All Downloads are FREE. Search and download functionalities are using the official Maven repository.

net.continuumsecurity.proxy.ScanningProxy Maven / Gradle / Ivy

There is a newer version: 5.1.4
Show newest version
package net.continuumsecurity.proxy;

import net.continuumsecurity.proxy.model.Context;
import net.continuumsecurity.proxy.model.Script;
import org.zaproxy.clientapi.core.Alert;

import java.io.IOException;
import java.util.List;
import java.util.regex.Pattern;

public interface ScanningProxy extends LoggingProxy {

    /*
         Return all results as a list of org.zaproxy.clientapi.core.Alert
     */
    List getAlerts() throws ProxyException;

    /*
        As above, but for a specific range of records
     */
    List getAlerts(int start, int count) throws ProxyException;

    /*
        The number of available alerts
     */
    int getAlertsCount() throws ProxyException;

    public void deleteAlerts() throws ProxyException;
    /*
        Perform an active scan of everything that was logged by the proxy
     */
    public void scan(String url) throws ProxyException;

    /*
        Return the percentage completion of the current scan
     */
    public int getScanProgress(int scanId) throws ProxyException;

    public int getLastScannerScanId() throws ProxyException;

    public byte[] getXmlReport() throws ProxyException;

    public byte[] getHtmlReport() throws ProxyException;

    void setScannerAttackStrength(String scannerId, String strength) throws ProxyException;

    void setScannerAlertThreshold(String scannerId, String threshold) throws ProxyException;

    public void setEnableScanners(String ids, boolean enabled) throws ProxyException;

    public void disableAllScanners() throws ProxyException;

    public void enableAllScanners() throws ProxyException;

    public void setEnablePassiveScan(boolean enabled) throws ProxyException;

    public void excludeFromScanner(String regex) throws ProxyException;

    /**
     * Shuts down ZAP.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    public void shutdown() throws ProxyException;

    /**
     * Enables handling of anti CSRF tokens during active scanning.
     * @param enabled Boolean flag to enable / disable handling of anti CSRF tokens during active scan.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    public void setOptionHandleAntiCSRFTokens(boolean enabled) throws ProxyException;

    /**
     * Creates a new context with given context name and sets it in scope if @param inScope is true.
     *
     * @param contextName Name of the context.
     * @param inScope     true to set context in scope.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    void createContext(String contextName, boolean inScope) throws ProxyException;

    /**
     * Adds include regex to the given context.
     *
     * @param contextName Name of the context.
     * @param regex        Regex to include in context.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    void includeRegexInContext(String contextName, Pattern regex) throws ProxyException;

    /**
     * Adds include parent url to the given content.
     * @param contextName Name of the context.
     * @param parentUrl Parent URL to include in context.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    void includeUrlTreeInContext(String contextName, String parentUrl) throws ProxyException;

    /**
     * Add exclude regex to the given context.
     * @param contextName Name of the context.
     * @param regex Regex to exclude from context.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    void excludeRegexFromContext(String contextName, Pattern regex) throws ProxyException;

    /**
     * Add exclude regex to the given context.
     * @param contextName Name of the context.
     * @param parentUrl Parent URL to exclude from context.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    void excludeParentUrlFromContext(String contextName, String parentUrl) throws ProxyException;

    /**
     * Returns Context details for a given context name.
     * @param contextName Name of context.
     * @return Context details for the given context
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     * @throws IOException - thrown if we can not decode objects
     */
    Context getContextInfo(String contextName) throws ProxyException, IOException;

    /**
     * Returns list of context names.
     * @return List of context names.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    List getContexts() throws ProxyException;

    /**
     * Sets the given context in or out of scope.
     * @param contextName Name of the context.
     * @param inScope true - Sets the context in scope. false - Sets the context out of scope.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    void setContextInScope(String contextName, boolean inScope) throws ProxyException;

    /**
     * Returns the list of included regexs for the given context.
     * @param contextName Name of the context.
     * @return List of include regexs.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    List getIncludedRegexs(String contextName) throws ProxyException;

    /**
     * Returns the list of excluded regexs for the given context.
     * @param contextName Name of the context.
     * @return List of exclude regexs.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    List getExcludedRegexs(String contextName) throws ProxyException;

    /**
     * Returns the list of Anti CSRF token names.
     * @return List of Anti CSRF token names.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    List getAntiCsrfTokenNames() throws ProxyException;

    /**
     * Adds an anti CSRF token with the given name, enabled by default.
     * @param tokenName Anti CSRF token name.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    void addAntiCsrfToken(String tokenName) throws ProxyException;

    /**
     * Removes the anti CSRF token with the given name.
     * @param tokenName Anti CSRF token name.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    void removeAntiCsrfToken(String tokenName) throws ProxyException;

    /**
     * Returns the list of scripting engines that ZAP supports.
     * @return List of script engines.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    List listEngines() throws ProxyException;

    /**
     * Returns the list of scripts loaded into ZAP.
     * @return List of scripts.
     * @throws ProxyException - thrown if we are unable to connect to the proxy server
     */
    List