Make browser to use during ajax scan configurable #1483

- add command line parameter and extend parts to save the specified browser id - update tests that needed change
mercedes-benz · Mar 28, 2024 · 5cbf8ac · 5cbf8ac
1 parent 52655cd
commit 5cbf8ac
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 23 deletions.
diff --git a/...r-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/cli/CommandLineSettings.java b/...r-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/cli/CommandLineSettings.java
@@ -53,6 +53,15 @@ public boolean isAjaxSpiderEnabled() {
         return ajaxSpiderEnabled;
     }
 
+    @Parameter(names = { "--ajaxSpiderBrowserId" }, description = "Set the browser id you want to use for the AjaxSpider module. "
+            + "Make sure the browser you want to use is installed on the system the scan is running. "
+            + "Supported browser are: [firefox-headless, firefox, chrome-headless, chrome, htmlunit, safari].", required = false)
+    private String ajaxSpiderBrowserId = "firefox-headless";
+
+    public String getAjaxSpiderBrowserId() {
+        return ajaxSpiderBrowserId;
+    }
+
     @Parameter(names = { "--activeScan" }, description = "Set this option to enable Zap active scan.", required = false)
     private boolean activeScanEnabled;
 

diff --git a/...-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/config/BrowserId.java b/...-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/config/BrowserId.java
diff --git a/...per-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/config/ZapScanContext.java b/...per-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/config/ZapScanContext.java
@@ -61,6 +61,7 @@ public class ZapScanContext {
 
     private File clientCertificateFile;
     private Map<String, File> headerValueFiles;
+    private String ajaxSpiderBrowserId;
 
     private ZapScanContext() {
     }
@@ -176,6 +177,10 @@ public Map<String, File> getHeaderValueFiles() {
         return Collections.unmodifiableMap(headerValueFiles);
     }
 
+    public String getAjaxSpiderBrowserId() {
+        return ajaxSpiderBrowserId;
+    }
+
     public static ZapScanContextBuilder builder() {
         return new ZapScanContextBuilder();
     }
@@ -225,6 +230,8 @@ public static class ZapScanContextBuilder {
 
         private Map<String, File> headerValueFiles = new HashMap<>();
 
+        private String ajaxSpiderBrowserId;
+
         public ZapScanContextBuilder setServerConfig(ZapServerConfiguration serverConfig) {
             this.serverConfig = serverConfig;
             return this;
@@ -340,6 +347,11 @@ public ZapScanContextBuilder addHeaderValueFiles(Map<String, File> headerValueFi
             return this;
         }
 
+        public ZapScanContextBuilder setAjaxSpiderBrowserId(String ajaxSpiderBrowserId) {
+            this.ajaxSpiderBrowserId = ajaxSpiderBrowserId;
+            return this;
+        }
+
         public ZapScanContext build() {
             ZapScanContext zapScanConfiguration = new ZapScanContext();
             zapScanConfiguration.serverConfig = this.serverConfig;
@@ -378,8 +390,9 @@ public ZapScanContext build() {
 
             zapScanConfiguration.headerValueFiles = this.headerValueFiles;
 
+            zapScanConfiguration.ajaxSpiderBrowserId = this.ajaxSpiderBrowserId;
+
             return zapScanConfiguration;
         }
-
     }
 }
diff --git a/...sp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/config/ZapScanContextFactory.java b/...sp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/config/ZapScanContextFactory.java
@@ -103,6 +103,7 @@ public ZapScanContext create(CommandLineSettings settings) {
 												.setReportFile(settings.getReportFile())
 												.setContextName(contextName)
 												.setAjaxSpiderEnabled(settings.isAjaxSpiderEnabled())
+												.setAjaxSpiderBrowserId(settings.getAjaxSpiderBrowserId())
 												.setActiveScanEnabled(settings.isActiveScanEnabled())
 												.setServerConfig(serverConfig)
 												.setAuthenticationType(authType)

diff --git a/...b-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/ZapScanner.java b/...b-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/ZapScanner.java
@@ -27,7 +27,6 @@
 import com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration;
 import com.mercedesbenz.sechub.zapwrapper.cli.ZapWrapperExitCode;
 import com.mercedesbenz.sechub.zapwrapper.cli.ZapWrapperRuntimeException;
-import com.mercedesbenz.sechub.zapwrapper.config.BrowserId;
 import com.mercedesbenz.sechub.zapwrapper.config.ProxyInformation;
 import com.mercedesbenz.sechub.zapwrapper.config.ZapScanContext;
 import com.mercedesbenz.sechub.zapwrapper.config.auth.SessionManagementType;
@@ -137,7 +136,7 @@ void setupStandardConfiguration() throws ClientApiException {
 
         LOG.info("Set browser for ajaxSpider.");
         // use firefox in headless mode by default
-        clientApiFacade.configureAjaxSpiderBrowserId(BrowserId.FIREFOX_HEADLESS.getBrowserId());
+        clientApiFacade.configureAjaxSpiderBrowserId(scanContext.getAjaxSpiderBrowserId());
     }
 
     void deactivateRules(ZapFullRuleset fullRuleset, DeactivatedRuleReferences deactivatedRuleReferences) throws ClientApiException {

diff --git a/...apper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/ZapScannerTest.java b/...apper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/ZapScannerTest.java
@@ -89,6 +89,7 @@ void beforeEach() {
         when(scanContext.getContextName()).thenReturn(contextName);
         when(scanContext.getZapProductMessageHelper()).thenReturn(helper);
         when(scanContext.getZapPDSEventHandler()).thenReturn(zapPDSEventHandler);
+        when(scanContext.getAjaxSpiderBrowserId()).thenReturn("firefox-headless");
 
         doNothing().when(helper).writeProductError(any());
         doNothing().when(helper).writeProductMessages(any());