Merge branch 'release-1.4.0' into master

Author: thc202

CHANGES.md

@@ -2,6 +2,24 @@
 
 Summary of the changes done in each version.
 
+## 1.4.0 (2017-07-13)
+
+### Ant Tasks
+
+ - New task to create ZAP reports:
+   ```XML
+   <!-- Defined the task: -->
+   <taskdef name="reportTask" classname="org.zaproxy.clientapi.ant.ReportTask" />
+   <!-- Call the task: -->
+   <reportTask zapAddress="localhost" zapPort="8080" apikey="API-KEY"
+       type="html" file="report.html" overwrite="true" />
+       <!--
+           type - the type/format of the report (e.g. HTML, XML, MD), defaults to HTML.
+           file - where the report should be created (can be an absolute path, if relative it is resolved against the build directory).
+           overwrite - if the file should be overwritten.
+       -->
+   ```
+
 ## 1.3.0 (2017-06-23)
 
 ### New APIs

README.md

@@ -21,7 +21,7 @@ can be obtained from [Maven Central](http://search.maven.org/) with following co
 
  * GroupId: `org.zaproxy`
  * ArtifactId: `zap-clientapi`
- * Version: `1.3.0`
+ * Version: `1.4.0`
 
 Previous releases are also available, more details can be found in [Maven Central](http://search.maven.org/#search|ga|1|org.zaproxy).
 
@@ -105,7 +105,7 @@ Checkout the tagged version:
 
 Create the artifacts/libraries necessary for the release:
 
-    ./gradlew clean build uberJar
+    ./gradlew clean build
 
 ### Release to Maven Central
 

build.gradle

@@ -1,23 +1,23 @@
 task wrapper(type: Wrapper) {
-    gradleVersion = '3.2.1'
+    gradleVersion = '4.0'
 }
 
 apply from: "gradle/compile.gradle"
 apply from: "gradle/idea.gradle"
 apply from: "gradle/eclipse.gradle"
 
-allprojects {
+subprojects {
     apply plugin: 'java'
     group = 'org.zaproxy'
 
-    version '1.3.0'
+    version '1.4.0'
     ext.versionBC = '1.0.0'
 
     repositories {
         mavenLocal()
         mavenCentral()
     }
 
-    sourceCompatibility = 1.7
-    targetCompatibility = 1.7
+    sourceCompatibility = JavaVersion.VERSION_1_7
+    targetCompatibility = JavaVersion.VERSION_1_7
 }

gradle/wrapper/gradle-wrapper.jar

@@ -2,5 +2,5 @@ distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-3.2.1-bin.zip
-distributionSha256Sum=9843a3654d3e57dce54db06d05f18b664b95c22bf90c6becccb61fc63ce60689
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.0-bin.zip
+distributionSha256Sum=56bd2dde29ba2a93903c557da1745cafd72cdd8b6b0b83c05a40ed7896b79dfe

gradle/wrapper/gradle-wrapper.properties

@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 
 ##############################################################################
 ##
@@ -33,11 +33,11 @@ DEFAULT_JVM_OPTS=""
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD="maximum"
 
-warn ( ) {
+warn () {
     echo "$*"
 }
 
-die ( ) {
+die () {
     echo
     echo "$*"
     echo
@@ -154,16 +154,19 @@ if $cygwin ; then
     esac
 fi
 
-# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
-function splitJvmOpts() {
-    JVM_OPTS=("$@")
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
 }
-eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
-JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
+APP_ARGS=$(save "$@")
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
 
 # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
-if [[ "$(uname)" == "Darwin" ]] && [[ "$HOME" == "$PWD" ]]; then
+if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
   cd "$(dirname "$0")"
 fi
 
-exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
+exec "$JAVACMD" "$@"

gradlew

@@ -0,0 +1,129 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ * 
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ * 
+ * Copyright 2017 The ZAP Development Team
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.clientapi.ant;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.nio.file.Files;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Locale;
+
+import org.apache.tools.ant.BuildException;
+
+public class ReportTask extends ZapTask {
+
+	private static final String HTML_REPORT_TYPE = "html";
+	private static final String MD_REPORT_TYPE = "md";
+	private static final String XML_REPORT_TYPE = "xml";
+	private static final String DEFAULT_REPORT_TYPE = HTML_REPORT_TYPE;
+
+	private static final List<String> SUPPORTED_REPORT_TYPES = Arrays.asList(HTML_REPORT_TYPE, MD_REPORT_TYPE, XML_REPORT_TYPE);
+
+	private String type = DEFAULT_REPORT_TYPE;
+	private File file;
+	private boolean overwrite;
+
+	public void setType(String type) {
+		this.type = type;
+	}
+
+	public void setFile(String file) {
+		this.file = new File(file);
+		if (!this.file.isAbsolute()) {
+			this.file = new File(getProject().getBaseDir(), file);
+		}
+	}
+
+	public void setOverwrite(boolean overwrite) {
+		this.overwrite = overwrite;
+	}
+
+	@Override
+	public void execute() throws BuildException {
+		validateTaskAttributes();
+
+		byte[] reportContents;
+		try {
+			switch (type.toLowerCase()) {
+			case MD_REPORT_TYPE:
+				reportContents = this.getClientApi().core.mdreport();
+				break;
+			case XML_REPORT_TYPE:
+				reportContents = this.getClientApi().core.xmlreport();
+				break;
+			case HTML_REPORT_TYPE:
+			default:
+				reportContents = this.getClientApi().core.htmlreport();
+				break;
+			}
+		} catch (Exception e) {
+			throw new BuildException("Failed to obtain the report from ZAP: " + e.getMessage(), e);
+		}
+
+		try (OutputStream os = Files.newOutputStream(file.toPath())) {
+			os.write(reportContents);
+		} catch (IOException e) {
+			throw new BuildException("Failed to save the report: " + e.getMessage(), e);
+		}
+
+	}
+
+	private void validateTaskAttributes() {
+		if (type == null || type.isEmpty()) {
+			type = DEFAULT_REPORT_TYPE;
+		} else {
+			type = type.toLowerCase(Locale.ROOT);
+			if (!SUPPORTED_REPORT_TYPES.contains(type)) {
+				throw new BuildException("Unknown report type [" + type + "], supported types: " + SUPPORTED_REPORT_TYPES);
+			}
+		}
+
+		if (file == null) {
+			throw new BuildException("The 'file' attribute must be provided.");
+		}
+
+		if (file.isFile()) {
+			if (!file.canWrite()) {
+				throw new BuildException("The provided file is not writable: " + file.getAbsolutePath());
+			}
+
+			if (!overwrite) {
+				throw new BuildException(
+						"The file already exists but 'overwrite' attribute is not set to 'true': " + file.getAbsolutePath());
+			}
+		} else if (!file.exists()) {
+			File dir = file.getParentFile();
+			if (dir == null) {
+				throw new BuildException(
+						"Unable to determine parent directory of the file provided: " + file.getAbsolutePath());
+			}
+
+			dir.mkdirs();
+			if (!dir.canWrite()) {
+				throw new BuildException("The provided directory does not exist or is not writable: " + dir.getAbsolutePath());
+			}
+		} else {
+			throw new BuildException("The 'file' attribute does not specify a file: " + file.getAbsolutePath());
+		}
+	}
+
+}

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/ReportTask.java

@@ -21,7 +21,10 @@
 
 import static org.junit.Assert.assertTrue;
 
+import java.io.File;
 import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -33,6 +36,7 @@
 import org.junit.BeforeClass;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
 import org.zaproxy.clientapi.core.ClientApiException;
 
 import fi.iki.elonen.NanoHTTPD;
@@ -43,11 +47,14 @@
 public class BuildTest {
 
     private static final String BUILD_FILE_NAME = "build.xml";
-    private static final String BUILD_FILE_PATH = BuildTest.class.getResource(BUILD_FILE_NAME).toString().replace("file:", "");
+    private static final String REPORT_PATH = "report.html";
 
     private static SimpleServer zap;
     private static SimpleServer targetSite;
 
+    @Rule
+    public final TemporaryFolder buildDir = new TemporaryFolder();
+
     @Rule
     public final BuildFileRule buildRule = new BuildFileRule();
 
@@ -64,14 +71,28 @@ public static void setUp() throws IOException {
     public void setUpBuildFile() {
         zap.clearResponses();
 
-        buildRule.configureProject(BUILD_FILE_PATH);
+        File buildFile = new File(buildDir.getRoot(), BUILD_FILE_NAME);
+        if (!buildFile.exists()) {
+            try {
+                try (InputStream is = BuildTest.class.getResourceAsStream(BUILD_FILE_NAME)) {
+                    Files.copy(is, buildFile.toPath());
+                }
+            } catch (IOException e) {
+                throw new RuntimeException("Failed to set up the test:", e);
+            }
+        }
+
+        buildRule.configureProject(buildFile.getAbsolutePath());
 
         // Properties used in build.xml file
         buildRule.getProject().setProperty("zap.addr", "localhost");
         buildRule.getProject().setProperty("zap.port", Integer.toString(zap.getListeningPort()));
         buildRule.getProject().setProperty("zap.key", "API_KEY");
         buildRule.getProject().setProperty("zap.targetUrl", "http://localhost:" + targetSite.getListeningPort());
         buildRule.getProject().setProperty("zap.session", "session");
+        buildRule.getProject().setProperty("zap.report.path", REPORT_PATH);
+        buildRule.getProject().setProperty("zap.report.type", "html");
+        buildRule.getProject().setProperty("zap.report.overwrite", "false");
     }
 
     @AfterClass
@@ -141,6 +162,12 @@ public void shouldExecuteTargetStopZap() {
         buildRule.executeTarget("stopZap");
     }
 
+    @Test
+    public void shouldExecuteReport() {
+        buildRule.executeTarget("report");
+        assertTrue("Report file not created.", new File(buildDir.getRoot(), REPORT_PATH).exists());
+    }
+
     private static class SimpleServer extends NanoHTTPD {
 
         private final String mimeType;

subprojects/zap-clientapi-ant/src/test/java/org/zaproxy/clientapi/ant/BuildTest.java

@@ -10,6 +10,7 @@
 	<taskdef name="saveSessionTask" classname="org.zaproxy.clientapi.ant.SaveSessionTask" />
 	<taskdef name="spiderUrlTask" classname="org.zaproxy.clientapi.ant.SpiderUrlTask" />
 	<taskdef name="stopZapTask" classname="org.zaproxy.clientapi.ant.StopZapTask" />
+	<taskdef name="reportTask" classname="org.zaproxy.clientapi.ant.ReportTask" />
 
 	<target name="accessUrl">
 		<accessUrlTask zapAddress="${zap.addr}" zapPort="${zap.port}" debug="true" apikey="${zap.key}" url="${zap.targetUrl}" />
@@ -58,4 +59,9 @@
 		<stopZapTask zapAddress="${zap.addr}" zapPort="${zap.port}" debug="true" apikey="${zap.key}" />
 	</target>
 
+	<target name="report">
+		<reportTask zapAddress="${zap.addr}" zapPort="${zap.port}" debug="true" apikey="${zap.key}"
+			type="${zap.report.type}" file="${zap.report.path}" overwrite="${zap.report.overwrite}" />
+	</target>
+
 </project>