Skip to content

Commit

Permalink
Merge pull request #4 from Woolworths/master
Browse files Browse the repository at this point in the history
Fix for Python 3
  • Loading branch information
psiinon authored May 12, 2017
2 parents f7960f2 + cdf9cfd commit d5e83fe
Show file tree
Hide file tree
Showing 28 changed files with 630 additions and 564 deletions.
1 change: 1 addition & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ sudo: false
language: python
python:
- '2.7'
- '3.3'
install:
- pip install -U --force setuptools pip
- ./setup.py develop
Expand Down
19 changes: 11 additions & 8 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,13 @@
try:
from setuptools import setup, find_packages
except ImportError:
print "You must have setuptools installed to use setup.py. Exiting..."
print('You must have setuptools installed to use setup.py. Exiting...')
raise SystemExit(1)


install_dependencies = (
'requests'
'requests',
'six'
)
test_requirements = (
'mock',
Expand All @@ -24,30 +25,32 @@
)
setup(
name="python-owasp-zap-v2.4",
version="0.0.9",
version="0.0.10",
description="OWASP ZAP 2.6 API client",
long_description="OWASP Zed Attack Proxy 2.6 API python client (the 2.4 package name has been kept to make it easier to upgrade)",
author="ZAP development team",
author_email='',
url="https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project",
download_url="https://github.com/zaproxy/zap-api-python/releases/tag/0.0.9",
download_url="https://github.com/zaproxy/zap-api-python/releases/tag/0.0.10",
platforms=['any'],

license="ASL2.0",

package_dir={
'': 'src',
},
packages=find_packages('src'),

classifiers=[
'License :: OSI Approved :: Apache Software License',
'Development Status :: 5 - Production/Stable',
'Topic :: Security',
'Topic :: Software Development :: Libraries :: Python Modules',
'Intended Audience :: Developers',
'Intended Audience :: Information Technology',
'Programming Language :: Python'],
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.3',
'Programming Language :: Python :: 3.4',
],
install_requires=install_dependencies,
tests_require=test_requirements,
extras_require={'tests': test_requirements}
Expand Down
22 changes: 11 additions & 11 deletions src/examples/basic-spider-scan.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,39 +14,39 @@
# zap = ZAPv2(apikey=apikey, proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'})

# Proxy a request to the target so that ZAP has something to deal with
print 'Accessing target %s' % target
print('Accessing target {}'.format(target))
zap.urlopen(target)
# Give the sites tree a chance to get updated
time.sleep(2)

print 'Spidering target %s' % target
print('Spidering target {}'.format(target))
scanid = zap.spider.scan(target)
# Give the Spider a chance to start
time.sleep(2)
while (int(zap.spider.status(scanid)) < 100):
# Loop until the spider has finished
print 'Spider progress %: ' + zap.spider.status(scanid)
print('Spider progress %: {}'.format(zap.spider.status(scanid)))
time.sleep(2)

print 'Spider completed'
print ('Spider completed')

while (int(zap.pscan.records_to_scan) > 0):
print ('Records to passive scan : ' + zap.pscan.records_to_scan)
print ('Records to passive scan : {}'.format(zap.pscan.records_to_scan))
time.sleep(2)

print 'Passive Scan completed'
print ('Passive Scan completed')

print 'Active Scanning target %s' % target
print ('Active Scanning target {}'.format(target))
scanid = zap.ascan.scan(target)
while (int(zap.ascan.status(scanid)) < 100):
# Loop until the scanner has finished
print 'Scan progress %: ' + zap.ascan.status(scanid)
print ('Scan progress %: {}'.format(zap.ascan.status(scanid)))
time.sleep(5)

print 'Active Scan completed'
print ('Active Scan completed')

# Report the results

print 'Hosts: ' + ', '.join(zap.core.hosts)
print 'Alerts: '
print ('Hosts: {}'.format(', '.join(zap.core.hosts)))
print ('Alerts: ')
pprint (zap.core.alerts())
61 changes: 30 additions & 31 deletions src/zapv2/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,44 +20,41 @@
"""

__docformat__ = 'restructuredtext'
__version__ = '0.0.9'
__version__ = '0.0.10'

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning

from acsrf import acsrf
from ascan import ascan
from ajaxSpider import ajaxSpider
from authentication import authentication
from authorization import authorization
from autoupdate import autoupdate
from brk import brk
from context import context
from core import core
from forcedUser import forcedUser
from httpSessions import httpSessions
from importLogFiles import importLogFiles
from params import params
from pnh import pnh
from pscan import pscan
from reveal import reveal
from script import script
from search import search
from selenium import selenium
from sessionManagement import sessionManagement
from spider import spider
from stats import stats
from users import users
from .acsrf import acsrf
from .ascan import ascan
from .ajaxSpider import ajaxSpider
from .authentication import authentication
from .authorization import authorization
from .autoupdate import autoupdate
from .brk import brk
from .context import context
from .core import core
from .forcedUser import forcedUser
from .httpSessions import httpSessions
from .importLogFiles import importLogFiles
from .params import params
from .pnh import pnh
from .pscan import pscan
from .reveal import reveal
from .script import script
from .search import search
from .selenium import selenium
from .sessionManagement import sessionManagement
from .spider import spider
from .stats import stats
from .users import users


class ZAPv2(object):
"""
Client API implementation for integrating with ZAP v2.
"""
# base JSON api url
base = 'http://zap/JSON/'

# base OTHER api url
base_other = 'http://zap/OTHER/'

def __init__(self, proxies=None, apikey=None):
Expand Down Expand Up @@ -109,7 +106,7 @@ def __init__(self, proxies=None, apikey=None):
#if apikey is not None:
# self.session.headers['X-ZAP-API-Key'] = apikey

def urlopen(self, *args, **kwargs):
def urlopen(self, url, *args, **kwargs):
"""
Opens a url forcing the proxies to be used.
Expand All @@ -118,7 +115,7 @@ def urlopen(self, *args, **kwargs):
- `kwargs`: all other keyword arguments.
"""
# Must never leak the API key via proxied requests
return requests.get(*args, proxies=self.__proxies, verify=False, **kwargs).text
return requests.get(url, proxies=self.__proxies, verify=False, *args, **kwargs).text

def _request_api(self, url, query=None):
"""
Expand Down Expand Up @@ -153,7 +150,8 @@ def _request(self, url, get=None):
- `url`: the url to GET at.
- `get`: the dictionary to turn into GET variables.
"""
return self._request_api(url, get).json()
data = self._request_api(url, get)
return data.json()

def _request_other(self, url, get=None):
"""
Expand All @@ -163,4 +161,5 @@ def _request_other(self, url, get=None):
- `url`: the url to GET at.
- `get`: the dictionary to turn into GET variables.
"""
return self._request_api(url, get).text
data = self._request_api(url, get)
return data.text
13 changes: 7 additions & 6 deletions src/zapv2/acsrf.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@
This file was automatically generated.
"""

import six


class acsrf(object):

def __init__(self, zap):
Expand All @@ -29,24 +32,22 @@ def option_tokens_names(self):
"""
Lists the names of all anti-CSRF tokens
"""
return next(self.zap._request(self.zap.base + 'acsrf/view/optionTokensNames/').itervalues())
return six.next(six.itervalues(self.zap._request(self.zap.base + 'acsrf/view/optionTokensNames/')))

def add_option_token(self, string, apikey=''):
"""
Adds an anti-CSRF token with the given name, enabled by default
"""
return next(self.zap._request(self.zap.base + 'acsrf/action/addOptionToken/', {'String' : string, 'apikey' : apikey}).itervalues())
return six.next(six.itervalues(self.zap._request(self.zap.base + 'acsrf/action/addOptionToken/', {'String': string, 'apikey': apikey})))

def remove_option_token(self, string, apikey=''):
"""
Removes the anti-CSRF token with the given name
"""
return next(self.zap._request(self.zap.base + 'acsrf/action/removeOptionToken/', {'String' : string, 'apikey' : apikey}).itervalues())
return six.next(six.itervalues(self.zap._request(self.zap.base + 'acsrf/action/removeOptionToken/', {'String': string, 'apikey': apikey})))

def gen_form(self, hrefid, apikey=''):
"""
Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP
"""
return (self.zap._request_other(self.zap.base_other + 'acsrf/other/genForm/', {'hrefId' : hrefid, 'apikey' : apikey}))


return (self.zap._request_other(self.zap.base_other + 'acsrf/other/genForm/', {'hrefId': hrefid, 'apikey': apikey}))
Loading

0 comments on commit d5e83fe

Please sign in to comment.