Update APIs of add-ons and core

CHANGELOG.md

@@ -4,6 +4,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
+### Added
+- Add the APIs of the following add-ons:
+  - Client Side Integration version 0.20.0;
+  - Postman Support version 0.7.0.
+
+### Changed
+- Update core APIs for 2.17.
+- Update the APIs of the following add-ons:
+  - Automation Framework version 0.58.0;
+  - OpenAPI Support version 48;
+  - Passive Scanner version 0.6.0;
+  - Selenium version 15.43.0;
+  - Spider version 0.18.0.
+
 ### Fixed
 - Ensure `requests.Session` is closed to prevent lingering TCP connections.
 

src/zapv2/__init__.py

@@ -36,6 +36,8 @@
 from .automation import automation
 from .autoupdate import autoupdate
 from .brk import brk
+from .client import client
+from .clientSpider import clientSpider
 from .context import context
 from .core import core
 from .custompayloads import custompayloads
@@ -49,6 +51,7 @@
 from .openapi import openapi
 from .params import params
 from .pnh import pnh
+from .postman import postman
 from .pscan import pscan
 from .replacer import replacer
 from .reports import reports
@@ -103,6 +106,8 @@ def __init__(self, proxies=None, apikey=None, validate_status_code=False):
         self.automation = automation(self)
         self.autoupdate = autoupdate(self)
         self.brk = brk(self)
+        self.client = client(self)
+        self.clientSpider = clientSpider(self)
         self.context = context(self)
         self.core = core(self)
         self.custompayloads = custompayloads(self)
@@ -116,6 +121,7 @@ def __init__(self, proxies=None, apikey=None, validate_status_code=False):
         self.openapi = openapi(self)
         self.params = params(self)
         self.pnh = pnh(self)
+        self.postman = postman(self)
         self.pscan = pscan(self)
         self.replacer = replacer(self)
         self.reports = reports(self)

src/zapv2/alert.py

@@ -33,7 +33,7 @@ def alert(self, id):
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alert/', {'id': id})))
 
-    def alerts(self, baseurl=None, start=None, count=None, riskid=None, contextname=None):
+    def alerts(self, baseurl=None, start=None, count=None, riskid=None, contextname=None, falsepositive=None):
         """
         Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts
         """
@@ -48,6 +48,8 @@ def alerts(self, baseurl=None, start=None, count=None, riskid=None, contextname=
             params['riskId'] = riskid
         if contextname is not None:
             params['contextName'] = contextname
+        if falsepositive is not None:
+            params['falsePositive'] = falsepositive
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alerts/', params)))
 
     def alerts_summary(self, baseurl=None):

src/zapv2/alertFilter.py

@@ -44,7 +44,7 @@ def global_alert_filter_list(self):
 
     def add_alert_filter(self, contextid, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, parameterisregex=None, attack=None, attackisregex=None, evidence=None, evidenceisregex=None, methods=None, apikey=''):
         """
-        Adds a new alert filter for the context with the given ID. 
+        Adds a new alert filter for the context with the given ID.
         This component is optional and therefore the API will only work if it is installed
         """
         params = {'contextId': contextid, 'ruleId': ruleid, 'newLevel': newlevel}
@@ -100,7 +100,7 @@ def remove_alert_filter(self, contextid, ruleid, newlevel, url=None, urlisregex=
 
     def add_global_alert_filter(self, ruleid, newlevel, url=None, urlisregex=None, parameter=None, enabled=None, parameterisregex=None, attack=None, attackisregex=None, evidence=None, evidenceisregex=None, methods=None, apikey=''):
         """
-        Adds a new global alert filter. 
+        Adds a new global alert filter.
         This component is optional and therefore the API will only work if it is installed
         """
         params = {'ruleId': ruleid, 'newLevel': newlevel}

src/zapv2/ascan.py

@@ -247,13 +247,27 @@ def option_encode_cookie_values(self):
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/view/optionEncodeCookieValues/')))
 
+    @property
+    def option_exclude_anti_csrf_tokens(self):
+        """
+        Tells whether or not the active scanner should exclude anti-csrf tokens from the scan.
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/view/optionExcludeAntiCsrfTokens/')))
+
     @property
     def option_inject_plugin_id_in_header(self):
         """
         Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scan rule that's sending the requests.
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/view/optionInjectPluginIdInHeader/')))
 
+    @property
+    def option_persist_temporary_messages(self):
+        """
+        Tells whether or not the temporary HTTP messages sent while active scanning should be persisted.
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/view/optionPersistTemporaryMessages/')))
+
     @property
     def option_prompt_in_attack_mode(self):
         """
@@ -585,6 +599,12 @@ def set_option_encode_cookie_values(self, boolean, apikey=''):
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/action/setOptionEncodeCookieValues/', {'Boolean': boolean})))
 
+    def set_option_exclude_anti_csrf_tokens(self, boolean, apikey=''):
+        """
+        Sets whether or not the active scanner should exclude anti-csrf tokens from the scan.
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/action/setOptionExcludeAntiCsrfTokens/', {'Boolean': boolean})))
+
     def set_option_handle_anti_csrf_tokens(self, boolean, apikey=''):
         """
 
@@ -639,6 +659,12 @@ def set_option_max_scans_in_ui(self, integer, apikey=''):
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/action/setOptionMaxScansInUI/', {'Integer': integer})))
 
+    def set_option_persist_temporary_messages(self, boolean, apikey=''):
+        """
+        Sets whether or not the temporary HTTP messages sent while active scanning should be persisted.
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/action/setOptionPersistTemporaryMessages/', {'Boolean': boolean})))
+
     def set_option_prompt_in_attack_mode(self, boolean, apikey=''):
         """
 

src/zapv2/automation.py

@@ -29,18 +29,28 @@ def __init__(self, zap):
 
     def plan_progress(self, planid):
         """
+        Returns the progress details for the specified planId
         This component is optional and therefore the API will only work if it is installed
         """
         return (self.zap._request(self.zap.base + 'automation/view/planProgress/', {'planId': planid}))
 
     def run_plan(self, filepath, apikey=''):
         """
+        Loads and asynchronously runs the plan in the specified file, returning a planId
         This component is optional and therefore the API will only work if it is installed
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'automation/action/runPlan/', {'filePath': filepath})))
 
+    def stop_plan(self, planid, apikey=''):
+        """
+        Stops the running plan identified by the planId
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'automation/action/stopPlan/', {'planId': planid})))
+
     def end_delay_job(self, apikey=''):
         """
+        Ends the currently running delay job, if any
         This component is optional and therefore the API will only work if it is installed
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'automation/action/endDelayJob/', {})))

src/zapv2/client.py

@@ -0,0 +1,59 @@
+# Zed Attack Proxy (ZAP) and its related class files.
+#
+# ZAP is an HTTP/HTTPS proxy for assessing web application security.
+#
+# Copyright 2025 the ZAP development team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+This file was automatically generated.
+"""
+
+import six
+
+
+class client(object):
+
+    def __init__(self, zap):
+        self.zap = zap
+
+    def report_object(self, objectjson, apikey=''):
+        """
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'client/action/reportObject/', {'objectJson': objectjson})))
+
+    def report_event(self, eventjson, apikey=''):
+        """
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'client/action/reportEvent/', {'eventJson': eventjson})))
+
+    def report_zest_statement(self, statementjson, apikey=''):
+        """
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'client/action/reportZestStatement/', {'statementJson': statementjson})))
+
+    def report_zest_script(self, scriptjson, apikey=''):
+        """
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'client/action/reportZestScript/', {'scriptJson': scriptjson})))
+
+    def export_client_map(self, pathyaml, apikey=''):
+        """
+        Exports the Client Map to a file.
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'client/action/exportClientMap/', {'pathYaml': pathyaml})))

src/zapv2/clientSpider.py

@@ -0,0 +1,68 @@
+# Zed Attack Proxy (ZAP) and its related class files.
+#
+# ZAP is an HTTP/HTTPS proxy for assessing web application security.
+#
+# Copyright 2025 the ZAP development team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+This file was automatically generated.
+"""
+
+import six
+
+
+class clientSpider(object):
+
+    def __init__(self, zap):
+        self.zap = zap
+
+    def status(self, scanid):
+        """
+        Gets the status of a client spider scan.
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'clientSpider/view/status/', {'scanId': scanid})))
+
+    def scan(self, browser=None, url=None, contextname=None, username=None, subtreeonly=None, maxcrawldepth=None, pageloadtime=None, numberofbrowsers=None, scopecheck=None, apikey=''):
+        """
+        Starts a client spider scan.
+        This component is optional and therefore the API will only work if it is installed
+        """
+        params = {}
+        if browser is not None:
+            params['browser'] = browser
+        if url is not None:
+            params['url'] = url
+        if contextname is not None:
+            params['contextName'] = contextname
+        if username is not None:
+            params['userName'] = username
+        if subtreeonly is not None:
+            params['subtreeOnly'] = subtreeonly
+        if maxcrawldepth is not None:
+            params['maxCrawlDepth'] = maxcrawldepth
+        if pageloadtime is not None:
+            params['pageLoadTime'] = pageloadtime
+        if numberofbrowsers is not None:
+            params['numberOfBrowsers'] = numberofbrowsers
+        if scopecheck is not None:
+            params['scopeCheck'] = scopecheck
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'clientSpider/action/scan/', params)))
+
+    def stop(self, scanid, apikey=''):
+        """
+        Stops a client spider scan.
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'clientSpider/action/stop/', {'scanId': scanid})))

src/zapv2/openapi.py

@@ -27,7 +27,7 @@ class openapi(object):
     def __init__(self, zap):
         self.zap = zap
 
-    def import_file(self, file, target=None, contextid=None, apikey=''):
+    def import_file(self, file, target=None, contextid=None, userid=None, apikey=''):
         """
         Imports an OpenAPI definition from a local file.
         This component is optional and therefore the API will only work if it is installed
@@ -37,9 +37,11 @@ def import_file(self, file, target=None, contextid=None, apikey=''):
             params['target'] = target
         if contextid is not None:
             params['contextId'] = contextid
+        if userid is not None:
+            params['userId'] = userid
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'openapi/action/importFile/', params)))
 
-    def import_url(self, url, hostoverride=None, contextid=None, apikey=''):
+    def import_url(self, url, hostoverride=None, contextid=None, userid=None, apikey=''):
         """
         Imports an OpenAPI definition from a URL.
         This component is optional and therefore the API will only work if it is installed
@@ -49,4 +51,6 @@ def import_url(self, url, hostoverride=None, contextid=None, apikey=''):
             params['hostOverride'] = hostoverride
         if contextid is not None:
             params['contextId'] = contextid
+        if userid is not None:
+            params['userId'] = userid
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'openapi/action/importUrl/', params)))

src/zapv2/postman.py

@@ -0,0 +1,42 @@
+# Zed Attack Proxy (ZAP) and its related class files.
+#
+# ZAP is an HTTP/HTTPS proxy for assessing web application security.
+#
+# Copyright 2025 the ZAP development team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+This file was automatically generated.
+"""
+
+import six
+
+
+class postman(object):
+
+    def __init__(self, zap):
+        self.zap = zap
+
+    def import_file(self, file, apikey=''):
+        """
+        Imports a Postman collection from a file.
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'postman/action/importFile/', {'file': file})))
+
+    def import_url(self, url, apikey=''):
+        """
+        Imports a Postman collection from a URL.
+        This component is optional and therefore the API will only work if it is installed
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'postman/action/importUrl/', {'url': url})))