Merge pull request #114 from thc202/update-2.14

Update APIs of add-ons and core

Author: ricekot

CHANGELOG.md

@@ -5,7 +5,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Added
+- Add the APIs of the following add-on:
+  - Custom Payloads version 0.13.0.
+  
 ### Changed
+- Update core APIs for 2.14.
+- Update the APIs of the following add-on:
+  - Selenium version 15.16.0.
 - Stop sending the API key as query parameter, not needed since ZAP 2.6.0.
 - Allow to call the ZAP API with custom HTTP method (e.g. file upload).
 

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Acsrf.java

@@ -69,8 +69,16 @@ public ApiResponse setOptionPartialMatchingEnabled(boolean bool) throws ClientAp
 
     /** Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP */
     public byte[] genForm(String hrefid) throws ClientApiException {
+        return genFormActionUrl(hrefid, null);
+    }
+
+    /** Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP */
+    public byte[] genFormActionUrl(String hrefid, String actionurl) throws ClientApiException {
         Map<String, String> map = new HashMap<>();
         map.put("hrefId", hrefid);
+        if (actionurl != null) {
+            map.put("actionUrl", actionurl);
+        }
         return api.callApiOther("acsrf", "other", "genForm", map);
     }
 }

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Alert.java

@@ -51,6 +51,16 @@ public ApiResponse alert(String id) throws ClientApiException {
      */
     public ApiResponse alerts(String baseurl, String start, String count, String riskid)
             throws ClientApiException {
+        return alerts(baseurl, start, count, riskid, null);
+    }
+
+    /**
+     * Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with
+     * 'start' position and 'count' of alerts
+     */
+    public ApiResponse alerts(
+            String baseurl, String start, String count, String riskid, String contextname)
+            throws ClientApiException {
         Map<String, String> map = new HashMap<>();
         if (baseurl != null) {
             map.put("baseurl", baseurl);
@@ -64,6 +74,9 @@ public ApiResponse alerts(String baseurl, String start, String count, String ris
         if (riskid != null) {
             map.put("riskId", riskid);
         }
+        if (contextname != null) {
+            map.put("contextName", contextname);
+        }
         return api.callApi("alert", "view", "alerts", map);
     }
 
@@ -121,6 +134,25 @@ public ApiResponse deleteAllAlerts() throws ClientApiException {
         return api.callApi("alert", "action", "deleteAllAlerts", null);
     }
 
+    /**
+     * Deletes all the alerts optionally filtered by URL which fall within the Context with the
+     * provided name, risk, or base URL.
+     */
+    public ApiResponse deleteAlerts(String contextname, String baseurl, String riskid)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        if (contextname != null) {
+            map.put("contextName", contextname);
+        }
+        if (baseurl != null) {
+            map.put("baseurl", baseurl);
+        }
+        if (riskid != null) {
+            map.put("riskId", riskid);
+        }
+        return api.callApi("alert", "action", "deleteAlerts", map);
+    }
+
     /** Deletes the alert with the given ID. */
     public ApiResponse deleteAlert(String id) throws ClientApiException {
         Map<String, String> map = new HashMap<>();

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Core.java

@@ -672,6 +672,13 @@ public ApiResponse disableClientCertificate() throws ClientApiException {
         return api.callApi("core", "action", "disableClientCertificate", null);
     }
 
+    /** Create a zip file of the ZAP core and add-on SBOMs */
+    public ApiResponse createSbomZip(String filepath) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("filePath", filepath);
+        return api.callApi("core", "action", "createSbomZip", map);
+    }
+
     /**
      * Deletes all alerts of the current session.
      *
@@ -989,4 +996,22 @@ public byte[] sendHarRequest(String request, String followredirects) throws Clie
         }
         return api.callApiOther("core", "other", "sendHarRequest", map);
     }
+
+    /** Download a file from the transfer directory */
+    public byte[] fileDownload(String filename) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("fileName", filename);
+        return api.callApiOther("core", "other", "fileDownload", map);
+    }
+
+    /**
+     * Upload a file to the transfer directory. Only POST requests accepted with encodings of
+     * "multipart/form-data" or "application/x-www-form-urlencoded".
+     */
+    public byte[] fileUpload(String filename, String filecontents) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("fileName", filename);
+        map.put("fileContents", filecontents);
+        return api.callApiOther("POST", "core", "other", "fileUpload", map);
+    }
 }

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Custompayloads.java

@@ -0,0 +1,145 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2023 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.clientapi.gen;
+
+import java.util.HashMap;
+import java.util.Map;
+import org.zaproxy.clientapi.core.ApiResponse;
+import org.zaproxy.clientapi.core.ClientApi;
+import org.zaproxy.clientapi.core.ClientApiException;
+
+/** This file was automatically generated. */
+@SuppressWarnings("javadoc")
+public class Custompayloads {
+
+    private final ClientApi api;
+
+    public Custompayloads(ClientApi api) {
+        this.api = api;
+    }
+
+    /**
+     * Lists all available categories.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse customPayloadsCategories() throws ClientApiException {
+        return api.callApi("custompayloads", "view", "customPayloadsCategories", null);
+    }
+
+    /**
+     * Lists all the payloads currently loaded (category, payload, enabled state). Optionally
+     * filtered by category.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse customPayloads(String category) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        if (category != null) {
+            map.put("category", category);
+        }
+        return api.callApi("custompayloads", "view", "customPayloads", map);
+    }
+
+    /**
+     * Disables payloads for a given category.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse disableCustomPayloads(String category) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        if (category != null) {
+            map.put("category", category);
+        }
+        return api.callApi("custompayloads", "action", "disableCustomPayloads", map);
+    }
+
+    /**
+     * Enables payloads for a given category.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse enableCustomPayloads(String category) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        if (category != null) {
+            map.put("category", category);
+        }
+        return api.callApi("custompayloads", "action", "enableCustomPayloads", map);
+    }
+
+    /**
+     * Removes a payload.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse removeCustomPayload(String category, String payload)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("category", category);
+        if (payload != null) {
+            map.put("payload", payload);
+        }
+        return api.callApi("custompayloads", "action", "removeCustomPayload", map);
+    }
+
+    /**
+     * Adds a new payload.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse addCustomPayload(String category, String payload) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("category", category);
+        if (payload != null) {
+            map.put("payload", payload);
+        }
+        return api.callApi("custompayloads", "action", "addCustomPayload", map);
+    }
+
+    /**
+     * Enables a given payload.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse enableCustomPayload(String category, String payload)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("category", category);
+        if (payload != null) {
+            map.put("payload", payload);
+        }
+        return api.callApi("custompayloads", "action", "enableCustomPayload", map);
+    }
+
+    /**
+     * Disables a given payload.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse disableCustomPayload(String category, String payload)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("category", category);
+        if (payload != null) {
+            map.put("payload", payload);
+        }
+        return api.callApi("custompayloads", "action", "disableCustomPayload", map);
+    }
+}

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/gen/Selenium.java

@@ -68,6 +68,11 @@ public ApiResponse optionFirefoxBinaryPath() throws ClientApiException {
         return api.callApi("selenium", "view", "optionFirefoxBinaryPath", null);
     }
 
+    /** This component is optional and therefore the API will only work if it is installed */
+    public ApiResponse optionFirefoxDefaultProfile() throws ClientApiException {
+        return api.callApi("selenium", "view", "optionFirefoxDefaultProfile", null);
+    }
+
     /**
      * Returns the current path to Firefox driver (geckodriver)
      *
@@ -94,6 +99,17 @@ public ApiResponse optionPhantomJsBinaryPath() throws ClientApiException {
         return api.callApi("selenium", "view", "optionPhantomJsBinaryPath", null);
     }
 
+    /**
+     * Gets the browser arguments.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse getBrowserArguments(String browser) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("browser", browser);
+        return api.callApi("selenium", "view", "getBrowserArguments", map);
+    }
+
     /**
      * Sets the current path to Chrome binary
      *
@@ -127,6 +143,13 @@ public ApiResponse setOptionFirefoxBinaryPath(String string) throws ClientApiExc
         return api.callApi("selenium", "action", "setOptionFirefoxBinaryPath", map);
     }
 
+    /** This component is optional and therefore the API will only work if it is installed */
+    public ApiResponse setOptionFirefoxDefaultProfile(String string) throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("String", string);
+        return api.callApi("selenium", "action", "setOptionFirefoxDefaultProfile", map);
+    }
+
     /**
      * Sets the current path to Firefox driver (geckodriver)
      *
@@ -160,4 +183,47 @@ public ApiResponse setOptionPhantomJsBinaryPath(String string) throws ClientApiE
         map.put("String", string);
         return api.callApi("selenium", "action", "setOptionPhantomJsBinaryPath", map);
     }
+
+    /**
+     * Adds a browser argument.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse addBrowserArgument(String browser, String argument, String enabled)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("browser", browser);
+        map.put("argument", argument);
+        if (enabled != null) {
+            map.put("enabled", enabled);
+        }
+        return api.callApi("selenium", "action", "addBrowserArgument", map);
+    }
+
+    /**
+     * Removes a browser argument.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse removeBrowserArgument(String browser, String argument)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("browser", browser);
+        map.put("argument", argument);
+        return api.callApi("selenium", "action", "removeBrowserArgument", map);
+    }
+
+    /**
+     * Sets whether or not a browser argument is enabled.
+     *
+     * <p>This component is optional and therefore the API will only work if it is installed
+     */
+    public ApiResponse setBrowserArgumentEnabled(String browser, String argument, String enabled)
+            throws ClientApiException {
+        Map<String, String> map = new HashMap<>();
+        map.put("browser", browser);
+        map.put("argument", argument);
+        map.put("enabled", enabled);
+        return api.callApi("selenium", "action", "setBrowserArgumentEnabled", map);
+    }
 }