def show_alerts(zap_helper, alert_level, output_format, exit_code):
"""Show alerts at the given alert level."""
alerts = zap_helper.alerts(alert_level)
helpers.report_alerts(alerts, output_format)
if exit_code:
num_alerts = len(alerts)
sys.exit(num_alerts)
def show_alerts(zap_helper, alert_level, output_format, exit_code):
"""Show alerts at the given alert level."""
alerts = zap_helper.alerts(alert_level)
helpers.report_alerts(alerts, output_format)
if exit_code:
code = 1 if len(alerts) > 0 else 0
sys.exit(code)
def quick_scan(zap_helper, url, **options):
"""
Run a quick scan of a site by opening a URL, optionally spidering the URL,
running an Active Scan, and reporting any issues found.
This command contains most scan options as parameters, so you can do
everything in one go.
If any alerts are found for the given alert level, this command will exit
with a status code of 1.
"""
if options['self_contained']:
console.info('Starting ZAP daemon')
with helpers.zap_error_handler():
zap_helper.start(options['start_options'])
console.info('Running a quick scan for {0}'.format(url))
with helpers.zap_error_handler():
if options['scanners']:
zap_helper.set_enabled_scanners(options['scanners'])
if options['exclude']:
zap_helper.exclude_from_all(options['exclude'])
zap_helper.open_url(url)
if options['spider']:
zap_helper.run_spider(url, options['context_name'],
options['user_name'])
if options['ajax_spider']:
zap_helper.run_ajax_spider(url)
zap_helper.run_active_scan(url, options['recursive'],
options['context_name'],
options['user_name'])
alerts = zap_helper.alerts(options['alert_level'])
helpers.report_alerts(alerts, options['output_format'])
if options['self_contained']:
console.info('Shutting down ZAP daemon')
with helpers.zap_error_handler():
zap_helper.shutdown()
# Customization: Soft fail for error codes
if len(alerts) > 0 and not options.get("soft_fail") and not os.getenv(
"SOFT_FAIL"):
exit_code = 1
else:
exit_code = 0
# exit_code = 1 if len(alerts) > 0 else 0
sys.exit(exit_code)
def quick_scan(zap_helper, urls, **options):
"""
Run a quick scan of a site by opening a URL, optionally spidering the URL,
running an Active Scan, and reporting any issues found.
This command contains most scan options as parameters, so you can do
everything in one go.
"""
if options['self_contained']:
console.info('Starting ZAP daemon')
with helpers.zap_error_handler():
zap_helper.start(options['start_options'])
console.info('Running a quick scan for {0}'.format(', '.join(urls)))
with helpers.zap_error_handler():
if options['scanners']:
zap_helper.set_enabled_scanners(options['scanners'])
if options['exclude']:
zap_helper.exclude_from_all(options['exclude'])
_ = [zap_helper.open_url(url) for url in urls]
if options['spider']:
_ = [zap_helper.run_spider(url) for url in urls]
if options['ajax_spider']:
_ = [zap_helper.run_ajax_spider(url) for url in urls]
_ = [
zap_helper.run_active_scan(url, recursive=options['recursive'])
for url in urls
]
alerts = zap_helper.alerts(options['alert_level'])
num_alerts = len(alerts)
helpers.report_alerts(alerts, options['output_format'])
if options['self_contained']:
console.info('Shutting down ZAP daemon')
with helpers.zap_error_handler():
zap_helper.shutdown()
sys.exit(num_alerts)
def quick_scan(zap_helper, url, **options):
"""
Run a quick scan of a site by opening a URL, optionally spidering the URL,
running an Active Scan, and reporting any issues found.
This command contains most scan options as parameters, so you can do
everything in one go.
If any alerts are found for the given alert level, this command will exit
with a status code of 1.
"""
if options['self_contained']:
console.info('Starting ZAP daemon')
with helpers.zap_error_handler():
zap_helper.start(options['start_options'])
console.info('Running a quick scan for {0}'.format(url))
with helpers.zap_error_handler():
if options['scanners']:
zap_helper.set_enabled_scanners(options['scanners'])
if options['exclude']:
zap_helper.exclude_from_all(options['exclude'])
zap_helper.open_url(url)
if options['spider']:
zap_helper.run_spider(url, options['context_name'], options['user_name'])
if options['ajax_spider']:
zap_helper.run_ajax_spider(url)
zap_helper.run_active_scan(url, options['recursive'], options['context_name'], options['user_name'])
alerts = zap_helper.alerts(options['alert_level'])
helpers.report_alerts(alerts, options['output_format'])
if options['self_contained']:
console.info('Shutting down ZAP daemon')
with helpers.zap_error_handler():
zap_helper.shutdown()
exit_code = 1 if len(alerts) > 0 else 0
sys.exit(exit_code)
