UNPKG

zaproxy

Version:

ZAP API Client for Node.js

github.com/zaproxy/zap-api-nodejs

zaproxy/zap-api-nodejs

273 lines (256 loc) 10.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
/* Zed Attack Proxy (ZAP) and its related class files. * * ZAP is an HTTP/HTTPS proxy for assessing web application security. * * Copyright 2023 the ZAP development team * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ 'use strict' /** * This file was automatically generated. */ function Alert (clientApi) { this.api = clientApi } /** * Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method * @param {string} id **/ Alert.prototype.alert = function (args) { return this.api.request('/alert/view/alert/', { id: args.id }) } /** * Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts * @param {string} baseurl - The highest URL in the Sites tree under which alerts should be included. * @param {string} start * @param {string} count * @param {string} riskid * @param {string} contextname - Optionally, the Context name which the Alerts' URLs are associated with. * @param {string} falsepositive - Optionally, a boolean indicating whether the results should include False Positive alerts. **/ Alert.prototype.alerts = function (args) { const params = { } if (args.baseurl && args.baseurl !== null) { params.baseurl = args.baseurl } if (args.start && args.start !== null) { params.start = args.start } if (args.count && args.count !== null) { params.count = args.count } if (args.riskid && args.riskid !== null) { params.riskId = args.riskid } if (args.contextname && args.contextname !== null) { params.contextName = args.contextname } if (args.falsepositive && args.falsepositive !== null) { params.falsePositive = args.falsepositive } return this.api.request('/alert/view/alerts/', params) } /** * Gets number of alerts grouped by each risk level, optionally filtering by URL * @param {string} baseurl - The highest URL in the Sites tree under which alerts should be included. **/ Alert.prototype.alertsSummary = function (args) { const params = { } if (args.baseurl && args.baseurl !== null) { params.baseurl = args.baseurl } return this.api.request('/alert/view/alertsSummary/', params) } /** * Gets the number of alerts, optionally filtering by URL or riskId * @param {string} baseurl - The highest URL in the Sites tree under which alerts should be included. * @param {string} riskid **/ Alert.prototype.numberOfAlerts = function (args) { const params = { } if (args.baseurl && args.baseurl !== null) { params.baseurl = args.baseurl } if (args.riskid && args.riskid !== null) { params.riskId = args.riskid } return this.api.request('/alert/view/numberOfAlerts/', params) } /** * Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url parameters) * @param {string} url * @param {string} recurse **/ Alert.prototype.alertsByRisk = function (args) { const params = { } if (args.url && args.url !== null) { params.url = args.url } if (args.recurse && args.recurse !== null) { params.recurse = args.recurse } return this.api.request('/alert/view/alertsByRisk/', params) } /** * Gets a count of the alerts, optionally filtered as per alertsPerRisk * @param {string} url * @param {string} recurse **/ Alert.prototype.alertCountsByRisk = function (args) { const params = { } if (args.url && args.url !== null) { params.url = args.url } if (args.recurse && args.recurse !== null) { params.recurse = args.recurse } return this.api.request('/alert/view/alertCountsByRisk/', params) } /** * Deletes all alerts of the current session. **/ Alert.prototype.deleteAllAlerts = function () { return this.api.request('/alert/action/deleteAllAlerts/') } /** * Deletes all the alerts optionally filtered by URL which fall within the Context with the provided name, risk, or base URL. * @param {string} contextname - The name of the Context for which the alerts should be deleted. * @param {string} baseurl - The highest URL in the Sites tree under which alerts should be deleted. * @param {string} riskid - The numeric risk representation ('0 - Informational' through '3 - High'). **/ Alert.prototype.deleteAlerts = function (args) { const params = { } if (args.contextname && args.contextname !== null) { params.contextName = args.contextname } if (args.baseurl && args.baseurl !== null) { params.baseurl = args.baseurl } if (args.riskid && args.riskid !== null) { params.riskId = args.riskid } return this.api.request('/alert/action/deleteAlerts/', params) } /** * Deletes the alert with the given ID. * @param {string} id **/ Alert.prototype.deleteAlert = function (args) { return this.api.request('/alert/action/deleteAlert/', { id: args.id }) } /** * Update the confidence of the alerts. * @param {string} ids - The IDs of the alerts to update (comma separated values). * @param {string} confidenceid - The numeric confidence representation ('1 - Low' through '3 - High' [user set values '0 - False Positive', and '4 - User Confirmed' are also available]). **/ Alert.prototype.updateAlertsConfidence = function (args) { return this.api.request('/alert/action/updateAlertsConfidence/', { ids: args.ids, confidenceId: args.confidenceid }) } /** * Update the risk of the alerts. * @param {string} ids - The IDs of the alerts to update (comma separated values). * @param {string} riskid - The numeric risk representation ('0 - Informational' through '3 - High'). **/ Alert.prototype.updateAlertsRisk = function (args) { return this.api.request('/alert/action/updateAlertsRisk/', { ids: args.ids, riskId: args.riskid }) } /** * Update the alert with the given ID, with the provided details. * @param {string} id - The ID of the alert to update. * @param {string} name - The name of the alert. * @param {string} riskid - The numeric risk representation ('0 - Informational' through '3 - High'). * @param {string} confidenceid - The numeric confidence representation ('1 - Low' through '3 - High' [user set values '0 - False Positive', and '4 - User Confirmed' are also available]). * @param {string} description - The description to be set to the alert. * @param {string} param - The name of the parameter applicable to the alert. * @param {string} attack - The attack (ex: injected string) used by the scan rule. * @param {string} otherinfo - Other information about the alert or test. * @param {string} solution - The solution for the alert. * @param {string} references - The reference details for the alert. * @param {string} evidence - The evidence associated with the alert. * @param {string} cweid - The CWE identifier associated with the alert. * @param {string} wascid - The WASC identifier associated with the alert. **/ Alert.prototype.updateAlert = function (args) { const params = { id: args.id, name: args.name, riskId: args.riskid, confidenceId: args.confidenceid, description: args.description } if (args.param && args.param !== null) { params.param = args.param } if (args.attack && args.attack !== null) { params.attack = args.attack } if (args.otherinfo && args.otherinfo !== null) { params.otherInfo = args.otherinfo } if (args.solution && args.solution !== null) { params.solution = args.solution } if (args.references && args.references !== null) { params.references = args.references } if (args.evidence && args.evidence !== null) { params.evidence = args.evidence } if (args.cweid && args.cweid !== null) { params.cweId = args.cweid } if (args.wascid && args.wascid !== null) { params.wascId = args.wascid } return this.api.request('/alert/action/updateAlert/', params) } /** * Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.) * @param {string} messageid - The ID of the message to which the alert should be associated. * @param {string} name - The name of the alert. * @param {string} riskid - The numeric risk representation ('0 - Informational' through '3 - High'). * @param {string} confidenceid - The numeric confidence representation ('1 - Low' through '3 - High' [user set values '0 - False Positive', and '4 - User Confirmed' are also available]). * @param {string} description - The description to be set to the alert. * @param {string} param - The name of the parameter applicable to the alert. * @param {string} attack - The attack (ex: injected string) used by the scan rule. * @param {string} otherinfo - Other information about the alert or test. * @param {string} solution - The solution for the alert. * @param {string} references - The reference details for the alert. * @param {string} evidence - The evidence associated with the alert. * @param {string} cweid - The CWE identifier associated with the alert. * @param {string} wascid - The WASC identifier associated with the alert. **/ Alert.prototype.addAlert = function (args) { const params = { messageId: args.messageid, name: args.name, riskId: args.riskid, confidenceId: args.confidenceid, description: args.description } if (args.param && args.param !== null) { params.param = args.param } if (args.attack && args.attack !== null) { params.attack = args.attack } if (args.otherinfo && args.otherinfo !== null) { params.otherInfo = args.otherinfo } if (args.solution && args.solution !== null) { params.solution = args.solution } if (args.references && args.references !== null) { params.references = args.references } if (args.evidence && args.evidence !== null) { params.evidence = args.evidence } if (args.cweid && args.cweid !== null) { params.cweId = args.cweid } if (args.wascid && args.wascid !== null) { params.wascId = args.wascid } return this.api.request('/alert/action/addAlert/', params) } module.exports = Alert