Class: Zapr::Proxy

Inherits:

Object

• Object
• Zapr::Proxy

Defined in:

lib/zapr/zap.rb

Instance Method Summary

• #alerts ⇒ Object
• #attack ⇒ Object
• #exit_code ⇒ Object
• #initialize(target, zap_path, timeout) ⇒ Proxy constructor

  A new instance of Proxy.

• #pretty_alerts ⇒ Object
• #shutdown ⇒ Object
• #spider ⇒ Object
• #start ⇒ Object
• #summary ⇒ Object

Constructor Details

#initialize(target, zap_path, timeout) ⇒ Proxy

Returns a new instance of Proxy.

# File 'lib/zapr/zap.rb', line 12

def initialize(target, zap_path, timeout)
  @proxy = Zap.new(:target => target, :zap => zap_path)
  @timeout = timeout
end

Instance Method Details

#alerts ⇒ Object

# File 'lib/zapr/zap.rb', line 47

def alerts
  alerts = JSON.parse(@proxy.alerts.view)['alerts']
  alerts.sort_by! { |item| item["risk"] }
end

#attack ⇒ Object

# File 'lib/zapr/zap.rb', line 32

def attack
  Timeout.timeout(@timeout) do
    @proxy.ascan.start
    sleep(1) until (JSON.parse(@proxy.status_for(:ascan))['status'] == '100')
  end
end

#exit_code ⇒ Object

# File 'lib/zapr/zap.rb', line 52

def exit_code
  high = 0
  alerts.each do |alert|
    high += 1 if alert['risk'] == 'High'
  end
  return high
end

#pretty_alerts ⇒ Object

# File 'lib/zapr/zap.rb', line 43

def pretty_alerts
  JSON.pretty_generate(alerts)
end

#shutdown ⇒ Object

# File 'lib/zapr/zap.rb', line 39

def shutdown
  @proxy.shutdown
end

#spider ⇒ Object

# File 'lib/zapr/zap.rb', line 25

def spider
  Timeout.timeout(@timeout) do
    @proxy.spider.start
    sleep(1) until (JSON.parse(@proxy.status_for(:spider))['status'] == '100')
  end
end

#start ⇒ Object

# File 'lib/zapr/zap.rb', line 17

def start
  Timeout.timeout(@timeout) do
    @proxy.start(:daemon => true)
    sleep(1) until @proxy.running?
  end
end

#summary ⇒ Object

# File 'lib/zapr/zap.rb', line 60

def summary
  sorted = alerts.group_by { |item| item["alert"] }
  Terminal::Table.new :headings => ['Alert', 'Risk', 'URL'] do |t|
    sorted.each_with_index do |(alert_name, grouped_alerts), index|
      urls = []
      grouped_alerts.each do |alert|
        urls << alert['url']
      end
      t.add_separator unless index == 0
      t.add_row [alert_name, grouped_alerts[0]['risk'], urls.join("\n")]
    end
  end
end