Permalink
Switch branches/tags
Commits on Nov 9, 2018
  1. Merge pull request #1884 from thc202/api-gen-update

    kingthorin committed Nov 9, 2018
    Update API generator for 2.7.0 and 2.8.0
Commits on Nov 8, 2018
  1. Update API generator for 2.7.0 and 2.8.0

    thc202 committed Nov 8, 2018
    Move ApiGenerator to api package to access core class.
    Add Websocket API to ApiGenerator.
    Change ApiGenerator to make use of the new core method (>=2.8.0) which
    allows to pass a ResourceBundle, to include the descriptions of the API
    endpoints being generated.
    Add dummy Messages.properties to be able to work with ZAP 2.7.0.
    Update generate-apis in build.xml file to include just the required
    files on the classpath and to depend on compile to work by itself.
    
    For zaproxy/zaproxy#5044 - NodeJS API Upgrade
Commits on Nov 1, 2018
  1. Extract class for verification of script templates (#1872)

    thc202 authored and psiinon committed Nov 1, 2018
    Extract a class from groovy's VerifyScriptTemplates class to match the
    class used by other scripting (beta) add-ons (e.g. Zest, Jython, JRuby),
    to reduce the changes needed when merging the branches.
Commits on Oct 31, 2018
  1. Merge pull request #1869 from binarymist/nodejsAPIUpgrade_fromMaster

    kingthorin committed Oct 31, 2018
    Updated node output dir
  2. Updated node output dir

    binarymist committed Oct 31, 2018
Commits on Oct 22, 2018
  1. websocket: wait for all expected pongs (#1851)

    thc202 authored and psiinon committed Oct 22, 2018
    Change WebSocketProxyUnitTest.shouldAnswerToPingWithPong to wait (with
    a timeout of 2 seconds) for the expected number of pongs instead of
    sleep some time.
    Change NanoWebSocketConnection to allow to set a listener to be notified
    of the messages (e.g. pongs) received, to support the previous case.
  2. quickstart: tweak error message (#1849)

    thc202 authored and psiinon committed Oct 22, 2018
    Include expected status code in the error message.
    Update changes in ZapAddOn.xml file.
  3. selenium: disable JSON viewer for AJAX Spider (#1848)

    thc202 authored and psiinon committed Oct 22, 2018
    Disable Firefox JSON viewer when returning a WebDriver for AJAX Spider
    to prevent the spider from crawling it.
    Add static methods to ExtensionSelenium to allow to get a WebDriver with
    a requester and Browser, to be used by BuiltInSingleWebDriverProvider.
    Change BuiltInSingleWebDriverProvider to call the new methods.
    Update changes in ZapAddOn.xml file.
  4. quickstart: inform when disabled by current mode (#1852)

    thc202 authored and psiinon committed Oct 22, 2018
    Change QuickStartPanel to show a message in the URL field when the mode
    does not allow to start the attack, also, disable the button that allows
    to select a target.
    Change ExtensionQuickStart to not initialise the view components if
    there's no view when the mode is changed.
    Update changes in ZapAddOn.xml file.
    
    Fix zaproxy/zaproxy#5069 - Add a message to explain why Quick Scan not
    available in protected etc modes
Commits on Oct 18, 2018
  1. spiderAjax: correct WebDriver requester ID (#1847)

    thc202 authored and psiinon committed Oct 18, 2018
    Change SpiderThread to get the WebDriver using AJAX_SPIDER_INITIATOR
    instead of SPIDER_INITIATOR.
    Update changes in ZapAddOn.xml file.
Commits on Oct 11, 2018
  1. Merge pull request #1839 from zapbot/master

    kingthorin committed Oct 11, 2018
    Latest files from Crowdin
  2. Latest files from Crowdin

    zapbot
    zapbot committed Oct 11, 2018
Commits on Oct 9, 2018
  1. websocket: sync event consumer management (#1834)

    thc202 authored and psiinon committed Oct 9, 2018
    Change WebSocketAPI to sync the management of event consumers and to the
    registered publishers to prevent concurrency issues.
    Tweak existing change in ZapAddOn.xml and about help page.
Commits on Oct 8, 2018
  1. Use core rule config constants (#1831)

    thc202 authored and psiinon committed Oct 8, 2018
    Replace literal strings with the corresponding core rule configuration
    constants. The add-ons are already targeting the minimum required ZAP
    version.
    Update changes in ZapAddOn.xml file (where needed).
Commits on Oct 7, 2018
  1. Merge pull request #1827 from zapbot/master

    kingthorin committed Oct 7, 2018
    Latest files from Crowdin
  2. Latest files from Crowdin

    zapbot
    zapbot committed Oct 7, 2018
Commits on Oct 4, 2018
  1. Merge pull request #1824 from thc202/ascanrules-bump-version

    kingthorin committed Oct 4, 2018
    ascanrules: prepare next dev iteration
  2. ascanrules: prepare next dev iteration

    thc202 committed Oct 4, 2018
    Update version and remove changes in ZapAddOn.xml file.
  3. ascanrules: fix typos in changes (#1823)

    thc202 authored and psiinon committed Oct 4, 2018
    Correct some typos in changes in ZapAddOn.xml file.
  4. ascanrules: correct time replacement (#1822)

    thc202 authored and psiinon committed Oct 4, 2018
    Change CommandInjectionPlugin to replace the time token directly without
    using MessageFormat, some of the payloads are quoted which would prevent
    the replacement (while one could escape the quotes and keep using the
    MessageFormat it would make the payloads harder to read and maintain).
    Add test to assert the expected behaviour.
    Update changes in ZapAddOn.xml file.
Commits on Oct 1, 2018
  1. Merge pull request #1816 from zapbot/master

    kingthorin committed Oct 1, 2018
    Latest files from Crowdin
  2. Merge pull request #1814 from ManosMagnus/websocketproxy_test_extend_…

    kingthorin committed Oct 1, 2018
    …interval
    
    Increase waiting interval at WebSocketProxyUnitTest by 10ms
  3. Latest files from Crowdin

    zapbot
    zapbot committed Oct 1, 2018
Commits on Sep 28, 2018
  1. Increase waiting interval by 10ms

    ManosMagnus committed Sep 28, 2018
Commits on Sep 26, 2018
  1. Merge pull request #1803 from thc202/test-msgs-sent

    kingthorin committed Sep 26, 2018
    Assert number of messages sent by scanners
  2. Remove unreachable strength/threshold cases (#1805)

    thc202 authored and psiinon committed Sep 26, 2018
    Remove switch cases using `DEFAULT` or `OFF` for `AttackStrength` and
    `AlertThreshold`, those cases do not happen, the methods used to obtain
    the strength/threshold return the value configured for the default
    strength (for example, MEDIUM) and the `OFF` is used to disable the
    scanners so the scanner would not even be called in that case.
    Update changes in ZapAddOn.xml file (where required).
  3. Merge pull request #1808 from zapbot/master

    kingthorin committed Sep 26, 2018
    Latest files from Crowdin
  4. Latest files from Crowdin

    zapbot
    zapbot committed Sep 26, 2018
Commits on Sep 25, 2018
  1. Assert number of messages sent by scanners

    thc202 committed Sep 24, 2018
    Add tests (for each attack strength) to assert the number of messages
    sent by the scanners (AbstractAppParamPlugin and AbstractAppPlugin).
Commits on Sep 21, 2018
  1. Merge pull request #1801 from zapbot/master

    thc202 committed Sep 21, 2018
    Latest files from Crowdin
  2. Latest files from Crowdin

    zapbot
    zapbot committed Sep 21, 2018
Commits on Sep 18, 2018
  1. Add Uninitialized Env Var WAF Bypass (#1797)

    Iceware authored and thc202 committed Sep 18, 2018
    I think is hard to know what Env is uninitialized on the target machine
    and as most env is in upper case, code just guesses a random lower case
    variable.
    cat /etc/passwd
    Could become:
    cat$xxx $xxx/etc$xxx/passwd
    
    Hardcode the limit in high to 24
    
    Fix zaproxy/zaproxy#4968 - Command Injection Uninitialized Env Var WAF
    Bypass.
Commits on Sep 17, 2018
  1. websocket: fix NPE when dispatching events (#1798)

    thc202 authored and psiinon committed Sep 17, 2018
    Change WebSocketAPI to check if the event has parameters before using
    them.
    Update changes in ZapAddOn.xml file and about help page.
  2. quickstart: notify when quick attack starts (#1796)

    thc202 authored and psiinon committed Sep 17, 2018
    Change AttackThread to notify when the attack starts, otherwise it would
    show outdated progress message while the URL was being accessed. Also,
    remove unnecessary variable and null initialisation/check.
    Update changes in ZapAddOn.xml file.
Commits on Aug 29, 2018
  1. Merge pull request #1785 from zapbot/master

    thc202 committed Aug 29, 2018
    Latest files from Crowdin