zaproxy · kingthorin · Jun 1, 2019 · May 30, 2019
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Minimum Python 3 version is now 3.4.
 
 ### Changed
+- Update core APIs for ZAP 2.8.0.
 - Allow to validate the status code returned by the ZAP API, to fail
 sooner if the API request was not successful. This can be enabled when
 instantiating the `ZAPv2` class with the argument `validate_status_code`

diff --git a/src/zapv2/__init__.py b/src/zapv2/__init__.py
@@ -26,6 +26,7 @@
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
 
 from .acsrf import acsrf
+from .alert import alert
 from .ascan import ascan
 from .ajaxSpider import ajaxSpider
 from .authentication import authentication
@@ -80,6 +81,7 @@ def __init__(self, proxies=None, apikey=None, validate_status_code=False):
         self.__validate_status_code=validate_status_code
 
         self.acsrf = acsrf(self)
+        self.alert = alert(self)
         self.ajaxSpider = ajaxSpider(self)
         self.ascan = ascan(self)
         self.authentication = authentication(self)

diff --git a/src/zapv2/alert.py b/src/zapv2/alert.py
@@ -0,0 +1,103 @@
+# Zed Attack Proxy (ZAP) and its related class files.
+#
+# ZAP is an HTTP/HTTPS proxy for assessing web application security.
+#
+# Copyright 2019 the ZAP development team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+This file was automatically generated.
+"""
+
+import six
+
+
+class alert(object):
+
+    def __init__(self, zap):
+        self.zap = zap
+
+    def alert(self, id):
+        """
+        Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alert/', {'id': id})))
+
+    def alerts(self, baseurl=None, start=None, count=None, riskid=None):
+        """
+        Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts
+        """
+        params = {}
+        if baseurl is not None:
+            params['baseurl'] = baseurl
+        if start is not None:
+            params['start'] = start
+        if count is not None:
+            params['count'] = count
+        if riskid is not None:
+            params['riskId'] = riskid
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alerts/', params)))
+
+    def alerts_summary(self, baseurl=None):
+        """
+        Gets number of alerts grouped by each risk level, optionally filtering by URL
+        """
+        params = {}
+        if baseurl is not None:
+            params['baseurl'] = baseurl
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alertsSummary/', params)))
+
+    def number_of_alerts(self, baseurl=None, riskid=None):
+        """
+        Gets the number of alerts, optionally filtering by URL or riskId
+        """
+        params = {}
+        if baseurl is not None:
+            params['baseurl'] = baseurl
+        if riskid is not None:
+            params['riskId'] = riskid
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/numberOfAlerts/', params)))
+
+    def alerts_by_risk(self, url=None, recurse=None):
+        """
+        Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url parameters)
+        """
+        params = {}
+        if url is not None:
+            params['url'] = url
+        if recurse is not None:
+            params['recurse'] = recurse
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alertsByRisk/', params)))
+
+    def alert_counts_by_risk(self, url=None, recurse=None):
+        """
+        Gets a count of the alerts, optionally filtered as per alertsPerRisk
+        """
+        params = {}
+        if url is not None:
+            params['url'] = url
+        if recurse is not None:
+            params['recurse'] = recurse
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/view/alertCountsByRisk/', params)))
+
+    def delete_all_alerts(self, apikey=''):
+        """
+        Deletes all alerts of the current session.
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/deleteAllAlerts/', {'apikey': apikey})))
+
+    def delete_alert(self, id, apikey=''):
+        """
+        Deletes the alert with the given ID. 
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'alert/action/deleteAlert/', {'id': id, 'apikey': apikey})))
diff --git a/src/zapv2/ascan.py b/src/zapv2/ascan.py
@@ -67,6 +67,9 @@ def excluded_from_scan(self):
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/view/excludedFromScan/')))
 
     def scanners(self, scanpolicyname=None, policyid=None):
+        """
+        Gets the scanners, optionally, of the given scan policy and/or scanner policy/category ID.
+        """
         params = {}
         if scanpolicyname is not None:
             params['scanPolicyName'] = scanpolicyname
@@ -159,6 +162,13 @@ def option_target_params_injectable(self):
     def option_thread_per_host(self):
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/view/optionThreadPerHost/')))
 
+    @property
+    def option_add_query_param(self):
+        """
+        Tells whether or not the active scanner should add a query parameter to GET request that don't have parameters to start with.
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/view/optionAddQueryParam/')))
+
     @property
     def option_allow_attack_on_start(self):
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/view/optionAllowAttackOnStart/')))
@@ -272,24 +282,36 @@ def exclude_from_scan(self, regex, apikey=''):
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/action/excludeFromScan/', {'regex': regex, 'apikey': apikey})))
 
     def enable_all_scanners(self, scanpolicyname=None, apikey=''):
+        """
+        Enables all scanners of the scan policy with the given name, or the default if none given.
+        """
         params = {'apikey': apikey}
         if scanpolicyname is not None:
             params['scanPolicyName'] = scanpolicyname
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/action/enableAllScanners/', params)))
 
     def disable_all_scanners(self, scanpolicyname=None, apikey=''):
+        """
+        Disables all scanners of the scan policy with the given name, or the default if none given.
+        """
         params = {'apikey': apikey}
         if scanpolicyname is not None:
             params['scanPolicyName'] = scanpolicyname
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/action/disableAllScanners/', params)))
 
     def enable_scanners(self, ids, scanpolicyname=None, apikey=''):
+        """
+        Enables the scanners with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.
+        """
         params = {'ids': ids, 'apikey': apikey}
         if scanpolicyname is not None:
             params['scanPolicyName'] = scanpolicyname
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/action/enableScanners/', params)))
 
     def disable_scanners(self, ids, scanpolicyname=None, apikey=''):
+        """
+        Disables the scanners with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.
+        """
         params = {'ids': ids, 'apikey': apikey}
         if scanpolicyname is not None:
             params['scanPolicyName'] = scanpolicyname
@@ -392,6 +414,12 @@ def set_option_attack_policy(self, string, apikey=''):
     def set_option_default_policy(self, string, apikey=''):
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/action/setOptionDefaultPolicy/', {'String': string, 'apikey': apikey})))
 
+    def set_option_add_query_param(self, boolean, apikey=''):
+        """
+        Sets whether or not the active scanner should add a query param to GET requests which do not have parameters to start with.
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/action/setOptionAddQueryParam/', {'Boolean': boolean, 'apikey': apikey})))
+
     def set_option_allow_attack_on_start(self, boolean, apikey=''):
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'ascan/action/setOptionAllowAttackOnStart/', {'Boolean': boolean, 'apikey': apikey})))
 

diff --git a/src/zapv2/authentication.py b/src/zapv2/authentication.py
@@ -29,28 +29,52 @@ def __init__(self, zap):
 
     @property
     def get_supported_authentication_methods(self):
+        """
+        Gets the name of the authentication methods.
+        """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/view/getSupportedAuthenticationMethods/')))
 
     def get_authentication_method_config_params(self, authmethodname):
+        """
+        Gets the configuration parameters for the authentication method with the given name.
+        """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/view/getAuthenticationMethodConfigParams/', {'authMethodName': authmethodname})))
 
     def get_authentication_method(self, contextid):
+        """
+        Gets the name of the authentication method for the context with the given ID.
+        """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/view/getAuthenticationMethod/', {'contextId': contextid})))
 
     def get_logged_in_indicator(self, contextid):
+        """
+        Gets the logged in indicator for the context with the given ID.
+        """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/view/getLoggedInIndicator/', {'contextId': contextid})))
 
     def get_logged_out_indicator(self, contextid):
+        """
+        Gets the logged out indicator for the context with the given ID.
+        """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/view/getLoggedOutIndicator/', {'contextId': contextid})))
 
     def set_authentication_method(self, contextid, authmethodname, authmethodconfigparams=None, apikey=''):
+        """
+        Sets the authentication method for the context with the given ID.
+        """
         params = {'contextId': contextid, 'authMethodName': authmethodname, 'apikey': apikey}
         if authmethodconfigparams is not None:
             params['authMethodConfigParams'] = authmethodconfigparams
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/action/setAuthenticationMethod/', params)))
 
     def set_logged_in_indicator(self, contextid, loggedinindicatorregex, apikey=''):
+        """
+        Sets the logged in indicator for the context with the given ID.
+        """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/action/setLoggedInIndicator/', {'contextId': contextid, 'loggedInIndicatorRegex': loggedinindicatorregex, 'apikey': apikey})))
 
     def set_logged_out_indicator(self, contextid, loggedoutindicatorregex, apikey=''):
+        """
+        Sets the logged out indicator for the context with the given ID.
+        """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'authentication/action/setLoggedOutIndicator/', {'contextId': contextid, 'loggedOutIndicatorRegex': loggedoutindicatorregex, 'apikey': apikey})))
diff --git a/src/zapv2/autoupdate.py b/src/zapv2/autoupdate.py
@@ -48,6 +48,13 @@ def installed_addons(self):
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/installedAddons/')))
 
+    @property
+    def local_addons(self):
+        """
+        Returns a list with all local add-ons, installed or not.
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/view/localAddons/')))
+
     @property
     def new_addons(self):
         """
@@ -133,6 +140,9 @@ def install_addon(self, id, apikey=''):
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/installAddon/', {'id': id, 'apikey': apikey})))
 
+    def install_local_addon(self, file, apikey=''):
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'autoupdate/action/installLocalAddon/', {'file': file, 'apikey': apikey})))
+
     def uninstall_addon(self, id, apikey=''):
         """
         Uninstalls the specified add-on 

diff --git a/src/zapv2/context.py b/src/zapv2/context.py
@@ -71,6 +71,12 @@ def excluded_technology_list(self, contextname):
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/view/excludedTechnologyList/', {'contextName': contextname})))
 
+    def urls(self, contextname):
+        """
+        Lists the URLs accessed through/by ZAP, that belong to the context with the given name.
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/view/urls/', {'contextName': contextname})))
+
     def exclude_from_context(self, contextname, regex, apikey=''):
         """
         Add exclude regex to context
@@ -83,6 +89,12 @@ def include_in_context(self, contextname, regex, apikey=''):
         """
         return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/includeInContext/', {'contextName': contextname, 'regex': regex, 'apikey': apikey})))
 
+    def set_context_regexs(self, contextname, incregexs, excregexs, apikey=''):
+        """
+        Set the regexs to include and exclude for a context, both supplied as JSON string arrays
+        """
+        return six.next(six.itervalues(self.zap._request(self.zap.base + 'context/action/setContextRegexs/', {'contextName': contextname, 'incRegexs': incregexs, 'excRegexs': excregexs, 'apikey': apikey})))
+
     def new_context(self, contextname, apikey=''):
         """
         Creates a new context with the given name in the current session