Class: OwaspZap::Zap

Inherits:

Object

• Object
• OwaspZap::Zap

Defined in:

lib/owasp_zap.rb

Instance Attribute Summary

• #api_key ⇒ Object readonly

  Returns the value of attribute api_key.

• #base ⇒ Object

  Returns the value of attribute base.

• #target ⇒ Object

  Returns the value of attribute target.

• #zap_bin ⇒ Object

  Returns the value of attribute zap_bin.

Instance Method Summary

• #alerts ⇒ Object
• #ascan ⇒ Object

  attack.

• #auth ⇒ Object
• #html_report ⇒ Object
• #initialize(params = {}) ⇒ Zap constructor

  A new instance of Zap.

• #ok?(json_data) ⇒ Boolean
• #policy ⇒ Object
• #running? ⇒ Boolean
• #scanner ⇒ Object
• #shutdown ⇒ Object

  shutdown zap.

• #spider ⇒ Object
• #start(params = {}) ⇒ Object

  TODO DOCUMENT the step necessary: install ZAP under $home/ZAP or should be passed to new as :zap parameter.

• #status_for(component) ⇒ Object
• #xml_report ⇒ Object

  xml report maybe it should be refactored to alert.

Constructor Details

#initialize(params = {}) ⇒ Zap

Returns a new instance of Zap.

# File 'lib/owasp_zap.rb', line 23

def initialize(params = {})
    #TODO
    # handle params
    @base = params[:base] || "http://127.0.0.1:8080"
    @target = params[:target]
    @api_key = params[:api_key]
    @zap_bin = params [:zap] || "#{ENV['HOME']}/ZAP/zap.sh"
    @output = params[:output] || $stdout #default we log everything to the stdout
end

Instance Attribute Details

#api_key ⇒ Object (readonly)

Returns the value of attribute api_key.

# File 'lib/owasp_zap.rb', line 22

def api_key
  @api_key
end

#base ⇒ Object

Returns the value of attribute base.

# File 'lib/owasp_zap.rb', line 21

def base
  @base
end

#target ⇒ Object

Returns the value of attribute target.

# File 'lib/owasp_zap.rb', line 21

def target
  @target
end

#zap_bin ⇒ Object

Returns the value of attribute zap_bin.

# File 'lib/owasp_zap.rb', line 21

def zap_bin
  @zap_bin
end

Instance Method Details

#alerts ⇒ Object

# File 'lib/owasp_zap.rb', line 63

def alerts
    Zap::Alert.new(:base=>@base,:target=>@target)
end

#ascan ⇒ Object

attack

# File 'lib/owasp_zap.rb', line 72

def ascan
    Zap::Attack.new(:base=>@base,:target=>@target)
end

#auth ⇒ Object

# File 'lib/owasp_zap.rb', line 80

def auth
    Zap::Auth.new(:base=>@base)
end

#html_report ⇒ Object

# File 'lib/owasp_zap.rb', line 131

def html_report
    RestClient::get "#{@base}/OTHER/core/other/htmlreport/"
end

#ok?(json_data) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/owasp_zap.rb', line 46

def ok?(json_data)
    json_data.is_a?(Hash) and json_data[0] == "OK"
end

#policy ⇒ Object

# File 'lib/owasp_zap.rb', line 59

def policy
    Zap::Policy.new(:base=>@base)
end

#running? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/owasp_zap.rb', line 50

def running?
    begin
        response = RestClient::get "#{@base}"
    rescue Errno::ECONNREFUSED
        return false
    end
    response.code == 200
end

#scanner ⇒ Object

# File 'lib/owasp_zap.rb', line 67

def scanner
    Zap::Scanner.new(:base=>@base)
end

#shutdown ⇒ Object

shutdown zap

# File 'lib/owasp_zap.rb', line 121

def shutdown
    RestClient::get "#{@base}/JSON/core/action/shutdown/"
end

#spider ⇒ Object

# File 'lib/owasp_zap.rb', line 76

def spider
    Zap::Spider.new(:base=>@base,:target=>@target)
end

#start(params = {}) ⇒ Object

TODO DOCUMENT the step necessary: install ZAP under $home/ZAP or should be passed to new as :zap parameter

# File 'lib/owasp_zap.rb', line 86

def start(params = {})
    # default we are disabling api key
    params = {api_key:false}.merge(params)
    cmd_line = "#{@zap_bin}"
    case
    when params.key?(:daemon)
      cmd_line += " -daemon"
    when params.key?(:api_key)
      cmd_line += if params[:api_key] == true
        " -config api.key=#{@api_key}"
      else
        " -config api.disablekey=true"
      end
    end
    if params.key?(:host)
        cmd_line += " -host #{params[:host]}"
    end
    if params.key?(:port)
        cmd_line += " -port #{params[:port]}"
    end
    fork do
       # if you passed :output=>"file.txt" to the constructor, then it will send the forked process output
       # to this file (that means, ZAP stdout)
       unless @output == $stdout
        STDOUT.reopen(File.open(@output, 'w+'))
        STDOUT.sync = true
       end
       print "Running the following command: #{cmd_line} \n"

       exec cmd_line

    end
end

#status_for(component) ⇒ Object

# File 'lib/owasp_zap.rb', line 33

def status_for(component)
    case component
    when :ascan
        Zap::Attack.new(:base=>@base,:target=>@target).status
    when :spider
        Zap::Spider.new(:base=>@base,:target=>@target).status
    when :scan
        Zap::Scan.new(:base=>@base,:target=>@target).status
    else
        {:status=>"unknown component"}.to_json
    end

end

#xml_report ⇒ Object

xml report maybe it should be refactored to alert.

# File 'lib/owasp_zap.rb', line 127

def xml_report
    RestClient::get "#{@base}/OTHER/core/other/xmlreport/"
end