我可以将owasp zap 与空手道框架集成吗?

问题描述 投票:0回答:1

我开始对项目中的api执行自动化测试, 我想运行安全验证,就像使用 owasp zap 扫描仪完成的那样,但沉浸在我的空手道自动化中。也就是说,当使用 owasp api 时会执行自动验证。 你知道这是否可以做到吗? 如果您可以为我提供任何指南,我将非常感激!

automation automated-tests karate owasp zap
1个回答
0
投票
public class ActiveScan {

    private static final int ZAP_PORT = 8080;
    private static final String ZAP_API_KEY = null;
    private static final String ZAP_ADDRESS = "localhost";
    private static final String TARGET = "https://public-firing-range.appspot.com";

    public static void main(String[] args) {

        ClientApi api = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);

        try {
            // TODO : explore the app (Spider, etc) before using the Active Scan API, Refer the explore section
            System.out.println("Active Scanning target : " + TARGET);
            ApiResponse resp = api.ascan.scan(TARGET, "True", "False", null, null, null);
            String scanid;
            int progress;

            // The scan now returns a scan id to support concurrent scanning
            scanid = ((ApiResponseElement) resp).getValue();
            // Poll the status until it completes
            while (true) {
                Thread.sleep(5000);
                progress =
                        Integer.parseInt(
                                ((ApiResponseElement) api.ascan.status(scanid)).getValue());
                System.out.println("Active Scan progress : " + progress + "%");
                if (progress >= 100) {
                    break;
                }
            }

            System.out.println("Active Scan complete");
            // Print vulnerabilities found by the scanning
            System.out.println("Alerts:");
            System.out.println(new String(api.core.xmlreport(), StandardCharsets.UTF_8));

        } catch (Exception e) {
            System.out.println("Exception : " + e.getMessage());
            e.printStackTrace();
        }
    }
}

您可以编写一个java实用程序并在功能文件中调用它。上面的代码是进行主动扫描,取自文档。尝试一下吧。文档链接:https://www.zaproxy.org/docs/api/?java#using-active-scan

© www.soinside.com 2019 - 2024. All rights reserved.