spider(String url, boolean recurse, String contextName);
 8 |     public void spider(String url, Integer maxChildren, boolean recurse, String contextName);
 9 |     public void spiderAsUser(String url, String contextId, String userId);
10 |     public void spiderAsUser(String url, String contextId, String userId, boolean recurse);
11 |     public void spiderAsUser(String url, String contextId, String userId, Integer maxChildren, boolean recurse);
12 |     public int getSpiderProgress(int scanId);
13 |     public int getLastSpiderScanId();
14 |     public List<String> getSpiderResults(int scanId);
15 |     public void excludeFromSpider(String regex);
16 |     public void setMaxDepth(int depth);
17 |     public void setPostForms(boolean post);
18 |     public void setThreadCount(int threads);
19 | 
20 | }
21 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/ZAProxyScanner.java:
--------------------------------------------------------------------------------
   1 | package net.continuumsecurity.proxy;
   2 | 
   3 | import edu.umass.cs.benchlab.har.HarEntry;
   4 | import edu.umass.cs.benchlab.har.HarLog;
   5 | import edu.umass.cs.benchlab.har.HarRequest;
   6 | import edu.umass.cs.benchlab.har.tools.HarFileReader;
   7 | import net.continuumsecurity.proxy.model.AuthenticationMethod;
   8 | import net.continuumsecurity.proxy.model.Context;
   9 | import net.continuumsecurity.proxy.model.ScanResponse;
  10 | import net.continuumsecurity.proxy.model.Script;
  11 | import net.continuumsecurity.proxy.model.User;
  12 | import org.apache.commons.codec.binary.Base64;
  13 | import org.apache.commons.lang3.StringUtils;
  14 | import org.codehaus.jackson.JsonFactory;
  15 | import org.codehaus.jackson.JsonGenerator;
  16 | import org.openqa.selenium.Proxy;
  17 | import org.zaproxy.clientapi.core.Alert;
  18 | import org.zaproxy.clientapi.core.ApiResponse;
  19 | import org.zaproxy.clientapi.core.ApiResponseElement;
  20 | import org.zaproxy.clientapi.core.ApiResponseList;
  21 | import org.zaproxy.clientapi.core.ApiResponseSet;
  22 | import org.zaproxy.clientapi.core.ClientApi;
  23 | import org.zaproxy.clientapi.core.ClientApiException;
  24 | 
  25 | import java.io.ByteArrayInputStream;
  26 | import java.io.ByteArrayOutputStream;
  27 | import java.io.IOException;
  28 | import java.io.UnsupportedEncodingException;
  29 | import java.net.URLEncoder;
  30 | import java.net.UnknownHostException;
  31 | import java.util.ArrayList;
  32 | import java.util.Arrays;
  33 | import java.util.HashMap;
  34 | import java.util.Iterator;
  35 | import java.util.List;
  36 | import java.util.Map;
  37 | import java.util.logging.Logger;
  38 | import java.util.regex.Pattern;
  39 | 
  40 | public class ZAProxyScanner implements ScanningProxy, Spider, Authentication, ContextModifier {
  41 |     private static final String MINIMUM_ZAP_VERSION = "2.6"; // Weekly builds are also allowed.
  42 |     private final ClientApi clientApi;
  43 |     private final Proxy seleniumProxy;
  44 |     private final String apiKey;
  45 |     Logger log = Logger.getLogger(ZAProxyScanner.class.getName());
  46 | 
  47 |     public ZAProxyScanner(String host, int port, String apiKey)
  48 |             throws IllegalArgumentException, ProxyException {
  49 |         validateHost(host);
  50 |         validatePort(port);
  51 |         this.apiKey = apiKey;
  52 | 
  53 |         clientApi = new ClientApi(host, port, this.apiKey);
  54 |         validateMinimumRequiredZapVersion();
  55 | 
  56 |         seleniumProxy = new Proxy();
  57 |         seleniumProxy.setProxyType(Proxy.ProxyType.PAC);
  58 |         StringBuilder strBuilder = new StringBuilder();
  59 |         strBuilder.append("http://").append(host).append(":").append(port).append("/proxy.pac?apikey=").append(this.apiKey);
  60 |         seleniumProxy.setProxyAutoconfigUrl(strBuilder.toString());
  61 |     }
  62 | 
  63 |     private static void validateHost(String host) {
  64 |         if (host == null) {
  65 |             throw new IllegalArgumentException("Parameter host must not be null.");
  66 |         }
  67 |         if (host.isEmpty()) {
  68 |             throw new IllegalArgumentException("Parameter host must not be empty.");
  69 |         }
  70 |     }
  71 | 
  72 |     private static void validatePort(int port) {
  73 |         if (port <= 0 || port > 65535) {
  74 |             throw new IllegalArgumentException("Parameter port must be between 1 and 65535.");
  75 |         }
  76 |     }
  77 | 
  78 |     private static boolean validZAPVersion(String expected, String given) {
  79 | 
  80 |         final String[] expectedVersion = expected.split("\\.");
  81 |         final String[] givenVersion = given.split("\\.");
  82 | 
  83 |         // Assumption: If the version # doesn't have ".", it is weekly build.
  84 |         if (givenVersion.length == 1) {
  85 |             return true;
  86 |         }
  87 | 
  88 |         for (int i = 0; i < expectedVersion.length; i++) {
  89 |             if (i < expectedVersion.length) {
  90 |                 if (Integer.parseInt(givenVersion[i]) < Integer.parseInt(expectedVersion[i])) {
  91 |                     return false;
  92 |                 }
  93 |                 if (Integer.parseInt(givenVersion[i]) > Integer.parseInt(expectedVersion[i])) {
  94 |                     return true;
  95 |                 }
  96 |             }
  97 |         }
  98 | 
  99 |         return true;
 100 |     }
 101 | 
 102 |     private void validateMinimumRequiredZapVersion() throws ProxyException {
 103 |         try {
 104 |             final String zapVersion = ((ApiResponseElement) clientApi.core.version()).getValue();
 105 | 
 106 |             boolean minimumRequiredZapVersion;
 107 |             minimumRequiredZapVersion = validZAPVersion(MINIMUM_ZAP_VERSION, zapVersion);
 108 | 
 109 |             if (!minimumRequiredZapVersion) {
 110 |                 throw new IllegalStateException("Minimum required ZAP version not met, expected >= \""
 111 |                         + MINIMUM_ZAP_VERSION + "\" but got: " + zapVersion);
 112 |             }
 113 |         } catch (ClientApiException e) {
 114 |             e.printStackTrace();
 115 |             throw new ProxyException(e);
 116 |         }
 117 |     }
 118 | 
 119 |     @Override
 120 |     public void setScannerAttackStrength(String scannerId, String strength) throws ProxyException {
 121 |         try {
 122 |             clientApi.ascan.setScannerAttackStrength(scannerId, strength, null);
 123 |         } catch (ClientApiException e) {
 124 |             e.printStackTrace();
 125 |             throw new ProxyException("Error occurred for setScannerAttackStrength for scannerId: "+scannerId+" and strength: "+strength, e);
 126 |         }
 127 |     }
 128 | 
 129 |     @Override
 130 |     public void setScannerAlertThreshold(String scannerId, String threshold) throws ProxyException {
 131 |         try {
 132 |             clientApi.ascan.setScannerAlertThreshold(scannerId, threshold, null);
 133 |         } catch (ClientApiException e) {
 134 |             e.printStackTrace();
 135 |             throw new ProxyException(e);
 136 |         }
 137 |     }
 138 | 
 139 |     @Override
 140 |     public void setEnableScanners(String ids, boolean enabled) throws ProxyException {
 141 |         try {
 142 |             if (enabled) {
 143 |                 clientApi.ascan.enableScanners(ids, null);
 144 |             } else {
 145 |                 clientApi.ascan.disableScanners(ids, null);
 146 |             }
 147 |         } catch (ClientApiException e) {
 148 |             e.printStackTrace();
 149 |             throw new ProxyException(e);
 150 |         }
 151 |     }
 152 | 
 153 |     @Override
 154 |     public void disableAllScanners() throws ProxyException {
 155 |         try {
 156 |             ApiResponse response = clientApi.pscan.setEnabled("false");
 157 |             response = clientApi.ascan.disableAllScanners(null);
 158 |         } catch (ClientApiException e) {
 159 |             e.printStackTrace();
 160 |             throw new ProxyException(e);
 161 |         }
 162 |     }
 163 | 
 164 |     @Override
 165 |     public void enableAllScanners() throws ProxyException {
 166 |         try {
 167 |             clientApi.pscan.setEnabled("true");
 168 |             clientApi.ascan.enableAllScanners(null);
 169 |         } catch (ClientApiException e) {
 170 |             e.printStackTrace();
 171 |             throw new ProxyException(e);
 172 |         }
 173 |     }
 174 | 
 175 |     @Override
 176 |     public void setEnablePassiveScan(boolean enabled) throws ProxyException {
 177 |         try {
 178 |             clientApi.pscan.setEnabled(Boolean.toString(enabled));
 179 |         } catch (ClientApiException e) {
 180 |             e.printStackTrace();
 181 |             throw new ProxyException(e);
 182 |         }
 183 |     }
 184 | 
 185 |     public List<Alert> getAlerts() throws ProxyException {
 186 |         return getAlerts(-1, -1);
 187 |     }
 188 | 
 189 |     public void deleteAlerts() throws ProxyException {
 190 |         try {
 191 |             clientApi.core.deleteAllAlerts();
 192 |         } catch (ClientApiException e) {
 193 |             e.printStackTrace();
 194 |             throw new ProxyException(e);
 195 |         }
 196 |     }
 197 | 
 198 |     public byte[] getXmlReport() {
 199 |         try {
 200 |             return clientApi.core.xmlreport();
 201 |         } catch (ClientApiException e) {
 202 |             e.printStackTrace();
 203 |             throw new ProxyException(e);
 204 |         }
 205 |     }
 206 | 
 207 |     @Override
 208 |     public byte[] getHtmlReport() throws ProxyException {
 209 |         try {
 210 |             return clientApi.core.htmlreport();
 211 |         } catch (ClientApiException e) {
 212 |             e.printStackTrace();
 213 |             throw new ProxyException(e);
 214 |         }
 215 |     }
 216 | 
 217 |     public List<Alert> getAlerts(int start, int count) throws ProxyException {
 218 |         try {
 219 |             return clientApi.getAlerts("", start, count);
 220 |         } catch (ClientApiException e) {
 221 |             e.printStackTrace();
 222 |             throw new ProxyException(e);
 223 |         }
 224 |     }
 225 | 
 226 |     public int getAlertsCount() throws ProxyException {
 227 |         try {
 228 |             return ClientApiUtils.getInteger(clientApi.core.numberOfAlerts(""));
 229 |         } catch (ClientApiException e) {
 230 |             e.printStackTrace();
 231 |             throw new ProxyException(e);
 232 |         }
 233 |     }
 234 | 
 235 |     public void scan(String url) throws ProxyException {
 236 |         try {
 237 |             clientApi.ascan.scan(url, "true", "false", null, null, null);
 238 |         } catch (ClientApiException e) {
 239 |             e.printStackTrace();
 240 |             throw new ProxyException(e);
 241 |         }
 242 |     }
 243 | 
 244 |     /**
 245 |      * Performs the Active Scan with the given parameters and configuration.
 246 |      *
 247 |      * @param url       Url to active scan.
 248 |      * @param contextId Id of the context.
 249 |      * @param userId    Id of the user.
 250 |      * @param recurse   Flag to perform the active scan recursively.
 251 |      * @throws ProxyException
 252 |      */
 253 |     @Override
 254 |     public void scanAsUser(String url, String contextId, String userId, boolean recurse)
 255 |             throws ProxyException {
 256 |         try {
 257 |             this.clientApi.ascan
 258 |                     .scanAsUser(url, contextId, userId, String.valueOf(recurse),
 259 |                             null, null, null);
 260 |         } catch (ClientApiException e) {
 261 |             e.printStackTrace();
 262 |             throw new ProxyException(e);
 263 |         }
 264 |     }
 265 | 
 266 |     public int getScanProgress(int id) throws ProxyException {
 267 |         try {
 268 |             ApiResponseList response = (ApiResponseList) clientApi.ascan.scans();
 269 |             return new ScanResponse(response).getScanById(id).getProgress();
 270 |         } catch (ClientApiException e) {
 271 |             e.printStackTrace();
 272 |             throw new ProxyException(e);
 273 |         }
 274 |     }
 275 | 
 276 |     public void clear() throws ProxyException {
 277 |         try {
 278 |             clientApi.ascan.removeAllScans();
 279 |             clientApi.core.newSession("", "");
 280 |         } catch (ClientApiException e) {
 281 |             e.printStackTrace();
 282 |             throw new ProxyException(e);
 283 |         }
 284 |     }
 285 | 
 286 |     public List<HarEntry> getHistory() throws ProxyException {
 287 |         return getHistory(-1, -1);
 288 |     }
 289 | 
 290 |     public List<HarEntry> getHistory(int start, int count) throws ProxyException {
 291 |         try {
 292 |             return ClientApiUtils.getHarEntries(clientApi.core
 293 |                     .messagesHar("", Integer.toString(start), Integer.toString(count)));
 294 |         } catch (ClientApiException e) {
 295 |             e.printStackTrace();
 296 | 
 297 |             throw new ProxyException(e);
 298 |         }
 299 |     }
 300 | 
 301 |     public int getHistoryCount() throws ProxyException {
 302 |         try {
 303 |             return ClientApiUtils.getInteger(clientApi.core.numberOfMessages(""));
 304 |         } catch (ClientApiException e) {
 305 | 
 306 |             e.printStackTrace();
 307 |             throw new ProxyException(e);
 308 |         }
 309 |     }
 310 | 
 311 |     public List<HarEntry> findInResponseHistory(String regex, List<HarEntry> entries) {
 312 |         List<HarEntry> found = new ArrayList<HarEntry>();
 313 |         for (HarEntry entry : entries) {
 314 |             if (entry.getResponse().getContent() != null) {
 315 |                 String content = entry.getResponse().getContent().getText();
 316 |                 if ("base64".equalsIgnoreCase(entry.getResponse().getContent().getEncoding())) {
 317 |                     content = new String(Base64.decodeBase64(content));
 318 |                 }
 319 |                 if (content.contains(regex)) {
 320 |                     found.add(entry);
 321 |                 }
 322 |             }
 323 |         }
 324 |         return found;
 325 |     }
 326 | 
 327 |     public List<HarEntry> findInRequestHistory(String regex) throws ProxyException {
 328 |         try {
 329 |             return ClientApiUtils
 330 |                     .getHarEntries(clientApi.search.harByRequestRegex(regex, "", "-1", "-1"));
 331 |         } catch (ClientApiException e) {
 332 |             e.printStackTrace();
 333 | 
 334 |             throw new ProxyException(e);
 335 |         }
 336 |     }
 337 | 
 338 |     public List<HarEntry> findInResponseHistory(String regex) throws ProxyException {
 339 |         try {
 340 |             return ClientApiUtils
 341 |                     .getHarEntries(clientApi.search.harByResponseRegex(regex, "", "-1", "-1"));
 342 |         } catch (ClientApiException e) {
 343 |             e.printStackTrace();
 344 | 
 345 |             throw new ProxyException(e);
 346 |         }
 347 |     }
 348 | 
 349 |     public List<HarEntry> makeRequest(HarRequest request, boolean followRedirect)
 350 |             throws ProxyException {
 351 |         try {
 352 |             String harRequestStr = ClientApiUtils.convertHarRequestToString(request);
 353 |             byte[] response = clientApi.core.sendHarRequest(harRequestStr, Boolean.toString(followRedirect));
 354 |             String responseAsString = new String(response);
 355 |             return ClientApiUtils.getHarEntries(response);
 356 |         } catch (ClientApiException e) {
 357 |             e.printStackTrace();
 358 | 
 359 |             throw new ProxyException(e);
 360 |         }
 361 |     }
 362 | 
 363 |     public Proxy getSeleniumProxy() throws UnknownHostException {
 364 |         return seleniumProxy;
 365 |     }
 366 | 
 367 |     @Override
 368 |     public void spider(String url, Integer maxChildren, boolean recurse, String contextName) {
 369 |         // Defaulting the context to "Default Context" in ZAP
 370 |         String contextNameString = contextName == null ? "Default Context" : contextName;
 371 |         String maxChildrenString = maxChildren == null ? null : String.valueOf(maxChildren);
 372 | 
 373 |         try {
 374 |             clientApi.spider
 375 |                     .scan(url, maxChildrenString, String.valueOf(recurse), contextNameString, null);
 376 |         } catch (ClientApiException e) {
 377 |             e.printStackTrace();
 378 |         }
 379 |     }
 380 | 
 381 |     @Override
 382 |     public void spider(String url) {
 383 |         try {
 384 |             clientApi.spider
 385 |                     .scan(url, null, null, null, null);
 386 |         } catch (ClientApiException e) {
 387 |             e.printStackTrace();
 388 |         }
 389 |     }
 390 | 
 391 |     @Override
 392 |     public void spider(String url, boolean recurse, String contextName) {
 393 |         //Something must be specified else zap throws an exception
 394 |         String contextNameString = contextName == null ? "Default Context" : contextName;
 395 | 
 396 |         try {
 397 |             clientApi.spider
 398 |                     .scan(url, null, String.valueOf(recurse), contextNameString, null);
 399 |         } catch (ClientApiException e) {
 400 |             e.printStackTrace();
 401 |         }
 402 |     }
 403 | 
 404 |     @Override
 405 |     public void spiderAsUser(String url, String contextId, String userId) {
 406 |         try {
 407 |             clientApi.spider
 408 |                     .scanAsUser(url, contextId, userId, null, null, null);
 409 |         } catch (ClientApiException e) {
 410 |             e.printStackTrace();
 411 |         }
 412 |     }
 413 | 
 414 |     @Override
 415 |     public void spiderAsUser(String url, String contextId, String userId, boolean recurse) {
 416 |         try {
 417 |             clientApi.spider
 418 |                     .scanAsUser(url, contextId, userId, null, String.valueOf(recurse), null);
 419 |         } catch (ClientApiException e) {
 420 |             e.printStackTrace();
 421 |         }
 422 |     }
 423 | 
 424 |     @Override
 425 |     public void spiderAsUser(String url, String contextId, String userId,
 426 |                              Integer maxChildren, boolean recurse) {
 427 |         try {
 428 |             clientApi.spider
 429 |                     .scanAsUser(url, contextId, userId, String.valueOf(maxChildren), String.valueOf(recurse), null);
 430 |         } catch (ClientApiException e) {
 431 |             e.printStackTrace();
 432 |         }
 433 |     }
 434 | 
 435 |     @Override
 436 |     public void excludeFromSpider(String regex) {
 437 |         try {
 438 |             clientApi.spider.excludeFromScan(regex);
 439 |         } catch (ClientApiException e) {
 440 |             e.printStackTrace();
 441 |             throw new ProxyException(e);
 442 |         }
 443 |     }
 444 | 
 445 |     @Override
 446 |     public void excludeFromScanner(String regex) {
 447 |         try {
 448 |             clientApi.ascan.excludeFromScan(regex);
 449 |         } catch (ClientApiException e) {
 450 |             e.printStackTrace();
 451 |             throw new ProxyException(e);
 452 |         }
 453 |     }
 454 | 
 455 |     @Override
 456 |     public void setAttackMode() throws ProxyException {
 457 |         try {
 458 |             clientApi.core.setMode("attack");
 459 |         } catch (ClientApiException e) {
 460 |             e.printStackTrace();
 461 |             throw new ProxyException(e);
 462 |         }
 463 |     }
 464 | 
 465 |     @Override
 466 |     public void setMaxDepth(int depth) {
 467 |         try {
 468 |             clientApi.spider.setOptionMaxDepth(depth);
 469 |         } catch (ClientApiException e) {
 470 |             e.printStackTrace();
 471 |             throw new ProxyException(e);
 472 |         }
 473 |     }
 474 | 
 475 |     @Override
 476 |     public void setPostForms(boolean post) {
 477 |         try {
 478 |             clientApi.spider.setOptionPostForm(post);
 479 |         } catch (ClientApiException e) {
 480 |             e.printStackTrace();
 481 |             throw new ProxyException(e);
 482 |         }
 483 |     }
 484 | 
 485 |     @Override
 486 |     public void setThreadCount(int threads) {
 487 |         try {
 488 |             clientApi.spider.setOptionThreadCount(threads);
 489 |         } catch (ClientApiException e) {
 490 |             e.printStackTrace();
 491 |             throw new ProxyException(e);
 492 |         }
 493 |     }
 494 | 
 495 |     @Override
 496 |     public int getLastSpiderScanId() {
 497 |         try {
 498 |             ApiResponseList response = (ApiResponseList) clientApi.spider.scans();
 499 |             return new ScanResponse(response).getLastScan().getId();
 500 |         } catch (ClientApiException e) {
 501 |             e.printStackTrace();
 502 |             throw new ProxyException(e);
 503 |         }
 504 |     }
 505 | 
 506 |     @Override
 507 |     public int getLastScannerScanId() {
 508 |         try {
 509 |             ApiResponseList response = (ApiResponseList) clientApi.ascan.scans();
 510 |             return new ScanResponse(response).getLastScan().getId();
 511 |         } catch (ClientApiException e) {
 512 |             e.printStackTrace();
 513 |             throw new ProxyException(e);
 514 |         }
 515 |     }
 516 | 
 517 |     @Override
 518 |     public int getSpiderProgress(int id) {
 519 |         try {
 520 |             ApiResponseList response = (ApiResponseList) clientApi.spider.scans();
 521 |             return new ScanResponse(response).getScanById(id).getProgress();
 522 |         } catch (ClientApiException e) {
 523 |             e.printStackTrace();
 524 |             throw new ProxyException(e);
 525 |         }
 526 |     }
 527 | 
 528 |     @Override
 529 |     public List<String> getSpiderResults(int id) {
 530 |         List<String> results = new ArrayList<String>();
 531 |         try {
 532 |             ApiResponseList responseList = (ApiResponseList) clientApi.spider
 533 |                     .results(Integer.toString(id));
 534 |             for (ApiResponse response : responseList.getItems()) {
 535 |                 results.add(((ApiResponseElement) response).getValue());
 536 |             }
 537 |         } catch (ClientApiException e) {
 538 |             e.printStackTrace();
 539 |             throw new ProxyException(e);
 540 |         }
 541 | 
 542 |         return results;
 543 |     }
 544 | 
 545 |     /**
 546 |      * Shuts down ZAP.
 547 |      *
 548 |      * @throws ProxyException
 549 |      */
 550 |     @Override
 551 |     public void shutdown() {
 552 |         try {
 553 |             clientApi.core.shutdown();
 554 |         } catch (ClientApiException e) {
 555 |             e.printStackTrace();
 556 |             throw new ProxyException(e);
 557 |         }
 558 |     }
 559 | 
 560 |     /**
 561 |      * Enables handling of anti CSRF tokens during active scanning.
 562 |      *
 563 |      * @param enabled Boolean flag to enable / disable handling of anti CSRF tokens during active scan.
 564 |      * @throws ProxyException
 565 |      */
 566 |     @Override
 567 |     public void setOptionHandleAntiCSRFTokens(boolean enabled) throws ProxyException {
 568 |         try {
 569 |             clientApi.ascan.setOptionHandleAntiCSRFTokens(enabled);
 570 |         } catch (ClientApiException e) {
 571 |             e.printStackTrace();
 572 |             throw new ProxyException(e);
 573 |         }
 574 |     }
 575 | 
 576 |     /**
 577 |      * Creates a new context with given context name and sets it in scope if @param inScope is true.
 578 |      *
 579 |      * @param contextName Name of the context.
 580 |      * @param inScope     true to set context in scope.
 581 |      * @throws ProxyException
 582 |      */
 583 |     @Override
 584 |     public void createContext(String contextName, boolean inScope) throws ProxyException {
 585 |         try {
 586 |             clientApi.context.newContext(contextName);
 587 |             clientApi.context.setContextInScope(contextName, String.valueOf(inScope));
 588 |         } catch (ClientApiException e) {
 589 |             e.printStackTrace();
 590 |             throw new ProxyException(e);
 591 |         }
 592 |     }
 593 | 
 594 |     /**
 595 |      * Adds include regex to the given context.
 596 |      *
 597 |      * @param contextName Name of the context.
 598 |      * @param regex       URL to include in context.
 599 |      * @throws ProxyException
 600 |      */
 601 |     @Override
 602 |     public void includeRegexInContext(String contextName, Pattern regex) throws ProxyException {
 603 |         try {
 604 |             clientApi.context.includeInContext(contextName, Pattern.quote(regex.pattern()));
 605 |         } catch (ClientApiException e) {
 606 |             e.printStackTrace();
 607 |             throw new ProxyException(e);
 608 |         }
 609 |     }
 610 | 
 611 |     /**
 612 |      * Adds include parent url to the given content.
 613 |      *
 614 |      * @param contextName Name of the context.
 615 |      * @param parentUrl   Parent URL to include in context.
 616 |      * @throws ProxyException
 617 |      */
 618 |     @Override
 619 |     public void includeUrlTreeInContext(String contextName, String parentUrl)
 620 |             throws ProxyException {
 621 |         Pattern pattern = Pattern.compile(parentUrl);
 622 |         try {
 623 |             clientApi.context
 624 |                     .includeInContext(contextName, Pattern.quote(pattern.pattern()) + ".*");
 625 |         } catch (ClientApiException e) {
 626 |             e.printStackTrace();
 627 |             throw new ProxyException(e);
 628 |         }
 629 |     }
 630 | 
 631 |     /**
 632 |      * Add exclude regex to the given context.
 633 |      *
 634 |      * @param contextName Name of the context.
 635 |      * @param regex       Regex to exclude from context.
 636 |      * @throws ProxyException
 637 |      */
 638 |     @Override
 639 |     public void excludeRegexFromContext(String contextName, Pattern regex) throws ProxyException {
 640 |         try {
 641 |             clientApi.context.excludeFromContext(contextName, Pattern.quote(regex.pattern()));
 642 |         } catch (ClientApiException e) {
 643 |             e.printStackTrace();
 644 |             throw new ProxyException(e);
 645 |         }
 646 |     }
 647 | 
 648 |     /**
 649 |      * Add exclude regex to the given context.
 650 |      *
 651 |      * @param contextName Name of the context.
 652 |      * @param parentUrl   Parent URL to exclude from context.
 653 |      * @throws ProxyException
 654 |      */
 655 |     @Override
 656 |     public void excludeParentUrlFromContext(String contextName, String parentUrl)
 657 |             throws ProxyException {
 658 |         Pattern pattern = Pattern.compile(parentUrl);
 659 |         try {
 660 |             clientApi.context
 661 |                     .excludeFromContext(contextName, Pattern.quote(pattern.pattern()) + ".*");
 662 |         } catch (ClientApiException e) {
 663 |             e.printStackTrace();
 664 |             throw new ProxyException(e);
 665 |         }
 666 |     }
 667 | 
 668 |     /**
 669 |      * Returns Context details for a given context name.
 670 |      *
 671 |      * @param contextName Name of context.
 672 |      * @return Context details for the given context
 673 |      * @throws ProxyException
 674 |      */
 675 |     @Override
 676 |     public Context getContextInfo(String contextName) throws ProxyException {
 677 |         Context context;
 678 |         try {
 679 |             context = new Context((ApiResponseSet) clientApi.context.context(contextName));
 680 |         } catch (ClientApiException e) {
 681 |             e.printStackTrace();
 682 |             throw new ProxyException(e);
 683 |         }
 684 |         return context;
 685 |     }
 686 | 
 687 |     /**
 688 |      * Returns list of context names.
 689 |      *
 690 |      * @return List of context names.
 691 |      * @throws ProxyException
 692 |      */
 693 |     @Override
 694 |     public List<String> getContexts() throws ProxyException {
 695 |         String contexts = null;
 696 |         try {
 697 |             contexts = ((ApiResponseElement) clientApi.context.contextList()).getValue();
 698 |         } catch (ClientApiException e) {
 699 |             e.printStackTrace();
 700 |             throw new ProxyException(e);
 701 |         }
 702 |         return Arrays.asList(contexts.substring(1, contexts.length() - 1).split(", "));
 703 |     }
 704 | 
 705 |     /**
 706 |      * Sets the given context in or out of scope.
 707 |      *
 708 |      * @param contextName Name of the context.
 709 |      * @param inScope     true - Sets the context in scope. false - Sets the context out of scope.
 710 |      * @throws ProxyException
 711 |      */
 712 |     @Override
 713 |     public void setContextInScope(String contextName, boolean inScope) throws ProxyException {
 714 |         try {
 715 |             clientApi.context.setContextInScope(contextName, String.valueOf(inScope));
 716 |         } catch (ClientApiException e) {
 717 |             e.printStackTrace();
 718 |             throw new ProxyException(e);
 719 |         }
 720 |     }
 721 | 
 722 |     /**
 723 |      * Returns the list of included regexs for the given context.
 724 |      *
 725 |      * @param contextName Name of the context.
 726 |      * @return List of include regexs.
 727 |      * @throws ProxyException
 728 |      */
 729 |     @Override
 730 |     public List<String> getIncludedRegexs(String contextName) throws ProxyException {
 731 |         String includedRegexs;
 732 |         try {
 733 |             includedRegexs = ((ApiResponseElement) clientApi.context.includeRegexs(contextName))
 734 |                     .getValue();
 735 |             if (includedRegexs.length() > 2) {
 736 |                 return Arrays
 737 |                         .asList(includedRegexs.substring(1, includedRegexs.length() - 1).split(", "));
 738 |             }
 739 |         } catch (ClientApiException e) {
 740 |             throw new ProxyException(e);
 741 |         }
 742 | 
 743 |         return null;
 744 |     }
 745 | 
 746 |     /**
 747 |      * Returns the list of excluded regexs for the given context.
 748 |      *
 749 |      * @param contextName Name of the context.
 750 |      * @return List of exclude regexs.
 751 |      * @throws ProxyException
 752 |      */
 753 |     @Override
 754 |     public List<String> getExcludedRegexs(String contextName) throws ProxyException {
 755 |         String excludedRegexs = null;
 756 |         try {
 757 |             excludedRegexs = ((ApiResponseElement) clientApi.context.excludeRegexs(contextName))
 758 |                     .getValue();
 759 |         } catch (ClientApiException e) {
 760 |             e.printStackTrace();
 761 |             throw new ProxyException(e);
 762 |         }
 763 |         if (excludedRegexs.length() > 2) {
 764 |             return Arrays
 765 |                     .asList(excludedRegexs.substring(1, excludedRegexs.length() - 1).split(", "));
 766 |         }
 767 |         return null;
 768 |     }
 769 | 
 770 |     /**
 771 |      * Returns the supported authentication methods by ZAP.
 772 |      *
 773 |      * @return list of supported authentication methods.
 774 |      * @throws ProxyException
 775 |      */
 776 |     @Override
 777 |     public List<String> getSupportedAuthenticationMethods() throws ProxyException {
 778 |         ApiResponseList apiResponseList = null;
 779 |         try {
 780 |             apiResponseList = (ApiResponseList) clientApi.authentication
 781 |                     .getSupportedAuthenticationMethods();
 782 |         } catch (ClientApiException e) {
 783 |             e.printStackTrace();
 784 |             throw new ProxyException(e);
 785 |         }
 786 |         List<String> supportedAuthenticationMethods = new ArrayList<String>();
 787 |         for (ApiResponse apiResponse : apiResponseList.getItems()) {
 788 |             supportedAuthenticationMethods.add(((ApiResponseElement) apiResponse).getValue());
 789 |         }
 790 |         return supportedAuthenticationMethods;
 791 |     }
 792 | 
 793 |     /**
 794 |      * Returns logged in indicator pattern for the given context.
 795 |      *
 796 |      * @param contextId Id of the context.
 797 |      * @return Logged in indicator for the given context.
 798 |      * @throws ProxyException
 799 |      */
 800 |     @Override
 801 |     public String getLoggedInIndicator(String contextId) throws ProxyException {
 802 |         try {
 803 |             return ((ApiResponseElement) clientApi.authentication.getLoggedInIndicator(contextId))
 804 |                     .getValue();
 805 |         } catch (ClientApiException e) {
 806 |             e.printStackTrace();
 807 |             throw new ProxyException(e);
 808 |         }
 809 |     }
 810 | 
 811 |     /**
 812 |      * Returns logged out indicator pattern for the given context.
 813 |      *
 814 |      * @param contextId Id of the context.
 815 |      * @return Logged out indicator for the given context.
 816 |      * @throws ProxyException
 817 |      */
 818 |     @Override
 819 |     public String getLoggedOutIndicator(String contextId) throws ProxyException {
 820 |         try {
 821 |             return ((ApiResponseElement) clientApi.authentication.getLoggedOutIndicator(contextId))
 822 |                     .getValue();
 823 |         } catch (ClientApiException e) {
 824 |             e.printStackTrace();
 825 |             throw new ProxyException(e);
 826 |         }
 827 |     }
 828 | 
 829 |     /**
 830 |      * Sets the logged in indicator to a given context.
 831 |      *
 832 |      * @param contextId              Id of a context.
 833 |      * @param loggedInIndicatorRegex Regex pattern for logged in indicator.
 834 |      * @throws ProxyException
 835 |      */
 836 |     @Override
 837 |     public void setLoggedInIndicator(String contextId, String loggedInIndicatorRegex)
 838 |             throws ProxyException {
 839 |         try {
 840 |             clientApi.authentication
 841 |                     .setLoggedInIndicator(contextId, Pattern.quote(loggedInIndicatorRegex));
 842 |         } catch (ClientApiException e) {
 843 |             e.printStackTrace();
 844 |             throw new ProxyException(e);
 845 |         }
 846 |     }
 847 | 
 848 |     /**
 849 |      * Sets the logged out indicator to a given context.
 850 |      *
 851 |      * @param contextId               Id of a context.
 852 |      * @param loggedOutIndicatorRegex Regex pattern for logged out indicator.
 853 |      * @throws ProxyException
 854 |      */
 855 |     @Override
 856 |     public void setLoggedOutIndicator(String contextId, String loggedOutIndicatorRegex)
 857 |             throws ProxyException {
 858 |         try {
 859 |             clientApi.authentication
 860 |                     .setLoggedOutIndicator(contextId, Pattern.quote(loggedOutIndicatorRegex));
 861 |         } catch (ClientApiException e) {
 862 |             e.printStackTrace();
 863 |             throw new ProxyException(e);
 864 |         }
 865 |     }
 866 | 
 867 |     /**
 868 |      * Returns authentication method info for a given context.
 869 |      *
 870 |      * @param contextId Id of a context.
 871 |      * @return Authentication method name for the given context id.
 872 |      * @throws ProxyException
 873 |      */
 874 |     @Override
 875 |     public Map<String, String> getAuthenticationMethodInfo(String contextId) throws ProxyException {
 876 |         Map<String, String> authenticationMethodDetails = new HashMap<String, String>();
 877 |         ApiResponse apiResponse = null;
 878 |         try {
 879 |             apiResponse = clientApi.authentication.getAuthenticationMethod(contextId);
 880 |         } catch (ClientApiException e) {
 881 |             e.printStackTrace();
 882 |             throw new ProxyException(e);
 883 |         }
 884 |         if (apiResponse instanceof ApiResponseElement) {
 885 |             authenticationMethodDetails
 886 |                     .put("methodName", ((ApiResponseElement) apiResponse).getValue());
 887 |         } else if (apiResponse instanceof ApiResponseSet) {
 888 |             ApiResponseSet apiResponseSet = (ApiResponseSet) apiResponse;
 889 |             String authenticationMethod = apiResponseSet.getStringValue("methodName");
 890 |             authenticationMethodDetails.put("methodName", authenticationMethod);
 891 | 
 892 |             if (authenticationMethod
 893 |                     .equals(AuthenticationMethod.FORM_BASED_AUTHENTICATION.getValue())) {
 894 |                 List<Map<String, String>> configParameters = getAuthMethodConfigParameters(
 895 |                         AuthenticationMethod.FORM_BASED_AUTHENTICATION.getValue());
 896 |                 for (Map<String, String> configParameter : configParameters) {
 897 |                     authenticationMethodDetails.put(configParameter.get("name"),
 898 |                             apiResponseSet.getStringValue(configParameter.get("name")));
 899 |                 }
 900 |             } else if (authenticationMethod
 901 |                     .equals(AuthenticationMethod.HTTP_AUTHENTICATION.getValue())) {
 902 |                 // Cannot dynamically populate the values for httpAuthentication, as one of the parameters in getAuthMethodConfigParameters (hostname) is different to what is returned here (host).
 903 |                 authenticationMethodDetails.put("host", apiResponseSet.getStringValue("host"));
 904 |                 authenticationMethodDetails.put("realm", apiResponseSet.getStringValue("realm"));
 905 |                 authenticationMethodDetails.put("port", apiResponseSet.getStringValue("port"));
 906 |             } else if (authenticationMethod
 907 |                     .equals(AuthenticationMethod.SCRIPT_BASED_AUTHENTICATION.getValue())) {
 908 |                 authenticationMethodDetails
 909 |                         .put("scriptName", apiResponseSet.getStringValue("scriptName"));
 910 |                 authenticationMethodDetails.put("LoginURL", apiResponseSet.getStringValue("LoginURL"));
 911 |                 authenticationMethodDetails.put("Method", apiResponseSet.getStringValue("Method"));
 912 |                 authenticationMethodDetails.put("Domain", apiResponseSet.getStringValue("Domain"));
 913 |                 authenticationMethodDetails.put("Path", apiResponseSet.getStringValue("Path"));
 914 |             }
 915 |         }
 916 |         return authenticationMethodDetails;
 917 |     }
 918 | 
 919 |     /**
 920 |      * Returns the authentication method info as a string.
 921 |      *
 922 |      * @param contextId Id of a context.
 923 |      * @return Authentication method info as a String.
 924 |      * @throws ProxyException
 925 |      */
 926 |     public String getAuthenticationMethod(String contextId) throws ProxyException {
 927 |         try {
 928 |             return clientApi.authentication.getAuthenticationMethod(contextId).toString(0);
 929 |         } catch (ClientApiException e) {
 930 |             e.printStackTrace();
 931 |             throw new ProxyException(e);
 932 |         }
 933 |     }
 934 | 
 935 |     /**
 936 |      * Returns the list of authentication config parameters.
 937 |      * Each config parameter is a map with keys "name" and "mandatory", holding the values name of the configuration parameter and whether it is mandatory/optional respectively.
 938 |      *
 939 |      * @param authMethod Valid authentication method name.
 940 |      * @return List of configuration parameters for the given authentication method name.
 941 |      * @throws ProxyException
 942 |      */
 943 |     @Override
 944 |     public List<Map<String, String>> getAuthMethodConfigParameters(String authMethod)
 945 |             throws ProxyException {
 946 |         ApiResponseList apiResponseList = null;
 947 |         try {
 948 |             apiResponseList = (ApiResponseList) clientApi.authentication
 949 |                     .getAuthenticationMethodConfigParams(authMethod);
 950 |         } catch (ClientApiException e) {
 951 |             e.printStackTrace();
 952 |             throw new ProxyException(e);
 953 |         }
 954 |         return getConfigParams(apiResponseList);
 955 |     }
 956 | 
 957 |     private List<Map<String, String>> getConfigParams(ApiResponseList apiResponseList) {
 958 |         Iterator iterator = apiResponseList.getItems().iterator();
 959 |         List<Map<String, String>> fields = new ArrayList<Map<String, String>>(
 960 |                 apiResponseList.getItems().size());
 961 |         while (iterator.hasNext()) {
 962 |             ApiResponseSet apiResponseSet = (ApiResponseSet) iterator.next();
 963 |             Map<String, String> field = new HashMap<String, String>();
 964 |             //           attributes field in apiResponseSet is not initialized with the keys from the map. So, there is no way to dynamically obtain the keys beside looking for "name" and "mandatory".
 965 |             //            List<String> attributes = Arrays.asList(apiResponseSet.getAttributes());
 966 |             //            for (String attribute : attributes) {
 967 |             //                field.put(attribute, apiResponseSet.getAttribute(attribute));
 968 |             //            }
 969 |             field.put("name", apiResponseSet.getStringValue("name"));
 970 |             field.put("mandatory", apiResponseSet.getStringValue("mandatory"));
 971 |             fields.add(field);
 972 |         }
 973 | 
 974 |         return fields;
 975 |     }
 976 | 
 977 |     /**
 978 |      * Sets the authentication method for a given context with given configuration parameters.
 979 |      *
 980 |      * @param contextId              Id of a context.
 981 |      * @param authMethodName         Valid authentication method name.
 982 |      * @param authMethodConfigParams Authentication method configuration parameters such as loginUrl, loginRequestData formBasedAuthentication method, and hostName, port, realm for httpBasedAuthentication method.
 983 |      * @throws ProxyException
 984 |      */
 985 |     @Override
 986 |     public void setAuthenticationMethod(String contextId, String authMethodName,
 987 |                                         String authMethodConfigParams) throws ProxyException {
 988 |         try {
 989 |             clientApi.authentication
 990 |                     .setAuthenticationMethod(contextId, authMethodName, authMethodConfigParams);
 991 |         } catch (ClientApiException e) {
 992 |             e.printStackTrace();
 993 |             throw new ProxyException(e);
 994 |         }
 995 |     }
 996 | 
 997 |     /**
 998 |      * Sets the formBasedAuthentication to given context id with the loginUrl and loginRequestData.
 999 |      * Example loginRequestData: "username={%username%}&password={%password%}"
1000 |      *
1001 |      * @param contextId        Id of the context.
1002 |      * @param loginUrl         Login URL.
1003 |      * @param loginRequestData Login request data with form field names for username and password.
1004 |      * @throws ProxyException
1005 |      * @throws UnsupportedEncodingException
1006 |      */
1007 |     @Override
1008 |     public void setFormBasedAuthentication(String contextId, String loginUrl,
1009 |                                            String loginRequestData) throws ProxyException, UnsupportedEncodingException {
1010 |         setAuthenticationMethod(contextId, AuthenticationMethod.FORM_BASED_AUTHENTICATION.getValue(),
1011 |                 "loginUrl=" + URLEncoder.encode(loginUrl, "UTF-8") + "&loginRequestData=" + URLEncoder
1012 |                         .encode(loginRequestData, "UTF-8"));
1013 |     }
1014 | 
1015 |     /**
1016 |      * Sets the HTTP/NTLM authentication to given context id with hostname, realm and port.
1017 |      *
1018 |      * @param contextId  Id of the context.
1019 |      * @param hostname   Hostname.
1020 |      * @param realm      Realm.
1021 |      * @param portNumber Port number.
1022 |      * @throws ProxyException
1023 |      */
1024 |     @Override
1025 |     public void setHttpAuthentication(String contextId, String hostname, String realm,
1026 |                                       String portNumber) throws ProxyException, UnsupportedEncodingException {
1027 |         if (StringUtils.isNotEmpty(portNumber)) {
1028 |             setAuthenticationMethod(contextId, AuthenticationMethod.HTTP_AUTHENTICATION.getValue(),
1029 |                     "hostname=" + URLEncoder.encode(hostname, "UTF-8") + "&realm=" + URLEncoder
1030 |                             .encode(realm, "UTF-8") + "&port=" + URLEncoder.encode(portNumber, "UTF-8"));
1031 |         } else {
1032 |             setHttpAuthentication(contextId, hostname, realm);
1033 |         }
1034 |     }
1035 | 
1036 |     /**
1037 |      * Sets the HTTP/NTLM authentication to given context id with hostname, realm.
1038 |      *
1039 |      * @param contextId Id of the context.
1040 |      * @param hostname  Hostname.
1041 |      * @param realm     Realm.
1042 |      * @throws ProxyException
1043 |      */
1044 |     @Override
1045 |     public void setHttpAuthentication(String contextId, String hostname, String realm)
1046 |             throws ProxyException, UnsupportedEncodingException {
1047 |         setAuthenticationMethod(contextId, AuthenticationMethod.HTTP_AUTHENTICATION.getValue(),
1048 |                 "hostname=" + URLEncoder.encode(hostname, "UTF-8") + "&realm=" + URLEncoder
1049 |                         .encode(realm, "UTF-8"));
1050 |     }
1051 | 
1052 |     /**
1053 |      * Sets the manual authentication to the given context id.
1054 |      *
1055 |      * @param contextId Id of the context.
1056 |      * @throws ProxyException
1057 |      */
1058 |     @Override
1059 |     public void setManualAuthentication(String contextId) throws ProxyException {
1060 |         setAuthenticationMethod(contextId, AuthenticationMethod.MANUAL_AUTHENTICATION.getValue(),
1061 |                 null);
1062 |     }
1063 | 
1064 |     /**
1065 |      * Sets the script based authentication to the given context id with the script name and config parameters.
1066 |      *
1067 |      * @param contextId          Id of the context.
1068 |      * @param scriptName         Name of the script.
1069 |      * @param scriptConfigParams Script config parameters.
1070 |      * @throws ProxyException
1071 |      */
1072 |     @Override
1073 |     public void setScriptBasedAuthentication(String contextId, String scriptName,
1074 |                                              String scriptConfigParams) throws ProxyException, UnsupportedEncodingException {
1075 |         setAuthenticationMethod(contextId,
1076 |                 AuthenticationMethod.SCRIPT_BASED_AUTHENTICATION.getValue(),
1077 |                 "scriptName=" + scriptName + "&" + scriptConfigParams);
1078 |     }
1079 | 
1080 |     /**
1081 |      * Returns list of {@link User}s for a given context.
1082 |      *
1083 |      * @param contextId Id of the context.
1084 |      * @return List of {@link User}s
1085 |      * @throws ProxyException
1086 |      * @throws IOException
1087 |      */
1088 |     @Override
1089 |     public List<User> getUsersList(String contextId) throws ProxyException, IOException {
1090 |         ApiResponseList apiResponseList;
1091 |         try {
1092 |             apiResponseList = (ApiResponseList) clientApi.users.usersList(contextId);
1093 |         } catch (ClientApiException e) {
1094 |             e.printStackTrace();
1095 |             throw new ProxyException(e);
1096 |         }
1097 |         List<User> users = new ArrayList<User>();
1098 |         if (apiResponseList != null) {
1099 |             for (ApiResponse apiResponse : apiResponseList.getItems()) {
1100 |                 users.add(new User((ApiResponseSet) apiResponse));
1101 |             }
1102 |         }
1103 |         return users;
1104 |     }
1105 | 
1106 |     /**
1107 |      * Returns the {@link User} info for a given context id and user id.
1108 |      *
1109 |      * @param contextId Id of a context.
1110 |      * @param userId    Id of a user.
1111 |      * @return {@link User} info.
1112 |      * @throws ProxyException
1113 |      * @throws IOException
1114 |      */
1115 |     @Override
1116 |     public User getUserById(String contextId, String userId) throws ProxyException, IOException {
1117 |         try {
1118 |             return new User((ApiResponseSet) clientApi.users.getUserById(contextId, userId));
1119 |         } catch (ClientApiException e) {
1120 |             e.printStackTrace();
1121 |             throw new ProxyException(e);
1122 |         }
1123 |     }
1124 | 
1125 |     /**
1126 |      * Returns list of config parameters of authentication credentials for a given context id.
1127 |      * Each item in the list is a map with keys "name" and "mandatory".
1128 |      *
1129 |      * @param contextId Id of a context.
1130 |      * @return List of authentication credentials configuration parameters.
1131 |      * @throws ProxyException
1132 |      */
1133 |     @Override
1134 |     public List<Map<String, String>> getAuthenticationCredentialsConfigParams(String contextId)
1135 |             throws ProxyException {
1136 |         ApiResponseList apiResponseList = null;
1137 |         try {
1138 |             apiResponseList = (ApiResponseList) clientApi.users
1139 |                     .getAuthenticationCredentialsConfigParams(contextId);
1140 |         } catch (ClientApiException e) {
1141 |             e.printStackTrace();
1142 |             throw new ProxyException(e);
1143 |         }
1144 |         return getConfigParams(apiResponseList);
1145 |     }
1146 | 
1147 |     /**
1148 |      * Returns the authentication credentials as a map with key value pairs for a given context id and user id.
1149 |      *
1150 |      * @param contextId Id of a context.
1151 |      * @param userId    Id of a user.
1152 |      * @return Authentication credentials.
1153 |      * @throws ProxyException
1154 |      */
1155 |     @Override
1156 |     public Map<String, String> getAuthenticationCredentials(String contextId, String userId)
1157 |             throws ProxyException {
1158 |         Map<String, String> credentials = new HashMap<String, String>();
1159 |         ApiResponseSet apiResponseSet = null;
1160 |         try {
1161 |             apiResponseSet = (ApiResponseSet) clientApi.users
1162 |                     .getAuthenticationCredentials(contextId, userId);
1163 |         } catch (ClientApiException e) {
1164 |             e.printStackTrace();
1165 |             throw new ProxyException(e);
1166 |         }
1167 | 
1168 |         String type = apiResponseSet.getStringValue("type");
1169 |         credentials.put("type", type);
1170 |         if (type.equals("UsernamePasswordAuthenticationCredentials")) {
1171 |             credentials.put("username", apiResponseSet.getStringValue("username"));
1172 |             credentials.put("password", apiResponseSet.getStringValue("password"));
1173 |         } else if (type.equals("ManualAuthenticationCredentials")) {
1174 |             credentials.put("sessionName", apiResponseSet.getStringValue("sessionName"));
1175 |         } else if (type.equals("GenericAuthenticationCredentials")) {
1176 |             if (apiResponseSet.getStringValue("username") != null) {
1177 |                 credentials.put("username", apiResponseSet.getStringValue("username"));
1178 |             }
1179 |             if (apiResponseSet.getStringValue("password") != null) {
1180 |                 credentials.put("password", apiResponseSet.getStringValue("password"));
1181 |             }
1182 |             if (apiResponseSet.getStringValue("Username") != null) {
1183 |                 credentials.put("Username", apiResponseSet.getStringValue("Username"));
1184 |             }
1185 |             if (apiResponseSet.getStringValue("Password") != null) {
1186 |                 credentials.put("Password", apiResponseSet.getStringValue("Password"));
1187 |             }
1188 | 
1189 |         }
1190 |         return credentials;
1191 |     }
1192 | 
1193 |     public String getAuthCredentials(String contextId, String userId) throws ProxyException {
1194 |         try {
1195 |             return clientApi.users.getAuthenticationCredentials(contextId, userId).toString(0);
1196 |         } catch (ClientApiException e) {
1197 |             e.printStackTrace();
1198 |             throw new ProxyException(e);
1199 |         }
1200 |     }
1201 | 
1202 |     /**
1203 |      * Creates a new {@link User} for a given context and returns the user id.
1204 |      *
1205 |      * @param contextId Id of a context.
1206 |      * @param name      Name of the user.
1207 |      * @return User id.
1208 |      * @throws ProxyException
1209 |      */
1210 |     @Override
1211 |     public String newUser(String contextId, String name) throws ProxyException {
1212 |         try {
1213 |             return ((ApiResponseElement) clientApi.users.newUser(contextId, name)).getValue();
1214 |         } catch (ClientApiException e) {
1215 |             e.printStackTrace();
1216 |             throw new ProxyException(e);
1217 |         }
1218 |     }
1219 | 
1220 |     /**
1221 |      * Removes a {@link User} using the given context id and user id.
1222 |      *
1223 |      * @param contextId Id of a {@link net.continuumsecurity.proxy.model.Context}
1224 |      * @param userId    Id of a {@link User}
1225 |      * @throws ProxyException
1226 |      */
1227 |     @Override
1228 |     public void removeUser(String contextId, String userId) throws ProxyException {
1229 |         try {
1230 |             clientApi.users.removeUser(contextId, userId);
1231 |         } catch (ClientApiException e) {
1232 |             e.printStackTrace();
1233 |             throw new ProxyException(e);
1234 |         }
1235 |     }
1236 | 
1237 |     /**
1238 |      * Sets the authCredentialsConfigParams to the given context and user.
1239 |      * Bu default, authCredentialsConfigParams uses key value separator "=" and key value pair separator "&".
1240 |      * Make sure that values provided for authCredentialsConfigParams are URL encoded using "UTF-8".
1241 |      *
1242 |      * @param contextId                   Id of the context.
1243 |      * @param userId                      Id of the user.
1244 |      * @param authCredentialsConfigParams Authentication credentials config parameters.
1245 |      * @throws ProxyException
1246 |      */
1247 |     @Override
1248 |     public void setAuthenticationCredentials(String contextId, String userId,
1249 |                                              String authCredentialsConfigParams) throws ProxyException {
1250 |         try {
1251 |             clientApi.users.setAuthenticationCredentials(contextId, userId,
1252 |                     authCredentialsConfigParams);
1253 |         } catch (ClientApiException e) {
1254 |             e.printStackTrace();
1255 |             throw new ProxyException(e);
1256 |         }
1257 |     }
1258 | 
1259 |     /**
1260 |      * Enables a {@link User} for a given {@link net.continuumsecurity.proxy.model.Context} id and user id.
1261 |      *
1262 |      * @param contextId Id of a {@link net.continuumsecurity.proxy.model.Context}
1263 |      * @param userId    Id of a {@link User}
1264 |      * @param enabled   Boolean value to enable/disable the user.
1265 |      * @throws ProxyException
1266 |      */
1267 |     @Override
1268 |     public void setUserEnabled(String contextId, String userId, boolean enabled)
1269 |             throws ProxyException {
1270 |         try {
1271 |             clientApi.users.setUserEnabled(contextId, userId, Boolean.toString(enabled));
1272 |         } catch (ClientApiException e) {
1273 |             e.printStackTrace();
1274 |             throw new ProxyException(e);
1275 |         }
1276 |     }
1277 | 
1278 |     /**
1279 |      * Sets a name to the user for the given context id and user id.
1280 |      *
1281 |      * @param contextId Id of a {@link net.continuumsecurity.proxy.model.Context}
1282 |      * @param userId    Id of a {@link User}
1283 |      * @param name      User name.
1284 |      * @throws ProxyException
1285 |      */
1286 |     @Override
1287 |     public void setUserName(String contextId, String userId, String name) throws ProxyException {
1288 |         try {
1289 |             clientApi.users.setUserName(contextId, userId, name);
1290 |         } catch (ClientApiException e) {
1291 |             e.printStackTrace();
1292 |             throw new ProxyException(e);
1293 |         }
1294 |     }
1295 | 
1296 |     /**
1297 |      * Returns the forced user id for a given context.
1298 |      *
1299 |      * @param contextId Id of a context.
1300 |      * @return Id of a forced {@link User}
1301 |      * @throws ProxyException
1302 |      */
1303 |     @Override
1304 |     public String getForcedUserId(String contextId) throws ProxyException {
1305 |         try {
1306 |             return ((ApiResponseElement) clientApi.forcedUser.getForcedUser(contextId)).getValue();
1307 |         } catch (ClientApiException e) {
1308 |             e.printStackTrace();
1309 |             throw new ProxyException(e);
1310 |         }
1311 |     }
1312 | 
1313 |     /**
1314 |      * Returns true if forced user mode is enabled. Otherwise returns false.
1315 |      *
1316 |      * @return true if forced user mode is enabled.
1317 |      * @throws ProxyException
1318 |      */
1319 |     @Override
1320 |     public boolean isForcedUserModeEnabled() throws ProxyException {
1321 |         try {
1322 |             return Boolean.parseBoolean(
1323 |                     ((ApiResponseElement) clientApi.forcedUser.isForcedUserModeEnabled()).getValue());
1324 |         } catch (ClientApiException e) {
1325 |             e.printStackTrace();
1326 |             throw new ProxyException(e);
1327 |         }
1328 |     }
1329 | 
1330 |     /**
1331 |      * Enables/disables the forced user mode.
1332 |      *
1333 |      * @param forcedUserModeEnabled flag to enable/disable forced user mode.
1334 |      * @throws ProxyException
1335 |      */
1336 |     @Override
1337 |     public void setForcedUserModeEnabled(boolean forcedUserModeEnabled) throws ProxyException {
1338 |         try {
1339 |             clientApi.forcedUser.setForcedUserModeEnabled(forcedUserModeEnabled);
1340 |         } catch (ClientApiException e) {
1341 |             e.printStackTrace();
1342 |             throw new ProxyException(e);
1343 |         }
1344 |     }
1345 | 
1346 |     /**
1347 |      * Sets a {@link User} id as forced user for the given {@link net.continuumsecurity.proxy.model.Context}
1348 |      *
1349 |      * @param contextId Id of a context.
1350 |      * @param userId    Id of a user.
1351 |      * @throws ProxyException
1352 |      */
1353 |     @Override
1354 |     public void setForcedUser(String contextId, String userId) throws ProxyException {
1355 |         try {
1356 |             clientApi.forcedUser.setForcedUser(contextId, userId);
1357 |         } catch (ClientApiException e) {
1358 |             e.printStackTrace();
1359 |             throw new ProxyException(e);
1360 |         }
1361 |     }
1362 | 
1363 |     /**
1364 |      * Returns list of supported session management methods.
1365 |      *
1366 |      * @return List of supported session management methods.
1367 |      * @throws ProxyException
1368 |      */
1369 |     @Override
1370 |     public List<String> getSupportedSessionManagementMethods() throws ProxyException {
1371 |         ApiResponseList apiResponseList = null;
1372 |         try {
1373 |             apiResponseList = (ApiResponseList) clientApi.sessionManagement
1374 |                     .getSupportedSessionManagementMethods();
1375 |         } catch (ClientApiException e) {
1376 |             e.printStackTrace();
1377 |             throw new ProxyException(e);
1378 |         }
1379 |         List<String> supportedSessionManagementMethods = new ArrayList<String>();
1380 |         for (ApiResponse apiResponse : apiResponseList.getItems()) {
1381 |             supportedSessionManagementMethods.add(((ApiResponseElement) apiResponse).getValue());
1382 |         }
1383 |         return supportedSessionManagementMethods;
1384 |     }
1385 | 
1386 |     /**
1387 |      * Returns session management method selected for the given context.
1388 |      *
1389 |      * @param contextId Id of a context.
1390 |      * @return Session management method for a given context.
1391 |      * @throws ProxyException
1392 |      */
1393 |     @Override
1394 |     public String getSessionManagementMethod(String contextId) throws ProxyException {
1395 |         try {
1396 |             return ((ApiResponseElement) clientApi.sessionManagement
1397 |                     .getSessionManagementMethod(contextId)).getValue();
1398 |         } catch (ClientApiException e) {
1399 |             e.printStackTrace();
1400 |             throw new ProxyException(e);
1401 |         }
1402 |     }
1403 | 
1404 |     /**
1405 |      * Sets the given session management method and config params for a given context.
1406 |      *
1407 |      * @param contextId                   Id of a context.
1408 |      * @param sessionManagementMethodName Session management method name.
1409 |      * @param methodConfigParams          Session management method config parameters.
1410 |      * @throws ProxyException
1411 |      */
1412 |     @Override
1413 |     public void setSessionManagementMethod(String contextId, String sessionManagementMethodName,
1414 |                                            String methodConfigParams) throws ProxyException {
1415 |         try {
1416 |             clientApi.sessionManagement
1417 |                     .setSessionManagementMethod(contextId, sessionManagementMethodName,
1418 |                             methodConfigParams);
1419 |         } catch (ClientApiException e) {
1420 |             e.printStackTrace();
1421 |             throw new ProxyException(e);
1422 |         }
1423 |     }
1424 | 
1425 |     /**
1426 |      * Returns the list of Anti CSRF token names.
1427 |      *
1428 |      * @return List of Anti CSRF token names.
1429 |      * @throws ProxyException
1430 |      */
1431 |     @Override
1432 |     public List<String> getAntiCsrfTokenNames() throws ProxyException {
1433 |         String rawResponse;
1434 |         try {
1435 |             rawResponse = ((ApiResponseElement) clientApi.acsrf.optionTokensNames()).getValue();
1436 |         } catch (ClientApiException e) {
1437 |             e.printStackTrace();
1438 |             throw new ProxyException(e);
1439 |         }
1440 |         return Arrays.asList(rawResponse.substring(1, rawResponse.length() - 1).split(", "));
1441 |     }
1442 | 
1443 |     /**
1444 |      * Adds an anti CSRF token with the given name, enabled by default.
1445 |      *
1446 |      * @param tokenName Anti CSRF token name.
1447 |      * @throws ProxyException
1448 |      */
1449 |     @Override
1450 |     public void addAntiCsrfToken(String tokenName) throws ProxyException {
1451 |         try {
1452 |             clientApi.acsrf.addOptionToken(tokenName);
1453 |         } catch (ClientApiException e) {
1454 |             e.printStackTrace();
1455 |             throw new ProxyException(e);
1456 |         }
1457 |     }
1458 | 
1459 |     /**
1460 |      * Removes the anti CSRF token with the given name.
1461 |      *
1462 |      * @param tokenName Anti CSRF token name.
1463 |      * @throws ProxyException
1464 |      */
1465 |     @Override
1466 |     public void removeAntiCsrfToken(String tokenName) throws ProxyException {
1467 |         try {
1468 |             clientApi.acsrf.removeOptionToken(tokenName);
1469 |         } catch (ClientApiException e) {
1470 |             e.printStackTrace();
1471 |             throw new ProxyException(e);
1472 |         }
1473 |     }
1474 | 
1475 |     /**
1476 |      * Returns the list of scripting engines that ZAP supports.
1477 |      *
1478 |      * @return List of script engines.
1479 |      * @throws ProxyException
1480 |      */
1481 |     @Override
1482 |     public List<String> listEngines() throws ProxyException {
1483 |         List<String> engines = new ArrayList<String>();
1484 |         try {
1485 |             ApiResponseList apiResponseList = (ApiResponseList) clientApi.script.listEngines();
1486 |             for (ApiResponse apiResponse : apiResponseList.getItems()) {
1487 |                 engines.add(((ApiResponseElement) apiResponse).getValue());
1488 |             }
1489 |         } catch (ClientApiException e) {
1490 |             e.printStackTrace();
1491 |             throw new ProxyException(e);
1492 |         }
1493 |         return engines;
1494 |     }
1495 | 
1496 |     /**
1497 |      * Returns the list of scripts loaded into ZAP.
1498 |      *
1499 |      * @return List of scripts.
1500 |      * @throws ProxyException
1501 |      */
1502 |     @Override
1503 |     public List<Script> listScripts() throws ProxyException {
1504 |         ApiResponseList apiResponseList;
1505 |         try {
1506 |             apiResponseList = (ApiResponseList) clientApi.script.listScripts();
1507 |         } catch (ClientApiException e) {
1508 |             e.printStackTrace();
1509 |             throw new ProxyException(e);
1510 |         }
1511 |         List<Script> scripts = new ArrayList<Script>();
1512 |         if (apiResponseList != null) {
1513 |             for (ApiResponse apiResponse : apiResponseList.getItems()) {
1514 |                 scripts.add(new Script((ApiResponseSet) apiResponse));
1515 |             }
1516 |         }
1517 |         return scripts;
1518 |     }
1519 | 
1520 |     /**
1521 |      * Disables the script, if the script name is a valid one.
1522 |      *
1523 |      * @param scriptName Name of the script.
1524 |      * @throws ProxyException
1525 |      */
1526 |     @Override
1527 |     public void disableScript(String scriptName) throws ProxyException {
1528 |         try {
1529 |             clientApi.script.disable(scriptName);
1530 |         } catch (ClientApiException e) {
1531 |             e.printStackTrace();
1532 |             throw new ProxyException(e);
1533 |         }
1534 |     }
1535 | 
1536 |     /**
1537 |      * Enables the script, if the script name is a valid one.
1538 |      *
1539 |      * @param scriptName Name of the script.
1540 |      * @throws ProxyException
1541 |      */
1542 |     @Override
1543 |     public void enableScript(String scriptName) throws ProxyException {
1544 |         try {
1545 |             clientApi.script.enable(scriptName);
1546 |         } catch (ClientApiException e) {
1547 |             e.printStackTrace();
1548 |             throw new ProxyException(e);
1549 |         }
1550 |     }
1551 | 
1552 |     /**
1553 |      * Loads a script into ZAP session.
1554 |      *
1555 |      * @param scriptName   Name of the script.
1556 |      * @param scriptType   Type of the script such as authentication, httpsender, etc.
1557 |      * @param scriptEngine Script engine such as Rhino, Mozilla Zest, etc.
1558 |      * @param fileName     Name of the file including the full path.
1559 |      * @throws ProxyException
1560 |      */
1561 |     @Override
1562 |     public void loadScript(String scriptName, String scriptType, String scriptEngine,
1563 |                            String fileName) throws ProxyException {
1564 |         loadScript(scriptName, scriptType, scriptEngine, fileName, "");
1565 |     }
1566 | 
1567 |     /**
1568 |      * Loads a script into ZAP session.
1569 |      *
1570 |      * @param scriptName        Name of the script.
1571 |      * @param scriptType        Type of the script such as authentication, httpsender, etc.
1572 |      * @param scriptEngine      Script engine such Rhino, Mozilla Zest, etc.
1573 |      * @param fileName          Name of the file including the full path.
1574 |      * @param scriptDescription Script description.
1575 |      * @throws ProxyException
1576 |      */
1577 |     @Override
1578 |     public void loadScript(String scriptName, String scriptType, String scriptEngine,
1579 |                            String fileName, String scriptDescription) throws ProxyException {
1580 |         try {
1581 |             clientApi.script
1582 |                     .load(scriptName, scriptType, scriptEngine, fileName, scriptDescription);
1583 |         } catch (ClientApiException e) {
1584 |             e.printStackTrace();
1585 |             throw new ProxyException(e);
1586 |         }
1587 |     }
1588 | 
1589 |     /**
1590 |      * Removes the script with given name.
1591 |      *
1592 |      * @param scriptName Name of the script.
1593 |      * @throws ProxyException
1594 |      */
1595 |     @Override
1596 |     public void removeScript(String scriptName) throws ProxyException {
1597 |         try {
1598 |             clientApi.script.remove(scriptName);
1599 |         } catch (ClientApiException e) {
1600 |             e.printStackTrace();
1601 |             throw new ProxyException(e);
1602 |         }
1603 |     }
1604 | 
1605 |     /**
1606 |      * Runs a stand alone script with the given name.
1607 |      *
1608 |      * @param scriptName Name of the script.
1609 |      * @throws ProxyException
1610 |      */
1611 |     @Override
1612 |     public void runStandAloneScript(String scriptName) throws ProxyException {
1613 |         try {
1614 |             clientApi.script.runStandAloneScript(scriptName);
1615 |         } catch (ClientApiException e) {
1616 |             e.printStackTrace();
1617 |             throw new ProxyException(e);
1618 |         }
1619 |     }
1620 | 
1621 |     @Override
1622 |     public void setIncludeInContext(String contextName, String regex) {
1623 |         try {
1624 |             clientApi.context.includeInContext(contextName, regex);
1625 |         } catch (ClientApiException e) {
1626 |             if ("does_not_exist".equalsIgnoreCase(e.getCode())) {
1627 |                 createContext(contextName);
1628 |                 setIncludeInContext(contextName, regex);
1629 |             } else {
1630 |                 e.printStackTrace();
1631 |                 throw new ProxyException(e);
1632 |             }
1633 |         }
1634 |     }
1635 | 
1636 |     private void createContext(String contextName) {
1637 |         try {
1638 |             clientApi.context.newContext(contextName);
1639 |         } catch (ClientApiException e) {
1640 |             e.printStackTrace();
1641 |             throw new ProxyException(e);
1642 |         }
1643 |     }
1644 | 
1645 |     private static class ClientApiUtils {
1646 | 
1647 |         private ClientApiUtils() {
1648 |         }
1649 | 
1650 |         public static int getInteger(ApiResponse response) throws ClientApiException {
1651 |             try {
1652 |                 return Integer.parseInt(((ApiResponseElement) response).getValue());
1653 |             } catch (Exception e) {
1654 |                 throw new ClientApiException("Unable to get integer from response.");
1655 |             }
1656 |         }
1657 | 
1658 |         public static String convertHarRequestToString(HarRequest request)
1659 |                 throws ClientApiException {
1660 |             try {
1661 |                 ByteArrayOutputStream os = new ByteArrayOutputStream();
1662 |                 JsonGenerator g = new JsonFactory().createJsonGenerator(os);
1663 |                 g.writeStartObject();
1664 |                 request.writeHar(g);
1665 |                 g.close();
1666 |                 return os.toString("UTF-8");
1667 |             } catch (IOException e) {
1668 |                 throw new ClientApiException(e);
1669 |             }
1670 |         }
1671 | 
1672 |         public static HarLog createHarLog(byte[] bytesHarLog) throws ClientApiException {
1673 |             try {
1674 |                 if (bytesHarLog.length == 0) {
1675 |                     throw new ClientApiException("Unexpected ZAP response.");
1676 |                 }
1677 |                 HarFileReader reader = new HarFileReader();
1678 |                 return reader.readHarFile(new ByteArrayInputStream(bytesHarLog), null);
1679 |             } catch (IOException e) {
1680 |                 throw new ClientApiException(e);
1681 |             }
1682 |         }
1683 | 
1684 |         public static List<HarEntry> getHarEntries(byte[] bytesHarLog) throws ClientApiException {
1685 |             return createHarLog(bytesHarLog).getEntries().getEntries();
1686 |         }
1687 | 
1688 |     }
1689 | }
1690 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/model/AuthenticationMethod.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy.model;
 2 | 
 3 | import java.util.ArrayList;
 4 | import java.util.List;
 5 | 
 6 | /**
 7 |  * Authentication methods supported by ZAP.
 8 |  */
 9 | public enum AuthenticationMethod {
10 |     FORM_BASED_AUTHENTICATION("formBasedAuthentication"),
11 |     HTTP_AUTHENTICATION("httpAuthentication"),
12 |     MANUAL_AUTHENTICATION("manualAuthentication"),
13 |     SCRIPT_BASED_AUTHENTICATION("scriptBasedAuthentication");
14 | 
15 |     private String value;
16 | 
17 |     public String getValue() {
18 |         return value;
19 |     }
20 | 
21 |     AuthenticationMethod(String authenticationMethod) {
22 |         this.value = authenticationMethod;
23 |     }
24 | 
25 |     public static List<String> getValues() {
26 |         List<String> values = new ArrayList<String>();
27 |         for (AuthenticationMethod authenticationMethod : AuthenticationMethod.values()) {
28 |             values.add(authenticationMethod.getValue());
29 |         }
30 |         return values;
31 |     }
32 | }
33 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/model/Context.java:
--------------------------------------------------------------------------------
  1 | package net.continuumsecurity.proxy.model;
  2 | 
  3 | import org.zaproxy.clientapi.core.ApiResponseSet;
  4 | 
  5 | import java.util.Arrays;
  6 | import java.util.List;
  7 | 
  8 | public class Context {
  9 |     private String id;
 10 |     private String name;
 11 |     private String description;
 12 |     private String loggedInPattern;
 13 |     private String loggedOutPattern;
 14 |     private List<String> includedRegexs;
 15 |     private List<String> excludedRegexs;
 16 |     private String authType;
 17 |     private int authenticationDetectionMethodId;
 18 | 
 19 |     public Context(ApiResponseSet response) {
 20 |         id = response.getStringValue("id");
 21 |         name = response.getStringValue("name");
 22 |         description = response.getStringValue("description");
 23 |         loggedInPattern = response.getStringValue("loggedInPattern");
 24 |         loggedOutPattern = response.getStringValue("loggedOutPattern");
 25 |         String includedRegexsNode = response.getStringValue("includeRegexs");
 26 |         if (includedRegexsNode.length() > 2) {
 27 |             includedRegexs = Arrays.asList(includedRegexsNode.substring(1, includedRegexsNode.length()-1).split(", "));
 28 |         }
 29 |         String excludedRegexsNode = response.getStringValue("excludeRegexs");
 30 |         if (excludedRegexsNode.length() > 2) {
 31 |             excludedRegexs = Arrays.asList(excludedRegexsNode.substring(1, excludedRegexsNode.length()-1).split(", "));
 32 |         }
 33 |         authType = response.getStringValue("authType");
 34 |         authenticationDetectionMethodId = Integer.parseInt(response.getStringValue("authenticationDetectionMethodId"));
 35 |     }
 36 | 
 37 |     public String getId() {
 38 |         return id;
 39 |     }
 40 | 
 41 |     public void setId(String id) {
 42 |         this.id = id;
 43 |     }
 44 | 
 45 |     public String getName() {
 46 |         return name;
 47 |     }
 48 | 
 49 |     public void setName(String name) {
 50 |         this.name = name;
 51 |     }
 52 | 
 53 |     public String getDescription() {
 54 |         return description;
 55 |     }
 56 | 
 57 |     public void setDescription(String description) {
 58 |         this.description = description;
 59 |     }
 60 | 
 61 |     public String getLoggedInPattern() {
 62 |         return loggedInPattern;
 63 |     }
 64 | 
 65 |     public void setLoggedInPattern(String loggedInPattern) {
 66 |         this.loggedInPattern = loggedInPattern;
 67 |     }
 68 | 
 69 |     public String getLoggedOutPattern() {
 70 |         return loggedOutPattern;
 71 |     }
 72 | 
 73 |     public void setLoggedOutPattern(String loggedOutPattern) {
 74 |         this.loggedOutPattern = loggedOutPattern;
 75 |     }
 76 | 
 77 |     public List<String> getIncludedRegexs() {
 78 |         return includedRegexs;
 79 |     }
 80 | 
 81 |     public void setIncludedRegexs(List<String> includedRegexs) {
 82 |         this.includedRegexs = includedRegexs;
 83 |     }
 84 | 
 85 |     public List<String> getExcludedRegexs() {
 86 |         return excludedRegexs;
 87 |     }
 88 | 
 89 |     public void setExcludedRegexs(List<String> excludedRegexs) {
 90 |         this.excludedRegexs = excludedRegexs;
 91 |     }
 92 | 
 93 |     public String getAuthType() {
 94 |         return authType;
 95 |     }
 96 | 
 97 |     public void setAuthType(String authType) {
 98 |         this.authType = authType;
 99 |     }
100 | 
101 |     public int getAuthenticationDetectionMethodId() {
102 |         return authenticationDetectionMethodId;
103 |     }
104 | 
105 |     public void setAuthenticationDetectionMethodId(int authenticationDetectionMethodId) {
106 |         this.authenticationDetectionMethodId = authenticationDetectionMethodId;
107 |     }
108 | }
109 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/model/ScanInfo.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy.model;
 2 | 
 3 | import org.zaproxy.clientapi.core.ApiResponseSet;
 4 | 
 5 | /**
 6 |  * Created by stephen on 16/04/15.
 7 |  */
 8 | public class ScanInfo implements Comparable<ScanInfo> {
 9 |     int progress;
10 |     int id;
11 |     State state;
12 | 
13 |     @Override
14 |     public int compareTo(ScanInfo o) {
15 |         return id-o.getId();
16 |     }
17 | 
18 |     public enum State {
19 |         NOT_STARTED,
20 |         FINISHED,
21 |         PAUSED,
22 |         RUNNING;
23 | 
24 |         public static State parse(String s) {
25 |             if ("NOT_STARTED".equalsIgnoreCase(s)) return NOT_STARTED;
26 |             if ("FINISHED".equalsIgnoreCase(s)) return FINISHED;
27 |             if ("PAUSED".equalsIgnoreCase(s)) return PAUSED;
28 |             if ("RUNNING".equalsIgnoreCase(s)) return RUNNING;
29 |             throw new RuntimeException("Unknown state: "+s);
30 |         }
31 |     }
32 | 
33 |     public ScanInfo(ApiResponseSet response) {
34 |         id = Integer.parseInt(response.getStringValue("id"));
35 |         progress = Integer.parseInt(response.getStringValue("progress"));
36 |         state = State.parse(response.getStringValue("state"));
37 |     }
38 | 
39 |     public int getProgress() {
40 |         return progress;
41 |     }
42 | 
43 |     public void setProgress(int progress) {
44 |         this.progress = progress;
45 |     }
46 | 
47 |     public int getId() {
48 |         return id;
49 |     }
50 | 
51 |     public void setId(int id) {
52 |         this.id = id;
53 |     }
54 | 
55 |     public State getState() {
56 |         return state;
57 |     }
58 | 
59 |     public void setState(State state) {
60 |         this.state = state;
61 |     }
62 | }
63 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/model/ScanResponse.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy.model;
 2 | 
 3 | import org.zaproxy.clientapi.core.ApiResponse;
 4 | import org.zaproxy.clientapi.core.ApiResponseList;
 5 | import org.zaproxy.clientapi.core.ApiResponseSet;
 6 | 
 7 | import java.util.ArrayList;
 8 | import java.util.Collections;
 9 | import java.util.List;
10 | 
11 | /**
12 |  * Created by stephen on 16/04/15.
13 |  */
14 | public class ScanResponse {
15 |     List<ScanInfo> scans = new ArrayList();
16 | 
17 |     public ScanResponse(ApiResponseList responseList) {
18 |         for (ApiResponse rawResponse : responseList.getItems()) {
19 |             scans.add(new ScanInfo((ApiResponseSet)rawResponse));
20 |         }
21 |         Collections.sort(scans);
22 |     }
23 | 
24 |     public List<ScanInfo> getScans() {
25 |         return scans;
26 |     }
27 | 
28 |     public ScanInfo getScanById(int scanId) {
29 |         for (ScanInfo scan : scans) {
30 |             if (scan.getId() == scanId) return scan;
31 |         }
32 |         return null;
33 |     }
34 | 
35 |     public ScanInfo getLastScan() {
36 |         if (scans.size() == 0) throw new RuntimeException("No scans found");
37 |         return scans.get(scans.size()-1);
38 |     }
39 | }
40 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/model/ScannerInfo.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy.model;
 2 | 
 3 | import org.zaproxy.clientapi.core.ApiResponseSet;
 4 | 
 5 | /**
 6 |  * Created by stephen on 20/04/15.
 7 |  */
 8 | public class ScannerInfo {
 9 |     boolean enabled;
10 |     int wascId;
11 |     int cweId;
12 | 
13 |     public ScannerInfo(ApiResponseSet responseSet) {
14 |         enabled = Boolean.parseBoolean(responseSet.getStringValue("enabled"));
15 |         wascId = Integer.parseInt(responseSet.getStringValue("wascid"));
16 |         cweId = Integer.parseInt(responseSet.getStringValue("cweid"));
17 |     }
18 | 
19 |     public boolean isEnabled() {
20 |         return enabled;
21 |     }
22 | 
23 |     public int getWascId() {
24 |         return wascId;
25 |     }
26 | 
27 |     public int getCweId() {
28 |         return cweId;
29 |     }
30 | }
31 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/model/Script.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy.model;
 2 | 
 3 | import org.zaproxy.clientapi.core.ApiResponseSet;
 4 | 
 5 | /**
 6 |  * Copyright VMware, Inc. All rights reserved. -- VMware Confidential
 7 |  */
 8 | public class Script {
 9 |     String name;
10 |     String type;
11 |     String engine;
12 |     boolean error;
13 |     String description;
14 | 
15 |     public Script(ApiResponseSet apiResponseSet) {
16 |         name = apiResponseSet.getStringValue("name");
17 |         type = apiResponseSet.getStringValue("type");
18 |         engine = apiResponseSet.getStringValue("engine");
19 |         error = Boolean.valueOf(apiResponseSet.getStringValue("error"));
20 |         description = apiResponseSet.getStringValue("description");
21 |     }
22 | 
23 |     public String getName() {
24 |         return name;
25 |     }
26 | 
27 |     public void setName(String name) {
28 |         this.name = name;
29 |     }
30 | 
31 |     public String getType() {
32 |         return type;
33 |     }
34 | 
35 |     public void setType(String type) {
36 |         this.type = type;
37 |     }
38 | 
39 |     public String getEngine() {
40 |         return engine;
41 |     }
42 | 
43 |     public void setEngine(String engine) {
44 |         this.engine = engine;
45 |     }
46 | 
47 |     public boolean isError() {
48 |         return error;
49 |     }
50 | 
51 |     public void setError(boolean error) {
52 |         this.error = error;
53 |     }
54 | 
55 |     public String getDescription() {
56 |         return description;
57 |     }
58 | 
59 |     public void setDescription(String description) {
60 |         this.description = description;
61 |     }
62 | }
63 | 


--------------------------------------------------------------------------------
/src/main/java/net/continuumsecurity/proxy/model/User.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy.model;
 2 | 
 3 | import org.codehaus.jackson.map.ObjectMapper;
 4 | import org.codehaus.jackson.type.TypeReference;
 5 | import org.zaproxy.clientapi.core.ApiResponseSet;
 6 | 
 7 | import java.io.IOException;
 8 | import java.util.HashMap;
 9 | import java.util.Map;
10 | 
11 | public class User {
12 |     String id;
13 |     boolean enabled;
14 |     String contextId;
15 |     String name;
16 |     Map<String, String> credentials;
17 | 
18 |     public User(ApiResponseSet apiResponseSet) throws IOException {
19 |         id = apiResponseSet.getStringValue("id");
20 |         enabled = Boolean.valueOf(apiResponseSet.getStringValue("enabled"));
21 |         contextId = apiResponseSet.getStringValue("contextId");
22 |         name = apiResponseSet.getStringValue("name");
23 |         ObjectMapper mapper = new ObjectMapper();
24 |         credentials = mapper.readValue(apiResponseSet.getStringValue("credentials"), new TypeReference<HashMap<String,String>>(){});
25 |     }
26 | 
27 |     public String getId() {
28 |         return id;
29 |     }
30 | 
31 |     public void setId(String id) {
32 |         this.id = id;
33 |     }
34 | 
35 |     public boolean isEnabled() {
36 |         return enabled;
37 |     }
38 | 
39 |     public void setEnabled(boolean enabled) {
40 |         this.enabled = enabled;
41 |     }
42 | 
43 |     public String getContextId() {
44 |         return contextId;
45 |     }
46 | 
47 |     public void setContextId(String contextId) {
48 |         this.contextId = contextId;
49 |     }
50 | 
51 |     public String getName() {
52 |         return name;
53 |     }
54 | 
55 |     public void setName(String name) {
56 |         this.name = name;
57 |     }
58 | 
59 |     public Map<String, String> getCredentials() {
60 |         return credentials;
61 |     }
62 | 
63 |     public void setCredentials(Map<String, String> credentials) {
64 |         this.credentials = credentials;
65 |     }
66 | }
67 | 


--------------------------------------------------------------------------------
/src/main/resources/extendedapi-alpha-1.zap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iriusrisk/zap-java-api/4f9fe090a073345e9ae33b40ff0e378662a7c2a8/src/main/resources/extendedapi-alpha-1.zap


--------------------------------------------------------------------------------
/src/main/resources/extendedapi-alpha-2.zap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iriusrisk/zap-java-api/4f9fe090a073345e9ae33b40ff0e378662a7c2a8/src/main/resources/extendedapi-alpha-2.zap


--------------------------------------------------------------------------------
/src/test/java/net/continuumsecurity/proxy/SpiderTest.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy;
 2 | 
 3 | import net.continuumsecurity.proxy.model.Context;
 4 | import org.junit.BeforeClass;
 5 | import org.junit.Test;
 6 | 
 7 | import java.util.List;
 8 | 
 9 | import static org.hamcrest.CoreMatchers.is;
10 | import static org.hamcrest.MatcherAssert.assertThat;
11 | import static org.hamcrest.Matchers.notNullValue;
12 | import static org.hamcrest.core.IsEqual.equalTo;
13 | 
14 | public class SpiderTest {
15 |     static ZAProxyScanner zaproxy;
16 |     static String HOST = "127.0.0.1";
17 |     static int PORT = 8888;
18 |     static String BASEURL = "http://testphp.vulnweb.com";
19 |     static String DEFAULT_CONTEXT = "Default Context";
20 | 
21 |     @BeforeClass
22 |     public static void configure() throws Exception {
23 |         zaproxy = new ZAProxyScanner(HOST, PORT, "apisecret");
24 |     }
25 | 
26 |     @Test
27 |     public void testIncludeInContextForNewContext() {
28 |         final String MYCONTEXT = "My Special context";
29 |         zaproxy.setIncludeInContext(MYCONTEXT, BASEURL.concat(".*"));
30 |         Context context = zaproxy.getContextInfo(MYCONTEXT);
31 |         assertThat(context.getId(),is(notNullValue()));
32 |     }
33 | 
34 |     @Test
35 |     public void testSpider() {
36 |         zaproxy.setIncludeInContext(DEFAULT_CONTEXT, BASEURL.concat(".*"));
37 |         zaproxy.spider(BASEURL, true, DEFAULT_CONTEXT);
38 |         int progress = 0;
39 |         while (progress < 100) {
40 |             progress = zaproxy.getSpiderProgress(zaproxy.getLastSpiderScanId());
41 |             try {
42 |                 Thread.sleep(1000);
43 |             } catch (InterruptedException e) {
44 |                 e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
45 |             }
46 |         }
47 |         List<String> results = zaproxy.getSpiderResults(zaproxy.getLastSpiderScanId());
48 | 
49 |         assertThat(results.size(),equalTo(63));
50 |         assert results.contains(BASEURL);
51 |         for (String url : results) {
52 |            System.out.println(url);
53 |         }
54 |     }
55 | }
56 | 


--------------------------------------------------------------------------------
/src/test/java/net/continuumsecurity/proxy/TestEnvironment.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy;
 2 | 
 3 | import org.mortbay.jetty.Server;
 4 | import org.mortbay.jetty.webapp.WebAppContext;
 5 | 
 6 | public class TestEnvironment {
 7 |     Server server;
 8 | 
 9 |     public TestEnvironment() {
10 |         server = new Server(9090);
11 |         WebAppContext webapp = new WebAppContext();
12 |         webapp.setContextPath("/");
13 |         webapp.setWar("src/test/resources/ropeytasks-0.1.war");
14 |         server.setHandler(webapp);
15 |     }
16 | 
17 |     public void start() throws Exception {
18 |         server.start();
19 |         server.join();
20 |     }
21 | 
22 |     public void stop() throws Exception {
23 |         server.stop();
24 |     }
25 | }
26 | 


--------------------------------------------------------------------------------
/src/test/java/net/continuumsecurity/proxy/TestHarUtils.java:
--------------------------------------------------------------------------------
 1 | package net.continuumsecurity.proxy;
 2 | 
 3 | import org.junit.Test;
 4 | 
 5 | public class TestHarUtils {
 6 | 
 7 |     @Test
 8 |     public void testCookieReplaceRegex() {
 9 |         String[] headers = new String[3];
10 |         headers[0] = "JSESSIONID=4D815DF50A74E9C456A1FB5CFD9B0A3D";
11 |         headers[1] = "JSESSIONID=one; A=b";
12 |         headers[2] = "OTHERJSESSIONID=two; JSESSIONID=one; A=b";
13 | 
14 |         String name="JSESSIONID";
15 |         String value="shazam";
16 |         //String pattern = "([; ]"+name+")=[\\\\S]*?([\\\\s;]].*)";
17 |         String patternMulti = "([; ]"+name+")=[^;]*(.*)";
18 |         String patternStart = "^("+name+")=[^;]*(.*)";
19 | 
20 |         for (String header : headers) {
21 |             System.out.println("Header: "+header);
22 |             String updated = header.replaceAll(patternMulti, "$1="+value+"$2");
23 |             if (updated.equals(header)) {
24 |                 updated = header.replaceAll(patternStart, "$1="+value+"$2");
25 |             }
26 |             System.out.println("UPDATED: "+updated);
27 |         }
28 | 
29 |     }
30 | }
31 | 


--------------------------------------------------------------------------------
/src/test/java/net/continuumsecurity/proxy/ZAProxyScannerTest.java:
--------------------------------------------------------------------------------
  1 | package net.continuumsecurity.proxy;
  2 | 
  3 | import edu.umass.cs.benchlab.har.HarEntry;
  4 | import edu.umass.cs.benchlab.har.HarRequest;
  5 | import edu.umass.cs.benchlab.har.HarResponse;
  6 | import net.continuumsecurity.proxy.model.AuthenticationMethod;
  7 | import net.continuumsecurity.proxy.model.Context;
  8 | import net.continuumsecurity.proxy.model.User;
  9 | import org.apache.commons.lang3.RandomStringUtils;
 10 | import org.apache.commons.lang3.StringUtils;
 11 | import org.junit.AfterClass;
 12 | import org.junit.Before;
 13 | import org.junit.BeforeClass;
 14 | import org.junit.Test;
 15 | import org.openqa.selenium.By;
 16 | import org.openqa.selenium.WebDriver;
 17 | import org.openqa.selenium.htmlunit.HtmlUnitDriver;
 18 | import org.openqa.selenium.remote.CapabilityType;
 19 | import org.openqa.selenium.remote.DesiredCapabilities;
 20 | import org.zaproxy.clientapi.core.Alert;
 21 | 
 22 | import java.io.IOException;
 23 | import java.net.MalformedURLException;
 24 | import java.net.URL;
 25 | import java.net.URLEncoder;
 26 | import java.util.ArrayList;
 27 | import java.util.HashMap;
 28 | import java.util.List;
 29 | import java.util.Map;
 30 | import java.util.concurrent.TimeUnit;
 31 | import java.util.regex.Pattern;
 32 | 
 33 | import static org.hamcrest.Matchers.*;
 34 | import static org.hamcrest.core.IsEqual.equalTo;
 35 | import static org.hamcrest.core.IsNull.notNullValue;
 36 | import static org.hamcrest.core.IsNull.nullValue;
 37 | import static org.junit.Assert.*;
 38 | 
 39 | public class ZAProxyScannerTest {
 40 |     static WebDriver driver;
 41 |     static ZAProxyScanner zaproxy;
 42 |     static String HOST = "127.0.0.1";
 43 |     static int PORT = 8888;
 44 |     static String BASEURL = "http://localhost:8080/";
 45 |     static String apiKey = "apisecret";
 46 |     public static final String TEST_CONTEXT_NAME = "Test Context";
 47 |     public static final Pattern INCLUDE_REGEX_PATTERN = Pattern.compile("http://test-me.com/*");
 48 |     public static final Pattern EXCLUDE_REGEX_PATTERN = Pattern.compile("https://do-not-test-me.com/*");
 49 |     public static final String INCLUDE_PARENT_URL = "http://test-me-too.com";
 50 |     public static final String EXCLUDE_PARENT_URL = "https://do-not-test-me-too.com";
 51 | 
 52 |     @BeforeClass
 53 |     public static void configure() throws Exception {
 54 |         zaproxy = new ZAProxyScanner(HOST, PORT, apiKey);
 55 |         DesiredCapabilities capabilities = new DesiredCapabilities();
 56 |         capabilities.setCapability(CapabilityType.PROXY, zaproxy.getSeleniumProxy());
 57 | 
 58 |         driver = new HtmlUnitDriver(capabilities);
 59 |         driver.manage().timeouts().implicitlyWait(5, TimeUnit.SECONDS);
 60 | 
 61 |     }
 62 | 
 63 |     @AfterClass
 64 |     public static void tearDown() throws Exception {
 65 |         driver.close();
 66 |     }
 67 | 
 68 |     @Before
 69 |     public void setup() throws ProxyException {
 70 |         zaproxy.clear();
 71 |         driver.manage().deleteAllCookies();
 72 |     }
 73 | 
 74 |     @Test
 75 |     public void testContext() throws ProxyException, IOException {
 76 |         List<String> contexts = zaproxy.getContexts();
 77 |         int numberOfContexts = contexts.size();
 78 | 
 79 |         String contextName = TEST_CONTEXT_NAME + " - " + RandomStringUtils.randomAlphanumeric(3);
 80 | 
 81 |         zaproxy.createContext(contextName, false);
 82 |         zaproxy.setContextInScope(contextName, true);
 83 | 
 84 |         contexts = zaproxy.getContexts();
 85 |         assertTrue(contexts.contains(contextName));
 86 |         assertEquals(numberOfContexts + 1, contexts.size());
 87 | 
 88 |         Context context = zaproxy.getContextInfo(contextName);
 89 |         assertThat(context, notNullValue());
 90 |         List<String> includedRegexs = zaproxy.getIncludedRegexs(contextName);
 91 |         assertThat(includedRegexs, nullValue());
 92 |         List<String> excludedRegexs = zaproxy.getExcludedRegexs(contextName);
 93 |         assertThat(excludedRegexs, nullValue());
 94 | 
 95 |         zaproxy.includeRegexInContext(contextName, INCLUDE_REGEX_PATTERN);
 96 |         zaproxy.includeUrlTreeInContext(contextName, INCLUDE_PARENT_URL);
 97 | 
 98 |         zaproxy.excludeRegexFromContext(contextName, EXCLUDE_REGEX_PATTERN);
 99 |         zaproxy.excludeParentUrlFromContext(contextName, EXCLUDE_PARENT_URL);
100 | 
101 |         context = zaproxy.getContextInfo(contextName);
102 |         assertThat(context.getIncludedRegexs(), hasSize(2));
103 |         assertThat(context.getExcludedRegexs(), hasSize(2));
104 |         assertThat(context.getIncludedRegexs(), hasItems(Pattern.quote(INCLUDE_REGEX_PATTERN.pattern()), Pattern.quote(INCLUDE_PARENT_URL) + ".*"));
105 |         assertThat(context.getExcludedRegexs(), hasItems(Pattern.quote(EXCLUDE_REGEX_PATTERN.pattern()), Pattern.quote(EXCLUDE_PARENT_URL) + ".*"));
106 |     }
107 | 
108 |     @Test
109 |     public void testAuthentication() throws ProxyException, IOException {
110 |         String contextName = TEST_CONTEXT_NAME + " - " + RandomStringUtils.randomAlphanumeric(3);
111 |         zaproxy.createContext(contextName, true);
112 |         String contextId = zaproxy.getContextInfo(contextName).getId();
113 | 
114 |         assertThat(zaproxy.getSupportedAuthenticationMethods(), hasSize(4));
115 |         assertTrue(zaproxy.getSupportedAuthenticationMethods().containsAll(AuthenticationMethod.getValues()));
116 | 
117 |         assertTrue(StringUtils.isEmpty(zaproxy.getLoggedInIndicator(contextId)));
118 |         assertTrue(StringUtils.isEmpty(zaproxy.getLoggedOutIndicator(contextId)));
119 |         String logInIndicator = "<a href=\"logout.jsp\"></a>";
120 |         String logOutIndicator = "/ui/login.jsp";
121 |         zaproxy.setLoggedInIndicator(contextId, logInIndicator);
122 |         zaproxy.setLoggedOutIndicator(contextId, logOutIndicator);
123 |         assertTrue(StringUtils.isNotEmpty(zaproxy.getLoggedInIndicator(contextId)));
124 |         assertTrue(StringUtils.isNotEmpty(zaproxy.getLoggedOutIndicator(contextId)));
125 |         assertEquals(Pattern.quote(logInIndicator), zaproxy.getLoggedInIndicator(contextId));
126 |         assertEquals(Pattern.quote(logOutIndicator), zaproxy.getLoggedOutIndicator(contextId));
127 | 
128 |         assertEquals(1, zaproxy.getAuthenticationMethodInfo(contextId).size());
129 |         assertTrue(zaproxy.getAuthenticationMethodInfo(contextId).containsKey("methodName"));
130 |         assertEquals(AuthenticationMethod.MANUAL_AUTHENTICATION.getValue(), zaproxy.getAuthenticationMethodInfo(contextId).get("methodName"));
131 |         assertThat(zaproxy.getAuthMethodConfigParameters(AuthenticationMethod.MANUAL_AUTHENTICATION.getValue()), hasSize(0));
132 | 
133 |         String hostName = "hello.world.com";
134 |         String realm = "My realm";
135 |         zaproxy.setHttpAuthentication(contextId, hostName, realm);
136 | 
137 |         assertThat(zaproxy.getAuthenticationMethodInfo(contextId).keySet(), hasItems("methodName", "host", "realm", "port"));
138 |         assertEquals(AuthenticationMethod.HTTP_AUTHENTICATION.getValue(), zaproxy.getAuthenticationMethodInfo(contextId).get("methodName"));
139 |         assertEquals(hostName, zaproxy.getAuthenticationMethodInfo(contextId).get("host"));
140 |         assertEquals(realm, zaproxy.getAuthenticationMethodInfo(contextId).get("realm"));
141 | 
142 |         zaproxy.setManualAuthentication(contextId);
143 |         assertThat(zaproxy.getAuthenticationMethodInfo(contextId).keySet(), hasItem("methodName"));
144 |         assertEquals(AuthenticationMethod.MANUAL_AUTHENTICATION.getValue(), zaproxy.getAuthenticationMethodInfo(contextId).get("methodName"));
145 | 
146 | //        Commenting the Script based authentication tests, as they will work only when ZAP is on localhost, and a script with name as in scriptName is loaded already.
147 | //        String scriptName = "test_script";
148 | //        String loginURL = "https://hello.world.com/log/me/in";
149 | //        String method = "authenticate";
150 | //        String scriptConfigParams = "LoginURL=" + loginURL + "&Method=" + method;
151 | //        zaproxy.setScriptBasedAuthentication(contextId, scriptName, scriptConfigParams);
152 | //
153 | //        assertThat(zaproxy.getAuthenticationMethodInfo(contextId).keySet(), hasItems("methodName", "scriptName", "LoginURL", "Method"));
154 | //        assertEquals(AuthenticationMethod.SCRIPT_BASED_AUTHENTICATION.getValue(), zaproxy.getAuthenticationMethodInfo(contextId).get("methodName"));
155 | //        assertEquals(scriptName, zaproxy.getAuthenticationMethodInfo(contextId).get("scriptName"));
156 | //        assertEquals(loginURL, zaproxy.getAuthenticationMethodInfo(contextId).get("LoginURL"));
157 | //        assertEquals(method, zaproxy.getAuthenticationMethodInfo(contextId).get("Method"));
158 | 
159 | 
160 |         List<Map<String, String>> formBasedAuthConfigParams = zaproxy.getAuthMethodConfigParameters(AuthenticationMethod.FORM_BASED_AUTHENTICATION.getValue());
161 |         assertEquals(formBasedAuthConfigParams.size(), 2);
162 |         for (Map<String, String> configParam : formBasedAuthConfigParams) {
163 |             assertThat(configParam.keySet(), hasItems("name", "mandatory"));
164 |             assertThat(configParam.values(), anyOf(hasItem("loginUrl"), hasItem("loginRequestData")));
165 |         }
166 | 
167 |         String loginUrl = "http://localhost:8080/bodgeit/login.jsp";
168 |         String loginRequestData = "username={%username%}&password={%password%}";
169 |         zaproxy.setFormBasedAuthentication(contextId, loginUrl, loginRequestData);
170 | 
171 |         assertThat(zaproxy.getAuthenticationMethodInfo(contextId).keySet(), hasItems("methodName", "loginUrl", "loginRequestData"));
172 |         assertEquals(AuthenticationMethod.FORM_BASED_AUTHENTICATION.getValue(), zaproxy.getAuthenticationMethodInfo(contextId).get("methodName"));
173 |         assertEquals(loginUrl, zaproxy.getAuthenticationMethodInfo(contextId).get("loginUrl"));
174 |         assertEquals(loginRequestData, zaproxy.getAuthenticationMethodInfo(contextId).get("loginRequestData"));
175 | 
176 |         List<User> users = zaproxy.getUsersList(contextId);
177 |         assertTrue(users.size() == 0);
178 |         String userName = "TestUser";
179 |         String userId = zaproxy.newUser(contextId, userName);
180 |         users = zaproxy.getUsersList(contextId);
181 |         assertTrue(users.size() == 1);
182 |         assertEquals(userId, users.get(0).getId());
183 |         assertEquals(contextId, users.get(0).getContextId());
184 |         assertEquals(userName, users.get(0).getName());
185 |         assertEquals(false, users.get(0).isEnabled());
186 |         assertEquals("UsernamePasswordAuthenticationCredentials", users.get(0).getCredentials().get("type"));
187 | 
188 |         User user = zaproxy.getUserById(contextId, userId);
189 |         assertEquals(userId, user.getId());
190 |         assertEquals(contextId, user.getContextId());
191 |         assertEquals(userName, user.getName());
192 |         assertEquals(false, user.isEnabled());
193 |         assertEquals("UsernamePasswordAuthenticationCredentials", user.getCredentials().get("type"));
194 | 
195 |         List<Map<String, String>> authCredentialsConfigParams = zaproxy.getAuthenticationCredentialsConfigParams(contextId);
196 |         assertTrue(authCredentialsConfigParams.size() == 2);
197 | 
198 |         Map<String, String> credentials = zaproxy.getAuthenticationCredentials(contextId, userId);
199 |         assertEquals("UsernamePasswordAuthenticationCredentials", credentials.get("type"));
200 |         assertEquals("", credentials.get("username"));
201 |         assertEquals("", credentials.get("password"));
202 | 
203 |         String userNameParameter = "user1";
204 |         String passwordParameter = "password1";
205 |         String authCreds = "username=" + URLEncoder.encode(userNameParameter, "UTF-8") + "&password=" + URLEncoder.encode(passwordParameter, "UTF-8");
206 |         zaproxy.setAuthenticationCredentials(contextId, userId, authCreds);
207 |         credentials = zaproxy.getAuthenticationCredentials(contextId, userId);
208 |         assertEquals("UsernamePasswordAuthenticationCredentials", credentials.get("type"));
209 |         assertEquals(userNameParameter, credentials.get("username"));
210 |         assertEquals(passwordParameter, credentials.get("password"));
211 | 
212 |         zaproxy.setUserEnabled(contextId, userId, true);
213 |         user = zaproxy.getUserById(contextId, userId);
214 |         assertEquals(true, user.isEnabled());
215 | 
216 |         String updatedUserName = "TestUser-Updated";
217 |         zaproxy.setUserName(contextId, userId, updatedUserName);
218 |         user = zaproxy.getUserById(contextId, userId);
219 |         assertEquals(updatedUserName, user.getName());
220 | 
221 |         assertFalse(zaproxy.isForcedUserModeEnabled());
222 |         assertThat(zaproxy.getForcedUserId(contextId), isEmptyOrNullString());
223 |         zaproxy.setForcedUserModeEnabled(true);
224 |         assertTrue(zaproxy.isForcedUserModeEnabled());
225 |         zaproxy.setForcedUserModeEnabled(false);
226 |         assertFalse(zaproxy.isForcedUserModeEnabled());
227 |         zaproxy.setForcedUser(contextId, userId);
228 |         assertEquals(userId, zaproxy.getForcedUserId(contextId));
229 | 
230 |         zaproxy.removeUser(contextId, userId);
231 |         users = zaproxy.getUsersList(contextId);
232 |         assertTrue(users.size() == 0);
233 | 
234 |         assertEquals("cookieBasedSessionManagement", zaproxy.getSessionManagementMethod(contextId));
235 |         assertThat(zaproxy.getSupportedSessionManagementMethods(), hasItems("cookieBasedSessionManagement", "httpAuthSessionManagement"));
236 |         zaproxy.setSessionManagementMethod(contextId, "httpAuthSessionManagement", null);
237 |         assertEquals("httpAuthSessionManagement", zaproxy.getSessionManagementMethod(contextId));
238 |     }
239 | 
240 |     @Test
241 |     public void testScript() throws ProxyException {
242 |         List<String> engines = zaproxy.listEngines();
243 |         assertNotNull(engines);
244 |     }
245 | 
246 |     @Test (expected = ProxyException.class)
247 |     public void testRemoveScript() {
248 |         zaproxy.removeScript("test");
249 |     }
250 | 
251 |     @Test
252 |     public void testAntiCsrfTokenMethods() throws ProxyException {
253 |         List<String> antiCsrfTokens = zaproxy.getAntiCsrfTokenNames();
254 |         String aCsrfTokenName = "secureToken";
255 |         zaproxy.addAntiCsrfToken(aCsrfTokenName);
256 |         assertEquals(antiCsrfTokens.size() + 1, zaproxy.getAntiCsrfTokenNames().size());
257 |         assertThat(zaproxy.getAntiCsrfTokenNames(), hasItem(aCsrfTokenName));
258 |         zaproxy.removeAntiCsrfToken(aCsrfTokenName);
259 |         assertThat(zaproxy.getAntiCsrfTokenNames(), not(hasItem(aCsrfTokenName)));
260 |     }
261 | 
262 |     @Test
263 |     public void testGetXmlReport() throws ProxyException {
264 |         String report = new String(zaproxy.getXmlReport());
265 |         assert report.startsWith("<?xml version=\"1.0\"");
266 |         assert report.endsWith("</OWASPZAPReport>");
267 |     }
268 | 
269 |     @Test
270 |     public void testGetHtmlReport() throws ProxyException {
271 |         String report = new String(zaproxy.getHtmlReport());
272 |         assert report.startsWith("<html>");
273 |     }
274 | 
275 |     @Test
276 |     public void testGetHistory() throws ProxyException {
277 |         driver.get(BASEURL);
278 |         List<HarEntry> history = zaproxy.getHistory();
279 |         assertThat(history.size(), greaterThan(0));
280 |         assertEquals(history.get(0).getResponse().getStatus(), 302);
281 |     }
282 | 
283 |     @Test
284 |     public void testMakeRequest() throws IOException {
285 |         driver.get(BASEURL + "task/search?q=test&search=Search");
286 |         HarRequest origRequest = zaproxy.getHistory().get(0).getRequest();
287 |         HarResponse origResponse = zaproxy.getHistory().get(0).getResponse();
288 |         List<HarEntry> responses = zaproxy.makeRequest(origRequest, false);
289 |         HarResponse manualResponse = responses.get(0).getResponse();
290 | 
291 |         assertEquals(origResponse.getBodySize(), manualResponse.getBodySize());
292 |         assertEquals(origResponse.getContent().getText(), manualResponse.getContent().getText());
293 |     }
294 | 
295 |     @Test
296 |     public void testCookiesWithMakeRequest() throws IOException {
297 |         System.out.println("Opening login page");
298 |         openLoginPage();
299 |         System.out.println("Logging on");
300 | 
301 |         login("bob", "password");        //sets a session ID cookie
302 | 
303 |         String sessionID = driver.manage().getCookieNamed("JSESSIONID").getValue();
304 |         assert sessionID.length() > 4;
305 |         System.out.println("getting history");
306 |         List<HarEntry> history = zaproxy.getHistory();
307 |         System.out.println("clearing history");
308 |         zaproxy.clear();
309 |         System.out.println("cleared");
310 |         HarRequest copy = history.get(history.size() - 1).getRequest(); //The last request will contain a session ID
311 |         copy = HarUtils.changeCookieValue(copy, "JSESSIONID", "nothing");
312 | 
313 |         List<HarEntry> responses = zaproxy.makeRequest(copy, false);
314 |         //The changed session ID
315 |         assertThat(responses.get(0).getRequest().getCookies().getCookies().get(0).getValue(), equalTo("nothing"));
316 |     }
317 | 
318 |     @Test
319 |     public void testSimpleActiveScanWorkflow() throws InterruptedException {
320 |         zaproxy.setEnablePassiveScan(false);
321 |         System.out.println("Opening login page");
322 |         openLoginPage();
323 |         System.out.println("Logging on");
324 | 
325 |         login("bob", "password");
326 |         String contextID="40018";
327 |         zaproxy.setEnableScanners(contextID, true);
328 |         zaproxy.setScannerAttackStrength(contextID, "High");
329 |         zaproxy.setScannerAlertThreshold(contextID, "low");
330 |         zaproxy.deleteAlerts();
331 |         zaproxy.scan(BASEURL);
332 |         int scanId = zaproxy.getLastScannerScanId();
333 |         int status = zaproxy.getScanProgress(scanId);
334 |         while (status < 100) {
335 |             Thread.sleep(2000);
336 |             status = zaproxy.getScanProgress(scanId);
337 |             System.out.println("Scan: "+status);
338 |         }
339 |         List<Alert> alerts = zaproxy.getAlerts();
340 |         assertThat(alerts.size(), greaterThan(0));
341 | 
342 |         //Repeat after deleting alerts
343 |         zaproxy.deleteAlerts();
344 |         zaproxy.scan(BASEURL);
345 |         scanId = zaproxy.getLastScannerScanId();
346 |         status = zaproxy.getScanProgress(scanId);
347 |         while (status < 100) {
348 |             Thread.sleep(2000);
349 |             status = zaproxy.getScanProgress(scanId);
350 |             System.out.println("Scan: "+status);
351 |         }
352 |         List<Alert> secondBatchAlerts = zaproxy.getAlerts();
353 |         assertThat(secondBatchAlerts.size(), greaterThan(0));
354 |         assertThat(secondBatchAlerts.size(), equalTo(alerts.size()));
355 |     }
356 | 
357 | 
358 |     private Map<String, List<Alert>> getAlertsByHost(List<Alert> alerts) {
359 | 
360 |         Map<String, List<Alert>> alertsByHost = new HashMap<String, List<Alert>>();
361 |         for (Alert alert : alerts) {
362 |             URL url = null;
363 |             try {
364 |                 url = new URL(alert.getUrl());
365 |                 String host = url.getHost();
366 |                 if (alertsByHost.get(host) == null) {
367 |                     alertsByHost.put(host, new ArrayList<Alert>());
368 |                 }
369 |                 alertsByHost.get(host).add(alert);
370 |             } catch (MalformedURLException e) {
371 |                 System.err.println("Skipping malformed URL: "+alert.getUrl());
372 |                 e.printStackTrace();
373 |             }
374 |         }
375 |         return alertsByHost;
376 |     }
377 | 
378 | 
379 |     public void openLoginPage() {
380 |         driver.get(BASEURL + "user/login");
381 |     }
382 | 
383 |     public void login(String user, String pass) {
384 |         driver.findElement(By.id("username")).clear();
385 |         driver.findElement(By.id("username")).sendKeys(user);
386 |         driver.findElement(By.id("password")).clear();
387 |         driver.findElement(By.id("password")).sendKeys(pass);
388 |         driver.findElement(By.name("_action_login")).click();
389 |     }
390 | 
391 | }
392 | 


--------------------------------------------------------------------------------
/src/test/resources/ropeytasks-0.1.war:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iriusrisk/zap-java-api/4f9fe090a073345e9ae33b40ff0e378662a7c2a8/src/test/resources/ropeytasks-0.1.war


--------------------------------------------------------------------------------