Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
How it works
The main class is Tester.java:
input arguments : total 7 arguments (all paths must be absolute)
- Root owtf directory - Output Directory (owtf_review) for recorded scripts : owtf_review/misc/recorded_scripts for target scripts : owtf_review/targets/target_dir/zest - target config db (owtf_review/db/target_config.db) - Zest script - Target IDs - Transactions IDs - record true or false for e.g. If owtf root directory is /root/owtf, then above arguments will be, "/root/owtf" "/root/owtf/owtf_review/targets" "/root/owtf-ui/owtf_review/db/target_config.db" "/root/owtf-ui/owtf_review/misc/recorded_scripts/test.zst" "1 2" "2 3" "True" Tester.java takes the arguments, parses them and separates them. https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/Tester.java#L34 Then converts string of target IDs and transaction IDs into integer lists . https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/Tester.java#L44 Creates object of ScriptPrepare.java class. (This class takes the template file and Creates a ZestScriptWrapper and ZestScript from it.Explained in detail later) https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/Tester.java#L44 Then creates the DBHandler object and passes the transaction IDs and Targets IDs to that object. https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/Tester.java#L64 And at last, object of Creator.java class creates the final zest script and outputs it. Now Lets go through each module in order of their use.
Simplest module. Created to facilitate the process of creating ZestScriptWrapper and ZestScript from the template. Another simple and self-explanatory module called FileReader.java is used to read from the file. Basic ScriptWrapper is created and ZestScriptWrapper is inherited from the ScriptWrapper.
This is the main module of the project.It has mainly two methods : - CreateRecordScript - CreateTargetScript General idea in both of them is ,
And then at the end Convert_to_http() is called : https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/DBHandler.java#L119 This method converts list of CustomObject to HttpMessage list. Converting transaction to HttpMessage is the easiest way to create Zest script as ZAP already does that. So, final list of HttpMessage is stored as http_list.
This module adds HttpMessage to ZestScript as a ZestRequest. (For this ZestZapUtils has been imported as it already provides such functionality.) Then, two assertions are added. -Status code assertion -Response body length assertion (These are basic assertions to check request failed or passed.) https://github.com/dscarson/zest-owtf/blob/master/src/org/zest_owtf/mainclass/Creator.java#L55 and then script is written in the actual file using FileWrtr module.
This is the explanation of core modules of zest-owtf project. Most of the other minor details are self-explanatory. But if you still need help, you can mail me at firstname.lastname@example.org.