├── update-all.sh ├── go.mod ├── .gitignore ├── .golangci.yml ├── zap ├── params_generated.go ├── retest_generated.go ├── importurls_generated.go ├── reveal_generated.go ├── soap_generated.go ├── automation_generated.go ├── openapi_generated.go ├── revisit_generated.go ├── exportreport_generated.go ├── wappalyzer_generated.go ├── local-proxies_generated.go ├── authorization_generated.go ├── forced-user_generated.go ├── rule-config_generated.go ├── session-management_generated.go ├── acsrf_generated.go ├── reports_generated.go ├── import-log-files_generated.go ├── pnh_generated.go ├── access-control_generated.go ├── replacer_generated.go ├── websocket_generated.go ├── authentication_generated.go ├── brk_generated.go ├── client.go ├── stats_generated.go ├── pscan_generated.go ├── selenium_generated.go ├── alert_generated.go ├── http-sessions_generated.go ├── search_generated.go ├── interface.go ├── users_generated.go ├── alert-filter_generated.go ├── graphql_generated.go ├── autoupdate_generated.go ├── context_generated.go ├── script_generated.go ├── ajax-spider_generated.go ├── spider_generated.go └── ascan_generated.go ├── pre-commit ├── example ├── README.md └── example.go ├── .github └── workflows │ └── golangci-lint.yaml ├── README.md └── LICENSE /update-all.sh: -------------------------------------------------------------------------------- 1 | gofmt -w . -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/zaproxy/zap-api-go 2 | 3 | go 1.17 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled Object files, Static and Dynamic libs (Shared Objects) 2 | *.o 3 | *.a 4 | *.so 5 | 6 | # Folders 7 | _obj 8 | _test 9 | 10 | # Architecture specific extensions/prefixes 11 | *.[568vq] 12 | [568vq].out 13 | 14 | *.cgo1.go 15 | *.cgo2.c 16 | _cgo_defun.c 17 | _cgo_gotypes.go 18 | _cgo_export.* 19 | 20 | _testmain.go 21 | 22 | *.exe 23 | *.test 24 | *.prof 25 | -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- 1 | linters: 2 | enable: 3 | - bodyclose 4 | - deadcode 5 | - dogsled 6 | - goimports 7 | - gosec 8 | - gofmt 9 | - gosimple 10 | - govet 11 | - ineffassign 12 | - megacheck 13 | - misspell 14 | - nakedret 15 | - staticcheck 16 | - structcheck 17 | - typecheck 18 | - unconvert 19 | - unparam 20 | - unused 21 | - varcheck 22 | 23 | disable: 24 | - errcheck 25 | 26 | run: 27 | timeout: 5m 28 | skip-dirs: 29 | - example 30 | 31 | linters-settings: 32 | gocyclo: 33 | min-complexity: 16 34 | govet: 35 | check-shadowing: false 36 | nakedret: 37 | command: nakedret 38 | pattern: ^(?P.*?\\.go):(?P\\d+)\\s*(?P.*)$ 39 | 40 | issues: 41 | # The default exclusion rules are a bit too permissive, so copying the relevant ones below 42 | exclude-use-default: false 43 | 44 | exclude: 45 | - parameter .* always receives -------------------------------------------------------------------------------- /zap/params_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Params struct { 25 | c *Client 26 | } 27 | 28 | // Shows the parameters for the specified site, or for all sites if the site is not specified 29 | func (p Params) Params(site string) (map[string]interface{}, error) { 30 | m := map[string]string{ 31 | "site": site, 32 | } 33 | return p.c.Request("params/view/params/", m) 34 | } 35 | -------------------------------------------------------------------------------- /zap/retest_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Retest struct { 25 | c *Client 26 | } 27 | 28 | // This component is optional and therefore the API will only work if it is installed 29 | func (r Retest) Retest(alertids string) (map[string]interface{}, error) { 30 | m := map[string]string{ 31 | "alertIds": alertids, 32 | } 33 | return r.c.Request("retest/action/retest/", m) 34 | } 35 | -------------------------------------------------------------------------------- /pre-commit: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | GOFMT_FILES=$(gofmt -l .) 4 | if [ -n "${GOFMT_FILES}" ]; then 5 | printf >&2 'gofmt failed for the following files:\n%s\n\nplease run "gofmt -w ." on your changes before committing.\n' "${GOFMT_FILES}" 6 | exit 1 7 | fi 8 | 9 | # comments for public struct and method are auto generated, it does not conform the golint specification, 10 | # currently, disable the golint check. 11 | # 12 | #GOLINT_ERRORS=$(golint ./... | grep -v "Id should be") 13 | #if [ -n "${GOLINT_ERRORS}" ]; then 14 | # printf >&2 'golint failed for the following reasons:\n%s\n\nplease run 'golint ./...' on your changes before committing.\n' "${GOLINT_ERRORS}" 15 | # exit 1 16 | #fi 17 | 18 | GOVET_ERRORS=$(go vet ./... 2>&1) 19 | if [ -n "${GOVET_ERRORS}" ]; then 20 | printf >&2 'go vet failed for the following reasons:\n%s\n\nplease run "go tool vet *.go" on your changes before committing.\n' "${GOVET_ERRORS}" 21 | exit 1 22 | fi 23 | 24 | # (TODO) enable this when we have test files 25 | # 26 | #if [ -z "${NOTEST}" ]; then 27 | # printf >&2 'Running short tests...\n' 28 | # go test -short -v | egrep 'PASS|ok' 29 | # 30 | # if [ $? -ne 0 ]; then 31 | # printf >&2 'go test failed, please fix before committing.\n' 32 | # exit 1 33 | # fi 34 | #fi 35 | -------------------------------------------------------------------------------- /example/README.md: -------------------------------------------------------------------------------- 1 | ## How to run example 2 | 3 | #### run ZAP daemon 4 | ```shell 5 | docker run --name zap -u zap -p 8080:8080 -i ghcr.io/zaproxy/zaproxy:stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.\* -config api.addrs.addr.regex=true 6 | ``` 7 | 8 | #### run bodgeit 9 | ```shell 10 | docker run --name bodgeit --rm -it psiinon/bodgeit 11 | ``` 12 | 13 | #### get the ip address of bodgeit 14 | ```shell 15 | docker inspect bodgeit | grep IPAddress 16 | ``` 17 | 18 | #### run example 19 | ```shell 20 | go run example.go -target=http://{$bodgeit_IP}:8080/bodgeit 21 | ``` 22 | 23 | #### How to connect to ZAP server using HTTPS 24 | 25 | 1. Client connect to ZAP server using HTTP by default. To instruct client to connect ZAP server using HTTPS, you should: 26 | * change the ZAP base path using HTTPS 27 | * pass in your TLS config 28 | 29 | 2. example: 30 | ```golang 31 | cfg := &zap.Config{ 32 | Base: zap.DefaultHTTPSBase, 33 | BaseOther: zap.DefaultHTTPSBaseOther, 34 | // you can set your custom certificates here 35 | TLSConfig: tls.Config{ 36 | InsecureSkipVerify: true, 37 | }, 38 | } 39 | client, err := zap.NewClient(cfg) 40 | if err != nil { 41 | log.Fatal(err) 42 | } 43 | /* 44 | use the client... 45 | */ 46 | ``` -------------------------------------------------------------------------------- /zap/importurls_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Importurls struct { 25 | c *Client 26 | } 27 | 28 | // Imports URLs (one per line) from the file with the given file system path. 29 | // 30 | // This component is optional and therefore the API will only work if it is installed 31 | func (i Importurls) Importurls(filepath string) (map[string]interface{}, error) { 32 | m := map[string]string{ 33 | "filePath": filepath, 34 | } 35 | return i.c.Request("importurls/action/importurls/", m) 36 | } 37 | -------------------------------------------------------------------------------- /.github/workflows/golangci-lint.yaml: -------------------------------------------------------------------------------- 1 | name: golangci-lint 2 | on: 3 | push: 4 | branches: 5 | - master 6 | pull_request: 7 | 8 | permissions: 9 | contents: read 10 | # Optional: allow read access to pull request. Use with `only-new-issues` option. 11 | # pull-requests: read 12 | jobs: 13 | golangci: 14 | name: lint 15 | runs-on: ubuntu-latest 16 | steps: 17 | - uses: actions/checkout@v2 18 | - name: golangci-lint 19 | uses: golangci/golangci-lint-action@v2 20 | with: 21 | # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version 22 | version: latest 23 | 24 | # Optional: working directory, useful for monorepos 25 | # working-directory: somedir 26 | 27 | # Optional: golangci-lint command line arguments. 28 | # args: --issues-exit-code=0 29 | 30 | # Optional: show only new issues if it's a pull request. The default value is `false`. 31 | # only-new-issues: true 32 | 33 | # Optional: if set to true then the action will use pre-installed Go. 34 | # skip-go-installation: true 35 | 36 | # Optional: if set to true then the action don't cache or restore ~/go/pkg. 37 | # skip-pkg-cache: true 38 | 39 | # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. 40 | # skip-build-cache: true -------------------------------------------------------------------------------- /zap/reveal_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Reveal struct { 25 | c *Client 26 | } 27 | 28 | // Tells if shows hidden fields and enables disabled fields 29 | // 30 | // This component is optional and therefore the API will only work if it is installed 31 | func (r Reveal) Reveal() (map[string]interface{}, error) { 32 | return r.c.Request("reveal/view/reveal/", nil) 33 | } 34 | 35 | // Sets if shows hidden fields and enables disabled fields 36 | // 37 | // This component is optional and therefore the API will only work if it is installed 38 | func (r Reveal) SetReveal(reveal string) (map[string]interface{}, error) { 39 | m := map[string]string{ 40 | "reveal": reveal, 41 | } 42 | return r.c.Request("reveal/action/setReveal/", m) 43 | } 44 | -------------------------------------------------------------------------------- /zap/soap_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Soap struct { 25 | c *Client 26 | } 27 | 28 | // Import a WSDL definition from local file. 29 | // 30 | // This component is optional and therefore the API will only work if it is installed 31 | func (s Soap) ImportFile(file string) (map[string]interface{}, error) { 32 | m := map[string]string{ 33 | "file": file, 34 | } 35 | return s.c.Request("soap/action/importFile/", m) 36 | } 37 | 38 | // Import a WSDL definition from a URL. 39 | // 40 | // This component is optional and therefore the API will only work if it is installed 41 | func (s Soap) ImportUrl(url string) (map[string]interface{}, error) { 42 | m := map[string]string{ 43 | "url": url, 44 | } 45 | return s.c.Request("soap/action/importUrl/", m) 46 | } 47 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ZAP GO API 2 | 3 | The Go implementation to access the [ZAP API](https://www.zaproxy.org/docs/api/). For more information 4 | about ZAP consult the (main) [ZAP project](https://github.com/zaproxy/zaproxy/). 5 | 6 | ## How to Obtain 7 | 8 | The latest released version can be downloaded using: 9 | 10 | go get github.com/zaproxy/zap-api-go 11 | 12 | ## Getting Help 13 | 14 | For help using ZAP API refer to: 15 | * [Examples](https://github.com/zaproxy/zap-api-go/tree/master/example) - collection of examples using the library; 16 | * [API Documentation](https://www.zaproxy.org/docs/api/) 17 | * [ZAP User Group](https://groups.google.com/group/zaproxy-users) - for asking questions; 18 | 19 | ## Updating the Generated Files 20 | 21 | Most of the API code is generated from the ZAP java source code. 22 | 23 | To regenerate the API code you will need the repos [zaproxy](https://github.com/zaproxy/zaproxy) and [zap-extensions](https://github.com/zaproxy/zap-extensions) checked out at the same level as this one. 24 | 25 | You should typically generate the core API calls from the latest release tag e.g.: 26 | 27 | ``` 28 | cd zaproxy 29 | git fetch upstream -t 30 | git checkout tags/v2.13.0 31 | ./gradlew generateGoApiEndpoints 32 | cd .. 33 | ``` 34 | 35 | The add-on APIs can be generated from the zap-extensions `main` branch: 36 | 37 | ``` 38 | cd zap-extensions 39 | git pull upstream main 40 | ./gradlew generateGoZapApiClientFiles --continue 41 | cd .. 42 | ``` 43 | 44 | The above commands will update the files in `zap-api-go/zap`. 45 | 46 | If any new files are created then they should be manually added to `zap-api-go/zap/interface.go` as per the existing files. -------------------------------------------------------------------------------- /zap/automation_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Automation struct { 25 | c *Client 26 | } 27 | 28 | // This component is optional and therefore the API will only work if it is installed 29 | func (a Automation) PlanProgress(planid string) (map[string]interface{}, error) { 30 | m := map[string]string{ 31 | "planId": planid, 32 | } 33 | return a.c.Request("automation/view/planProgress/", m) 34 | } 35 | 36 | // This component is optional and therefore the API will only work if it is installed 37 | func (a Automation) RunPlan(filepath string) (map[string]interface{}, error) { 38 | m := map[string]string{ 39 | "filePath": filepath, 40 | } 41 | return a.c.Request("automation/action/runPlan/", m) 42 | } 43 | 44 | // This component is optional and therefore the API will only work if it is installed 45 | func (a Automation) EndDelayJob() (map[string]interface{}, error) { 46 | return a.c.Request("automation/action/endDelayJob/", nil) 47 | } 48 | -------------------------------------------------------------------------------- /zap/openapi_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Openapi struct { 25 | c *Client 26 | } 27 | 28 | // Imports an OpenAPI definition from a local file. 29 | // 30 | // This component is optional and therefore the API will only work if it is installed 31 | func (o Openapi) ImportFile(file string, target string, contextid string) (map[string]interface{}, error) { 32 | m := map[string]string{ 33 | "file": file, 34 | "target": target, 35 | "contextId": contextid, 36 | } 37 | return o.c.Request("openapi/action/importFile/", m) 38 | } 39 | 40 | // Imports an OpenAPI definition from a URL. 41 | // 42 | // This component is optional and therefore the API will only work if it is installed 43 | func (o Openapi) ImportUrl(url string, hostoverride string, contextid string) (map[string]interface{}, error) { 44 | m := map[string]string{ 45 | "url": url, 46 | "hostOverride": hostoverride, 47 | "contextId": contextid, 48 | } 49 | return o.c.Request("openapi/action/importUrl/", m) 50 | } 51 | -------------------------------------------------------------------------------- /zap/revisit_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Revisit struct { 25 | c *Client 26 | } 27 | 28 | // This component is optional and therefore the API will only work if it is installed 29 | func (r Revisit) RevisitList() (map[string]interface{}, error) { 30 | return r.c.Request("revisit/view/revisitList/", nil) 31 | } 32 | 33 | // This component is optional and therefore the API will only work if it is installed 34 | func (r Revisit) RevisitSiteOn(site string, starttime string, endtime string) (map[string]interface{}, error) { 35 | m := map[string]string{ 36 | "site": site, 37 | "startTime": starttime, 38 | "endTime": endtime, 39 | } 40 | return r.c.Request("revisit/action/revisitSiteOn/", m) 41 | } 42 | 43 | // This component is optional and therefore the API will only work if it is installed 44 | func (r Revisit) RevisitSiteOff(site string) (map[string]interface{}, error) { 45 | m := map[string]string{ 46 | "site": site, 47 | } 48 | return r.c.Request("revisit/action/revisitSiteOff/", m) 49 | } 50 | -------------------------------------------------------------------------------- /zap/exportreport_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Exportreport struct { 25 | c *Client 26 | } 27 | 28 | // This component is optional and therefore the API will only work if it is installed 29 | func (e Exportreport) Formats() (map[string]interface{}, error) { 30 | return e.c.Request("exportreport/view/formats/", nil) 31 | } 32 | 33 | // This component is optional and therefore the API will only work if it is installed 34 | func (e Exportreport) Generate(absolutepath string, fileextension string, sourcedetails string, alertseverity string, alertdetails string, scanid string, includepassivealerts string) (map[string]interface{}, error) { 35 | m := map[string]string{ 36 | "absolutePath": absolutepath, 37 | "fileExtension": fileextension, 38 | "sourceDetails": sourcedetails, 39 | "alertSeverity": alertseverity, 40 | "alertDetails": alertdetails, 41 | "scanId": scanid, 42 | "includePassiveAlerts": includepassivealerts, 43 | } 44 | return e.c.Request("exportreport/action/generate/", m) 45 | } 46 | -------------------------------------------------------------------------------- /zap/wappalyzer_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Wappalyzer struct { 25 | c *Client 26 | } 27 | 28 | // Lists all the sites recognized by the wappalyzer addon. 29 | // 30 | // This component is optional and therefore the API will only work if it is installed 31 | func (w Wappalyzer) ListSites() (map[string]interface{}, error) { 32 | return w.c.Request("wappalyzer/view/listSites/", nil) 33 | } 34 | 35 | // Lists all sites and their associated applications (technologies). 36 | // 37 | // This component is optional and therefore the API will only work if it is installed 38 | func (w Wappalyzer) ListAll() (map[string]interface{}, error) { 39 | return w.c.Request("wappalyzer/view/listAll/", nil) 40 | } 41 | 42 | // Lists all the applications (technologies) associated with a specific site. 43 | // 44 | // This component is optional and therefore the API will only work if it is installed 45 | func (w Wappalyzer) ListSite(site string) (map[string]interface{}, error) { 46 | m := map[string]string{ 47 | "site": site, 48 | } 49 | return w.c.Request("wappalyzer/view/listSite/", m) 50 | } 51 | -------------------------------------------------------------------------------- /zap/local-proxies_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type LocalProxies struct { 25 | c *Client 26 | } 27 | 28 | // Gets all of the additional proxies that have been configured. 29 | func (l LocalProxies) AdditionalProxies() (map[string]interface{}, error) { 30 | return l.c.Request("localProxies/view/additionalProxies/", nil) 31 | } 32 | 33 | // Adds an new proxy using the details supplied. 34 | func (l LocalProxies) AddAdditionalProxy(address string, port string, behindnat string, alwaysdecodezip string, removeunsupportedencodings string) (map[string]interface{}, error) { 35 | m := map[string]string{ 36 | "address": address, 37 | "port": port, 38 | "behindNat": behindnat, 39 | "alwaysDecodeZip": alwaysdecodezip, 40 | "removeUnsupportedEncodings": removeunsupportedencodings, 41 | } 42 | return l.c.Request("localProxies/action/addAdditionalProxy/", m) 43 | } 44 | 45 | // Removes the additional proxy with the specified address and port. 46 | func (l LocalProxies) RemoveAdditionalProxy(address string, port string) (map[string]interface{}, error) { 47 | m := map[string]string{ 48 | "address": address, 49 | "port": port, 50 | } 51 | return l.c.Request("localProxies/action/removeAdditionalProxy/", m) 52 | } 53 | -------------------------------------------------------------------------------- /zap/authorization_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Authorization struct { 25 | c *Client 26 | } 27 | 28 | // Obtains all the configuration of the authorization detection method that is currently set for a context. 29 | func (a Authorization) GetAuthorizationDetectionMethod(contextid string) (map[string]interface{}, error) { 30 | m := map[string]string{ 31 | "contextId": contextid, 32 | } 33 | return a.c.Request("authorization/view/getAuthorizationDetectionMethod/", m) 34 | } 35 | 36 | // Sets the authorization detection method for a context as one that identifies un-authorized messages based on: the message's status code or a regex pattern in the response's header or body. Also, whether all conditions must match or just some can be specified via the logicalOperator parameter, which accepts two values: "AND" (default), "OR". 37 | func (a Authorization) SetBasicAuthorizationDetectionMethod(contextid string, headerregex string, bodyregex string, statuscode string, logicaloperator string) (map[string]interface{}, error) { 38 | m := map[string]string{ 39 | "contextId": contextid, 40 | "headerRegex": headerregex, 41 | "bodyRegex": bodyregex, 42 | "statusCode": statuscode, 43 | "logicalOperator": logicaloperator, 44 | } 45 | return a.c.Request("authorization/action/setBasicAuthorizationDetectionMethod/", m) 46 | } 47 | -------------------------------------------------------------------------------- /zap/forced-user_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | import "strconv" 25 | 26 | type ForcedUser struct { 27 | c *Client 28 | } 29 | 30 | // Returns 'true' if 'forced user' mode is enabled, 'false' otherwise 31 | func (f ForcedUser) IsForcedUserModeEnabled() (map[string]interface{}, error) { 32 | return f.c.Request("forcedUser/view/isForcedUserModeEnabled/", nil) 33 | } 34 | 35 | // Gets the user (ID) set as 'forced user' for the given context (ID) 36 | func (f ForcedUser) GetForcedUser(contextid string) (map[string]interface{}, error) { 37 | m := map[string]string{ 38 | "contextId": contextid, 39 | } 40 | return f.c.Request("forcedUser/view/getForcedUser/", m) 41 | } 42 | 43 | // Sets the user (ID) that should be used in 'forced user' mode for the given context (ID) 44 | func (f ForcedUser) SetForcedUser(contextid string, userid string) (map[string]interface{}, error) { 45 | m := map[string]string{ 46 | "contextId": contextid, 47 | "userId": userid, 48 | } 49 | return f.c.Request("forcedUser/action/setForcedUser/", m) 50 | } 51 | 52 | // Sets if 'forced user' mode should be enabled or not 53 | func (f ForcedUser) SetForcedUserModeEnabled(boolean bool) (map[string]interface{}, error) { 54 | m := map[string]string{ 55 | "boolean": strconv.FormatBool(boolean), 56 | } 57 | return f.c.Request("forcedUser/action/setForcedUserModeEnabled/", m) 58 | } 59 | -------------------------------------------------------------------------------- /zap/rule-config_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type RuleConfig struct { 25 | c *Client 26 | } 27 | 28 | // Show the specified rule configuration 29 | func (r RuleConfig) RuleConfigValue(key string) (map[string]interface{}, error) { 30 | m := map[string]string{ 31 | "key": key, 32 | } 33 | return r.c.Request("ruleConfig/view/ruleConfigValue/", m) 34 | } 35 | 36 | // Show all of the rule configurations 37 | func (r RuleConfig) AllRuleConfigs() (map[string]interface{}, error) { 38 | return r.c.Request("ruleConfig/view/allRuleConfigs/", nil) 39 | } 40 | 41 | // Reset the specified rule configuration, which must already exist 42 | func (r RuleConfig) ResetRuleConfigValue(key string) (map[string]interface{}, error) { 43 | m := map[string]string{ 44 | "key": key, 45 | } 46 | return r.c.Request("ruleConfig/action/resetRuleConfigValue/", m) 47 | } 48 | 49 | // Reset all of the rule configurations 50 | func (r RuleConfig) ResetAllRuleConfigValues() (map[string]interface{}, error) { 51 | return r.c.Request("ruleConfig/action/resetAllRuleConfigValues/", nil) 52 | } 53 | 54 | // Set the specified rule configuration, which must already exist 55 | func (r RuleConfig) SetRuleConfigValue(key string, value string) (map[string]interface{}, error) { 56 | m := map[string]string{ 57 | "key": key, 58 | "value": value, 59 | } 60 | return r.c.Request("ruleConfig/action/setRuleConfigValue/", m) 61 | } 62 | -------------------------------------------------------------------------------- /zap/session-management_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type SessionManagement struct { 25 | c *Client 26 | } 27 | 28 | // Gets the name of the session management methods. 29 | func (s SessionManagement) GetSupportedSessionManagementMethods() (map[string]interface{}, error) { 30 | return s.c.Request("sessionManagement/view/getSupportedSessionManagementMethods/", nil) 31 | } 32 | 33 | // Gets the configuration parameters for the session management method with the given name. 34 | func (s SessionManagement) GetSessionManagementMethodConfigParams(methodname string) (map[string]interface{}, error) { 35 | m := map[string]string{ 36 | "methodName": methodname, 37 | } 38 | return s.c.Request("sessionManagement/view/getSessionManagementMethodConfigParams/", m) 39 | } 40 | 41 | // Gets the name of the session management method for the context with the given ID. 42 | func (s SessionManagement) GetSessionManagementMethod(contextid string) (map[string]interface{}, error) { 43 | m := map[string]string{ 44 | "contextId": contextid, 45 | } 46 | return s.c.Request("sessionManagement/view/getSessionManagementMethod/", m) 47 | } 48 | 49 | // Sets the session management method for the context with the given ID. 50 | func (s SessionManagement) SetSessionManagementMethod(contextid string, methodname string, methodconfigparams string) (map[string]interface{}, error) { 51 | m := map[string]string{ 52 | "contextId": contextid, 53 | "methodName": methodname, 54 | "methodConfigParams": methodconfigparams, 55 | } 56 | return s.c.Request("sessionManagement/action/setSessionManagementMethod/", m) 57 | } 58 | -------------------------------------------------------------------------------- /zap/acsrf_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | import "strconv" 25 | 26 | type Acsrf struct { 27 | c *Client 28 | } 29 | 30 | // Lists the names of all anti-CSRF tokens 31 | func (a Acsrf) OptionTokensNames() (map[string]interface{}, error) { 32 | return a.c.Request("acsrf/view/optionTokensNames/", nil) 33 | } 34 | 35 | // Define if ZAP should detect CSRF tokens by searching for partial matches 36 | func (a Acsrf) OptionPartialMatchingEnabled() (map[string]interface{}, error) { 37 | return a.c.Request("acsrf/view/optionPartialMatchingEnabled/", nil) 38 | } 39 | 40 | // Adds an anti-CSRF token with the given name, enabled by default 41 | func (a Acsrf) AddOptionToken(str string) (map[string]interface{}, error) { 42 | m := map[string]string{ 43 | "String": str, 44 | } 45 | return a.c.Request("acsrf/action/addOptionToken/", m) 46 | } 47 | 48 | // Removes the anti-CSRF token with the given name 49 | func (a Acsrf) RemoveOptionToken(str string) (map[string]interface{}, error) { 50 | m := map[string]string{ 51 | "String": str, 52 | } 53 | return a.c.Request("acsrf/action/removeOptionToken/", m) 54 | } 55 | 56 | // Define if ZAP should detect CSRF tokens by searching for partial matches. 57 | func (a Acsrf) SetOptionPartialMatchingEnabled(boolean bool) (map[string]interface{}, error) { 58 | m := map[string]string{ 59 | "Boolean": strconv.FormatBool(boolean), 60 | } 61 | return a.c.Request("acsrf/action/setOptionPartialMatchingEnabled/", m) 62 | } 63 | 64 | // Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP 65 | func (a Acsrf) GenForm(hrefid string) ([]byte, error) { 66 | m := map[string]string{ 67 | "hrefId": hrefid, 68 | } 69 | return a.c.RequestOther("acsrf/other/genForm/", m) 70 | } 71 | -------------------------------------------------------------------------------- /zap/reports_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Reports struct { 25 | c *Client 26 | } 27 | 28 | // View available templates. 29 | // 30 | // This component is optional and therefore the API will only work if it is installed 31 | func (r Reports) Templates() (map[string]interface{}, error) { 32 | return r.c.Request("reports/view/templates/", nil) 33 | } 34 | 35 | // View details of the specified template. 36 | // 37 | // This component is optional and therefore the API will only work if it is installed 38 | func (r Reports) TemplateDetails(template string) (map[string]interface{}, error) { 39 | m := map[string]string{ 40 | "template": template, 41 | } 42 | return r.c.Request("reports/view/templateDetails/", m) 43 | } 44 | 45 | // Generate a report with the supplied parameters. 46 | // 47 | // This component is optional and therefore the API will only work if it is installed 48 | func (r Reports) Generate(title string, template string, theme string, description string, contexts string, sites string, sections string, includedconfidences string, includedrisks string, reportfilename string, reportfilenamepattern string, reportdir string, display string) (map[string]interface{}, error) { 49 | m := map[string]string{ 50 | "title": title, 51 | "template": template, 52 | "theme": theme, 53 | "description": description, 54 | "contexts": contexts, 55 | "sites": sites, 56 | "sections": sections, 57 | "includedConfidences": includedconfidences, 58 | "includedRisks": includedrisks, 59 | "reportFileName": reportfilename, 60 | "reportFileNamePattern": reportfilenamepattern, 61 | "reportDir": reportdir, 62 | "display": display, 63 | } 64 | return r.c.Request("reports/action/generate/", m) 65 | } 66 | -------------------------------------------------------------------------------- /example/example.go: -------------------------------------------------------------------------------- 1 | /* 2 | * Zed Attack Proxy (ZAP) and its related class files. 3 | * 4 | * ZAP is an HTTP/HTTPS proxy for assessing web application security. 5 | * 6 | * Copyright 2017 The Zed Attack Proxy Team 7 | * 8 | * Licensed under the Apache License, Version 2.0 (the "License"); 9 | * you may not use this file except in compliance with the License. 10 | * You may obtain a copy of the License at 11 | * 12 | * http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * Unless required by applicable law or agreed to in writing, software 15 | * distributed under the License is distributed on an "AS IS" BASIS, 16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | * See the License for the specific language governing permissions and 18 | * limitations under the License. 19 | */ 20 | 21 | package main 22 | 23 | import ( 24 | "flag" 25 | "fmt" 26 | "log" 27 | "strconv" 28 | "time" 29 | 30 | "github.com/zaproxy/zap-api-go/zap" 31 | ) 32 | 33 | var target string 34 | 35 | func init() { 36 | flag.StringVar(&target, "target", "http://127.0.0.1:8090/bodgeit/", "target address") 37 | flag.Parse() 38 | } 39 | 40 | func main() { 41 | cfg := &zap.Config{ 42 | Proxy: "http://127.0.0.1:8080", 43 | } 44 | client, err := zap.NewClient(cfg) 45 | if err != nil { 46 | log.Fatal(err) 47 | } 48 | 49 | // Start spidering the target 50 | fmt.Println("Spider : " + target) 51 | resp, err := client.Spider().Scan(target, "", "", "", "") 52 | if err != nil { 53 | log.Fatal(err) 54 | } 55 | // The scan now returns a scan id to support concurrent scanning 56 | scanid := resp["scan"].(string) 57 | for { 58 | time.Sleep(1000 * time.Millisecond) 59 | resp, _ = client.Spider().Status(scanid) 60 | progress, _ := strconv.Atoi(resp["status"].(string)) 61 | if progress >= 100 { 62 | break 63 | } 64 | } 65 | fmt.Println("Spider complete") 66 | 67 | // Give the passive scanner a chance to complete 68 | time.Sleep(2000 * time.Millisecond) 69 | 70 | fmt.Println("Active scan : " + target) 71 | resp, err = client.Ascan().Scan(target, "True", "False", "", "", "", "") 72 | if err != nil { 73 | log.Fatal(err) 74 | } 75 | // The scan now returns a scan id to support concurrent scanning 76 | scanid = resp["scan"].(string) 77 | for { 78 | time.Sleep(5000 * time.Millisecond) 79 | resp, _ = client.Ascan().Status(scanid) 80 | progress, _ := strconv.Atoi(resp["status"].(string)) 81 | fmt.Printf("Active Scan progress : %d\n", progress) 82 | if progress >= 100 { 83 | break 84 | } 85 | } 86 | fmt.Println("Active Scan complete") 87 | fmt.Println("Alerts:") 88 | report, err := client.Core().Xmlreport() 89 | if err != nil { 90 | log.Fatal(err) 91 | } 92 | fmt.Println(string(report)) 93 | } 94 | -------------------------------------------------------------------------------- /zap/import-log-files_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type ImportLogFiles struct { 25 | c *Client 26 | } 27 | 28 | // This component is optional and therefore the API will only work if it is installed 29 | func (i ImportLogFiles) ImportZAPLogFromFile(filepath string) (map[string]interface{}, error) { 30 | m := map[string]string{ 31 | "FilePath": filepath, 32 | } 33 | return i.c.Request("importLogFiles/action/ImportZAPLogFromFile/", m) 34 | } 35 | 36 | // This component is optional and therefore the API will only work if it is installed 37 | func (i ImportLogFiles) ImportModSecurityLogFromFile(filepath string) (map[string]interface{}, error) { 38 | m := map[string]string{ 39 | "FilePath": filepath, 40 | } 41 | return i.c.Request("importLogFiles/action/ImportModSecurityLogFromFile/", m) 42 | } 43 | 44 | // This component is optional and therefore the API will only work if it is installed 45 | func (i ImportLogFiles) ImportZAPHttpRequestResponsePair(httprequest string, httpresponse string) (map[string]interface{}, error) { 46 | m := map[string]string{ 47 | "HTTPRequest": httprequest, 48 | "HTTPResponse": httpresponse, 49 | } 50 | return i.c.Request("importLogFiles/action/ImportZAPHttpRequestResponsePair/", m) 51 | } 52 | 53 | // This component is optional and therefore the API will only work if it is installed 54 | func (i ImportLogFiles) PostModSecurityAuditEvent(auditeventstring string) (map[string]interface{}, error) { 55 | m := map[string]string{ 56 | "AuditEventString": auditeventstring, 57 | } 58 | return i.c.Request("importLogFiles/action/PostModSecurityAuditEvent/", m) 59 | } 60 | 61 | // This component is optional and therefore the API will only work if it is installed 62 | func (i ImportLogFiles) OtherPostModSecurityAuditEvent(auditeventstring string) ([]byte, error) { 63 | m := map[string]string{ 64 | "AuditEventString": auditeventstring, 65 | } 66 | return i.c.RequestOther("importLogFiles/other/OtherPostModSecurityAuditEvent/", m) 67 | } 68 | -------------------------------------------------------------------------------- /zap/pnh_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Pnh struct { 25 | c *Client 26 | } 27 | 28 | // This component is optional and therefore the API will only work if it is installed 29 | func (p Pnh) Monitor(id string, message string) (map[string]interface{}, error) { 30 | m := map[string]string{ 31 | "id": id, 32 | "message": message, 33 | } 34 | return p.c.Request("pnh/action/monitor/", m) 35 | } 36 | 37 | // This component is optional and therefore the API will only work if it is installed 38 | func (p Pnh) Oracle(id string) (map[string]interface{}, error) { 39 | m := map[string]string{ 40 | "id": id, 41 | } 42 | return p.c.Request("pnh/action/oracle/", m) 43 | } 44 | 45 | // This component is optional and therefore the API will only work if it is installed 46 | func (p Pnh) StartMonitoring(url string) (map[string]interface{}, error) { 47 | m := map[string]string{ 48 | "url": url, 49 | } 50 | return p.c.Request("pnh/action/startMonitoring/", m) 51 | } 52 | 53 | // This component is optional and therefore the API will only work if it is installed 54 | func (p Pnh) StopMonitoring(id string) (map[string]interface{}, error) { 55 | m := map[string]string{ 56 | "id": id, 57 | } 58 | return p.c.Request("pnh/action/stopMonitoring/", m) 59 | } 60 | 61 | // This component is optional and therefore the API will only work if it is installed 62 | func (p Pnh) Pnh() ([]byte, error) { 63 | return p.c.RequestOther("pnh/other/pnh/", nil) 64 | } 65 | 66 | // This component is optional and therefore the API will only work if it is installed 67 | func (p Pnh) Manifest() ([]byte, error) { 68 | return p.c.RequestOther("pnh/other/manifest/", nil) 69 | } 70 | 71 | // This component is optional and therefore the API will only work if it is installed 72 | func (p Pnh) Service() ([]byte, error) { 73 | return p.c.RequestOther("pnh/other/service/", nil) 74 | } 75 | 76 | // This component is optional and therefore the API will only work if it is installed 77 | func (p Pnh) Fx_pnhxpi() ([]byte, error) { 78 | return p.c.RequestOther("pnh/other/fx_pnh.xpi/", nil) 79 | } 80 | -------------------------------------------------------------------------------- /zap/access-control_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type AccessControl struct { 25 | c *Client 26 | } 27 | 28 | // Gets the Access Control scan progress (percentage integer) for the given context ID. 29 | // 30 | // This component is optional and therefore the API will only work if it is installed 31 | func (a AccessControl) GetScanProgress(contextid string) (map[string]interface{}, error) { 32 | m := map[string]string{ 33 | "contextId": contextid, 34 | } 35 | return a.c.Request("accessControl/view/getScanProgress/", m) 36 | } 37 | 38 | // Gets the Access Control scan status (description string) for the given context ID. 39 | // 40 | // This component is optional and therefore the API will only work if it is installed 41 | func (a AccessControl) GetScanStatus(contextid string) (map[string]interface{}, error) { 42 | m := map[string]string{ 43 | "contextId": contextid, 44 | } 45 | return a.c.Request("accessControl/view/getScanStatus/", m) 46 | } 47 | 48 | // Starts an Access Control scan with the given context ID and user ID. (Optional parameters: user ID for Unauthenticated user, boolean identifying whether or not Alerts are raised, and the Risk level for the Alerts.) [This assumes the Access Control rules were previously established via ZAP gui and the necessary Context exported/imported.] 49 | // 50 | // This component is optional and therefore the API will only work if it is installed 51 | func (a AccessControl) Scan(contextid string, userid string, scanasunauthuser string, raisealert string, alertrisklevel string) (map[string]interface{}, error) { 52 | m := map[string]string{ 53 | "contextId": contextid, 54 | "userId": userid, 55 | "scanAsUnAuthUser": scanasunauthuser, 56 | "raiseAlert": raisealert, 57 | "alertRiskLevel": alertrisklevel, 58 | } 59 | return a.c.Request("accessControl/action/scan/", m) 60 | } 61 | 62 | // Generates an Access Control report for the given context ID and saves it based on the provided filename (path). 63 | // 64 | // This component is optional and therefore the API will only work if it is installed 65 | func (a AccessControl) WriteHTMLreport(contextid string, filename string) (map[string]interface{}, error) { 66 | m := map[string]string{ 67 | "contextId": contextid, 68 | "fileName": filename, 69 | } 70 | return a.c.Request("accessControl/action/writeHTMLreport/", m) 71 | } 72 | -------------------------------------------------------------------------------- /zap/replacer_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Replacer struct { 25 | c *Client 26 | } 27 | 28 | // Returns full details of all of the rules 29 | // 30 | // This component is optional and therefore the API will only work if it is installed 31 | func (r Replacer) Rules() (map[string]interface{}, error) { 32 | return r.c.Request("replacer/view/rules/", nil) 33 | } 34 | 35 | // Adds a replacer rule. For the parameters: desc is a user friendly description, enabled is true or false, matchType is one of [REQ_HEADER, REQ_HEADER_STR, REQ_BODY_STR, RESP_HEADER, RESP_HEADER_STR, RESP_BODY_STR], matchRegex should be true if the matchString should be treated as a regex otherwise false, matchString is the string that will be matched against, replacement is the replacement string, initiators may be blank (for all initiators) or a comma separated list of integers as defined in HttpSender 36 | // 37 | // This component is optional and therefore the API will only work if it is installed 38 | func (r Replacer) AddRule(description string, enabled string, matchtype string, matchregex string, matchstring string, replacement string, initiators string) (map[string]interface{}, error) { 39 | m := map[string]string{ 40 | "description": description, 41 | "enabled": enabled, 42 | "matchType": matchtype, 43 | "matchRegex": matchregex, 44 | "matchString": matchstring, 45 | "replacement": replacement, 46 | "initiators": initiators, 47 | } 48 | return r.c.Request("replacer/action/addRule/", m) 49 | } 50 | 51 | // Removes the rule with the given description 52 | // 53 | // This component is optional and therefore the API will only work if it is installed 54 | func (r Replacer) RemoveRule(description string) (map[string]interface{}, error) { 55 | m := map[string]string{ 56 | "description": description, 57 | } 58 | return r.c.Request("replacer/action/removeRule/", m) 59 | } 60 | 61 | // Enables or disables the rule with the given description based on the bool parameter 62 | // 63 | // This component is optional and therefore the API will only work if it is installed 64 | func (r Replacer) SetEnabled(description string, bool string) (map[string]interface{}, error) { 65 | m := map[string]string{ 66 | "description": description, 67 | "bool": bool, 68 | } 69 | return r.c.Request("replacer/action/setEnabled/", m) 70 | } 71 | -------------------------------------------------------------------------------- /zap/websocket_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Websocket struct { 25 | c *Client 26 | } 27 | 28 | // Returns all of the registered web socket channels 29 | // 30 | // This component is optional and therefore the API will only work if it is installed 31 | func (w Websocket) Channels() (map[string]interface{}, error) { 32 | return w.c.Request("websocket/view/channels/", nil) 33 | } 34 | 35 | // Returns full details of the message specified by the channelId and messageId 36 | // 37 | // This component is optional and therefore the API will only work if it is installed 38 | func (w Websocket) Message(channelid string, messageid string) (map[string]interface{}, error) { 39 | m := map[string]string{ 40 | "channelId": channelid, 41 | "messageId": messageid, 42 | } 43 | return w.c.Request("websocket/view/message/", m) 44 | } 45 | 46 | // Returns a list of all of the messages that meet the given criteria (all optional), where channelId is a channel identifier, start is the offset to start returning messages from (starting from 0), count is the number of messages to return (default no limit) and payloadPreviewLength is the maximum number bytes to return for the payload contents 47 | // 48 | // This component is optional and therefore the API will only work if it is installed 49 | func (w Websocket) Messages(channelid string, start string, count string, payloadpreviewlength string) (map[string]interface{}, error) { 50 | m := map[string]string{ 51 | "channelId": channelid, 52 | "start": start, 53 | "count": count, 54 | "payloadPreviewLength": payloadpreviewlength, 55 | } 56 | return w.c.Request("websocket/view/messages/", m) 57 | } 58 | 59 | // Returns a text representation of an intercepted websockets message 60 | // 61 | // This component is optional and therefore the API will only work if it is installed 62 | func (w Websocket) BreakTextMessage() (map[string]interface{}, error) { 63 | return w.c.Request("websocket/view/breakTextMessage/", nil) 64 | } 65 | 66 | // Sends the specified message on the channel specified by channelId, if outgoing is 'True' then the message will be sent to the server and if it is 'False' then it will be sent to the client 67 | // 68 | // This component is optional and therefore the API will only work if it is installed 69 | func (w Websocket) SendTextMessage(channelid string, outgoing string, message string) (map[string]interface{}, error) { 70 | m := map[string]string{ 71 | "channelId": channelid, 72 | "outgoing": outgoing, 73 | "message": message, 74 | } 75 | return w.c.Request("websocket/action/sendTextMessage/", m) 76 | } 77 | 78 | // Sets the text message for an intercepted websockets message 79 | // 80 | // This component is optional and therefore the API will only work if it is installed 81 | func (w Websocket) SetBreakTextMessage(message string, outgoing string) (map[string]interface{}, error) { 82 | m := map[string]string{ 83 | "message": message, 84 | "outgoing": outgoing, 85 | } 86 | return w.c.Request("websocket/action/setBreakTextMessage/", m) 87 | } 88 | -------------------------------------------------------------------------------- /zap/authentication_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Authentication struct { 25 | c *Client 26 | } 27 | 28 | // Gets the name of the authentication methods. 29 | func (a Authentication) GetSupportedAuthenticationMethods() (map[string]interface{}, error) { 30 | return a.c.Request("authentication/view/getSupportedAuthenticationMethods/", nil) 31 | } 32 | 33 | // Gets the configuration parameters for the authentication method with the given name. 34 | func (a Authentication) GetAuthenticationMethodConfigParams(authmethodname string) (map[string]interface{}, error) { 35 | m := map[string]string{ 36 | "authMethodName": authmethodname, 37 | } 38 | return a.c.Request("authentication/view/getAuthenticationMethodConfigParams/", m) 39 | } 40 | 41 | // Gets the name of the authentication method for the context with the given ID. 42 | func (a Authentication) GetAuthenticationMethod(contextid string) (map[string]interface{}, error) { 43 | m := map[string]string{ 44 | "contextId": contextid, 45 | } 46 | return a.c.Request("authentication/view/getAuthenticationMethod/", m) 47 | } 48 | 49 | // Gets the logged in indicator for the context with the given ID. 50 | func (a Authentication) GetLoggedInIndicator(contextid string) (map[string]interface{}, error) { 51 | m := map[string]string{ 52 | "contextId": contextid, 53 | } 54 | return a.c.Request("authentication/view/getLoggedInIndicator/", m) 55 | } 56 | 57 | // Gets the logged out indicator for the context with the given ID. 58 | func (a Authentication) GetLoggedOutIndicator(contextid string) (map[string]interface{}, error) { 59 | m := map[string]string{ 60 | "contextId": contextid, 61 | } 62 | return a.c.Request("authentication/view/getLoggedOutIndicator/", m) 63 | } 64 | 65 | // Sets the authentication method for the context with the given ID. 66 | func (a Authentication) SetAuthenticationMethod(contextid string, authmethodname string, authmethodconfigparams string) (map[string]interface{}, error) { 67 | m := map[string]string{ 68 | "contextId": contextid, 69 | "authMethodName": authmethodname, 70 | "authMethodConfigParams": authmethodconfigparams, 71 | } 72 | return a.c.Request("authentication/action/setAuthenticationMethod/", m) 73 | } 74 | 75 | // Sets the logged in indicator for the context with the given ID. 76 | func (a Authentication) SetLoggedInIndicator(contextid string, loggedinindicatorregex string) (map[string]interface{}, error) { 77 | m := map[string]string{ 78 | "contextId": contextid, 79 | "loggedInIndicatorRegex": loggedinindicatorregex, 80 | } 81 | return a.c.Request("authentication/action/setLoggedInIndicator/", m) 82 | } 83 | 84 | // Sets the logged out indicator for the context with the given ID. 85 | func (a Authentication) SetLoggedOutIndicator(contextid string, loggedoutindicatorregex string) (map[string]interface{}, error) { 86 | m := map[string]string{ 87 | "contextId": contextid, 88 | "loggedOutIndicatorRegex": loggedoutindicatorregex, 89 | } 90 | return a.c.Request("authentication/action/setLoggedOutIndicator/", m) 91 | } 92 | -------------------------------------------------------------------------------- /zap/brk_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Break struct { 25 | c *Client 26 | } 27 | 28 | // Returns True if ZAP will break on both requests and responses 29 | func (b Break) IsBreakAll() (map[string]interface{}, error) { 30 | return b.c.Request("break/view/isBreakAll/", nil) 31 | } 32 | 33 | // Returns True if ZAP will break on requests 34 | func (b Break) IsBreakRequest() (map[string]interface{}, error) { 35 | return b.c.Request("break/view/isBreakRequest/", nil) 36 | } 37 | 38 | // Returns True if ZAP will break on responses 39 | func (b Break) IsBreakResponse() (map[string]interface{}, error) { 40 | return b.c.Request("break/view/isBreakResponse/", nil) 41 | } 42 | 43 | // Returns the HTTP message currently intercepted (if any) 44 | func (b Break) HttpMessage() (map[string]interface{}, error) { 45 | return b.c.Request("break/view/httpMessage/", nil) 46 | } 47 | 48 | // Controls the global break functionality. The type may be one of: http-all, http-request or http-response. The state may be true (for turning break on for the specified type) or false (for turning break off). Scope is not currently used. 49 | func (b Break) Brk(t string, state string, scope string) (map[string]interface{}, error) { 50 | m := map[string]string{ 51 | "type": t, 52 | "state": state, 53 | "scope": scope, 54 | } 55 | return b.c.Request("break/action/break/", m) 56 | } 57 | 58 | // Overwrites the currently intercepted message with the data provided 59 | func (b Break) SetHttpMessage(httpheader string, httpbody string) (map[string]interface{}, error) { 60 | m := map[string]string{ 61 | "httpHeader": httpheader, 62 | "httpBody": httpbody, 63 | } 64 | return b.c.Request("break/action/setHttpMessage/", m) 65 | } 66 | 67 | // Submits the currently intercepted message and unsets the global request/response breakpoints 68 | func (b Break) Cont() (map[string]interface{}, error) { 69 | return b.c.Request("break/action/continue/", nil) 70 | } 71 | 72 | // Submits the currently intercepted message, the next request or response will automatically be intercepted 73 | func (b Break) Step() (map[string]interface{}, error) { 74 | return b.c.Request("break/action/step/", nil) 75 | } 76 | 77 | // Drops the currently intercepted message 78 | func (b Break) Drop() (map[string]interface{}, error) { 79 | return b.c.Request("break/action/drop/", nil) 80 | } 81 | 82 | // Adds a custom HTTP breakpoint. The string is the string to match. Location may be one of: url, request_header, request_body, response_header or response_body. Match may be: contains or regex. Inverse (match) may be true or false. Lastly, ignorecase (when matching the string) may be true or false. 83 | func (b Break) AddHttpBreakpoint(str string, location string, match string, inverse string, ignorecase string) (map[string]interface{}, error) { 84 | m := map[string]string{ 85 | "string": str, 86 | "location": location, 87 | "match": match, 88 | "inverse": inverse, 89 | "ignorecase": ignorecase, 90 | } 91 | return b.c.Request("break/action/addHttpBreakpoint/", m) 92 | } 93 | 94 | // Removes the specified breakpoint 95 | func (b Break) RemoveHttpBreakpoint(str string, location string, match string, inverse string, ignorecase string) (map[string]interface{}, error) { 96 | m := map[string]string{ 97 | "string": str, 98 | "location": location, 99 | "match": match, 100 | "inverse": inverse, 101 | "ignorecase": ignorecase, 102 | } 103 | return b.c.Request("break/action/removeHttpBreakpoint/", m) 104 | } 105 | -------------------------------------------------------------------------------- /zap/client.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | 19 | package zap 20 | 21 | import ( 22 | "crypto/tls" 23 | "encoding/json" 24 | "fmt" 25 | "io/ioutil" 26 | "net/http" 27 | "net/url" 28 | ) 29 | 30 | const ( 31 | DefaultBase = "http://zap/JSON/" 32 | DefaultBaseOther = "http://zap/OTHER/" 33 | DefaultHTTPSBase = "https://zap/JSON/" 34 | DefaultHTTPSBaseOther = "https://zap/OTHER/" 35 | DefaultProxy = "tcp://127.0.0.1:8080" 36 | ZAP_API_KEY_PARAM = "apikey" 37 | ZAP_API_KEY_HEADER = "X-ZAP-API-Key" 38 | ) 39 | 40 | // Config defines the config of ZAP client 41 | type Config struct { 42 | Base string 43 | BaseOther string 44 | Proxy string 45 | APIKey string 46 | TLSConfig tls.Config 47 | } 48 | 49 | // Client is a ZAP client that allows you to access ZAP API 50 | type Client struct { 51 | *Config 52 | httpClient *http.Client 53 | } 54 | 55 | // NewClient returns a new ZAP client based on the passed in config 56 | func NewClient(cfg *Config) (Interface, error) { 57 | if cfg.Base == "" { 58 | cfg.Base = DefaultBase 59 | } 60 | if cfg.BaseOther == "" { 61 | cfg.BaseOther = DefaultBaseOther 62 | } 63 | if cfg.Proxy == "" { 64 | cfg.Proxy = DefaultProxy 65 | } 66 | 67 | proxyURL, err := url.Parse(cfg.Proxy) 68 | if err != nil { 69 | return nil, err 70 | } 71 | 72 | httpClient := &http.Client{ 73 | Transport: &http.Transport{ 74 | Proxy: http.ProxyURL(proxyURL), 75 | TLSClientConfig: &cfg.TLSConfig, 76 | }, 77 | } 78 | return &Client{ 79 | Config: cfg, 80 | httpClient: httpClient, 81 | }, nil 82 | } 83 | 84 | // Request sends HTTP request to zap base("http://zap/JSON/") API group 85 | func (c *Client) Request(path string, queryParams map[string]string) (map[string]interface{}, error) { 86 | body, err := c.request(c.Base+path, queryParams) 87 | if err != nil { 88 | return nil, err 89 | } 90 | // NOTE: since Golang can not unmarshal a json without knowing the exact struct 91 | // so we can only unmarshal json into a map[string]interface{} here. 92 | var obj map[string]interface{} 93 | if err := json.Unmarshal(body, &obj); err != nil { 94 | return nil, err 95 | } 96 | return obj, nil 97 | } 98 | 99 | // RequestOther sends HTTP request to zap other("http://zap/OTHER/") API group 100 | func (c *Client) RequestOther(path string, queryParams map[string]string) ([]byte, error) { 101 | return c.request(c.BaseOther+path, queryParams) 102 | } 103 | 104 | func (c *Client) request(path string, queryParams map[string]string) ([]byte, error) { 105 | req, err := http.NewRequest("GET", path, nil) 106 | if err != nil { 107 | return nil, err 108 | } 109 | 110 | if len(queryParams) == 0 { 111 | queryParams = map[string]string{} 112 | } 113 | // Send the API key even if there are no parameters, 114 | // older ZAP versions might need API key as (query) parameter. 115 | queryParams[ZAP_API_KEY_PARAM] = c.APIKey 116 | 117 | // add url query parameter 118 | query := req.URL.Query() 119 | for k, v := range queryParams { 120 | if v == "" { 121 | continue 122 | } 123 | query.Add(k, v) 124 | } 125 | req.URL.RawQuery = query.Encode() 126 | 127 | // add HTTP Accept header 128 | req.Header.Add("Accept", "application/json") 129 | // add API Key header 130 | req.Header.Add(ZAP_API_KEY_HEADER, c.APIKey) 131 | 132 | // Close the connection 133 | req.Close = true 134 | 135 | resp, err := c.httpClient.Do(req) 136 | if err != nil { 137 | return nil, fmt.Errorf("Errored when sending request to the server: %v", err) 138 | } 139 | defer resp.Body.Close() 140 | return ioutil.ReadAll(resp.Body) 141 | } 142 | -------------------------------------------------------------------------------- /zap/stats_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | import "strconv" 25 | 26 | type Stats struct { 27 | c *Client 28 | } 29 | 30 | // Statistics 31 | func (s Stats) Stats(keyprefix string) (map[string]interface{}, error) { 32 | m := map[string]string{ 33 | "keyPrefix": keyprefix, 34 | } 35 | return s.c.Request("stats/view/stats/", m) 36 | } 37 | 38 | // Gets all of the site based statistics, optionally filtered by a key prefix 39 | func (s Stats) AllSitesStats(keyprefix string) (map[string]interface{}, error) { 40 | m := map[string]string{ 41 | "keyPrefix": keyprefix, 42 | } 43 | return s.c.Request("stats/view/allSitesStats/", m) 44 | } 45 | 46 | // Gets all of the global statistics, optionally filtered by a key prefix 47 | func (s Stats) SiteStats(site string, keyprefix string) (map[string]interface{}, error) { 48 | m := map[string]string{ 49 | "site": site, 50 | "keyPrefix": keyprefix, 51 | } 52 | return s.c.Request("stats/view/siteStats/", m) 53 | } 54 | 55 | // Gets the Statsd service hostname 56 | func (s Stats) OptionStatsdHost() (map[string]interface{}, error) { 57 | return s.c.Request("stats/view/optionStatsdHost/", nil) 58 | } 59 | 60 | // Gets the Statsd service port 61 | func (s Stats) OptionStatsdPort() (map[string]interface{}, error) { 62 | return s.c.Request("stats/view/optionStatsdPort/", nil) 63 | } 64 | 65 | // Gets the prefix to be applied to all stats sent to the configured Statsd service 66 | func (s Stats) OptionStatsdPrefix() (map[string]interface{}, error) { 67 | return s.c.Request("stats/view/optionStatsdPrefix/", nil) 68 | } 69 | 70 | // Returns 'true' if in memory statistics are enabled, otherwise returns 'false' 71 | func (s Stats) OptionInMemoryEnabled() (map[string]interface{}, error) { 72 | return s.c.Request("stats/view/optionInMemoryEnabled/", nil) 73 | } 74 | 75 | // Returns 'true' if a Statsd server has been correctly configured, otherwise returns 'false' 76 | func (s Stats) OptionStatsdEnabled() (map[string]interface{}, error) { 77 | return s.c.Request("stats/view/optionStatsdEnabled/", nil) 78 | } 79 | 80 | // Clears all of the statistics 81 | func (s Stats) ClearStats(keyprefix string) (map[string]interface{}, error) { 82 | m := map[string]string{ 83 | "keyPrefix": keyprefix, 84 | } 85 | return s.c.Request("stats/action/clearStats/", m) 86 | } 87 | 88 | // Sets the Statsd service hostname, supply an empty string to stop using a Statsd service 89 | func (s Stats) SetOptionStatsdHost(str string) (map[string]interface{}, error) { 90 | m := map[string]string{ 91 | "String": str, 92 | } 93 | return s.c.Request("stats/action/setOptionStatsdHost/", m) 94 | } 95 | 96 | // Sets the prefix to be applied to all stats sent to the configured Statsd service 97 | func (s Stats) SetOptionStatsdPrefix(str string) (map[string]interface{}, error) { 98 | m := map[string]string{ 99 | "String": str, 100 | } 101 | return s.c.Request("stats/action/setOptionStatsdPrefix/", m) 102 | } 103 | 104 | // Sets whether in memory statistics are enabled 105 | func (s Stats) SetOptionInMemoryEnabled(boolean bool) (map[string]interface{}, error) { 106 | m := map[string]string{ 107 | "Boolean": strconv.FormatBool(boolean), 108 | } 109 | return s.c.Request("stats/action/setOptionInMemoryEnabled/", m) 110 | } 111 | 112 | // Sets the Statsd service port 113 | func (s Stats) SetOptionStatsdPort(i int) (map[string]interface{}, error) { 114 | m := map[string]string{ 115 | "Integer": strconv.Itoa(i), 116 | } 117 | return s.c.Request("stats/action/setOptionStatsdPort/", m) 118 | } 119 | -------------------------------------------------------------------------------- /zap/pscan_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Pscan struct { 25 | c *Client 26 | } 27 | 28 | // Tells whether or not the passive scan should be performed only on messages that are in scope. 29 | func (p Pscan) ScanOnlyInScope() (map[string]interface{}, error) { 30 | return p.c.Request("pscan/view/scanOnlyInScope/", nil) 31 | } 32 | 33 | // The number of records the passive scanner still has to scan 34 | func (p Pscan) RecordsToScan() (map[string]interface{}, error) { 35 | return p.c.Request("pscan/view/recordsToScan/", nil) 36 | } 37 | 38 | // Lists all passive scanners with its ID, name, enabled state and alert threshold. 39 | func (p Pscan) Scanners() (map[string]interface{}, error) { 40 | return p.c.Request("pscan/view/scanners/", nil) 41 | } 42 | 43 | // Show information about the passive scan rule currently being run (if any). 44 | func (p Pscan) CurrentRule() (map[string]interface{}, error) { 45 | return p.c.Request("pscan/view/currentRule/", nil) 46 | } 47 | 48 | // Gets the maximum number of alerts a passive scan rule should raise. 49 | func (p Pscan) MaxAlertsPerRule() (map[string]interface{}, error) { 50 | return p.c.Request("pscan/view/maxAlertsPerRule/", nil) 51 | } 52 | 53 | // Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted). 54 | func (p Pscan) SetEnabled(enabled string) (map[string]interface{}, error) { 55 | m := map[string]string{ 56 | "enabled": enabled, 57 | } 58 | return p.c.Request("pscan/action/setEnabled/", m) 59 | } 60 | 61 | // Sets whether or not the passive scan should be performed only on messages that are in scope. 62 | func (p Pscan) SetScanOnlyInScope(onlyinscope string) (map[string]interface{}, error) { 63 | m := map[string]string{ 64 | "onlyInScope": onlyinscope, 65 | } 66 | return p.c.Request("pscan/action/setScanOnlyInScope/", m) 67 | } 68 | 69 | // Enables all passive scanners 70 | func (p Pscan) EnableAllScanners() (map[string]interface{}, error) { 71 | return p.c.Request("pscan/action/enableAllScanners/", nil) 72 | } 73 | 74 | // Disables all passive scanners 75 | func (p Pscan) DisableAllScanners() (map[string]interface{}, error) { 76 | return p.c.Request("pscan/action/disableAllScanners/", nil) 77 | } 78 | 79 | // Enables all passive scanners with the given IDs (comma separated list of IDs) 80 | func (p Pscan) EnableScanners(ids string) (map[string]interface{}, error) { 81 | m := map[string]string{ 82 | "ids": ids, 83 | } 84 | return p.c.Request("pscan/action/enableScanners/", m) 85 | } 86 | 87 | // Disables all passive scanners with the given IDs (comma separated list of IDs) 88 | func (p Pscan) DisableScanners(ids string) (map[string]interface{}, error) { 89 | m := map[string]string{ 90 | "ids": ids, 91 | } 92 | return p.c.Request("pscan/action/disableScanners/", m) 93 | } 94 | 95 | // Sets the alert threshold of the passive scanner with the given ID, accepted values for alert threshold: OFF, DEFAULT, LOW, MEDIUM and HIGH 96 | func (p Pscan) SetScannerAlertThreshold(id string, alertthreshold string) (map[string]interface{}, error) { 97 | m := map[string]string{ 98 | "id": id, 99 | "alertThreshold": alertthreshold, 100 | } 101 | return p.c.Request("pscan/action/setScannerAlertThreshold/", m) 102 | } 103 | 104 | // Sets the maximum number of alerts a passive scan rule should raise. 105 | func (p Pscan) SetMaxAlertsPerRule(maxalerts string) (map[string]interface{}, error) { 106 | m := map[string]string{ 107 | "maxAlerts": maxalerts, 108 | } 109 | return p.c.Request("pscan/action/setMaxAlertsPerRule/", m) 110 | } 111 | 112 | // Disables all passive scan tags. 113 | func (p Pscan) DisableAllTags() (map[string]interface{}, error) { 114 | return p.c.Request("pscan/action/disableAllTags/", nil) 115 | } 116 | 117 | // Enables all passive scan tags. 118 | func (p Pscan) EnableAllTags() (map[string]interface{}, error) { 119 | return p.c.Request("pscan/action/enableAllTags/", nil) 120 | } 121 | -------------------------------------------------------------------------------- /zap/selenium_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Selenium struct { 25 | c *Client 26 | } 27 | 28 | // This component is optional and therefore the API will only work if it is installed 29 | func (s Selenium) OptionBrowserExtensions() (map[string]interface{}, error) { 30 | return s.c.Request("selenium/view/optionBrowserExtensions/", nil) 31 | } 32 | 33 | // Returns the current path to ChromeDriver 34 | // 35 | // This component is optional and therefore the API will only work if it is installed 36 | func (s Selenium) OptionChromeDriverPath() (map[string]interface{}, error) { 37 | return s.c.Request("selenium/view/optionChromeDriverPath/", nil) 38 | } 39 | 40 | // Returns the current path to Firefox binary 41 | // 42 | // This component is optional and therefore the API will only work if it is installed 43 | func (s Selenium) OptionFirefoxBinaryPath() (map[string]interface{}, error) { 44 | return s.c.Request("selenium/view/optionFirefoxBinaryPath/", nil) 45 | } 46 | 47 | // Returns the current path to Firefox driver (geckodriver) 48 | // 49 | // This component is optional and therefore the API will only work if it is installed 50 | func (s Selenium) OptionFirefoxDriverPath() (map[string]interface{}, error) { 51 | return s.c.Request("selenium/view/optionFirefoxDriverPath/", nil) 52 | } 53 | 54 | // This component is optional and therefore the API will only work if it is installed 55 | func (s Selenium) OptionIeDriverPath() (map[string]interface{}, error) { 56 | return s.c.Request("selenium/view/optionIeDriverPath/", nil) 57 | } 58 | 59 | // This component is optional and therefore the API will only work if it is installed 60 | func (s Selenium) OptionLastDirectory() (map[string]interface{}, error) { 61 | return s.c.Request("selenium/view/optionLastDirectory/", nil) 62 | } 63 | 64 | // Returns the current path to PhantomJS binary 65 | // 66 | // This component is optional and therefore the API will only work if it is installed 67 | func (s Selenium) OptionPhantomJsBinaryPath() (map[string]interface{}, error) { 68 | return s.c.Request("selenium/view/optionPhantomJsBinaryPath/", nil) 69 | } 70 | 71 | // Sets the current path to ChromeDriver 72 | // 73 | // This component is optional and therefore the API will only work if it is installed 74 | func (s Selenium) SetOptionChromeDriverPath(str string) (map[string]interface{}, error) { 75 | m := map[string]string{ 76 | "String": str, 77 | } 78 | return s.c.Request("selenium/action/setOptionChromeDriverPath/", m) 79 | } 80 | 81 | // Sets the current path to Firefox binary 82 | // 83 | // This component is optional and therefore the API will only work if it is installed 84 | func (s Selenium) SetOptionFirefoxBinaryPath(str string) (map[string]interface{}, error) { 85 | m := map[string]string{ 86 | "String": str, 87 | } 88 | return s.c.Request("selenium/action/setOptionFirefoxBinaryPath/", m) 89 | } 90 | 91 | // Sets the current path to Firefox driver (geckodriver) 92 | // 93 | // This component is optional and therefore the API will only work if it is installed 94 | func (s Selenium) SetOptionFirefoxDriverPath(str string) (map[string]interface{}, error) { 95 | m := map[string]string{ 96 | "String": str, 97 | } 98 | return s.c.Request("selenium/action/setOptionFirefoxDriverPath/", m) 99 | } 100 | 101 | // This component is optional and therefore the API will only work if it is installed 102 | func (s Selenium) SetOptionIeDriverPath(str string) (map[string]interface{}, error) { 103 | m := map[string]string{ 104 | "String": str, 105 | } 106 | return s.c.Request("selenium/action/setOptionIeDriverPath/", m) 107 | } 108 | 109 | // This component is optional and therefore the API will only work if it is installed 110 | func (s Selenium) SetOptionLastDirectory(str string) (map[string]interface{}, error) { 111 | m := map[string]string{ 112 | "String": str, 113 | } 114 | return s.c.Request("selenium/action/setOptionLastDirectory/", m) 115 | } 116 | 117 | // Sets the current path to PhantomJS binary 118 | // 119 | // This component is optional and therefore the API will only work if it is installed 120 | func (s Selenium) SetOptionPhantomJsBinaryPath(str string) (map[string]interface{}, error) { 121 | m := map[string]string{ 122 | "String": str, 123 | } 124 | return s.c.Request("selenium/action/setOptionPhantomJsBinaryPath/", m) 125 | } 126 | -------------------------------------------------------------------------------- /zap/alert_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Alert struct { 25 | c *Client 26 | } 27 | 28 | // Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method 29 | func (a Alert) Alert(id string) (map[string]interface{}, error) { 30 | m := map[string]string{ 31 | "id": id, 32 | } 33 | return a.c.Request("alert/view/alert/", m) 34 | } 35 | 36 | // Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts 37 | func (a Alert) Alerts(baseurl string, start string, count string, riskid string) (map[string]interface{}, error) { 38 | m := map[string]string{ 39 | "baseurl": baseurl, 40 | "start": start, 41 | "count": count, 42 | "riskId": riskid, 43 | } 44 | return a.c.Request("alert/view/alerts/", m) 45 | } 46 | 47 | // Gets number of alerts grouped by each risk level, optionally filtering by URL 48 | func (a Alert) AlertsSummary(baseurl string) (map[string]interface{}, error) { 49 | m := map[string]string{ 50 | "baseurl": baseurl, 51 | } 52 | return a.c.Request("alert/view/alertsSummary/", m) 53 | } 54 | 55 | // Gets the number of alerts, optionally filtering by URL or riskId 56 | func (a Alert) NumberOfAlerts(baseurl string, riskid string) (map[string]interface{}, error) { 57 | m := map[string]string{ 58 | "baseurl": baseurl, 59 | "riskId": riskid, 60 | } 61 | return a.c.Request("alert/view/numberOfAlerts/", m) 62 | } 63 | 64 | // Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url parameters) 65 | func (a Alert) AlertsByRisk(url string, recurse string) (map[string]interface{}, error) { 66 | m := map[string]string{ 67 | "url": url, 68 | "recurse": recurse, 69 | } 70 | return a.c.Request("alert/view/alertsByRisk/", m) 71 | } 72 | 73 | // Gets a count of the alerts, optionally filtered as per alertsPerRisk 74 | func (a Alert) AlertCountsByRisk(url string, recurse string) (map[string]interface{}, error) { 75 | m := map[string]string{ 76 | "url": url, 77 | "recurse": recurse, 78 | } 79 | return a.c.Request("alert/view/alertCountsByRisk/", m) 80 | } 81 | 82 | // Deletes all alerts of the current session. 83 | func (a Alert) DeleteAllAlerts() (map[string]interface{}, error) { 84 | return a.c.Request("alert/action/deleteAllAlerts/", nil) 85 | } 86 | 87 | // Deletes the alert with the given ID. 88 | func (a Alert) DeleteAlert(id string) (map[string]interface{}, error) { 89 | m := map[string]string{ 90 | "id": id, 91 | } 92 | return a.c.Request("alert/action/deleteAlert/", m) 93 | } 94 | 95 | // Update the confidence of the alerts. 96 | func (a Alert) UpdateAlertsConfidence(ids string, confidenceid string) (map[string]interface{}, error) { 97 | m := map[string]string{ 98 | "ids": ids, 99 | "confidenceId": confidenceid, 100 | } 101 | return a.c.Request("alert/action/updateAlertsConfidence/", m) 102 | } 103 | 104 | // Update the risk of the alerts. 105 | func (a Alert) UpdateAlertsRisk(ids string, riskid string) (map[string]interface{}, error) { 106 | m := map[string]string{ 107 | "ids": ids, 108 | "riskId": riskid, 109 | } 110 | return a.c.Request("alert/action/updateAlertsRisk/", m) 111 | } 112 | 113 | // Update the alert with the given ID, with the provided details. 114 | func (a Alert) UpdateAlert(id string, name string, riskid string, confidenceid string, description string, param string, attack string, otherinfo string, solution string, references string, evidence string, cweid string, wascid string) (map[string]interface{}, error) { 115 | m := map[string]string{ 116 | "id": id, 117 | "name": name, 118 | "riskId": riskid, 119 | "confidenceId": confidenceid, 120 | "description": description, 121 | "param": param, 122 | "attack": attack, 123 | "otherInfo": otherinfo, 124 | "solution": solution, 125 | "references": references, 126 | "evidence": evidence, 127 | "cweId": cweid, 128 | "wascId": wascid, 129 | } 130 | return a.c.Request("alert/action/updateAlert/", m) 131 | } 132 | 133 | // Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.) 134 | func (a Alert) AddAlert(messageid string, name string, riskid string, confidenceid string, description string, param string, attack string, otherinfo string, solution string, references string, evidence string, cweid string, wascid string) (map[string]interface{}, error) { 135 | m := map[string]string{ 136 | "messageId": messageid, 137 | "name": name, 138 | "riskId": riskid, 139 | "confidenceId": confidenceid, 140 | "description": description, 141 | "param": param, 142 | "attack": attack, 143 | "otherInfo": otherinfo, 144 | "solution": solution, 145 | "references": references, 146 | "evidence": evidence, 147 | "cweId": cweid, 148 | "wascId": wascid, 149 | } 150 | return a.c.Request("alert/action/addAlert/", m) 151 | } 152 | -------------------------------------------------------------------------------- /zap/http-sessions_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type HttpSessions struct { 25 | c *Client 26 | } 27 | 28 | // Gets all of the sites that have sessions. 29 | func (h HttpSessions) Sites() (map[string]interface{}, error) { 30 | return h.c.Request("httpSessions/view/sites/", nil) 31 | } 32 | 33 | // Gets the sessions for the given site. Optionally returning just the session with the given name. 34 | func (h HttpSessions) Sessions(site string, session string) (map[string]interface{}, error) { 35 | m := map[string]string{ 36 | "site": site, 37 | "session": session, 38 | } 39 | return h.c.Request("httpSessions/view/sessions/", m) 40 | } 41 | 42 | // Gets the name of the active session for the given site. 43 | func (h HttpSessions) ActiveSession(site string) (map[string]interface{}, error) { 44 | m := map[string]string{ 45 | "site": site, 46 | } 47 | return h.c.Request("httpSessions/view/activeSession/", m) 48 | } 49 | 50 | // Gets the names of the session tokens for the given site. 51 | func (h HttpSessions) SessionTokens(site string) (map[string]interface{}, error) { 52 | m := map[string]string{ 53 | "site": site, 54 | } 55 | return h.c.Request("httpSessions/view/sessionTokens/", m) 56 | } 57 | 58 | // Gets the default session tokens. 59 | func (h HttpSessions) DefaultSessionTokens() (map[string]interface{}, error) { 60 | return h.c.Request("httpSessions/view/defaultSessionTokens/", nil) 61 | } 62 | 63 | // Creates an empty session for the given site. Optionally with the given name. 64 | func (h HttpSessions) CreateEmptySession(site string, session string) (map[string]interface{}, error) { 65 | m := map[string]string{ 66 | "site": site, 67 | "session": session, 68 | } 69 | return h.c.Request("httpSessions/action/createEmptySession/", m) 70 | } 71 | 72 | // Removes the session from the given site. 73 | func (h HttpSessions) RemoveSession(site string, session string) (map[string]interface{}, error) { 74 | m := map[string]string{ 75 | "site": site, 76 | "session": session, 77 | } 78 | return h.c.Request("httpSessions/action/removeSession/", m) 79 | } 80 | 81 | // Sets the given session as active for the given site. 82 | func (h HttpSessions) SetActiveSession(site string, session string) (map[string]interface{}, error) { 83 | m := map[string]string{ 84 | "site": site, 85 | "session": session, 86 | } 87 | return h.c.Request("httpSessions/action/setActiveSession/", m) 88 | } 89 | 90 | // Unsets the active session of the given site. 91 | func (h HttpSessions) UnsetActiveSession(site string) (map[string]interface{}, error) { 92 | m := map[string]string{ 93 | "site": site, 94 | } 95 | return h.c.Request("httpSessions/action/unsetActiveSession/", m) 96 | } 97 | 98 | // Adds the session token to the given site. 99 | func (h HttpSessions) AddSessionToken(site string, sessiontoken string) (map[string]interface{}, error) { 100 | m := map[string]string{ 101 | "site": site, 102 | "sessionToken": sessiontoken, 103 | } 104 | return h.c.Request("httpSessions/action/addSessionToken/", m) 105 | } 106 | 107 | // Removes the session token from the given site. 108 | func (h HttpSessions) RemoveSessionToken(site string, sessiontoken string) (map[string]interface{}, error) { 109 | m := map[string]string{ 110 | "site": site, 111 | "sessionToken": sessiontoken, 112 | } 113 | return h.c.Request("httpSessions/action/removeSessionToken/", m) 114 | } 115 | 116 | // Sets the value of the session token of the given session for the given site. 117 | func (h HttpSessions) SetSessionTokenValue(site string, session string, sessiontoken string, tokenvalue string) (map[string]interface{}, error) { 118 | m := map[string]string{ 119 | "site": site, 120 | "session": session, 121 | "sessionToken": sessiontoken, 122 | "tokenValue": tokenvalue, 123 | } 124 | return h.c.Request("httpSessions/action/setSessionTokenValue/", m) 125 | } 126 | 127 | // Renames the session of the given site. 128 | func (h HttpSessions) RenameSession(site string, oldsessionname string, newsessionname string) (map[string]interface{}, error) { 129 | m := map[string]string{ 130 | "site": site, 131 | "oldSessionName": oldsessionname, 132 | "newSessionName": newsessionname, 133 | } 134 | return h.c.Request("httpSessions/action/renameSession/", m) 135 | } 136 | 137 | // Adds a default session token with the given name and enabled state. 138 | func (h HttpSessions) AddDefaultSessionToken(sessiontoken string, tokenenabled string) (map[string]interface{}, error) { 139 | m := map[string]string{ 140 | "sessionToken": sessiontoken, 141 | "tokenEnabled": tokenenabled, 142 | } 143 | return h.c.Request("httpSessions/action/addDefaultSessionToken/", m) 144 | } 145 | 146 | // Sets whether or not the default session token with the given name is enabled. 147 | func (h HttpSessions) SetDefaultSessionTokenEnabled(sessiontoken string, tokenenabled string) (map[string]interface{}, error) { 148 | m := map[string]string{ 149 | "sessionToken": sessiontoken, 150 | "tokenEnabled": tokenenabled, 151 | } 152 | return h.c.Request("httpSessions/action/setDefaultSessionTokenEnabled/", m) 153 | } 154 | 155 | // Removes the default session token with the given name. 156 | func (h HttpSessions) RemoveDefaultSessionToken(sessiontoken string) (map[string]interface{}, error) { 157 | m := map[string]string{ 158 | "sessionToken": sessiontoken, 159 | } 160 | return h.c.Request("httpSessions/action/removeDefaultSessionToken/", m) 161 | } 162 | -------------------------------------------------------------------------------- /zap/search_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Search struct { 25 | c *Client 26 | } 27 | 28 | // Returns the URLs of the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages. 29 | func (s Search) UrlsByUrlRegex(regex string, baseurl string, start string, count string) (map[string]interface{}, error) { 30 | m := map[string]string{ 31 | "regex": regex, 32 | "baseurl": baseurl, 33 | "start": start, 34 | "count": count, 35 | } 36 | return s.c.Request("search/view/urlsByUrlRegex/", m) 37 | } 38 | 39 | // Returns the URLs of the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages. 40 | func (s Search) UrlsByRequestRegex(regex string, baseurl string, start string, count string) (map[string]interface{}, error) { 41 | m := map[string]string{ 42 | "regex": regex, 43 | "baseurl": baseurl, 44 | "start": start, 45 | "count": count, 46 | } 47 | return s.c.Request("search/view/urlsByRequestRegex/", m) 48 | } 49 | 50 | // Returns the URLs of the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages. 51 | func (s Search) UrlsByResponseRegex(regex string, baseurl string, start string, count string) (map[string]interface{}, error) { 52 | m := map[string]string{ 53 | "regex": regex, 54 | "baseurl": baseurl, 55 | "start": start, 56 | "count": count, 57 | } 58 | return s.c.Request("search/view/urlsByResponseRegex/", m) 59 | } 60 | 61 | // Returns the URLs of the HTTP messages that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages. 62 | func (s Search) UrlsByHeaderRegex(regex string, baseurl string, start string, count string) (map[string]interface{}, error) { 63 | m := map[string]string{ 64 | "regex": regex, 65 | "baseurl": baseurl, 66 | "start": start, 67 | "count": count, 68 | } 69 | return s.c.Request("search/view/urlsByHeaderRegex/", m) 70 | } 71 | 72 | // Returns the HTTP messages that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages. 73 | func (s Search) MessagesByUrlRegex(regex string, baseurl string, start string, count string) (map[string]interface{}, error) { 74 | m := map[string]string{ 75 | "regex": regex, 76 | "baseurl": baseurl, 77 | "start": start, 78 | "count": count, 79 | } 80 | return s.c.Request("search/view/messagesByUrlRegex/", m) 81 | } 82 | 83 | // Returns the HTTP messages that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages. 84 | func (s Search) MessagesByRequestRegex(regex string, baseurl string, start string, count string) (map[string]interface{}, error) { 85 | m := map[string]string{ 86 | "regex": regex, 87 | "baseurl": baseurl, 88 | "start": start, 89 | "count": count, 90 | } 91 | return s.c.Request("search/view/messagesByRequestRegex/", m) 92 | } 93 | 94 | // Returns the HTTP messages that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages. 95 | func (s Search) MessagesByResponseRegex(regex string, baseurl string, start string, count string) (map[string]interface{}, error) { 96 | m := map[string]string{ 97 | "regex": regex, 98 | "baseurl": baseurl, 99 | "start": start, 100 | "count": count, 101 | } 102 | return s.c.Request("search/view/messagesByResponseRegex/", m) 103 | } 104 | 105 | // Returns the HTTP messages that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages. 106 | func (s Search) MessagesByHeaderRegex(regex string, baseurl string, start string, count string) (map[string]interface{}, error) { 107 | m := map[string]string{ 108 | "regex": regex, 109 | "baseurl": baseurl, 110 | "start": start, 111 | "count": count, 112 | } 113 | return s.c.Request("search/view/messagesByHeaderRegex/", m) 114 | } 115 | 116 | // Returns the HTTP messages, in HAR format, that match the given regular expression in the URL optionally filtered by URL and paginated with 'start' position and 'count' of messages. 117 | func (s Search) HarByUrlRegex(regex string, baseurl string, start string, count string) ([]byte, error) { 118 | m := map[string]string{ 119 | "regex": regex, 120 | "baseurl": baseurl, 121 | "start": start, 122 | "count": count, 123 | } 124 | return s.c.RequestOther("search/other/harByUrlRegex/", m) 125 | } 126 | 127 | // Returns the HTTP messages, in HAR format, that match the given regular expression in the request optionally filtered by URL and paginated with 'start' position and 'count' of messages. 128 | func (s Search) HarByRequestRegex(regex string, baseurl string, start string, count string) ([]byte, error) { 129 | m := map[string]string{ 130 | "regex": regex, 131 | "baseurl": baseurl, 132 | "start": start, 133 | "count": count, 134 | } 135 | return s.c.RequestOther("search/other/harByRequestRegex/", m) 136 | } 137 | 138 | // Returns the HTTP messages, in HAR format, that match the given regular expression in the response optionally filtered by URL and paginated with 'start' position and 'count' of messages. 139 | func (s Search) HarByResponseRegex(regex string, baseurl string, start string, count string) ([]byte, error) { 140 | m := map[string]string{ 141 | "regex": regex, 142 | "baseurl": baseurl, 143 | "start": start, 144 | "count": count, 145 | } 146 | return s.c.RequestOther("search/other/harByResponseRegex/", m) 147 | } 148 | 149 | // Returns the HTTP messages, in HAR format, that match the given regular expression in the header(s) optionally filtered by URL and paginated with 'start' position and 'count' of messages. 150 | func (s Search) HarByHeaderRegex(regex string, baseurl string, start string, count string) ([]byte, error) { 151 | m := map[string]string{ 152 | "regex": regex, 153 | "baseurl": baseurl, 154 | "start": start, 155 | "count": count, 156 | } 157 | return s.c.RequestOther("search/other/harByHeaderRegex/", m) 158 | } 159 | -------------------------------------------------------------------------------- /zap/interface.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | 19 | // TODO: auto generate this file 20 | package zap 21 | 22 | // Interface defines the interface a ZAP client should implement 23 | type Interface interface { 24 | AccessControl() *AccessControl 25 | Acsrf() *Acsrf 26 | AjaxSpider() *AjaxSpider 27 | Alert() *Alert 28 | AlertFilter() *AlertFilter 29 | Ascan() *Ascan 30 | Authentication() *Authentication 31 | Authorization() *Authorization 32 | Automation() *Automation 33 | Autoupdate() *Autoupdate 34 | Break() *Break 35 | Context() *Context 36 | Core() *Core 37 | Exportreport() *Exportreport 38 | ForcedUser() *ForcedUser 39 | Graphql() *Graphql 40 | HttpSessions() *HttpSessions 41 | ImportLogFiles() *ImportLogFiles 42 | Importurls() *Importurls 43 | LocalProxies() *LocalProxies 44 | Openapi() *Openapi 45 | Params() *Params 46 | Pnh() *Pnh 47 | Pscan() *Pscan 48 | Replacer() *Replacer 49 | Reports() *Reports 50 | Retest() *Retest 51 | Reveal() *Reveal 52 | Revisit() *Revisit 53 | RuleConfig() *RuleConfig 54 | Script() *Script 55 | Search() *Search 56 | Selenium() *Selenium 57 | SessionManagement() *SessionManagement 58 | Soap() *Soap 59 | Spider() *Spider 60 | Stats() *Stats 61 | Users() *Users 62 | Wappalyzer() *Wappalyzer 63 | Websocket() *Websocket 64 | } 65 | 66 | // AccessControl() returns a AccessControl client 67 | func (c *Client) AccessControl() *AccessControl { 68 | return &AccessControl{c} 69 | } 70 | 71 | // Acsrf() returns a Acsrf client 72 | func (c *Client) Acsrf() *Acsrf { 73 | return &Acsrf{c} 74 | } 75 | 76 | // AjaxSpider() returns a AjaxSpider client 77 | func (c *Client) AjaxSpider() *AjaxSpider { 78 | return &AjaxSpider{c} 79 | } 80 | 81 | // Alert() returns a Alert client 82 | func (c *Client) Alert() *Alert { 83 | return &Alert{c} 84 | } 85 | 86 | // AlertFilter() returns a AlertFilter client 87 | func (c *Client) AlertFilter() *AlertFilter { 88 | return &AlertFilter{c} 89 | } 90 | 91 | // Ascan() returns a Ascan client 92 | func (c *Client) Ascan() *Ascan { 93 | return &Ascan{c} 94 | } 95 | 96 | // Authentication() returns a Authentication client 97 | func (c *Client) Authentication() *Authentication { 98 | return &Authentication{c} 99 | } 100 | 101 | // Authorization() returns a Authorization client 102 | func (c *Client) Authorization() *Authorization { 103 | return &Authorization{c} 104 | } 105 | 106 | // Autoupdate returns an Autoupdate client 107 | func (c *Client) Autoupdate() *Autoupdate { 108 | return &Autoupdate{c} 109 | } 110 | 111 | // Automation() returns an Automation client 112 | func (c *Client) Automation() *Automation { 113 | return &Automation{c} 114 | } 115 | 116 | // Break() returns a Break client 117 | func (c *Client) Break() *Break { 118 | return &Break{c} 119 | } 120 | 121 | // Context() returns a Context client 122 | func (c *Client) Context() *Context { 123 | return &Context{c} 124 | } 125 | 126 | // Core() returns a Core client 127 | func (c *Client) Core() *Core { 128 | return &Core{c} 129 | } 130 | 131 | // Exportreport() returns a Exportreport client 132 | func (c *Client) Exportreport() *Exportreport { 133 | return &Exportreport{c} 134 | } 135 | 136 | // ForcedUser() returns a ForcedUser client 137 | func (c *Client) ForcedUser() *ForcedUser { 138 | return &ForcedUser{c} 139 | } 140 | 141 | // Graphql() returns a Graphql client 142 | func (c *Client) Graphql() *Graphql { 143 | return &Graphql{c} 144 | } 145 | 146 | // HttpSessions() returns a HttpSessions client 147 | func (c *Client) HttpSessions() *HttpSessions { 148 | return &HttpSessions{c} 149 | } 150 | 151 | // ImportLogFiles() returns a ImportLogFiles client 152 | func (c *Client) ImportLogFiles() *ImportLogFiles { 153 | return &ImportLogFiles{c} 154 | } 155 | 156 | // Importurls() returns a Importurls client 157 | func (c *Client) Importurls() *Importurls { 158 | return &Importurls{c} 159 | } 160 | 161 | // LocalProxies() returns a LocalProxies client 162 | func (c *Client) LocalProxies() *LocalProxies { 163 | return &LocalProxies{c} 164 | } 165 | 166 | // Openapi() returns a Openapi clinet 167 | func (c *Client) Openapi() *Openapi { 168 | return &Openapi{c} 169 | } 170 | 171 | // Params() returns a Params client 172 | func (c *Client) Params() *Params { 173 | return &Params{c} 174 | } 175 | 176 | // Pnh() returns a Pnh client 177 | func (c *Client) Pnh() *Pnh { 178 | return &Pnh{c} 179 | } 180 | 181 | // Pscan() returns a Pscan client 182 | func (c *Client) Pscan() *Pscan { 183 | return &Pscan{c} 184 | } 185 | 186 | // Replacer() returns a Replacer client 187 | func (c *Client) Replacer() *Replacer { 188 | return &Replacer{c} 189 | } 190 | 191 | // Reports() returns a Reports client 192 | func (c *Client) Reports() *Reports { 193 | return &Reports{c} 194 | } 195 | 196 | // Retest() returns a Retest client 197 | func (c *Client) Retest() *Retest { 198 | return &Retest{c} 199 | } 200 | 201 | // Reveal() returns a Reveal client 202 | func (c *Client) Reveal() *Reveal { 203 | return &Reveal{c} 204 | } 205 | 206 | // Revisit() returns a Revisit client 207 | func (c *Client) Revisit() *Revisit { 208 | return &Revisit{c} 209 | } 210 | 211 | // RuleConfig() returns a RuleConfig client 212 | func (c *Client) RuleConfig() *RuleConfig { 213 | return &RuleConfig{c} 214 | } 215 | 216 | // Script() returns a Script client 217 | func (c *Client) Script() *Script { 218 | return &Script{c} 219 | } 220 | 221 | // Search() returns a Search client 222 | func (c *Client) Search() *Search { 223 | return &Search{c} 224 | } 225 | 226 | // Selenium() returns a Selenium client 227 | func (c *Client) Selenium() *Selenium { 228 | return &Selenium{c} 229 | } 230 | 231 | // SessionManagement() returns a SessionManagement client 232 | func (c *Client) SessionManagement() *SessionManagement { 233 | return &SessionManagement{c} 234 | } 235 | 236 | // Soap() returns a Soap client 237 | func (c *Client) Soap() *Soap { 238 | return &Soap{c} 239 | } 240 | 241 | // Spider() returns a Spider client 242 | func (c *Client) Spider() *Spider { 243 | return &Spider{c} 244 | } 245 | 246 | // Stats() returns a Stats client 247 | func (c *Client) Stats() *Stats { 248 | return &Stats{c} 249 | } 250 | 251 | // Users() returns a Users client 252 | func (c *Client) Users() *Users { 253 | return &Users{c} 254 | } 255 | 256 | // Wappalyzer() returns a Wappalyzer client 257 | func (c *Client) Wappalyzer() *Wappalyzer { 258 | return &Wappalyzer{c} 259 | } 260 | 261 | // Websocket() returns a Websocket client 262 | func (c *Client) Websocket() *Websocket { 263 | return &Websocket{c} 264 | } 265 | -------------------------------------------------------------------------------- /zap/users_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Users struct { 25 | c *Client 26 | } 27 | 28 | // Gets a list of users that belong to the context with the given ID, or all users if none provided. 29 | func (u Users) UsersList(contextid string) (map[string]interface{}, error) { 30 | m := map[string]string{ 31 | "contextId": contextid, 32 | } 33 | return u.c.Request("users/view/usersList/", m) 34 | } 35 | 36 | // Gets the data of the user with the given ID that belongs to the context with the given ID. 37 | func (u Users) GetUserById(contextid string, userid string) (map[string]interface{}, error) { 38 | m := map[string]string{ 39 | "contextId": contextid, 40 | "userId": userid, 41 | } 42 | return u.c.Request("users/view/getUserById/", m) 43 | } 44 | 45 | // Gets the configuration parameters for the credentials of the context with the given ID. 46 | func (u Users) GetAuthenticationCredentialsConfigParams(contextid string) (map[string]interface{}, error) { 47 | m := map[string]string{ 48 | "contextId": contextid, 49 | } 50 | return u.c.Request("users/view/getAuthenticationCredentialsConfigParams/", m) 51 | } 52 | 53 | // Gets the authentication credentials of the user with given ID that belongs to the context with the given ID. 54 | func (u Users) GetAuthenticationCredentials(contextid string, userid string) (map[string]interface{}, error) { 55 | m := map[string]string{ 56 | "contextId": contextid, 57 | "userId": userid, 58 | } 59 | return u.c.Request("users/view/getAuthenticationCredentials/", m) 60 | } 61 | 62 | // Gets the authentication state information for the user identified by the Context and User Ids. 63 | func (u Users) GetAuthenticationState(contextid string, userid string) (map[string]interface{}, error) { 64 | m := map[string]string{ 65 | "contextId": contextid, 66 | "userId": userid, 67 | } 68 | return u.c.Request("users/view/getAuthenticationState/", m) 69 | } 70 | 71 | // Gets the authentication session information for the user identified by the Context and User Ids, e.g. cookies and realm credentials. 72 | func (u Users) GetAuthenticationSession(contextid string, userid string) (map[string]interface{}, error) { 73 | m := map[string]string{ 74 | "contextId": contextid, 75 | "userId": userid, 76 | } 77 | return u.c.Request("users/view/getAuthenticationSession/", m) 78 | } 79 | 80 | // Creates a new user with the given name for the context with the given ID. 81 | func (u Users) NewUser(contextid string, name string) (map[string]interface{}, error) { 82 | m := map[string]string{ 83 | "contextId": contextid, 84 | "name": name, 85 | } 86 | return u.c.Request("users/action/newUser/", m) 87 | } 88 | 89 | // Removes the user with the given ID that belongs to the context with the given ID. 90 | func (u Users) RemoveUser(contextid string, userid string) (map[string]interface{}, error) { 91 | m := map[string]string{ 92 | "contextId": contextid, 93 | "userId": userid, 94 | } 95 | return u.c.Request("users/action/removeUser/", m) 96 | } 97 | 98 | // Sets whether or not the user, with the given ID that belongs to the context with the given ID, should be enabled. 99 | func (u Users) SetUserEnabled(contextid string, userid string, enabled string) (map[string]interface{}, error) { 100 | m := map[string]string{ 101 | "contextId": contextid, 102 | "userId": userid, 103 | "enabled": enabled, 104 | } 105 | return u.c.Request("users/action/setUserEnabled/", m) 106 | } 107 | 108 | // Renames the user with the given ID that belongs to the context with the given ID. 109 | func (u Users) SetUserName(contextid string, userid string, name string) (map[string]interface{}, error) { 110 | m := map[string]string{ 111 | "contextId": contextid, 112 | "userId": userid, 113 | "name": name, 114 | } 115 | return u.c.Request("users/action/setUserName/", m) 116 | } 117 | 118 | // Sets the authentication credentials for the user with the given ID that belongs to the context with the given ID. 119 | func (u Users) SetAuthenticationCredentials(contextid string, userid string, authcredentialsconfigparams string) (map[string]interface{}, error) { 120 | m := map[string]string{ 121 | "contextId": contextid, 122 | "userId": userid, 123 | "authCredentialsConfigParams": authcredentialsconfigparams, 124 | } 125 | return u.c.Request("users/action/setAuthenticationCredentials/", m) 126 | } 127 | 128 | // Tries to authenticate as the identified user, returning the authentication request and whether it appears to have succeeded. 129 | func (u Users) AuthenticateAsUser(contextid string, userid string) (map[string]interface{}, error) { 130 | m := map[string]string{ 131 | "contextId": contextid, 132 | "userId": userid, 133 | } 134 | return u.c.Request("users/action/authenticateAsUser/", m) 135 | } 136 | 137 | // Tries to poll as the identified user, returning the authentication request and whether it appears to have succeeded. This will only work if the polling verification strategy has been configured. 138 | func (u Users) PollAsUser(contextid string, userid string) (map[string]interface{}, error) { 139 | m := map[string]string{ 140 | "contextId": contextid, 141 | "userId": userid, 142 | } 143 | return u.c.Request("users/action/pollAsUser/", m) 144 | } 145 | 146 | // Sets fields in the authentication state for the user identified by the Context and User Ids. 147 | func (u Users) SetAuthenticationState(contextid string, userid string, lastpollresult string, lastpolltimeinms string, requestssincelastpoll string) (map[string]interface{}, error) { 148 | m := map[string]string{ 149 | "contextId": contextid, 150 | "userId": userid, 151 | "lastPollResult": lastpollresult, 152 | "lastPollTimeInMs": lastpolltimeinms, 153 | "requestsSinceLastPoll": requestssincelastpoll, 154 | } 155 | return u.c.Request("users/action/setAuthenticationState/", m) 156 | } 157 | 158 | // Sets the specified cookie for the user identified by the Context and User Ids. 159 | func (u Users) SetCookie(contextid string, userid string, domain string, name string, value string, path string, secure string) (map[string]interface{}, error) { 160 | m := map[string]string{ 161 | "contextId": contextid, 162 | "userId": userid, 163 | "domain": domain, 164 | "name": name, 165 | "value": value, 166 | "path": path, 167 | "secure": secure, 168 | } 169 | return u.c.Request("users/action/setCookie/", m) 170 | } 171 | -------------------------------------------------------------------------------- /zap/alert-filter_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type AlertFilter struct { 25 | c *Client 26 | } 27 | 28 | // Lists the alert filters of the context with the given ID. 29 | // 30 | // This component is optional and therefore the API will only work if it is installed 31 | func (a AlertFilter) AlertFilterList(contextid string) (map[string]interface{}, error) { 32 | m := map[string]string{ 33 | "contextId": contextid, 34 | } 35 | return a.c.Request("alertFilter/view/alertFilterList/", m) 36 | } 37 | 38 | // Lists the global alert filters. 39 | // 40 | // This component is optional and therefore the API will only work if it is installed 41 | func (a AlertFilter) GlobalAlertFilterList() (map[string]interface{}, error) { 42 | return a.c.Request("alertFilter/view/globalAlertFilterList/", nil) 43 | } 44 | 45 | // Adds a new alert filter for the context with the given ID. 46 | // 47 | // This component is optional and therefore the API will only work if it is installed 48 | func (a AlertFilter) AddAlertFilter(contextid string, ruleid string, newlevel string, url string, urlisregex string, parameter string, enabled string, parameterisregex string, attack string, attackisregex string, evidence string, evidenceisregex string) (map[string]interface{}, error) { 49 | m := map[string]string{ 50 | "contextId": contextid, 51 | "ruleId": ruleid, 52 | "newLevel": newlevel, 53 | "url": url, 54 | "urlIsRegex": urlisregex, 55 | "parameter": parameter, 56 | "enabled": enabled, 57 | "parameterIsRegex": parameterisregex, 58 | "attack": attack, 59 | "attackIsRegex": attackisregex, 60 | "evidence": evidence, 61 | "evidenceIsRegex": evidenceisregex, 62 | } 63 | return a.c.Request("alertFilter/action/addAlertFilter/", m) 64 | } 65 | 66 | // Removes an alert filter from the context with the given ID. 67 | // 68 | // This component is optional and therefore the API will only work if it is installed 69 | func (a AlertFilter) RemoveAlertFilter(contextid string, ruleid string, newlevel string, url string, urlisregex string, parameter string, enabled string, parameterisregex string, attack string, attackisregex string, evidence string, evidenceisregex string) (map[string]interface{}, error) { 70 | m := map[string]string{ 71 | "contextId": contextid, 72 | "ruleId": ruleid, 73 | "newLevel": newlevel, 74 | "url": url, 75 | "urlIsRegex": urlisregex, 76 | "parameter": parameter, 77 | "enabled": enabled, 78 | "parameterIsRegex": parameterisregex, 79 | "attack": attack, 80 | "attackIsRegex": attackisregex, 81 | "evidence": evidence, 82 | "evidenceIsRegex": evidenceisregex, 83 | } 84 | return a.c.Request("alertFilter/action/removeAlertFilter/", m) 85 | } 86 | 87 | // Adds a new global alert filter. 88 | // 89 | // This component is optional and therefore the API will only work if it is installed 90 | func (a AlertFilter) AddGlobalAlertFilter(ruleid string, newlevel string, url string, urlisregex string, parameter string, enabled string, parameterisregex string, attack string, attackisregex string, evidence string, evidenceisregex string) (map[string]interface{}, error) { 91 | m := map[string]string{ 92 | "ruleId": ruleid, 93 | "newLevel": newlevel, 94 | "url": url, 95 | "urlIsRegex": urlisregex, 96 | "parameter": parameter, 97 | "enabled": enabled, 98 | "parameterIsRegex": parameterisregex, 99 | "attack": attack, 100 | "attackIsRegex": attackisregex, 101 | "evidence": evidence, 102 | "evidenceIsRegex": evidenceisregex, 103 | } 104 | return a.c.Request("alertFilter/action/addGlobalAlertFilter/", m) 105 | } 106 | 107 | // Removes a global alert filter. 108 | // 109 | // This component is optional and therefore the API will only work if it is installed 110 | func (a AlertFilter) RemoveGlobalAlertFilter(ruleid string, newlevel string, url string, urlisregex string, parameter string, enabled string, parameterisregex string, attack string, attackisregex string, evidence string, evidenceisregex string) (map[string]interface{}, error) { 111 | m := map[string]string{ 112 | "ruleId": ruleid, 113 | "newLevel": newlevel, 114 | "url": url, 115 | "urlIsRegex": urlisregex, 116 | "parameter": parameter, 117 | "enabled": enabled, 118 | "parameterIsRegex": parameterisregex, 119 | "attack": attack, 120 | "attackIsRegex": attackisregex, 121 | "evidence": evidence, 122 | "evidenceIsRegex": evidenceisregex, 123 | } 124 | return a.c.Request("alertFilter/action/removeGlobalAlertFilter/", m) 125 | } 126 | 127 | // Applies all currently enabled Global and Context alert filters. 128 | // 129 | // This component is optional and therefore the API will only work if it is installed 130 | func (a AlertFilter) ApplyAll() (map[string]interface{}, error) { 131 | return a.c.Request("alertFilter/action/applyAll/", nil) 132 | } 133 | 134 | // Applies all currently enabled Context alert filters. 135 | // 136 | // This component is optional and therefore the API will only work if it is installed 137 | func (a AlertFilter) ApplyContext() (map[string]interface{}, error) { 138 | return a.c.Request("alertFilter/action/applyContext/", nil) 139 | } 140 | 141 | // Applies all currently enabled Global alert filters. 142 | // 143 | // This component is optional and therefore the API will only work if it is installed 144 | func (a AlertFilter) ApplyGlobal() (map[string]interface{}, error) { 145 | return a.c.Request("alertFilter/action/applyGlobal/", nil) 146 | } 147 | 148 | // Tests all currently enabled Global and Context alert filters. 149 | // 150 | // This component is optional and therefore the API will only work if it is installed 151 | func (a AlertFilter) TestAll() (map[string]interface{}, error) { 152 | return a.c.Request("alertFilter/action/testAll/", nil) 153 | } 154 | 155 | // Tests all currently enabled Context alert filters. 156 | // 157 | // This component is optional and therefore the API will only work if it is installed 158 | func (a AlertFilter) TestContext() (map[string]interface{}, error) { 159 | return a.c.Request("alertFilter/action/testContext/", nil) 160 | } 161 | 162 | // Tests all currently enabled Global alert filters. 163 | // 164 | // This component is optional and therefore the API will only work if it is installed 165 | func (a AlertFilter) TestGlobal() (map[string]interface{}, error) { 166 | return a.c.Request("alertFilter/action/testGlobal/", nil) 167 | } 168 | -------------------------------------------------------------------------------- /zap/graphql_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | import "strconv" 25 | 26 | type Graphql struct { 27 | c *Client 28 | } 29 | 30 | // Returns how arguments are currently specified. 31 | // 32 | // This component is optional and therefore the API will only work if it is installed 33 | func (g Graphql) OptionArgsType() (map[string]interface{}, error) { 34 | return g.c.Request("graphql/view/optionArgsType/", nil) 35 | } 36 | 37 | // Returns whether or not lenient maximum query generation depth is enabled. 38 | // 39 | // This component is optional and therefore the API will only work if it is installed 40 | func (g Graphql) OptionLenientMaxQueryDepthEnabled() (map[string]interface{}, error) { 41 | return g.c.Request("graphql/view/optionLenientMaxQueryDepthEnabled/", nil) 42 | } 43 | 44 | // Returns the current maximum additional query generation depth. 45 | // 46 | // This component is optional and therefore the API will only work if it is installed 47 | func (g Graphql) OptionMaxAdditionalQueryDepth() (map[string]interface{}, error) { 48 | return g.c.Request("graphql/view/optionMaxAdditionalQueryDepth/", nil) 49 | } 50 | 51 | // Returns the current maximum arguments generation depth. 52 | // 53 | // This component is optional and therefore the API will only work if it is installed 54 | func (g Graphql) OptionMaxArgsDepth() (map[string]interface{}, error) { 55 | return g.c.Request("graphql/view/optionMaxArgsDepth/", nil) 56 | } 57 | 58 | // Returns the current maximum query generation depth. 59 | // 60 | // This component is optional and therefore the API will only work if it is installed 61 | func (g Graphql) OptionMaxQueryDepth() (map[string]interface{}, error) { 62 | return g.c.Request("graphql/view/optionMaxQueryDepth/", nil) 63 | } 64 | 65 | // Returns whether or not optional arguments are currently specified. 66 | // 67 | // This component is optional and therefore the API will only work if it is installed 68 | func (g Graphql) OptionOptionalArgsEnabled() (map[string]interface{}, error) { 69 | return g.c.Request("graphql/view/optionOptionalArgsEnabled/", nil) 70 | } 71 | 72 | // Returns the current level for which a single query is generated. 73 | // 74 | // This component is optional and therefore the API will only work if it is installed 75 | func (g Graphql) OptionQuerySplitType() (map[string]interface{}, error) { 76 | return g.c.Request("graphql/view/optionQuerySplitType/", nil) 77 | } 78 | 79 | // Returns the current request method. 80 | // 81 | // This component is optional and therefore the API will only work if it is installed 82 | func (g Graphql) OptionRequestMethod() (map[string]interface{}, error) { 83 | return g.c.Request("graphql/view/optionRequestMethod/", nil) 84 | } 85 | 86 | // Imports a GraphQL Schema from a File. 87 | // 88 | // This component is optional and therefore the API will only work if it is installed 89 | func (g Graphql) ImportFile(endurl string, file string) (map[string]interface{}, error) { 90 | m := map[string]string{ 91 | "endurl": endurl, 92 | "file": file, 93 | } 94 | return g.c.Request("graphql/action/importFile/", m) 95 | } 96 | 97 | // Imports a GraphQL Schema from a URL. 98 | // 99 | // This component is optional and therefore the API will only work if it is installed 100 | func (g Graphql) ImportUrl(endurl string, url string) (map[string]interface{}, error) { 101 | m := map[string]string{ 102 | "endurl": endurl, 103 | "url": url, 104 | } 105 | return g.c.Request("graphql/action/importUrl/", m) 106 | } 107 | 108 | // Sets how arguments are specified. 109 | // 110 | // This component is optional and therefore the API will only work if it is installed 111 | func (g Graphql) SetOptionArgsType(str string) (map[string]interface{}, error) { 112 | m := map[string]string{ 113 | "String": str, 114 | } 115 | return g.c.Request("graphql/action/setOptionArgsType/", m) 116 | } 117 | 118 | // Sets the level for which a single query is generated. 119 | // 120 | // This component is optional and therefore the API will only work if it is installed 121 | func (g Graphql) SetOptionQuerySplitType(str string) (map[string]interface{}, error) { 122 | m := map[string]string{ 123 | "String": str, 124 | } 125 | return g.c.Request("graphql/action/setOptionQuerySplitType/", m) 126 | } 127 | 128 | // Sets the request method. 129 | // 130 | // This component is optional and therefore the API will only work if it is installed 131 | func (g Graphql) SetOptionRequestMethod(str string) (map[string]interface{}, error) { 132 | m := map[string]string{ 133 | "String": str, 134 | } 135 | return g.c.Request("graphql/action/setOptionRequestMethod/", m) 136 | } 137 | 138 | // Sets whether or not Maximum Query Depth is enforced leniently. 139 | // 140 | // This component is optional and therefore the API will only work if it is installed 141 | func (g Graphql) SetOptionLenientMaxQueryDepthEnabled(boolean bool) (map[string]interface{}, error) { 142 | m := map[string]string{ 143 | "Boolean": strconv.FormatBool(boolean), 144 | } 145 | return g.c.Request("graphql/action/setOptionLenientMaxQueryDepthEnabled/", m) 146 | } 147 | 148 | // Sets the maximum additional query generation depth (used if enforced leniently). 149 | // 150 | // This component is optional and therefore the API will only work if it is installed 151 | func (g Graphql) SetOptionMaxAdditionalQueryDepth(i int) (map[string]interface{}, error) { 152 | m := map[string]string{ 153 | "Integer": strconv.Itoa(i), 154 | } 155 | return g.c.Request("graphql/action/setOptionMaxAdditionalQueryDepth/", m) 156 | } 157 | 158 | // Sets the maximum arguments generation depth. 159 | // 160 | // This component is optional and therefore the API will only work if it is installed 161 | func (g Graphql) SetOptionMaxArgsDepth(i int) (map[string]interface{}, error) { 162 | m := map[string]string{ 163 | "Integer": strconv.Itoa(i), 164 | } 165 | return g.c.Request("graphql/action/setOptionMaxArgsDepth/", m) 166 | } 167 | 168 | // Sets the maximum query generation depth. 169 | // 170 | // This component is optional and therefore the API will only work if it is installed 171 | func (g Graphql) SetOptionMaxQueryDepth(i int) (map[string]interface{}, error) { 172 | m := map[string]string{ 173 | "Integer": strconv.Itoa(i), 174 | } 175 | return g.c.Request("graphql/action/setOptionMaxQueryDepth/", m) 176 | } 177 | 178 | // Sets whether or not Optional Arguments should be specified. 179 | // 180 | // This component is optional and therefore the API will only work if it is installed 181 | func (g Graphql) SetOptionOptionalArgsEnabled(boolean bool) (map[string]interface{}, error) { 182 | m := map[string]string{ 183 | "Boolean": strconv.FormatBool(boolean), 184 | } 185 | return g.c.Request("graphql/action/setOptionOptionalArgsEnabled/", m) 186 | } 187 | -------------------------------------------------------------------------------- /zap/autoupdate_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | import "strconv" 25 | 26 | type Autoupdate struct { 27 | c *Client 28 | } 29 | 30 | // Returns the latest version number 31 | func (a Autoupdate) LatestVersionNumber() (map[string]interface{}, error) { 32 | return a.c.Request("autoupdate/view/latestVersionNumber/", nil) 33 | } 34 | 35 | // Returns 'true' if ZAP is on the latest version 36 | func (a Autoupdate) IsLatestVersion() (map[string]interface{}, error) { 37 | return a.c.Request("autoupdate/view/isLatestVersion/", nil) 38 | } 39 | 40 | // Return a list of all of the installed add-ons 41 | func (a Autoupdate) InstalledAddons() (map[string]interface{}, error) { 42 | return a.c.Request("autoupdate/view/installedAddons/", nil) 43 | } 44 | 45 | // Returns a list with all local add-ons, installed or not. 46 | func (a Autoupdate) LocalAddons() (map[string]interface{}, error) { 47 | return a.c.Request("autoupdate/view/localAddons/", nil) 48 | } 49 | 50 | // Return a list of any add-ons that have been added to the Marketplace since the last check for updates 51 | func (a Autoupdate) NewAddons() (map[string]interface{}, error) { 52 | return a.c.Request("autoupdate/view/newAddons/", nil) 53 | } 54 | 55 | // Return a list of any add-ons that have been changed in the Marketplace since the last check for updates 56 | func (a Autoupdate) UpdatedAddons() (map[string]interface{}, error) { 57 | return a.c.Request("autoupdate/view/updatedAddons/", nil) 58 | } 59 | 60 | // Return a list of all of the add-ons on the ZAP Marketplace (this information is read once and then cached) 61 | func (a Autoupdate) MarketplaceAddons() (map[string]interface{}, error) { 62 | return a.c.Request("autoupdate/view/marketplaceAddons/", nil) 63 | } 64 | 65 | func (a Autoupdate) OptionAddonDirectories() (map[string]interface{}, error) { 66 | return a.c.Request("autoupdate/view/optionAddonDirectories/", nil) 67 | } 68 | 69 | func (a Autoupdate) OptionDayLastChecked() (map[string]interface{}, error) { 70 | return a.c.Request("autoupdate/view/optionDayLastChecked/", nil) 71 | } 72 | 73 | func (a Autoupdate) OptionDayLastInstallWarned() (map[string]interface{}, error) { 74 | return a.c.Request("autoupdate/view/optionDayLastInstallWarned/", nil) 75 | } 76 | 77 | func (a Autoupdate) OptionDayLastUpdateWarned() (map[string]interface{}, error) { 78 | return a.c.Request("autoupdate/view/optionDayLastUpdateWarned/", nil) 79 | } 80 | 81 | func (a Autoupdate) OptionDownloadDirectory() (map[string]interface{}, error) { 82 | return a.c.Request("autoupdate/view/optionDownloadDirectory/", nil) 83 | } 84 | 85 | func (a Autoupdate) OptionCheckAddonUpdates() (map[string]interface{}, error) { 86 | return a.c.Request("autoupdate/view/optionCheckAddonUpdates/", nil) 87 | } 88 | 89 | func (a Autoupdate) OptionCheckOnStart() (map[string]interface{}, error) { 90 | return a.c.Request("autoupdate/view/optionCheckOnStart/", nil) 91 | } 92 | 93 | func (a Autoupdate) OptionDownloadNewRelease() (map[string]interface{}, error) { 94 | return a.c.Request("autoupdate/view/optionDownloadNewRelease/", nil) 95 | } 96 | 97 | func (a Autoupdate) OptionInstallAddonUpdates() (map[string]interface{}, error) { 98 | return a.c.Request("autoupdate/view/optionInstallAddonUpdates/", nil) 99 | } 100 | 101 | func (a Autoupdate) OptionInstallScannerRules() (map[string]interface{}, error) { 102 | return a.c.Request("autoupdate/view/optionInstallScannerRules/", nil) 103 | } 104 | 105 | func (a Autoupdate) OptionReportAlphaAddons() (map[string]interface{}, error) { 106 | return a.c.Request("autoupdate/view/optionReportAlphaAddons/", nil) 107 | } 108 | 109 | func (a Autoupdate) OptionReportBetaAddons() (map[string]interface{}, error) { 110 | return a.c.Request("autoupdate/view/optionReportBetaAddons/", nil) 111 | } 112 | 113 | func (a Autoupdate) OptionReportReleaseAddons() (map[string]interface{}, error) { 114 | return a.c.Request("autoupdate/view/optionReportReleaseAddons/", nil) 115 | } 116 | 117 | // Downloads the latest release, if any 118 | func (a Autoupdate) DownloadLatestRelease() (map[string]interface{}, error) { 119 | return a.c.Request("autoupdate/action/downloadLatestRelease/", nil) 120 | } 121 | 122 | // Installs or updates the specified add-on, returning when complete (i.e. not asynchronously) 123 | func (a Autoupdate) InstallAddon(id string) (map[string]interface{}, error) { 124 | m := map[string]string{ 125 | "id": id, 126 | } 127 | return a.c.Request("autoupdate/action/installAddon/", m) 128 | } 129 | 130 | func (a Autoupdate) InstallLocalAddon(file string) (map[string]interface{}, error) { 131 | m := map[string]string{ 132 | "file": file, 133 | } 134 | return a.c.Request("autoupdate/action/installLocalAddon/", m) 135 | } 136 | 137 | // Uninstalls the specified add-on 138 | func (a Autoupdate) UninstallAddon(id string) (map[string]interface{}, error) { 139 | m := map[string]string{ 140 | "id": id, 141 | } 142 | return a.c.Request("autoupdate/action/uninstallAddon/", m) 143 | } 144 | 145 | func (a Autoupdate) SetOptionCheckAddonUpdates(boolean bool) (map[string]interface{}, error) { 146 | m := map[string]string{ 147 | "Boolean": strconv.FormatBool(boolean), 148 | } 149 | return a.c.Request("autoupdate/action/setOptionCheckAddonUpdates/", m) 150 | } 151 | 152 | func (a Autoupdate) SetOptionCheckOnStart(boolean bool) (map[string]interface{}, error) { 153 | m := map[string]string{ 154 | "Boolean": strconv.FormatBool(boolean), 155 | } 156 | return a.c.Request("autoupdate/action/setOptionCheckOnStart/", m) 157 | } 158 | 159 | func (a Autoupdate) SetOptionDownloadNewRelease(boolean bool) (map[string]interface{}, error) { 160 | m := map[string]string{ 161 | "Boolean": strconv.FormatBool(boolean), 162 | } 163 | return a.c.Request("autoupdate/action/setOptionDownloadNewRelease/", m) 164 | } 165 | 166 | func (a Autoupdate) SetOptionInstallAddonUpdates(boolean bool) (map[string]interface{}, error) { 167 | m := map[string]string{ 168 | "Boolean": strconv.FormatBool(boolean), 169 | } 170 | return a.c.Request("autoupdate/action/setOptionInstallAddonUpdates/", m) 171 | } 172 | 173 | func (a Autoupdate) SetOptionInstallScannerRules(boolean bool) (map[string]interface{}, error) { 174 | m := map[string]string{ 175 | "Boolean": strconv.FormatBool(boolean), 176 | } 177 | return a.c.Request("autoupdate/action/setOptionInstallScannerRules/", m) 178 | } 179 | 180 | func (a Autoupdate) SetOptionReportAlphaAddons(boolean bool) (map[string]interface{}, error) { 181 | m := map[string]string{ 182 | "Boolean": strconv.FormatBool(boolean), 183 | } 184 | return a.c.Request("autoupdate/action/setOptionReportAlphaAddons/", m) 185 | } 186 | 187 | func (a Autoupdate) SetOptionReportBetaAddons(boolean bool) (map[string]interface{}, error) { 188 | m := map[string]string{ 189 | "Boolean": strconv.FormatBool(boolean), 190 | } 191 | return a.c.Request("autoupdate/action/setOptionReportBetaAddons/", m) 192 | } 193 | 194 | func (a Autoupdate) SetOptionReportReleaseAddons(boolean bool) (map[string]interface{}, error) { 195 | m := map[string]string{ 196 | "Boolean": strconv.FormatBool(boolean), 197 | } 198 | return a.c.Request("autoupdate/action/setOptionReportReleaseAddons/", m) 199 | } 200 | -------------------------------------------------------------------------------- /zap/context_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Context struct { 25 | c *Client 26 | } 27 | 28 | // List context names of current session 29 | func (c Context) ContextList() (map[string]interface{}, error) { 30 | return c.c.Request("context/view/contextList/", nil) 31 | } 32 | 33 | // List excluded regexs for context 34 | func (c Context) ExcludeRegexs(contextname string) (map[string]interface{}, error) { 35 | m := map[string]string{ 36 | "contextName": contextname, 37 | } 38 | return c.c.Request("context/view/excludeRegexs/", m) 39 | } 40 | 41 | // List included regexs for context 42 | func (c Context) IncludeRegexs(contextname string) (map[string]interface{}, error) { 43 | m := map[string]string{ 44 | "contextName": contextname, 45 | } 46 | return c.c.Request("context/view/includeRegexs/", m) 47 | } 48 | 49 | // List the information about the named context 50 | func (c Context) Context(contextname string) (map[string]interface{}, error) { 51 | m := map[string]string{ 52 | "contextName": contextname, 53 | } 54 | return c.c.Request("context/view/context/", m) 55 | } 56 | 57 | // Lists the names of all built in technologies 58 | func (c Context) TechnologyList() (map[string]interface{}, error) { 59 | return c.c.Request("context/view/technologyList/", nil) 60 | } 61 | 62 | // Lists the names of all technologies included in a context 63 | func (c Context) IncludedTechnologyList(contextname string) (map[string]interface{}, error) { 64 | m := map[string]string{ 65 | "contextName": contextname, 66 | } 67 | return c.c.Request("context/view/includedTechnologyList/", m) 68 | } 69 | 70 | // Lists the names of all technologies excluded from a context 71 | func (c Context) ExcludedTechnologyList(contextname string) (map[string]interface{}, error) { 72 | m := map[string]string{ 73 | "contextName": contextname, 74 | } 75 | return c.c.Request("context/view/excludedTechnologyList/", m) 76 | } 77 | 78 | // Lists the URLs accessed through/by ZAP, that belong to the context with the given name. 79 | func (c Context) Urls(contextname string) (map[string]interface{}, error) { 80 | m := map[string]string{ 81 | "contextName": contextname, 82 | } 83 | return c.c.Request("context/view/urls/", m) 84 | } 85 | 86 | // Add exclude regex to context 87 | func (c Context) ExcludeFromContext(contextname string, regex string) (map[string]interface{}, error) { 88 | m := map[string]string{ 89 | "contextName": contextname, 90 | "regex": regex, 91 | } 92 | return c.c.Request("context/action/excludeFromContext/", m) 93 | } 94 | 95 | // Add include regex to context 96 | func (c Context) IncludeInContext(contextname string, regex string) (map[string]interface{}, error) { 97 | m := map[string]string{ 98 | "contextName": contextname, 99 | "regex": regex, 100 | } 101 | return c.c.Request("context/action/includeInContext/", m) 102 | } 103 | 104 | // Set the regexs to include and exclude for a context, both supplied as JSON string arrays 105 | func (c Context) SetContextRegexs(contextname string, incregexs string, excregexs string) (map[string]interface{}, error) { 106 | m := map[string]string{ 107 | "contextName": contextname, 108 | "incRegexs": incregexs, 109 | "excRegexs": excregexs, 110 | } 111 | return c.c.Request("context/action/setContextRegexs/", m) 112 | } 113 | 114 | // Set the checking strategy for a context - this defines how ZAP checks that a request is authenticated 115 | func (c Context) SetContextCheckingStrategy(contextname string, checkingstrategy string, pollurl string, polldata string, pollheaders string, pollfrequency string, pollfrequencyunits string) (map[string]interface{}, error) { 116 | m := map[string]string{ 117 | "contextName": contextname, 118 | "checkingStrategy": checkingstrategy, 119 | "pollUrl": pollurl, 120 | "pollData": polldata, 121 | "pollHeaders": pollheaders, 122 | "pollFrequency": pollfrequency, 123 | "pollFrequencyUnits": pollfrequencyunits, 124 | } 125 | return c.c.Request("context/action/setContextCheckingStrategy/", m) 126 | } 127 | 128 | // Creates a new context with the given name in the current session 129 | func (c Context) NewContext(contextname string) (map[string]interface{}, error) { 130 | m := map[string]string{ 131 | "contextName": contextname, 132 | } 133 | return c.c.Request("context/action/newContext/", m) 134 | } 135 | 136 | // Removes a context in the current session 137 | func (c Context) RemoveContext(contextname string) (map[string]interface{}, error) { 138 | m := map[string]string{ 139 | "contextName": contextname, 140 | } 141 | return c.c.Request("context/action/removeContext/", m) 142 | } 143 | 144 | // Exports the context with the given name to a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. 145 | func (c Context) ExportContext(contextname string, contextfile string) (map[string]interface{}, error) { 146 | m := map[string]string{ 147 | "contextName": contextname, 148 | "contextFile": contextfile, 149 | } 150 | return c.c.Request("context/action/exportContext/", m) 151 | } 152 | 153 | // Imports a context from a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. 154 | func (c Context) ImportContext(contextfile string) (map[string]interface{}, error) { 155 | m := map[string]string{ 156 | "contextFile": contextfile, 157 | } 158 | return c.c.Request("context/action/importContext/", m) 159 | } 160 | 161 | // Includes technologies with the given names, separated by a comma, to a context 162 | func (c Context) IncludeContextTechnologies(contextname string, technologynames string) (map[string]interface{}, error) { 163 | m := map[string]string{ 164 | "contextName": contextname, 165 | "technologyNames": technologynames, 166 | } 167 | return c.c.Request("context/action/includeContextTechnologies/", m) 168 | } 169 | 170 | // Includes all built in technologies in to a context 171 | func (c Context) IncludeAllContextTechnologies(contextname string) (map[string]interface{}, error) { 172 | m := map[string]string{ 173 | "contextName": contextname, 174 | } 175 | return c.c.Request("context/action/includeAllContextTechnologies/", m) 176 | } 177 | 178 | // Excludes technologies with the given names, separated by a comma, from a context 179 | func (c Context) ExcludeContextTechnologies(contextname string, technologynames string) (map[string]interface{}, error) { 180 | m := map[string]string{ 181 | "contextName": contextname, 182 | "technologyNames": technologynames, 183 | } 184 | return c.c.Request("context/action/excludeContextTechnologies/", m) 185 | } 186 | 187 | // Excludes all built in technologies from a context 188 | func (c Context) ExcludeAllContextTechnologies(contextname string) (map[string]interface{}, error) { 189 | m := map[string]string{ 190 | "contextName": contextname, 191 | } 192 | return c.c.Request("context/action/excludeAllContextTechnologies/", m) 193 | } 194 | 195 | // Sets a context to in scope (contexts are in scope by default) 196 | func (c Context) SetContextInScope(contextname string, booleaninscope string) (map[string]interface{}, error) { 197 | m := map[string]string{ 198 | "contextName": contextname, 199 | "booleanInScope": booleaninscope, 200 | } 201 | return c.c.Request("context/action/setContextInScope/", m) 202 | } 203 | -------------------------------------------------------------------------------- /zap/script_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | type Script struct { 25 | c *Client 26 | } 27 | 28 | // Lists the script engines available 29 | func (s Script) ListEngines() (map[string]interface{}, error) { 30 | return s.c.Request("script/view/listEngines/", nil) 31 | } 32 | 33 | // Lists the script types available. 34 | func (s Script) ListTypes() (map[string]interface{}, error) { 35 | return s.c.Request("script/view/listTypes/", nil) 36 | } 37 | 38 | // Lists the scripts available, with its engine, name, description, type and error state. 39 | func (s Script) ListScripts() (map[string]interface{}, error) { 40 | return s.c.Request("script/view/listScripts/", nil) 41 | } 42 | 43 | // Gets the value of the global variable with the given key. Returns an API error (DOES_NOT_EXIST) if no value was previously set. 44 | func (s Script) GlobalVar(varkey string) (map[string]interface{}, error) { 45 | m := map[string]string{ 46 | "varKey": varkey, 47 | } 48 | return s.c.Request("script/view/globalVar/", m) 49 | } 50 | 51 | // Gets the value (string representation) of a global custom variable. Returns an API error (DOES_NOT_EXIST) if no value was previously set. 52 | func (s Script) GlobalCustomVar(varkey string) (map[string]interface{}, error) { 53 | m := map[string]string{ 54 | "varKey": varkey, 55 | } 56 | return s.c.Request("script/view/globalCustomVar/", m) 57 | } 58 | 59 | // Gets all the global variables (key/value pairs). 60 | func (s Script) GlobalVars() (map[string]interface{}, error) { 61 | return s.c.Request("script/view/globalVars/", nil) 62 | } 63 | 64 | // Gets all the global custom variables (key/value pairs, the value is the string representation). 65 | func (s Script) GlobalCustomVars() (map[string]interface{}, error) { 66 | return s.c.Request("script/view/globalCustomVars/", nil) 67 | } 68 | 69 | // Gets the value of the variable with the given key for the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set. 70 | func (s Script) ScriptVar(scriptname string, varkey string) (map[string]interface{}, error) { 71 | m := map[string]string{ 72 | "scriptName": scriptname, 73 | "varKey": varkey, 74 | } 75 | return s.c.Request("script/view/scriptVar/", m) 76 | } 77 | 78 | // Gets the value (string representation) of a custom variable. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists or if no value was previously set. 79 | func (s Script) ScriptCustomVar(scriptname string, varkey string) (map[string]interface{}, error) { 80 | m := map[string]string{ 81 | "scriptName": scriptname, 82 | "varKey": varkey, 83 | } 84 | return s.c.Request("script/view/scriptCustomVar/", m) 85 | } 86 | 87 | // Gets all the variables (key/value pairs) of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists. 88 | func (s Script) ScriptVars(scriptname string) (map[string]interface{}, error) { 89 | m := map[string]string{ 90 | "scriptName": scriptname, 91 | } 92 | return s.c.Request("script/view/scriptVars/", m) 93 | } 94 | 95 | // Gets all the custom variables (key/value pairs, the value is the string representation) of a script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists. 96 | func (s Script) ScriptCustomVars(scriptname string) (map[string]interface{}, error) { 97 | m := map[string]string{ 98 | "scriptName": scriptname, 99 | } 100 | return s.c.Request("script/view/scriptCustomVars/", m) 101 | } 102 | 103 | // Enables the script with the given name 104 | func (s Script) Enable(scriptname string) (map[string]interface{}, error) { 105 | m := map[string]string{ 106 | "scriptName": scriptname, 107 | } 108 | return s.c.Request("script/action/enable/", m) 109 | } 110 | 111 | // Disables the script with the given name 112 | func (s Script) Disable(scriptname string) (map[string]interface{}, error) { 113 | m := map[string]string{ 114 | "scriptName": scriptname, 115 | } 116 | return s.c.Request("script/action/disable/", m) 117 | } 118 | 119 | // Loads a script into ZAP from the given local file, with the given name, type and engine, optionally with a description, and a charset name to read the script (the charset name is required if the script is not in UTF-8, for example, in ISO-8859-1). 120 | func (s Script) Load(scriptname string, scripttype string, scriptengine string, filename string, scriptdescription string, charset string) (map[string]interface{}, error) { 121 | m := map[string]string{ 122 | "scriptName": scriptname, 123 | "scriptType": scripttype, 124 | "scriptEngine": scriptengine, 125 | "fileName": filename, 126 | "scriptDescription": scriptdescription, 127 | "charset": charset, 128 | } 129 | return s.c.Request("script/action/load/", m) 130 | } 131 | 132 | // Removes the script with the given name 133 | func (s Script) Remove(scriptname string) (map[string]interface{}, error) { 134 | m := map[string]string{ 135 | "scriptName": scriptname, 136 | } 137 | return s.c.Request("script/action/remove/", m) 138 | } 139 | 140 | // Runs the stand alone script with the given name 141 | func (s Script) RunStandAloneScript(scriptname string) (map[string]interface{}, error) { 142 | m := map[string]string{ 143 | "scriptName": scriptname, 144 | } 145 | return s.c.Request("script/action/runStandAloneScript/", m) 146 | } 147 | 148 | // Clears the global variable with the given key. 149 | func (s Script) ClearGlobalVar(varkey string) (map[string]interface{}, error) { 150 | m := map[string]string{ 151 | "varKey": varkey, 152 | } 153 | return s.c.Request("script/action/clearGlobalVar/", m) 154 | } 155 | 156 | // Clears a global custom variable. 157 | func (s Script) ClearGlobalCustomVar(varkey string) (map[string]interface{}, error) { 158 | m := map[string]string{ 159 | "varKey": varkey, 160 | } 161 | return s.c.Request("script/action/clearGlobalCustomVar/", m) 162 | } 163 | 164 | // Clears the global variables. 165 | func (s Script) ClearGlobalVars() (map[string]interface{}, error) { 166 | return s.c.Request("script/action/clearGlobalVars/", nil) 167 | } 168 | 169 | // Clears the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists. 170 | func (s Script) ClearScriptVar(scriptname string, varkey string) (map[string]interface{}, error) { 171 | m := map[string]string{ 172 | "scriptName": scriptname, 173 | "varKey": varkey, 174 | } 175 | return s.c.Request("script/action/clearScriptVar/", m) 176 | } 177 | 178 | // Clears a script custom variable. 179 | func (s Script) ClearScriptCustomVar(scriptname string, varkey string) (map[string]interface{}, error) { 180 | m := map[string]string{ 181 | "scriptName": scriptname, 182 | "varKey": varkey, 183 | } 184 | return s.c.Request("script/action/clearScriptCustomVar/", m) 185 | } 186 | 187 | // Clears the variables of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists. 188 | func (s Script) ClearScriptVars(scriptname string) (map[string]interface{}, error) { 189 | m := map[string]string{ 190 | "scriptName": scriptname, 191 | } 192 | return s.c.Request("script/action/clearScriptVars/", m) 193 | } 194 | 195 | // Sets the value of the variable with the given key of the given script. Returns an API error (DOES_NOT_EXIST) if no script with the given name exists. 196 | func (s Script) SetScriptVar(scriptname string, varkey string, varvalue string) (map[string]interface{}, error) { 197 | m := map[string]string{ 198 | "scriptName": scriptname, 199 | "varKey": varkey, 200 | "varValue": varvalue, 201 | } 202 | return s.c.Request("script/action/setScriptVar/", m) 203 | } 204 | 205 | // Sets the value of the global variable with the given key. 206 | func (s Script) SetGlobalVar(varkey string, varvalue string) (map[string]interface{}, error) { 207 | m := map[string]string{ 208 | "varKey": varkey, 209 | "varValue": varvalue, 210 | } 211 | return s.c.Request("script/action/setGlobalVar/", m) 212 | } 213 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /zap/ajax-spider_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2017 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | import "strconv" 25 | 26 | type AjaxSpider struct { 27 | c *Client 28 | } 29 | 30 | // Gets the allowed resources. The allowed resources are always fetched even if out of scope, allowing to include necessary resources (e.g. scripts) from 3rd-parties. 31 | // 32 | // This component is optional and therefore the API will only work if it is installed 33 | func (a AjaxSpider) AllowedResources() (map[string]interface{}, error) { 34 | return a.c.Request("ajaxSpider/view/allowedResources/", nil) 35 | } 36 | 37 | // Gets the current status of the crawler. Actual values are Stopped and Running. 38 | // 39 | // This component is optional and therefore the API will only work if it is installed 40 | func (a AjaxSpider) Status() (map[string]interface{}, error) { 41 | return a.c.Request("ajaxSpider/view/status/", nil) 42 | } 43 | 44 | // Gets the current results of the crawler. 45 | // 46 | // This component is optional and therefore the API will only work if it is installed 47 | func (a AjaxSpider) Results(start string, count string) (map[string]interface{}, error) { 48 | m := map[string]string{ 49 | "start": start, 50 | "count": count, 51 | } 52 | return a.c.Request("ajaxSpider/view/results/", m) 53 | } 54 | 55 | // Gets the number of resources found. 56 | // 57 | // This component is optional and therefore the API will only work if it is installed 58 | func (a AjaxSpider) NumberOfResults() (map[string]interface{}, error) { 59 | return a.c.Request("ajaxSpider/view/numberOfResults/", nil) 60 | } 61 | 62 | // Gets the full crawled content detected by the AJAX Spider. Returns a set of values based on 'inScope' URLs, 'outOfScope' URLs, and 'errors' encountered during the last/current run of the AJAX Spider. 63 | // 64 | // This component is optional and therefore the API will only work if it is installed 65 | func (a AjaxSpider) FullResults() (map[string]interface{}, error) { 66 | return a.c.Request("ajaxSpider/view/fullResults/", nil) 67 | } 68 | 69 | // Gets the configured browser to use for crawling. 70 | // 71 | // This component is optional and therefore the API will only work if it is installed 72 | func (a AjaxSpider) OptionBrowserId() (map[string]interface{}, error) { 73 | return a.c.Request("ajaxSpider/view/optionBrowserId/", nil) 74 | } 75 | 76 | // Gets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc. 77 | // 78 | // This component is optional and therefore the API will only work if it is installed 79 | func (a AjaxSpider) OptionEventWait() (map[string]interface{}, error) { 80 | return a.c.Request("ajaxSpider/view/optionEventWait/", nil) 81 | } 82 | 83 | // Gets the configured value for the max crawl depth. 84 | // 85 | // This component is optional and therefore the API will only work if it is installed 86 | func (a AjaxSpider) OptionMaxCrawlDepth() (map[string]interface{}, error) { 87 | return a.c.Request("ajaxSpider/view/optionMaxCrawlDepth/", nil) 88 | } 89 | 90 | // Gets the configured value for the maximum crawl states allowed. 91 | // 92 | // This component is optional and therefore the API will only work if it is installed 93 | func (a AjaxSpider) OptionMaxCrawlStates() (map[string]interface{}, error) { 94 | return a.c.Request("ajaxSpider/view/optionMaxCrawlStates/", nil) 95 | } 96 | 97 | // Gets the configured max duration of the crawl, the value is in minutes. 98 | // 99 | // This component is optional and therefore the API will only work if it is installed 100 | func (a AjaxSpider) OptionMaxDuration() (map[string]interface{}, error) { 101 | return a.c.Request("ajaxSpider/view/optionMaxDuration/", nil) 102 | } 103 | 104 | // Gets the configured number of browsers to be used. 105 | // 106 | // This component is optional and therefore the API will only work if it is installed 107 | func (a AjaxSpider) OptionNumberOfBrowsers() (map[string]interface{}, error) { 108 | return a.c.Request("ajaxSpider/view/optionNumberOfBrowsers/", nil) 109 | } 110 | 111 | // Gets the configured time to wait after reloading the page, this value is in milliseconds. 112 | // 113 | // This component is optional and therefore the API will only work if it is installed 114 | func (a AjaxSpider) OptionReloadWait() (map[string]interface{}, error) { 115 | return a.c.Request("ajaxSpider/view/optionReloadWait/", nil) 116 | } 117 | 118 | // Gets the configured value for 'Click Default Elements Only', HTML elements such as 'a', 'button', 'input', all associated with some action or links on the page. 119 | // 120 | // This component is optional and therefore the API will only work if it is installed 121 | func (a AjaxSpider) OptionClickDefaultElems() (map[string]interface{}, error) { 122 | return a.c.Request("ajaxSpider/view/optionClickDefaultElems/", nil) 123 | } 124 | 125 | // Gets the value configured for the AJAX Spider to know if it should click on the elements only once. 126 | // 127 | // This component is optional and therefore the API will only work if it is installed 128 | func (a AjaxSpider) OptionClickElemsOnce() (map[string]interface{}, error) { 129 | return a.c.Request("ajaxSpider/view/optionClickElemsOnce/", nil) 130 | } 131 | 132 | // Gets if the AJAX Spider will use random values in form fields when crawling, if set to true. 133 | // 134 | // This component is optional and therefore the API will only work if it is installed 135 | func (a AjaxSpider) OptionRandomInputs() (map[string]interface{}, error) { 136 | return a.c.Request("ajaxSpider/view/optionRandomInputs/", nil) 137 | } 138 | 139 | // Runs the AJAX Spider against a given target. 140 | // 141 | // This component is optional and therefore the API will only work if it is installed 142 | func (a AjaxSpider) Scan(url string, inscope string, contextname string, subtreeonly string) (map[string]interface{}, error) { 143 | m := map[string]string{ 144 | "url": url, 145 | "inScope": inscope, 146 | "contextName": contextname, 147 | "subtreeOnly": subtreeonly, 148 | } 149 | return a.c.Request("ajaxSpider/action/scan/", m) 150 | } 151 | 152 | // Runs the AJAX Spider from the perspective of a User of the web application. 153 | // 154 | // This component is optional and therefore the API will only work if it is installed 155 | func (a AjaxSpider) ScanAsUser(contextname string, username string, url string, subtreeonly string) (map[string]interface{}, error) { 156 | m := map[string]string{ 157 | "contextName": contextname, 158 | "userName": username, 159 | "url": url, 160 | "subtreeOnly": subtreeonly, 161 | } 162 | return a.c.Request("ajaxSpider/action/scanAsUser/", m) 163 | } 164 | 165 | // Stops the AJAX Spider. 166 | // 167 | // This component is optional and therefore the API will only work if it is installed 168 | func (a AjaxSpider) Stop() (map[string]interface{}, error) { 169 | return a.c.Request("ajaxSpider/action/stop/", nil) 170 | } 171 | 172 | // Adds an allowed resource. 173 | // 174 | // This component is optional and therefore the API will only work if it is installed 175 | func (a AjaxSpider) AddAllowedResource(regex string, enabled string) (map[string]interface{}, error) { 176 | m := map[string]string{ 177 | "regex": regex, 178 | "enabled": enabled, 179 | } 180 | return a.c.Request("ajaxSpider/action/addAllowedResource/", m) 181 | } 182 | 183 | // Removes an allowed resource. 184 | // 185 | // This component is optional and therefore the API will only work if it is installed 186 | func (a AjaxSpider) RemoveAllowedResource(regex string) (map[string]interface{}, error) { 187 | m := map[string]string{ 188 | "regex": regex, 189 | } 190 | return a.c.Request("ajaxSpider/action/removeAllowedResource/", m) 191 | } 192 | 193 | // Sets whether or not an allowed resource is enabled. 194 | // 195 | // This component is optional and therefore the API will only work if it is installed 196 | func (a AjaxSpider) SetEnabledAllowedResource(regex string, enabled string) (map[string]interface{}, error) { 197 | m := map[string]string{ 198 | "regex": regex, 199 | "enabled": enabled, 200 | } 201 | return a.c.Request("ajaxSpider/action/setEnabledAllowedResource/", m) 202 | } 203 | 204 | // Sets the configuration of the AJAX Spider to use one of the supported browsers. 205 | // 206 | // This component is optional and therefore the API will only work if it is installed 207 | func (a AjaxSpider) SetOptionBrowserId(str string) (map[string]interface{}, error) { 208 | m := map[string]string{ 209 | "String": str, 210 | } 211 | return a.c.Request("ajaxSpider/action/setOptionBrowserId/", m) 212 | } 213 | 214 | // Sets whether or not the the AJAX Spider will only click on the default HTML elements. 215 | // 216 | // This component is optional and therefore the API will only work if it is installed 217 | func (a AjaxSpider) SetOptionClickDefaultElems(boolean bool) (map[string]interface{}, error) { 218 | m := map[string]string{ 219 | "Boolean": strconv.FormatBool(boolean), 220 | } 221 | return a.c.Request("ajaxSpider/action/setOptionClickDefaultElems/", m) 222 | } 223 | 224 | // When enabled, the crawler attempts to interact with each element (e.g., by clicking) only once. 225 | // 226 | // This component is optional and therefore the API will only work if it is installed 227 | func (a AjaxSpider) SetOptionClickElemsOnce(boolean bool) (map[string]interface{}, error) { 228 | m := map[string]string{ 229 | "Boolean": strconv.FormatBool(boolean), 230 | } 231 | return a.c.Request("ajaxSpider/action/setOptionClickElemsOnce/", m) 232 | } 233 | 234 | // Sets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc. 235 | // 236 | // This component is optional and therefore the API will only work if it is installed 237 | func (a AjaxSpider) SetOptionEventWait(i int) (map[string]interface{}, error) { 238 | m := map[string]string{ 239 | "Integer": strconv.Itoa(i), 240 | } 241 | return a.c.Request("ajaxSpider/action/setOptionEventWait/", m) 242 | } 243 | 244 | // Sets the maximum depth that the crawler can reach. 245 | // 246 | // This component is optional and therefore the API will only work if it is installed 247 | func (a AjaxSpider) SetOptionMaxCrawlDepth(i int) (map[string]interface{}, error) { 248 | m := map[string]string{ 249 | "Integer": strconv.Itoa(i), 250 | } 251 | return a.c.Request("ajaxSpider/action/setOptionMaxCrawlDepth/", m) 252 | } 253 | 254 | // Sets the maximum number of states that the crawler should crawl. 255 | // 256 | // This component is optional and therefore the API will only work if it is installed 257 | func (a AjaxSpider) SetOptionMaxCrawlStates(i int) (map[string]interface{}, error) { 258 | m := map[string]string{ 259 | "Integer": strconv.Itoa(i), 260 | } 261 | return a.c.Request("ajaxSpider/action/setOptionMaxCrawlStates/", m) 262 | } 263 | 264 | // The maximum time that the crawler is allowed to run. 265 | // 266 | // This component is optional and therefore the API will only work if it is installed 267 | func (a AjaxSpider) SetOptionMaxDuration(i int) (map[string]interface{}, error) { 268 | m := map[string]string{ 269 | "Integer": strconv.Itoa(i), 270 | } 271 | return a.c.Request("ajaxSpider/action/setOptionMaxDuration/", m) 272 | } 273 | 274 | // Sets the number of windows to be used by AJAX Spider. 275 | // 276 | // This component is optional and therefore the API will only work if it is installed 277 | func (a AjaxSpider) SetOptionNumberOfBrowsers(i int) (map[string]interface{}, error) { 278 | m := map[string]string{ 279 | "Integer": strconv.Itoa(i), 280 | } 281 | return a.c.Request("ajaxSpider/action/setOptionNumberOfBrowsers/", m) 282 | } 283 | 284 | // When enabled, inserts random values into form fields. 285 | // 286 | // This component is optional and therefore the API will only work if it is installed 287 | func (a AjaxSpider) SetOptionRandomInputs(boolean bool) (map[string]interface{}, error) { 288 | m := map[string]string{ 289 | "Boolean": strconv.FormatBool(boolean), 290 | } 291 | return a.c.Request("ajaxSpider/action/setOptionRandomInputs/", m) 292 | } 293 | 294 | // Sets the time to wait after the page is loaded before interacting with it. 295 | // 296 | // This component is optional and therefore the API will only work if it is installed 297 | func (a AjaxSpider) SetOptionReloadWait(i int) (map[string]interface{}, error) { 298 | m := map[string]string{ 299 | "Integer": strconv.Itoa(i), 300 | } 301 | return a.c.Request("ajaxSpider/action/setOptionReloadWait/", m) 302 | } 303 | -------------------------------------------------------------------------------- /zap/spider_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | import "strconv" 25 | 26 | type Spider struct { 27 | c *Client 28 | } 29 | 30 | func (s Spider) Status(scanid string) (map[string]interface{}, error) { 31 | m := map[string]string{ 32 | "scanId": scanid, 33 | } 34 | return s.c.Request("spider/view/status/", m) 35 | } 36 | 37 | func (s Spider) Results(scanid string) (map[string]interface{}, error) { 38 | m := map[string]string{ 39 | "scanId": scanid, 40 | } 41 | return s.c.Request("spider/view/results/", m) 42 | } 43 | 44 | func (s Spider) FullResults(scanid string) (map[string]interface{}, error) { 45 | m := map[string]string{ 46 | "scanId": scanid, 47 | } 48 | return s.c.Request("spider/view/fullResults/", m) 49 | } 50 | 51 | func (s Spider) Scans() (map[string]interface{}, error) { 52 | return s.c.Request("spider/view/scans/", nil) 53 | } 54 | 55 | // Gets the regexes of URLs excluded from the spider scans. 56 | func (s Spider) ExcludedFromScan() (map[string]interface{}, error) { 57 | return s.c.Request("spider/view/excludedFromScan/", nil) 58 | } 59 | 60 | // Returns a list of unique URLs from the history table based on HTTP messages added by the Spider. 61 | func (s Spider) AllUrls() (map[string]interface{}, error) { 62 | return s.c.Request("spider/view/allUrls/", nil) 63 | } 64 | 65 | // Returns a list of the names of the nodes added to the Sites tree by the specified scan. 66 | func (s Spider) AddedNodes(scanid string) (map[string]interface{}, error) { 67 | m := map[string]string{ 68 | "scanId": scanid, 69 | } 70 | return s.c.Request("spider/view/addedNodes/", m) 71 | } 72 | 73 | // Gets all the domains that are always in scope. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex. 74 | func (s Spider) DomainsAlwaysInScope() (map[string]interface{}, error) { 75 | return s.c.Request("spider/view/domainsAlwaysInScope/", nil) 76 | } 77 | 78 | // Use view domainsAlwaysInScope instead. 79 | func (s Spider) OptionDomainsAlwaysInScope() (map[string]interface{}, error) { 80 | return s.c.Request("spider/view/optionDomainsAlwaysInScope/", nil) 81 | } 82 | 83 | // Use view domainsAlwaysInScope instead. 84 | func (s Spider) OptionDomainsAlwaysInScopeEnabled() (map[string]interface{}, error) { 85 | return s.c.Request("spider/view/optionDomainsAlwaysInScopeEnabled/", nil) 86 | } 87 | 88 | func (s Spider) OptionHandleParameters() (map[string]interface{}, error) { 89 | return s.c.Request("spider/view/optionHandleParameters/", nil) 90 | } 91 | 92 | // Gets the maximum number of child nodes (per node) that can be crawled, 0 means no limit. 93 | func (s Spider) OptionMaxChildren() (map[string]interface{}, error) { 94 | return s.c.Request("spider/view/optionMaxChildren/", nil) 95 | } 96 | 97 | // Gets the maximum depth the spider can crawl, 0 if unlimited. 98 | func (s Spider) OptionMaxDepth() (map[string]interface{}, error) { 99 | return s.c.Request("spider/view/optionMaxDepth/", nil) 100 | } 101 | 102 | func (s Spider) OptionMaxDuration() (map[string]interface{}, error) { 103 | return s.c.Request("spider/view/optionMaxDuration/", nil) 104 | } 105 | 106 | // Gets the maximum size, in bytes, that a response might have to be parsed. 107 | func (s Spider) OptionMaxParseSizeBytes() (map[string]interface{}, error) { 108 | return s.c.Request("spider/view/optionMaxParseSizeBytes/", nil) 109 | } 110 | 111 | func (s Spider) OptionMaxScansInUI() (map[string]interface{}, error) { 112 | return s.c.Request("spider/view/optionMaxScansInUI/", nil) 113 | } 114 | 115 | func (s Spider) OptionRequestWaitTime() (map[string]interface{}, error) { 116 | return s.c.Request("spider/view/optionRequestWaitTime/", nil) 117 | } 118 | 119 | func (s Spider) OptionScope() (map[string]interface{}, error) { 120 | return s.c.Request("spider/view/optionScope/", nil) 121 | } 122 | 123 | func (s Spider) OptionScopeText() (map[string]interface{}, error) { 124 | return s.c.Request("spider/view/optionScopeText/", nil) 125 | } 126 | 127 | func (s Spider) OptionSkipURLString() (map[string]interface{}, error) { 128 | return s.c.Request("spider/view/optionSkipURLString/", nil) 129 | } 130 | 131 | func (s Spider) OptionThreadCount() (map[string]interface{}, error) { 132 | return s.c.Request("spider/view/optionThreadCount/", nil) 133 | } 134 | 135 | func (s Spider) OptionUserAgent() (map[string]interface{}, error) { 136 | return s.c.Request("spider/view/optionUserAgent/", nil) 137 | } 138 | 139 | // Gets whether or not a spider process should accept cookies while spidering. 140 | func (s Spider) OptionAcceptCookies() (map[string]interface{}, error) { 141 | return s.c.Request("spider/view/optionAcceptCookies/", nil) 142 | } 143 | 144 | func (s Spider) OptionHandleODataParametersVisited() (map[string]interface{}, error) { 145 | return s.c.Request("spider/view/optionHandleODataParametersVisited/", nil) 146 | } 147 | 148 | func (s Spider) OptionParseComments() (map[string]interface{}, error) { 149 | return s.c.Request("spider/view/optionParseComments/", nil) 150 | } 151 | 152 | func (s Spider) OptionParseGit() (map[string]interface{}, error) { 153 | return s.c.Request("spider/view/optionParseGit/", nil) 154 | } 155 | 156 | func (s Spider) OptionParseRobotsTxt() (map[string]interface{}, error) { 157 | return s.c.Request("spider/view/optionParseRobotsTxt/", nil) 158 | } 159 | 160 | func (s Spider) OptionParseSVNEntries() (map[string]interface{}, error) { 161 | return s.c.Request("spider/view/optionParseSVNEntries/", nil) 162 | } 163 | 164 | func (s Spider) OptionParseSitemapXml() (map[string]interface{}, error) { 165 | return s.c.Request("spider/view/optionParseSitemapXml/", nil) 166 | } 167 | 168 | func (s Spider) OptionPostForm() (map[string]interface{}, error) { 169 | return s.c.Request("spider/view/optionPostForm/", nil) 170 | } 171 | 172 | func (s Spider) OptionProcessForm() (map[string]interface{}, error) { 173 | return s.c.Request("spider/view/optionProcessForm/", nil) 174 | } 175 | 176 | // Gets whether or not the 'Referer' header should be sent while spidering. 177 | func (s Spider) OptionSendRefererHeader() (map[string]interface{}, error) { 178 | return s.c.Request("spider/view/optionSendRefererHeader/", nil) 179 | } 180 | 181 | func (s Spider) OptionShowAdvancedDialog() (map[string]interface{}, error) { 182 | return s.c.Request("spider/view/optionShowAdvancedDialog/", nil) 183 | } 184 | 185 | // Runs the spider against the given URL (or context). Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned, the 'recurse' parameter can be used to prevent the spider from seeding recursively, the parameter 'contextName' can be used to constrain the scan to a Context and the parameter 'subtreeOnly' allows to restrict the spider under a site's subtree (using the specified 'url'). 186 | func (s Spider) Scan(url string, maxchildren string, recurse string, contextname string, subtreeonly string) (map[string]interface{}, error) { 187 | m := map[string]string{ 188 | "url": url, 189 | "maxChildren": maxchildren, 190 | "recurse": recurse, 191 | "contextName": contextname, 192 | "subtreeOnly": subtreeonly, 193 | } 194 | return s.c.Request("spider/action/scan/", m) 195 | } 196 | 197 | // Runs the spider from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details. 198 | func (s Spider) ScanAsUser(contextid string, userid string, url string, maxchildren string, recurse string, subtreeonly string) (map[string]interface{}, error) { 199 | m := map[string]string{ 200 | "contextId": contextid, 201 | "userId": userid, 202 | "url": url, 203 | "maxChildren": maxchildren, 204 | "recurse": recurse, 205 | "subtreeOnly": subtreeonly, 206 | } 207 | return s.c.Request("spider/action/scanAsUser/", m) 208 | } 209 | 210 | func (s Spider) Pause(scanid string) (map[string]interface{}, error) { 211 | m := map[string]string{ 212 | "scanId": scanid, 213 | } 214 | return s.c.Request("spider/action/pause/", m) 215 | } 216 | 217 | func (s Spider) Resume(scanid string) (map[string]interface{}, error) { 218 | m := map[string]string{ 219 | "scanId": scanid, 220 | } 221 | return s.c.Request("spider/action/resume/", m) 222 | } 223 | 224 | func (s Spider) Stop(scanid string) (map[string]interface{}, error) { 225 | m := map[string]string{ 226 | "scanId": scanid, 227 | } 228 | return s.c.Request("spider/action/stop/", m) 229 | } 230 | 231 | func (s Spider) RemoveScan(scanid string) (map[string]interface{}, error) { 232 | m := map[string]string{ 233 | "scanId": scanid, 234 | } 235 | return s.c.Request("spider/action/removeScan/", m) 236 | } 237 | 238 | func (s Spider) PauseAllScans() (map[string]interface{}, error) { 239 | return s.c.Request("spider/action/pauseAllScans/", nil) 240 | } 241 | 242 | func (s Spider) ResumeAllScans() (map[string]interface{}, error) { 243 | return s.c.Request("spider/action/resumeAllScans/", nil) 244 | } 245 | 246 | func (s Spider) StopAllScans() (map[string]interface{}, error) { 247 | return s.c.Request("spider/action/stopAllScans/", nil) 248 | } 249 | 250 | func (s Spider) RemoveAllScans() (map[string]interface{}, error) { 251 | return s.c.Request("spider/action/removeAllScans/", nil) 252 | } 253 | 254 | // Clears the regexes of URLs excluded from the spider scans. 255 | func (s Spider) ClearExcludedFromScan() (map[string]interface{}, error) { 256 | return s.c.Request("spider/action/clearExcludedFromScan/", nil) 257 | } 258 | 259 | // Adds a regex of URLs that should be excluded from the spider scans. 260 | func (s Spider) ExcludeFromScan(regex string) (map[string]interface{}, error) { 261 | m := map[string]string{ 262 | "regex": regex, 263 | } 264 | return s.c.Request("spider/action/excludeFromScan/", m) 265 | } 266 | 267 | // Adds a new domain that's always in scope, using the specified value. Optionally sets if the new entry is enabled (default, true) and whether or not the new value is specified as a regex (default, false). 268 | func (s Spider) AddDomainAlwaysInScope(value string, isregex string, isenabled string) (map[string]interface{}, error) { 269 | m := map[string]string{ 270 | "value": value, 271 | "isRegex": isregex, 272 | "isEnabled": isenabled, 273 | } 274 | return s.c.Request("spider/action/addDomainAlwaysInScope/", m) 275 | } 276 | 277 | // Modifies a domain that's always in scope. Allows to modify the value, if enabled or if a regex. The domain is selected with its index, which can be obtained with the view domainsAlwaysInScope. 278 | func (s Spider) ModifyDomainAlwaysInScope(idx string, value string, isregex string, isenabled string) (map[string]interface{}, error) { 279 | m := map[string]string{ 280 | "idx": idx, 281 | "value": value, 282 | "isRegex": isregex, 283 | "isEnabled": isenabled, 284 | } 285 | return s.c.Request("spider/action/modifyDomainAlwaysInScope/", m) 286 | } 287 | 288 | // Removes a domain that's always in scope, with the given index. The index can be obtained with the view domainsAlwaysInScope. 289 | func (s Spider) RemoveDomainAlwaysInScope(idx string) (map[string]interface{}, error) { 290 | m := map[string]string{ 291 | "idx": idx, 292 | } 293 | return s.c.Request("spider/action/removeDomainAlwaysInScope/", m) 294 | } 295 | 296 | // Enables all domains that are always in scope. 297 | func (s Spider) EnableAllDomainsAlwaysInScope() (map[string]interface{}, error) { 298 | return s.c.Request("spider/action/enableAllDomainsAlwaysInScope/", nil) 299 | } 300 | 301 | // Disables all domains that are always in scope. 302 | func (s Spider) DisableAllDomainsAlwaysInScope() (map[string]interface{}, error) { 303 | return s.c.Request("spider/action/disableAllDomainsAlwaysInScope/", nil) 304 | } 305 | 306 | func (s Spider) SetOptionHandleParameters(str string) (map[string]interface{}, error) { 307 | m := map[string]string{ 308 | "String": str, 309 | } 310 | return s.c.Request("spider/action/setOptionHandleParameters/", m) 311 | } 312 | 313 | // Use actions [add|modify|remove]DomainAlwaysInScope instead. 314 | func (s Spider) SetOptionScopeString(str string) (map[string]interface{}, error) { 315 | m := map[string]string{ 316 | "String": str, 317 | } 318 | return s.c.Request("spider/action/setOptionScopeString/", m) 319 | } 320 | 321 | func (s Spider) SetOptionSkipURLString(str string) (map[string]interface{}, error) { 322 | m := map[string]string{ 323 | "String": str, 324 | } 325 | return s.c.Request("spider/action/setOptionSkipURLString/", m) 326 | } 327 | 328 | func (s Spider) SetOptionUserAgent(str string) (map[string]interface{}, error) { 329 | m := map[string]string{ 330 | "String": str, 331 | } 332 | return s.c.Request("spider/action/setOptionUserAgent/", m) 333 | } 334 | 335 | // Sets whether or not a spider process should accept cookies while spidering. 336 | func (s Spider) SetOptionAcceptCookies(boolean bool) (map[string]interface{}, error) { 337 | m := map[string]string{ 338 | "Boolean": strconv.FormatBool(boolean), 339 | } 340 | return s.c.Request("spider/action/setOptionAcceptCookies/", m) 341 | } 342 | 343 | func (s Spider) SetOptionHandleODataParametersVisited(boolean bool) (map[string]interface{}, error) { 344 | m := map[string]string{ 345 | "Boolean": strconv.FormatBool(boolean), 346 | } 347 | return s.c.Request("spider/action/setOptionHandleODataParametersVisited/", m) 348 | } 349 | 350 | // Sets the maximum number of child nodes (per node) that can be crawled, 0 means no limit. 351 | func (s Spider) SetOptionMaxChildren(i int) (map[string]interface{}, error) { 352 | m := map[string]string{ 353 | "Integer": strconv.Itoa(i), 354 | } 355 | return s.c.Request("spider/action/setOptionMaxChildren/", m) 356 | } 357 | 358 | // Sets the maximum depth the spider can crawl, 0 for unlimited depth. 359 | func (s Spider) SetOptionMaxDepth(i int) (map[string]interface{}, error) { 360 | m := map[string]string{ 361 | "Integer": strconv.Itoa(i), 362 | } 363 | return s.c.Request("spider/action/setOptionMaxDepth/", m) 364 | } 365 | 366 | func (s Spider) SetOptionMaxDuration(i int) (map[string]interface{}, error) { 367 | m := map[string]string{ 368 | "Integer": strconv.Itoa(i), 369 | } 370 | return s.c.Request("spider/action/setOptionMaxDuration/", m) 371 | } 372 | 373 | // Sets the maximum size, in bytes, that a response might have to be parsed. This allows the spider to skip big responses/files. 374 | func (s Spider) SetOptionMaxParseSizeBytes(i int) (map[string]interface{}, error) { 375 | m := map[string]string{ 376 | "Integer": strconv.Itoa(i), 377 | } 378 | return s.c.Request("spider/action/setOptionMaxParseSizeBytes/", m) 379 | } 380 | 381 | func (s Spider) SetOptionMaxScansInUI(i int) (map[string]interface{}, error) { 382 | m := map[string]string{ 383 | "Integer": strconv.Itoa(i), 384 | } 385 | return s.c.Request("spider/action/setOptionMaxScansInUI/", m) 386 | } 387 | 388 | func (s Spider) SetOptionParseComments(boolean bool) (map[string]interface{}, error) { 389 | m := map[string]string{ 390 | "Boolean": strconv.FormatBool(boolean), 391 | } 392 | return s.c.Request("spider/action/setOptionParseComments/", m) 393 | } 394 | 395 | func (s Spider) SetOptionParseGit(boolean bool) (map[string]interface{}, error) { 396 | m := map[string]string{ 397 | "Boolean": strconv.FormatBool(boolean), 398 | } 399 | return s.c.Request("spider/action/setOptionParseGit/", m) 400 | } 401 | 402 | func (s Spider) SetOptionParseRobotsTxt(boolean bool) (map[string]interface{}, error) { 403 | m := map[string]string{ 404 | "Boolean": strconv.FormatBool(boolean), 405 | } 406 | return s.c.Request("spider/action/setOptionParseRobotsTxt/", m) 407 | } 408 | 409 | func (s Spider) SetOptionParseSVNEntries(boolean bool) (map[string]interface{}, error) { 410 | m := map[string]string{ 411 | "Boolean": strconv.FormatBool(boolean), 412 | } 413 | return s.c.Request("spider/action/setOptionParseSVNEntries/", m) 414 | } 415 | 416 | func (s Spider) SetOptionParseSitemapXml(boolean bool) (map[string]interface{}, error) { 417 | m := map[string]string{ 418 | "Boolean": strconv.FormatBool(boolean), 419 | } 420 | return s.c.Request("spider/action/setOptionParseSitemapXml/", m) 421 | } 422 | 423 | func (s Spider) SetOptionPostForm(boolean bool) (map[string]interface{}, error) { 424 | m := map[string]string{ 425 | "Boolean": strconv.FormatBool(boolean), 426 | } 427 | return s.c.Request("spider/action/setOptionPostForm/", m) 428 | } 429 | 430 | func (s Spider) SetOptionProcessForm(boolean bool) (map[string]interface{}, error) { 431 | m := map[string]string{ 432 | "Boolean": strconv.FormatBool(boolean), 433 | } 434 | return s.c.Request("spider/action/setOptionProcessForm/", m) 435 | } 436 | 437 | func (s Spider) SetOptionRequestWaitTime(i int) (map[string]interface{}, error) { 438 | m := map[string]string{ 439 | "Integer": strconv.Itoa(i), 440 | } 441 | return s.c.Request("spider/action/setOptionRequestWaitTime/", m) 442 | } 443 | 444 | // Sets whether or not the 'Referer' header should be sent while spidering. 445 | func (s Spider) SetOptionSendRefererHeader(boolean bool) (map[string]interface{}, error) { 446 | m := map[string]string{ 447 | "Boolean": strconv.FormatBool(boolean), 448 | } 449 | return s.c.Request("spider/action/setOptionSendRefererHeader/", m) 450 | } 451 | 452 | func (s Spider) SetOptionShowAdvancedDialog(boolean bool) (map[string]interface{}, error) { 453 | m := map[string]string{ 454 | "Boolean": strconv.FormatBool(boolean), 455 | } 456 | return s.c.Request("spider/action/setOptionShowAdvancedDialog/", m) 457 | } 458 | 459 | func (s Spider) SetOptionThreadCount(i int) (map[string]interface{}, error) { 460 | m := map[string]string{ 461 | "Integer": strconv.Itoa(i), 462 | } 463 | return s.c.Request("spider/action/setOptionThreadCount/", m) 464 | } 465 | -------------------------------------------------------------------------------- /zap/ascan_generated.go: -------------------------------------------------------------------------------- 1 | // Zed Attack Proxy (ZAP) and its related class files. 2 | // 3 | // ZAP is an HTTP/HTTPS proxy for assessing web application security. 4 | // 5 | // Copyright 2022 the ZAP development team 6 | // 7 | // Licensed under the Apache License, Version 2.0 (the "License"); 8 | // you may not use this file except in compliance with the License. 9 | // You may obtain a copy of the License at 10 | // 11 | // http://www.apache.org/licenses/LICENSE-2.0 12 | // 13 | // Unless required by applicable law or agreed to in writing, software 14 | // distributed under the License is distributed on an "AS IS" BASIS, 15 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | // See the License for the specific language governing permissions and 17 | // limitations under the License. 18 | // 19 | // *** This file was automatically generated. *** 20 | // 21 | 22 | package zap 23 | 24 | import "strconv" 25 | 26 | type Ascan struct { 27 | c *Client 28 | } 29 | 30 | func (a Ascan) Status(scanid string) (map[string]interface{}, error) { 31 | m := map[string]string{ 32 | "scanId": scanid, 33 | } 34 | return a.c.Request("ascan/view/status/", m) 35 | } 36 | 37 | func (a Ascan) ScanProgress(scanid string) (map[string]interface{}, error) { 38 | m := map[string]string{ 39 | "scanId": scanid, 40 | } 41 | return a.c.Request("ascan/view/scanProgress/", m) 42 | } 43 | 44 | // Gets the IDs of the messages sent during the scan with the given ID. A message can be obtained with 'message' core view. 45 | func (a Ascan) MessagesIds(scanid string) (map[string]interface{}, error) { 46 | m := map[string]string{ 47 | "scanId": scanid, 48 | } 49 | return a.c.Request("ascan/view/messagesIds/", m) 50 | } 51 | 52 | // Gets the IDs of the alerts raised during the scan with the given ID. An alert can be obtained with 'alert' core view. 53 | func (a Ascan) AlertsIds(scanid string) (map[string]interface{}, error) { 54 | m := map[string]string{ 55 | "scanId": scanid, 56 | } 57 | return a.c.Request("ascan/view/alertsIds/", m) 58 | } 59 | 60 | func (a Ascan) Scans() (map[string]interface{}, error) { 61 | return a.c.Request("ascan/view/scans/", nil) 62 | } 63 | 64 | func (a Ascan) ScanPolicyNames() (map[string]interface{}, error) { 65 | return a.c.Request("ascan/view/scanPolicyNames/", nil) 66 | } 67 | 68 | // Gets the regexes of URLs excluded from the active scans. 69 | func (a Ascan) ExcludedFromScan() (map[string]interface{}, error) { 70 | return a.c.Request("ascan/view/excludedFromScan/", nil) 71 | } 72 | 73 | // Gets the scanners, optionally, of the given scan policy and/or scanner policy/category ID. 74 | func (a Ascan) Scanners(scanpolicyname string, policyid string) (map[string]interface{}, error) { 75 | m := map[string]string{ 76 | "scanPolicyName": scanpolicyname, 77 | "policyId": policyid, 78 | } 79 | return a.c.Request("ascan/view/scanners/", m) 80 | } 81 | 82 | func (a Ascan) Policies(scanpolicyname string, policyid string) (map[string]interface{}, error) { 83 | m := map[string]string{ 84 | "scanPolicyName": scanpolicyname, 85 | "policyId": policyid, 86 | } 87 | return a.c.Request("ascan/view/policies/", m) 88 | } 89 | 90 | func (a Ascan) AttackModeQueue() (map[string]interface{}, error) { 91 | return a.c.Request("ascan/view/attackModeQueue/", nil) 92 | } 93 | 94 | // Gets all the parameters that are excluded. For each parameter the following are shown: the name, the URL, and the parameter type. 95 | func (a Ascan) ExcludedParams() (map[string]interface{}, error) { 96 | return a.c.Request("ascan/view/excludedParams/", nil) 97 | } 98 | 99 | // Use view excludedParams instead. 100 | func (a Ascan) OptionExcludedParamList() (map[string]interface{}, error) { 101 | return a.c.Request("ascan/view/optionExcludedParamList/", nil) 102 | } 103 | 104 | // Gets all the types of excluded parameters. For each type the following are shown: the ID and the name. 105 | func (a Ascan) ExcludedParamTypes() (map[string]interface{}, error) { 106 | return a.c.Request("ascan/view/excludedParamTypes/", nil) 107 | } 108 | 109 | func (a Ascan) OptionAttackPolicy() (map[string]interface{}, error) { 110 | return a.c.Request("ascan/view/optionAttackPolicy/", nil) 111 | } 112 | 113 | func (a Ascan) OptionDefaultPolicy() (map[string]interface{}, error) { 114 | return a.c.Request("ascan/view/optionDefaultPolicy/", nil) 115 | } 116 | 117 | func (a Ascan) OptionDelayInMs() (map[string]interface{}, error) { 118 | return a.c.Request("ascan/view/optionDelayInMs/", nil) 119 | } 120 | 121 | func (a Ascan) OptionHandleAntiCSRFTokens() (map[string]interface{}, error) { 122 | return a.c.Request("ascan/view/optionHandleAntiCSRFTokens/", nil) 123 | } 124 | 125 | func (a Ascan) OptionHostPerScan() (map[string]interface{}, error) { 126 | return a.c.Request("ascan/view/optionHostPerScan/", nil) 127 | } 128 | 129 | func (a Ascan) OptionMaxChartTimeInMins() (map[string]interface{}, error) { 130 | return a.c.Request("ascan/view/optionMaxChartTimeInMins/", nil) 131 | } 132 | 133 | func (a Ascan) OptionMaxResultsToList() (map[string]interface{}, error) { 134 | return a.c.Request("ascan/view/optionMaxResultsToList/", nil) 135 | } 136 | 137 | func (a Ascan) OptionMaxRuleDurationInMins() (map[string]interface{}, error) { 138 | return a.c.Request("ascan/view/optionMaxRuleDurationInMins/", nil) 139 | } 140 | 141 | func (a Ascan) OptionMaxScanDurationInMins() (map[string]interface{}, error) { 142 | return a.c.Request("ascan/view/optionMaxScanDurationInMins/", nil) 143 | } 144 | 145 | func (a Ascan) OptionMaxScansInUI() (map[string]interface{}, error) { 146 | return a.c.Request("ascan/view/optionMaxScansInUI/", nil) 147 | } 148 | 149 | func (a Ascan) OptionTargetParamsEnabledRPC() (map[string]interface{}, error) { 150 | return a.c.Request("ascan/view/optionTargetParamsEnabledRPC/", nil) 151 | } 152 | 153 | func (a Ascan) OptionTargetParamsInjectable() (map[string]interface{}, error) { 154 | return a.c.Request("ascan/view/optionTargetParamsInjectable/", nil) 155 | } 156 | 157 | func (a Ascan) OptionThreadPerHost() (map[string]interface{}, error) { 158 | return a.c.Request("ascan/view/optionThreadPerHost/", nil) 159 | } 160 | 161 | // Tells whether or not the active scanner should add a query parameter to GET request that don't have parameters to start with. 162 | func (a Ascan) OptionAddQueryParam() (map[string]interface{}, error) { 163 | return a.c.Request("ascan/view/optionAddQueryParam/", nil) 164 | } 165 | 166 | func (a Ascan) OptionAllowAttackOnStart() (map[string]interface{}, error) { 167 | return a.c.Request("ascan/view/optionAllowAttackOnStart/", nil) 168 | } 169 | 170 | // Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests. 171 | func (a Ascan) OptionInjectPluginIdInHeader() (map[string]interface{}, error) { 172 | return a.c.Request("ascan/view/optionInjectPluginIdInHeader/", nil) 173 | } 174 | 175 | func (a Ascan) OptionPromptInAttackMode() (map[string]interface{}, error) { 176 | return a.c.Request("ascan/view/optionPromptInAttackMode/", nil) 177 | } 178 | 179 | func (a Ascan) OptionPromptToClearFinishedScans() (map[string]interface{}, error) { 180 | return a.c.Request("ascan/view/optionPromptToClearFinishedScans/", nil) 181 | } 182 | 183 | func (a Ascan) OptionRescanInAttackMode() (map[string]interface{}, error) { 184 | return a.c.Request("ascan/view/optionRescanInAttackMode/", nil) 185 | } 186 | 187 | // Tells whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body. 188 | func (a Ascan) OptionScanHeadersAllRequests() (map[string]interface{}, error) { 189 | return a.c.Request("ascan/view/optionScanHeadersAllRequests/", nil) 190 | } 191 | 192 | // Tells whether or not the active scanner should scan null JSON values. 193 | func (a Ascan) OptionScanNullJsonValues() (map[string]interface{}, error) { 194 | return a.c.Request("ascan/view/optionScanNullJsonValues/", nil) 195 | } 196 | 197 | func (a Ascan) OptionShowAdvancedDialog() (map[string]interface{}, error) { 198 | return a.c.Request("ascan/view/optionShowAdvancedDialog/", nil) 199 | } 200 | 201 | // Runs the active scanner against the given URL and/or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if a Context is specified), the parameter 'scanPolicyName' allows to specify the scan policy (if none is given it uses the default scan policy), the parameters 'method' and 'postData' allow to select a given request in conjunction with the given URL. 202 | func (a Ascan) Scan(url string, recurse string, inscopeonly string, scanpolicyname string, method string, postdata string, contextid string) (map[string]interface{}, error) { 203 | m := map[string]string{ 204 | "url": url, 205 | "recurse": recurse, 206 | "inScopeOnly": inscopeonly, 207 | "scanPolicyName": scanpolicyname, 208 | "method": method, 209 | "postData": postdata, 210 | "contextId": contextid, 211 | } 212 | return a.c.Request("ascan/action/scan/", m) 213 | } 214 | 215 | // Active Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details. 216 | func (a Ascan) ScanAsUser(url string, contextid string, userid string, recurse string, scanpolicyname string, method string, postdata string) (map[string]interface{}, error) { 217 | m := map[string]string{ 218 | "url": url, 219 | "contextId": contextid, 220 | "userId": userid, 221 | "recurse": recurse, 222 | "scanPolicyName": scanpolicyname, 223 | "method": method, 224 | "postData": postdata, 225 | } 226 | return a.c.Request("ascan/action/scanAsUser/", m) 227 | } 228 | 229 | func (a Ascan) Pause(scanid string) (map[string]interface{}, error) { 230 | m := map[string]string{ 231 | "scanId": scanid, 232 | } 233 | return a.c.Request("ascan/action/pause/", m) 234 | } 235 | 236 | func (a Ascan) Resume(scanid string) (map[string]interface{}, error) { 237 | m := map[string]string{ 238 | "scanId": scanid, 239 | } 240 | return a.c.Request("ascan/action/resume/", m) 241 | } 242 | 243 | func (a Ascan) Stop(scanid string) (map[string]interface{}, error) { 244 | m := map[string]string{ 245 | "scanId": scanid, 246 | } 247 | return a.c.Request("ascan/action/stop/", m) 248 | } 249 | 250 | func (a Ascan) RemoveScan(scanid string) (map[string]interface{}, error) { 251 | m := map[string]string{ 252 | "scanId": scanid, 253 | } 254 | return a.c.Request("ascan/action/removeScan/", m) 255 | } 256 | 257 | func (a Ascan) PauseAllScans() (map[string]interface{}, error) { 258 | return a.c.Request("ascan/action/pauseAllScans/", nil) 259 | } 260 | 261 | func (a Ascan) ResumeAllScans() (map[string]interface{}, error) { 262 | return a.c.Request("ascan/action/resumeAllScans/", nil) 263 | } 264 | 265 | func (a Ascan) StopAllScans() (map[string]interface{}, error) { 266 | return a.c.Request("ascan/action/stopAllScans/", nil) 267 | } 268 | 269 | func (a Ascan) RemoveAllScans() (map[string]interface{}, error) { 270 | return a.c.Request("ascan/action/removeAllScans/", nil) 271 | } 272 | 273 | // Clears the regexes of URLs excluded from the active scans. 274 | func (a Ascan) ClearExcludedFromScan() (map[string]interface{}, error) { 275 | return a.c.Request("ascan/action/clearExcludedFromScan/", nil) 276 | } 277 | 278 | // Adds a regex of URLs that should be excluded from the active scans. 279 | func (a Ascan) ExcludeFromScan(regex string) (map[string]interface{}, error) { 280 | m := map[string]string{ 281 | "regex": regex, 282 | } 283 | return a.c.Request("ascan/action/excludeFromScan/", m) 284 | } 285 | 286 | // Enables all scanners of the scan policy with the given name, or the default if none given. 287 | func (a Ascan) EnableAllScanners(scanpolicyname string) (map[string]interface{}, error) { 288 | m := map[string]string{ 289 | "scanPolicyName": scanpolicyname, 290 | } 291 | return a.c.Request("ascan/action/enableAllScanners/", m) 292 | } 293 | 294 | // Disables all scanners of the scan policy with the given name, or the default if none given. 295 | func (a Ascan) DisableAllScanners(scanpolicyname string) (map[string]interface{}, error) { 296 | m := map[string]string{ 297 | "scanPolicyName": scanpolicyname, 298 | } 299 | return a.c.Request("ascan/action/disableAllScanners/", m) 300 | } 301 | 302 | // Enables the scanners with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given. 303 | func (a Ascan) EnableScanners(ids string, scanpolicyname string) (map[string]interface{}, error) { 304 | m := map[string]string{ 305 | "ids": ids, 306 | "scanPolicyName": scanpolicyname, 307 | } 308 | return a.c.Request("ascan/action/enableScanners/", m) 309 | } 310 | 311 | // Disables the scanners with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given. 312 | func (a Ascan) DisableScanners(ids string, scanpolicyname string) (map[string]interface{}, error) { 313 | m := map[string]string{ 314 | "ids": ids, 315 | "scanPolicyName": scanpolicyname, 316 | } 317 | return a.c.Request("ascan/action/disableScanners/", m) 318 | } 319 | 320 | func (a Ascan) SetEnabledPolicies(ids string, scanpolicyname string) (map[string]interface{}, error) { 321 | m := map[string]string{ 322 | "ids": ids, 323 | "scanPolicyName": scanpolicyname, 324 | } 325 | return a.c.Request("ascan/action/setEnabledPolicies/", m) 326 | } 327 | 328 | func (a Ascan) SetPolicyAttackStrength(id string, attackstrength string, scanpolicyname string) (map[string]interface{}, error) { 329 | m := map[string]string{ 330 | "id": id, 331 | "attackStrength": attackstrength, 332 | "scanPolicyName": scanpolicyname, 333 | } 334 | return a.c.Request("ascan/action/setPolicyAttackStrength/", m) 335 | } 336 | 337 | func (a Ascan) SetPolicyAlertThreshold(id string, alertthreshold string, scanpolicyname string) (map[string]interface{}, error) { 338 | m := map[string]string{ 339 | "id": id, 340 | "alertThreshold": alertthreshold, 341 | "scanPolicyName": scanpolicyname, 342 | } 343 | return a.c.Request("ascan/action/setPolicyAlertThreshold/", m) 344 | } 345 | 346 | func (a Ascan) SetScannerAttackStrength(id string, attackstrength string, scanpolicyname string) (map[string]interface{}, error) { 347 | m := map[string]string{ 348 | "id": id, 349 | "attackStrength": attackstrength, 350 | "scanPolicyName": scanpolicyname, 351 | } 352 | return a.c.Request("ascan/action/setScannerAttackStrength/", m) 353 | } 354 | 355 | func (a Ascan) SetScannerAlertThreshold(id string, alertthreshold string, scanpolicyname string) (map[string]interface{}, error) { 356 | m := map[string]string{ 357 | "id": id, 358 | "alertThreshold": alertthreshold, 359 | "scanPolicyName": scanpolicyname, 360 | } 361 | return a.c.Request("ascan/action/setScannerAlertThreshold/", m) 362 | } 363 | 364 | func (a Ascan) AddScanPolicy(scanpolicyname string, alertthreshold string, attackstrength string) (map[string]interface{}, error) { 365 | m := map[string]string{ 366 | "scanPolicyName": scanpolicyname, 367 | "alertThreshold": alertthreshold, 368 | "attackStrength": attackstrength, 369 | } 370 | return a.c.Request("ascan/action/addScanPolicy/", m) 371 | } 372 | 373 | func (a Ascan) RemoveScanPolicy(scanpolicyname string) (map[string]interface{}, error) { 374 | m := map[string]string{ 375 | "scanPolicyName": scanpolicyname, 376 | } 377 | return a.c.Request("ascan/action/removeScanPolicy/", m) 378 | } 379 | 380 | func (a Ascan) UpdateScanPolicy(scanpolicyname string, alertthreshold string, attackstrength string) (map[string]interface{}, error) { 381 | m := map[string]string{ 382 | "scanPolicyName": scanpolicyname, 383 | "alertThreshold": alertthreshold, 384 | "attackStrength": attackstrength, 385 | } 386 | return a.c.Request("ascan/action/updateScanPolicy/", m) 387 | } 388 | 389 | // Imports a Scan Policy using the given file system path. 390 | func (a Ascan) ImportScanPolicy(path string) (map[string]interface{}, error) { 391 | m := map[string]string{ 392 | "path": path, 393 | } 394 | return a.c.Request("ascan/action/importScanPolicy/", m) 395 | } 396 | 397 | // Adds a new parameter excluded from the scan, using the specified name. Optionally sets if the new entry applies to a specific URL (default, all URLs) and sets the ID of the type of the parameter (default, ID of any type). The type IDs can be obtained with the view excludedParamTypes. 398 | func (a Ascan) AddExcludedParam(name string, t string, url string) (map[string]interface{}, error) { 399 | m := map[string]string{ 400 | "name": name, 401 | "type": t, 402 | "url": url, 403 | } 404 | return a.c.Request("ascan/action/addExcludedParam/", m) 405 | } 406 | 407 | // Modifies a parameter excluded from the scan. Allows to modify the name, the URL and the type of parameter. The parameter is selected with its index, which can be obtained with the view excludedParams. 408 | func (a Ascan) ModifyExcludedParam(idx string, name string, t string, url string) (map[string]interface{}, error) { 409 | m := map[string]string{ 410 | "idx": idx, 411 | "name": name, 412 | "type": t, 413 | "url": url, 414 | } 415 | return a.c.Request("ascan/action/modifyExcludedParam/", m) 416 | } 417 | 418 | // Removes a parameter excluded from the scan, with the given index. The index can be obtained with the view excludedParams. 419 | func (a Ascan) RemoveExcludedParam(idx string) (map[string]interface{}, error) { 420 | m := map[string]string{ 421 | "idx": idx, 422 | } 423 | return a.c.Request("ascan/action/removeExcludedParam/", m) 424 | } 425 | 426 | // Skips the scanner using the given IDs of the scan and the scanner. 427 | func (a Ascan) SkipScanner(scanid string, scannerid string) (map[string]interface{}, error) { 428 | m := map[string]string{ 429 | "scanId": scanid, 430 | "scannerId": scannerid, 431 | } 432 | return a.c.Request("ascan/action/skipScanner/", m) 433 | } 434 | 435 | func (a Ascan) SetOptionAttackPolicy(str string) (map[string]interface{}, error) { 436 | m := map[string]string{ 437 | "String": str, 438 | } 439 | return a.c.Request("ascan/action/setOptionAttackPolicy/", m) 440 | } 441 | 442 | func (a Ascan) SetOptionDefaultPolicy(str string) (map[string]interface{}, error) { 443 | m := map[string]string{ 444 | "String": str, 445 | } 446 | return a.c.Request("ascan/action/setOptionDefaultPolicy/", m) 447 | } 448 | 449 | // Sets whether or not the active scanner should add a query param to GET requests which do not have parameters to start with. 450 | func (a Ascan) SetOptionAddQueryParam(boolean bool) (map[string]interface{}, error) { 451 | m := map[string]string{ 452 | "Boolean": strconv.FormatBool(boolean), 453 | } 454 | return a.c.Request("ascan/action/setOptionAddQueryParam/", m) 455 | } 456 | 457 | func (a Ascan) SetOptionAllowAttackOnStart(boolean bool) (map[string]interface{}, error) { 458 | m := map[string]string{ 459 | "Boolean": strconv.FormatBool(boolean), 460 | } 461 | return a.c.Request("ascan/action/setOptionAllowAttackOnStart/", m) 462 | } 463 | 464 | func (a Ascan) SetOptionDelayInMs(i int) (map[string]interface{}, error) { 465 | m := map[string]string{ 466 | "Integer": strconv.Itoa(i), 467 | } 468 | return a.c.Request("ascan/action/setOptionDelayInMs/", m) 469 | } 470 | 471 | func (a Ascan) SetOptionHandleAntiCSRFTokens(boolean bool) (map[string]interface{}, error) { 472 | m := map[string]string{ 473 | "Boolean": strconv.FormatBool(boolean), 474 | } 475 | return a.c.Request("ascan/action/setOptionHandleAntiCSRFTokens/", m) 476 | } 477 | 478 | func (a Ascan) SetOptionHostPerScan(i int) (map[string]interface{}, error) { 479 | m := map[string]string{ 480 | "Integer": strconv.Itoa(i), 481 | } 482 | return a.c.Request("ascan/action/setOptionHostPerScan/", m) 483 | } 484 | 485 | // Sets whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests. 486 | func (a Ascan) SetOptionInjectPluginIdInHeader(boolean bool) (map[string]interface{}, error) { 487 | m := map[string]string{ 488 | "Boolean": strconv.FormatBool(boolean), 489 | } 490 | return a.c.Request("ascan/action/setOptionInjectPluginIdInHeader/", m) 491 | } 492 | 493 | func (a Ascan) SetOptionMaxChartTimeInMins(i int) (map[string]interface{}, error) { 494 | m := map[string]string{ 495 | "Integer": strconv.Itoa(i), 496 | } 497 | return a.c.Request("ascan/action/setOptionMaxChartTimeInMins/", m) 498 | } 499 | 500 | func (a Ascan) SetOptionMaxResultsToList(i int) (map[string]interface{}, error) { 501 | m := map[string]string{ 502 | "Integer": strconv.Itoa(i), 503 | } 504 | return a.c.Request("ascan/action/setOptionMaxResultsToList/", m) 505 | } 506 | 507 | func (a Ascan) SetOptionMaxRuleDurationInMins(i int) (map[string]interface{}, error) { 508 | m := map[string]string{ 509 | "Integer": strconv.Itoa(i), 510 | } 511 | return a.c.Request("ascan/action/setOptionMaxRuleDurationInMins/", m) 512 | } 513 | 514 | func (a Ascan) SetOptionMaxScanDurationInMins(i int) (map[string]interface{}, error) { 515 | m := map[string]string{ 516 | "Integer": strconv.Itoa(i), 517 | } 518 | return a.c.Request("ascan/action/setOptionMaxScanDurationInMins/", m) 519 | } 520 | 521 | func (a Ascan) SetOptionMaxScansInUI(i int) (map[string]interface{}, error) { 522 | m := map[string]string{ 523 | "Integer": strconv.Itoa(i), 524 | } 525 | return a.c.Request("ascan/action/setOptionMaxScansInUI/", m) 526 | } 527 | 528 | func (a Ascan) SetOptionPromptInAttackMode(boolean bool) (map[string]interface{}, error) { 529 | m := map[string]string{ 530 | "Boolean": strconv.FormatBool(boolean), 531 | } 532 | return a.c.Request("ascan/action/setOptionPromptInAttackMode/", m) 533 | } 534 | 535 | func (a Ascan) SetOptionPromptToClearFinishedScans(boolean bool) (map[string]interface{}, error) { 536 | m := map[string]string{ 537 | "Boolean": strconv.FormatBool(boolean), 538 | } 539 | return a.c.Request("ascan/action/setOptionPromptToClearFinishedScans/", m) 540 | } 541 | 542 | func (a Ascan) SetOptionRescanInAttackMode(boolean bool) (map[string]interface{}, error) { 543 | m := map[string]string{ 544 | "Boolean": strconv.FormatBool(boolean), 545 | } 546 | return a.c.Request("ascan/action/setOptionRescanInAttackMode/", m) 547 | } 548 | 549 | // Sets whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body. 550 | func (a Ascan) SetOptionScanHeadersAllRequests(boolean bool) (map[string]interface{}, error) { 551 | m := map[string]string{ 552 | "Boolean": strconv.FormatBool(boolean), 553 | } 554 | return a.c.Request("ascan/action/setOptionScanHeadersAllRequests/", m) 555 | } 556 | 557 | // Sets whether or not the active scanner should scan null JSON values. 558 | func (a Ascan) SetOptionScanNullJsonValues(boolean bool) (map[string]interface{}, error) { 559 | m := map[string]string{ 560 | "Boolean": strconv.FormatBool(boolean), 561 | } 562 | return a.c.Request("ascan/action/setOptionScanNullJsonValues/", m) 563 | } 564 | 565 | func (a Ascan) SetOptionShowAdvancedDialog(boolean bool) (map[string]interface{}, error) { 566 | m := map[string]string{ 567 | "Boolean": strconv.FormatBool(boolean), 568 | } 569 | return a.c.Request("ascan/action/setOptionShowAdvancedDialog/", m) 570 | } 571 | 572 | func (a Ascan) SetOptionTargetParamsEnabledRPC(i int) (map[string]interface{}, error) { 573 | m := map[string]string{ 574 | "Integer": strconv.Itoa(i), 575 | } 576 | return a.c.Request("ascan/action/setOptionTargetParamsEnabledRPC/", m) 577 | } 578 | 579 | func (a Ascan) SetOptionTargetParamsInjectable(i int) (map[string]interface{}, error) { 580 | m := map[string]string{ 581 | "Integer": strconv.Itoa(i), 582 | } 583 | return a.c.Request("ascan/action/setOptionTargetParamsInjectable/", m) 584 | } 585 | 586 | func (a Ascan) SetOptionThreadPerHost(i int) (map[string]interface{}, error) { 587 | m := map[string]string{ 588 | "Integer": strconv.Itoa(i), 589 | } 590 | return a.c.Request("ascan/action/setOptionThreadPerHost/", m) 591 | } 592 | --------------------------------------------------------------------------------