Update APIs of add-ons and core

Update core APIs for 2.17.0.
Add the APIs of the following add-ons:
 - Client Side Integration version 0.20.0;
 - Postman Support version 0.7.0.

Update the APIs of the following add-ons:
 - Automation Framework version 0.58.0;
 - Passive Scanner version 0.6.0;
 - Selenium version 15.43.0;
 - Spider version 0.18.0.

Signed-off-by: thc202 <[email protected]>

Author: thc202

CHANGELOG.md

@@ -4,6 +4,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
+### Added
+- Add the APIs of the following add-ons:
+  - Client Side Integration version 0.20.0;
+  - Postman Support version 0.7.0.
+
+### Changed
+- Update dependencies.
+- Update core APIs for 2.17.
+- Update the APIs of the following add-ons:
+  - Automation Framework version 0.58.0;
+  - OpenAPI Support version 48;
+  - Passive Scanner version 0.6.0;
+  - Selenium version 15.43.0;
+  - Spider version 0.18.0.
 
 ## [2.0.0-rc.6] - 2025-01-20
 ### Added

src/alert.js

@@ -41,6 +41,7 @@ Alert.prototype.alert = function (args) {
  * @param {string} count
  * @param {string} riskid
  * @param {string} contextname - Optionally, the Context name which the Alerts' URLs are associated with.
+ * @param {string} falsepositive - Optionally, a boolean indicating whether the results should include False Positive alerts.
  **/
 Alert.prototype.alerts = function (args) {
   const params = { }
@@ -59,6 +60,9 @@ Alert.prototype.alerts = function (args) {
   if (args.contextname && args.contextname !== null) {
     params.contextName = args.contextname
   }
+  if (args.falsepositive && args.falsepositive !== null) {
+    params.falsePositive = args.falsepositive
+  }
   return this.api.request('/alert/view/alerts/', params)
 }
 

src/alertFilter.js

@@ -29,7 +29,7 @@ function AlertFilter (clientApi) {
 /**
  * Lists the alert filters of the context with the given ID.
  * This component is optional and therefore the API will only work if it is installed
- * @param {string} contextid
+ * @param {string} contextid - The numeric ID of the context for which the filters should be listed.
  **/
 AlertFilter.prototype.alertFilterList = function (args) {
   return this.api.request('/alertFilter/view/alertFilterList/', { contextId: args.contextid })
@@ -46,19 +46,19 @@ AlertFilter.prototype.globalAlertFilterList = function () {
 /**
  * Adds a new alert filter for the context with the given ID.
  * This component is optional and therefore the API will only work if it is installed
- * @param {string} contextid
- * @param {string} ruleid
- * @param {string} newlevel
- * @param {string} url
- * @param {string} urlisregex
- * @param {string} parameter
- * @param {string} enabled
- * @param {string} parameterisregex
- * @param {string} attack
- * @param {string} attackisregex
- * @param {string} evidence
- * @param {string} evidenceisregex
- * @param {string} methods
+ * @param {string} contextid - The numeric ID of the context for which the filter should be added.
+ * @param {string} ruleid - The numeric ID of the rule for which the filter should apply.
+ * @param {string} newlevel - The numeric risk representation ('0 - Informational' through '3 - High') ['-1 - False Positive'].
+ * @param {string} url - The URL for which the filter should apply (can be regex).
+ * @param {string} urlisregex - A boolean indicating whether or not the URL is a regex.
+ * @param {string} parameter - The parameter name for which the filter should apply (can be regex).
+ * @param {string} enabled - A boolean indicating whether or not the filter should be enabled.
+ * @param {string} parameterisregex - A boolean indicating whether or not the parameter name is a regex.
+ * @param {string} attack - The attack value for which the filter should apply (can be regex).
+ * @param {string} attackisregex - A boolean indicating whether or not the attack value is a regex.
+ * @param {string} evidence - The evidence value for which the filter should apply (can be regex).
+ * @param {string} evidenceisregex - A boolean indicating whether or not the evidence value is a regex.
+ * @param {string} methods - The HTTP methods (comma separated) for which the filter should apply.
  **/
 AlertFilter.prototype.addAlertFilter = function (args) {
   const params = { contextId: args.contextid, ruleId: args.ruleid, newLevel: args.newlevel }
@@ -98,19 +98,19 @@ AlertFilter.prototype.addAlertFilter = function (args) {
 /**
  * Removes an alert filter from the context with the given ID.
  * This component is optional and therefore the API will only work if it is installed
- * @param {string} contextid
- * @param {string} ruleid
- * @param {string} newlevel
- * @param {string} url
- * @param {string} urlisregex
- * @param {string} parameter
- * @param {string} enabled
- * @param {string} parameterisregex
- * @param {string} attack
- * @param {string} attackisregex
- * @param {string} evidence
- * @param {string} evidenceisregex
- * @param {string} methods
+ * @param {string} contextid - The numeric ID of the context for which the filter should be removed.
+ * @param {string} ruleid - The numeric ID of the rule for which the filter applies.
+ * @param {string} newlevel - The numeric risk representation ('0 - Informational' through '3 - High') ['-1 - False Positive'].
+ * @param {string} url - The URL for which the filter applies (can be regex).
+ * @param {string} urlisregex - A boolean indicating whether or not the URL is a regex.
+ * @param {string} parameter - The parameter name for which the filter applies (can be regex).
+ * @param {string} enabled - A boolean indicating whether or not the filter should be enabled.
+ * @param {string} parameterisregex - A boolean indicating whether or not the parameter name is a regex.
+ * @param {string} attack - The attack value for which the filter applies (can be regex).
+ * @param {string} attackisregex - A boolean indicating whether or not the attack value is a regex.
+ * @param {string} evidence - The evidence value for which the filter applies (can be regex).
+ * @param {string} evidenceisregex - A boolean indicating whether or not the evidence value is a regex.
+ * @param {string} methods - The HTTP methods (comma separated) for which the filter applies.
  **/
 AlertFilter.prototype.removeAlertFilter = function (args) {
   const params = { contextId: args.contextid, ruleId: args.ruleid, newLevel: args.newlevel }
@@ -150,18 +150,18 @@ AlertFilter.prototype.removeAlertFilter = function (args) {
 /**
  * Adds a new global alert filter.
  * This component is optional and therefore the API will only work if it is installed
- * @param {string} ruleid
- * @param {string} newlevel
- * @param {string} url
- * @param {string} urlisregex
- * @param {string} parameter
- * @param {string} enabled
- * @param {string} parameterisregex
- * @param {string} attack
- * @param {string} attackisregex
- * @param {string} evidence
- * @param {string} evidenceisregex
- * @param {string} methods
+ * @param {string} ruleid - The numeric ID of the rule for which the filter should apply.
+ * @param {string} newlevel - The numeric risk representation ('0 - Informational' through '3 - High') ['-1 - False Positive'].
+ * @param {string} url - The URL for which the filter should apply (can be regex).
+ * @param {string} urlisregex - A boolean indicating whether or not the URL is a regex.
+ * @param {string} parameter - The parameter name for which the filter should apply (can be regex).
+ * @param {string} enabled - A boolean indicating whether or not the filter should be enabled.
+ * @param {string} parameterisregex - A boolean indicating whether or not the parameter name is a regex.
+ * @param {string} attack - The attack value for which the filter should apply (can be regex).
+ * @param {string} attackisregex - A boolean indicating whether or not the attack value is a regex.
+ * @param {string} evidence - The evidence value for which the filter should apply (can be regex).
+ * @param {string} evidenceisregex - A boolean indicating whether or not the evidence value is a regex.
+ * @param {string} methods - The HTTP methods (comma separated) for which the filter should apply.
  **/
 AlertFilter.prototype.addGlobalAlertFilter = function (args) {
   const params = { ruleId: args.ruleid, newLevel: args.newlevel }
@@ -201,18 +201,18 @@ AlertFilter.prototype.addGlobalAlertFilter = function (args) {
 /**
  * Removes a global alert filter.
  * This component is optional and therefore the API will only work if it is installed
- * @param {string} ruleid
- * @param {string} newlevel
- * @param {string} url
- * @param {string} urlisregex
- * @param {string} parameter
- * @param {string} enabled
- * @param {string} parameterisregex
- * @param {string} attack
- * @param {string} attackisregex
- * @param {string} evidence
- * @param {string} evidenceisregex
- * @param {string} methods
+ * @param {string} ruleid - The numeric ID of the rule for which the filter applies.
+ * @param {string} newlevel - The numeric risk representation ('0 - Informational' through '3 - High') ['-1 - False Positive'].
+ * @param {string} url - The URL for which the filter applies (can be regex).
+ * @param {string} urlisregex - A boolean indicating whether or not the URL is a regex.
+ * @param {string} parameter - The parameter name for which the filter applies (can be regex).
+ * @param {string} enabled - A boolean indicating whether or not the filter should be enabled.
+ * @param {string} parameterisregex - A boolean indicating whether or not the parameter name is a regex.
+ * @param {string} attack - The attack value for which the filter applies (can be regex).
+ * @param {string} attackisregex - A boolean indicating whether or not the attack value is a regex.
+ * @param {string} evidence - The evidence value for which the filter applies (can be regex).
+ * @param {string} evidenceisregex - A boolean indicating whether or not the evidence value is a regex.
+ * @param {string} methods - The HTTP methods (comma separated) for which the filter applies.
  **/
 AlertFilter.prototype.removeGlobalAlertFilter = function (args) {
   const params = { ruleId: args.ruleid, newLevel: args.newlevel }

src/ascan.js

@@ -266,13 +266,27 @@ Ascan.prototype.optionEncodeCookieValues = function () {
   return this.api.request('/ascan/view/optionEncodeCookieValues/')
 }
 
+/**
+ * Tells whether or not the active scanner should exclude anti-csrf tokens from the scan.
+ **/
+Ascan.prototype.optionExcludeAntiCsrfTokens = function () {
+  return this.api.request('/ascan/view/optionExcludeAntiCsrfTokens/')
+}
+
 /**
  * Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scan rule that's sending the requests.
  **/
 Ascan.prototype.optionInjectPluginIdInHeader = function () {
   return this.api.request('/ascan/view/optionInjectPluginIdInHeader/')
 }
 
+/**
+ * Tells whether or not the temporary HTTP messages sent while active scanning should be persisted.
+ **/
+Ascan.prototype.optionPersistTemporaryMessages = function () {
+  return this.api.request('/ascan/view/optionPersistTemporaryMessages/')
+}
+
 /**
  *
  **/
@@ -734,6 +748,14 @@ Ascan.prototype.setOptionEncodeCookieValues = function (args) {
   return this.api.request('/ascan/action/setOptionEncodeCookieValues/', { Boolean: args.bool })
 }
 
+/**
+ * Sets whether or not the active scanner should exclude anti-csrf tokens from the scan.
+ * @param {string} bool - true if anti-csrf tokens should be excluded, false otherwise.
+ **/
+Ascan.prototype.setOptionExcludeAntiCsrfTokens = function (args) {
+  return this.api.request('/ascan/action/setOptionExcludeAntiCsrfTokens/', { Boolean: args.bool })
+}
+
 /**
  *
  * @param {string} bool
@@ -806,6 +828,14 @@ Ascan.prototype.setOptionMaxScansInUI = function (args) {
   return this.api.request('/ascan/action/setOptionMaxScansInUI/', { Integer: args.integer })
 }
 
+/**
+ * Sets whether or not the temporary HTTP messages sent while active scanning should be persisted.
+ * @param {string} bool - true if the temporary HTTP messages should be persisted, false otherwise.
+ **/
+Ascan.prototype.setOptionPersistTemporaryMessages = function (args) {
+  return this.api.request('/ascan/action/setOptionPersistTemporaryMessages/', { Boolean: args.bool })
+}
+
 /**
  *
  * @param {string} bool

src/automation.js

@@ -27,20 +27,34 @@ function Automation (clientApi) {
 }
 
 /**
+ * Returns the progress details for the specified planId
  * This component is optional and therefore the API will only work if it is installed
+ * @param {string} planid
  **/
 Automation.prototype.planProgress = function (args) {
   return this.api.request('/automation/view/planProgress/', { planId: args.planid })
 }
 
 /**
+ * Loads and asynchronously runs the plan in the specified file, returning a planId
  * This component is optional and therefore the API will only work if it is installed
+ * @param {string} filepath
  **/
 Automation.prototype.runPlan = function (args) {
   return this.api.request('/automation/action/runPlan/', { filePath: args.filepath })
 }
 
 /**
+ * Stops the running plan identified by the planId
+ * This component is optional and therefore the API will only work if it is installed
+ * @param {string} planid
+ **/
+Automation.prototype.stopPlan = function (args) {
+  return this.api.request('/automation/action/stopPlan/', { planId: args.planid })
+}
+
+/**
+ * Ends the currently running delay job, if any
  * This component is optional and therefore the API will only work if it is installed
  **/
 Automation.prototype.endDelayJob = function () {

src/client.js

@@ -0,0 +1,66 @@
+/* Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2025 the ZAP development team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+'use strict'
+
+/**
+ * This file was automatically generated.
+ */
+function Client (clientApi) {
+  this.api = clientApi
+}
+
+/**
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+Client.prototype.reportObject = function (args) {
+  return this.api.request('/client/action/reportObject/', { objectJson: args.objectjson })
+}
+
+/**
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+Client.prototype.reportEvent = function (args) {
+  return this.api.request('/client/action/reportEvent/', { eventJson: args.eventjson })
+}
+
+/**
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+Client.prototype.reportZestStatement = function (args) {
+  return this.api.request('/client/action/reportZestStatement/', { statementJson: args.statementjson })
+}
+
+/**
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+Client.prototype.reportZestScript = function (args) {
+  return this.api.request('/client/action/reportZestScript/', { scriptJson: args.scriptjson })
+}
+
+/**
+ * Exports the Client Map to a file.
+ * This component is optional and therefore the API will only work if it is installed
+ * @param {string} pathyaml - The file system path to the file.
+ **/
+Client.prototype.exportClientMap = function (args) {
+  return this.api.request('/client/action/exportClientMap/', { pathYaml: args.pathyaml })
+}
+
+module.exports = Client