Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Update Owasp ZAP 2.6
  • Loading branch information
ssarasa committed May 15, 2017
1 parent 1899033 commit 2e3a185
Show file tree
Hide file tree
Showing 125 changed files with 13,219 additions and 2,865 deletions.
4 changes: 2 additions & 2 deletions build.gradle
Expand Up @@ -126,7 +126,7 @@ dependencies {
testCompile 'org.glassfish.jersey.connectors:jersey-apache-connector:2.25.1'
testCompile 'net.htmlparser.jericho:jericho-html:3.3'
testCompile 'edu.umass.cs.benchlab:harlib:1.1.2'
testCompile 'org.zaproxy:zap-clientapi:1.0.0'
testCompile files ("lib/zap-client-1.0.0.jar", "lib/nessus-java-client-0.2-SNAPSHOT.jar","lib/jssylze-0.2-SNAPSHOT.jar")
testCompile 'org.zaproxy:zap-clientapi:1.2.0'
testCompile files ("lib/zap-client-1.2.0.jar", "lib/nessus-java-client-0.2-SNAPSHOT.jar","lib/jssylze-0.2-SNAPSHOT.jar")
}

2 changes: 1 addition & 1 deletion config.xml
Expand Up @@ -57,6 +57,6 @@
<api></api>
</proxy>-->

<zapPath>zap/zap.sh</zapPath>
<zapPath>zap/zap.bat</zapPath>

</web-app>
Binary file not shown.
7 changes: 1 addition & 6 deletions src/test/java/net/continuumsecurity/Utils.java
Expand Up @@ -7,19 +7,14 @@
import edu.umass.cs.benchlab.har.HarHeader;
import edu.umass.cs.benchlab.har.HarRequest;
import edu.umass.cs.benchlab.har.HarResponse;

import org.apache.log4j.Logger;

import java.io.BufferedReader;
import java.io.FileReader;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.*;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

Expand Down
Expand Up @@ -70,7 +70,7 @@ public void stopZap() {
try {
log.info("Stopping ZAP");
ClientApi client = new ClientApi(HOST,port);
client.core.shutdown(API_KEY);
client.core.shutdown();
Thread.sleep(2000);
process.destroy();
} catch (final Exception e) {
Expand Down
Expand Up @@ -304,7 +304,7 @@ private String getAlertDetails(List<Alert> alerts) {
String detail = "";
if (alerts.size() != 0) {
for (Alert alert : alerts) {
detail = detail + alert.getAlert() + "\n"
detail = detail + alert.getName() + "\n"
+ "URL: " + alert.getUrl() + "\n"
+ "Parameter: " + alert.getParam() + "\n"
+ "CWE-ID: " + alert.getCweId() + "\n"
Expand Down
Expand Up @@ -10,7 +10,9 @@

import javax.security.auth.login.LoginException;
import java.net.MalformedURLException;
import java.util.*;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.empty;
Expand Down Expand Up @@ -59,7 +61,6 @@ public void setTargetHosts(List<String> hosts) throws MalformedURLException {

@When("^the scanner is run with scan name (.*)$")
public void runScan(String scanName) throws LoginException {
if (scanName == null || scanName.isEmpty()) throw new RuntimeException("the Scan Name must be specified");
if (username == null) {
username = Config.getInstance().getNessusUsername();
password = Config.getInstance().getNessusPassword();
Expand All @@ -69,7 +70,6 @@ public void runScan(String scanName) throws LoginException {
if (nessusVersion == 5) {
scanIdentifierForStatus = scanName;
} else {
if (scanUuid == null) throw new RuntimeException("Received a null scan UUID from the Nessus server. Check whether the policy named: "+policyName+" exists on the Nessus server and whether the scan named: "+scanName+" was created.");
scanIdentifierForStatus = scanUuid;
}
}
Expand Down
1 change: 0 additions & 1 deletion src/test/java/net/continuumsecurity/steps/SSLyzeSteps.java
Expand Up @@ -11,7 +11,6 @@
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.core.IsCollectionContaining.hasItem;
import static org.hamcrest.core.IsNot.not;

/**
* Created by stephen on 18/01/15.
Expand Down
1 change: 0 additions & 1 deletion src/test/resources/features/authentication.feature
Expand Up @@ -17,7 +17,6 @@ Feature: Authentication
Scenario: Present the login form itself over an HTTPS connection
Given a new browser instance
And the client/browser is configured to use an intercepting proxy
And the proxy logs are cleared
And the login page is displayed
And the HTTP request-response containing the login form
Then the protocol should be HTTPS
Expand Down
Binary file added zap/ZAP.exe
Binary file not shown.
5 changes: 4 additions & 1 deletion zap/db/hsqldb.properties
Expand Up @@ -20,12 +20,15 @@ alert.field.cweid = CWEID
alert.field.wascid = WASCID
alert.field.historyid = HISTORYID
alert.field.sourcehistoryid = SOURCEHISTORYID
alert.field.sourceid = SOURCEID
alert.ps.addalertindex = CREATE INDEX ALERT_INDEX ON ALERT (SOURCEHISTORYID)
alert.ps.addattack = ALTER TABLE ALERT ADD COLUMN ATTACK VARCHAR(32768) DEFAULT ''
alert.ps.addcweid = ALTER TABLE ALERT ADD COLUMN CWEID INT DEFAULT -1
alert.ps.addwascid = ALTER TABLE ALERT ADD COLUMN WASCID INT DEFAULT -1
alert.ps.addevidence = ALTER TABLE ALERT ADD COLUMN EVIDENCE VARCHAR(16777216) DEFAULT ''
alert.ps.addsourcehistoryid = ALTER TABLE ALERT ADD COLUMN SOURCEHISTORYID INT DEFAULT 0
alert.ps.addsourceid = ALTER TABLE ALERT ADD COLUMN SOURCEID INT DEFAULT 0
alert.ps.addsourceidindex = CREATE INDEX INDEX_ALERT_SOURCEID ON ALERT (SOURCEID)
alert.ps.delete = DELETE FROM ALERT WHERE ALERTID = ?
alert.ps.deleteall = DELETE FROM ALERT
alert.ps.read = SELECT TOP 1 * FROM ALERT WHERE ALERTID = ?
Expand All @@ -34,7 +37,7 @@ alert.ps.getalertsforhistoryid = SELECT * FROM ALERT WHERE SOURCEHISTORYID = ?
alert.ps.getalertsforsession = SELECT ALERTID FROM ALERT INNER JOIN SCAN ON ALERT.SCANID = SCAN.SCANID WHERE SESSIONID = ?
alert.ps.getallalertids = SELECT ALERTID FROM ALERT
alert.ps.insert = INSERT INTO ALERT (SCANID, PLUGINID, ALERT, RISK, RELIABILITY, DESCRIPTION, URI, PARAM, ATTACK, OTHERINFO, \
SOLUTION, REFERENCE, EVIDENCE, CWEID, WASCID, HISTORYID, SOURCEHISTORYID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
SOLUTION, REFERENCE, EVIDENCE, CWEID, WASCID, HISTORYID, SOURCEHISTORYID, SOURCEID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
alert.ps.update = UPDATE ALERT SET ALERT = ?, RISK = ?, RELIABILITY = ?, DESCRIPTION = ?, URI = ?, PARAM = ?, ATTACK = ?,\
OTHERINFO = ?, SOLUTION = ?, REFERENCE = ?, EVIDENCE = ?, CWEID = ?, WASCID = ?, SOURCEHISTORYID = ? WHERE ALERTID = ?
alert.ps.updatehistoryid = UPDATE ALERT SET HISTORYID = ?, SOURCEHISTORYID = ? WHERE ALERTID = ?
Expand Down
5 changes: 4 additions & 1 deletion zap/db/mysql.properties
Expand Up @@ -20,12 +20,15 @@ alert.field.cweid = CWEID
alert.field.wascid = WASCID
alert.field.historyid = HISTORYID
alert.field.sourcehistoryid = SOURCEHISTORYID
alert.field.sourceid = SOURCEID
alert.ps.addalertindex = CREATE INDEX ALERT_INDEX ON ALERT (SOURCEHISTORYID)
alert.ps.addattack = ALTER TABLE ALERT ADD COLUMN ATTACK VARCHAR(32768) DEFAULT ''
alert.ps.addcweid = ALTER TABLE ALERT ADD COLUMN CWEID INT DEFAULT -1
alert.ps.addwascid = ALTER TABLE ALERT ADD COLUMN WASCID INT DEFAULT -1
alert.ps.addevidence = ALTER TABLE ALERT ADD COLUMN EVIDENCE VARCHAR(16777216) DEFAULT ''
alert.ps.addsourcehistoryid = ALTER TABLE ALERT ADD COLUMN SOURCEHISTORYID INT DEFAULT 0
alert.ps.addsourceid = ALTER TABLE ALERT ADD COLUMN SOURCEID INT DEFAULT 0
alert.ps.addsourceidindex = CREATE INDEX INDEX_ALERT_SOURCEID ON ALERT (SOURCEID)
alert.ps.delete = DELETE FROM ALERT WHERE ALERTID = ?
alert.ps.deleteall = DELETE FROM ALERT
alert.ps.read = SELECT * FROM ALERT WHERE ALERTID = ? LIMIT 1
Expand All @@ -34,7 +37,7 @@ alert.ps.getalertsforhistoryid = SELECT * FROM ALERT WHERE SOURCEHISTORYID = ?
alert.ps.getalertsforsession = SELECT ALERTID FROM ALERT INNER JOIN SCAN ON ALERT.SCANID = SCAN.SCANID WHERE SESSIONID = ?
alert.ps.getallalertids = SELECT ALERTID FROM ALERT
alert.ps.insert = INSERT INTO ALERT (SCANID, PLUGINID, ALERT, RISK, RELIABILITY, DESCRIPTION, URI, PARAM, ATTACK, OTHERINFO, \
SOLUTION, REFERENCE, EVIDENCE, CWEID, WASCID, HISTORYID, SOURCEHISTORYID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
SOLUTION, REFERENCE, EVIDENCE, CWEID, WASCID, HISTORYID, SOURCEHISTORYID, SOURCEID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
alert.ps.update = UPDATE ALERT SET ALERT = ?, RISK = ?, RELIABILITY = ?, DESCRIPTION = ?, URI = ?, PARAM = ?, ATTACK = ?,\
OTHERINFO = ?, SOLUTION = ?, REFERENCE = ?, EVIDENCE = ?, CWEID = ?, WASCID = ?, SOURCEHISTORYID = ? WHERE ALERTID = ?
alert.ps.updatehistoryid = UPDATE ALERT SET HISTORYID = ?, SOURCEHISTORYID = ? WHERE ALERTID = ?
Expand Down
1 change: 1 addition & 0 deletions zap/db/mysql.schema
Expand Up @@ -41,6 +41,7 @@ CREATE TABLE `ALERT` (
`EVIDENCE` longtext,
`CWEID` int(11) DEFAULT '-1',
`WASCID` int(11) DEFAULT '-1',
`SOURCEID` int(11) DEFAULT '0',
PRIMARY KEY (`ALERTID`),
KEY `ALERT_INDEX` (`SOURCEHISTORYID`)
) ENGINE=InnoDB AUTO_INCREMENT=9436 DEFAULT CHARSET=latin1;
Expand Down
3 changes: 2 additions & 1 deletion zap/db/zapdb.script
Expand Up @@ -41,8 +41,9 @@ CREATE INDEX HISTORY_INDEX ON PUBLIC.HISTORY(URI,METHOD,REQBODY,SESSIONID,HISTTY
CREATE INDEX INDEX_HISTORY_HISTTYPE ON PUBLIC.HISTORY(HISTTYPE)
CREATE INDEX INDEX_HISTORY_SESSIONID ON PUBLIC.HISTORY(SESSIONID)
CREATE CACHED TABLE PUBLIC.SESSION(SESSIONID BIGINT NOT NULL PRIMARY KEY,SESSIONNAME VARCHAR(32768) DEFAULT '',LASTACCESS TIMESTAMP DEFAULT LOCALTIMESTAMP NOT NULL)
CREATE CACHED TABLE PUBLIC.ALERT(ALERTID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,SCANID INTEGER NOT NULL,PLUGINID INTEGER DEFAULT 0,ALERT VARCHAR(16777216) DEFAULT '',RISK INTEGER DEFAULT 0,RELIABILITY INTEGER DEFAULT 1,DESCRIPTION VARCHAR(16777216) DEFAULT '',URI VARCHAR(1048576) DEFAULT '',PARAM VARCHAR(32768) DEFAULT '',OTHERINFO VARCHAR(16777216) DEFAULT '',SOLUTION VARCHAR(16777216) DEFAULT '',REFERENCE VARCHAR(16777216) DEFAULT '',HISTORYID INTEGER, SOURCEHISTORYID INTEGER DEFAULT 0, ATTACK VARCHAR(32768) DEFAULT '', EVIDENCE VARCHAR(16777216) DEFAULT '', CWEID INTEGER DEFAULT -1, WASCID INTEGER DEFAULT -1)
CREATE CACHED TABLE PUBLIC.ALERT(ALERTID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,SCANID INTEGER NOT NULL,PLUGINID INTEGER DEFAULT 0,ALERT VARCHAR(16777216) DEFAULT '',RISK INTEGER DEFAULT 0,RELIABILITY INTEGER DEFAULT 1,DESCRIPTION VARCHAR(16777216) DEFAULT '',URI VARCHAR(1048576) DEFAULT '',PARAM VARCHAR(32768) DEFAULT '',OTHERINFO VARCHAR(16777216) DEFAULT '',SOLUTION VARCHAR(16777216) DEFAULT '',REFERENCE VARCHAR(16777216) DEFAULT '',HISTORYID INTEGER, SOURCEHISTORYID INTEGER DEFAULT 0, ATTACK VARCHAR(32768) DEFAULT '', EVIDENCE VARCHAR(16777216) DEFAULT '', CWEID INTEGER DEFAULT -1, WASCID INTEGER DEFAULT -1, SOURCEID INTEGER DEFAULT 0)
CREATE INDEX ALERT_INDEX ON PUBLIC.ALERT(SOURCEHISTORYID)
CREATE INDEX INDEX_ALERT_SOURCEID ON PUBLIC.ALERT(SOURCEID)
ALTER TABLE PUBLIC.ALERT ALTER COLUMN ALERTID RESTART WITH 0
CREATE CACHED TABLE PUBLIC.SCAN(SCANID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,SESSIONID BIGINT NOT NULL,SCANNAME VARCHAR(32768) DEFAULT '',SCANTIME TIMESTAMP DEFAULT LOCALTIMESTAMP NOT NULL)
ALTER TABLE PUBLIC.SCAN ALTER COLUMN SCANID RESTART WITH 0
Expand Down
4 changes: 0 additions & 4 deletions zap/filter/dummy.txt

This file was deleted.

0 comments on commit 2e3a185

Please sign in to comment.