zaproxy
diff --git a/‎src/zapv2/acsrf.py‎
Lines changed: 4 additions & 4 deletions b/‎src/zapv2/acsrf.py‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/zapv2/ajaxSpider.py‎
Lines changed: 29 additions & 31 deletions b/‎src/zapv2/ajaxSpider.py‎
Lines changed: 29 additions & 31 deletions
diff --git a/‎src/zapv2/ascan.py‎
Lines changed: 112 additions & 10 deletions b/‎src/zapv2/ascan.py‎
Lines changed: 112 additions & 10 deletions
@@ -27,25 +27,25 @@ def __init__(self, zap):
     @property
     def option_tokens_names(self):
         """
-        Lists the names of all anti CSRF tokens
+        Lists the names of all anti-CSRF tokens
         """
         return next(self.zap._request(self.zap.base + 'acsrf/view/optionTokensNames/').itervalues())
 
     def add_option_token(self, string, apikey=''):
         """
-        Adds an anti CSRF token with the given name, enabled by default
+        Adds an anti-CSRF token with the given name, enabled by default
         """
         return next(self.zap._request(self.zap.base + 'acsrf/action/addOptionToken/', {'String' : string, 'apikey' : apikey}).itervalues())
 
     def remove_option_token(self, string, apikey=''):
         """
-        Removes the anti CSRF token with the given name
+        Removes the anti-CSRF token with the given name
         """
         return next(self.zap._request(self.zap.base + 'acsrf/action/removeOptionToken/', {'String' : string, 'apikey' : apikey}).itervalues())
 
     def gen_form(self, hrefid, apikey=''):
         """
-        Generate a form for testing lack of anti CSRF tokens - typically invoked via ZAP
+        Generate a form for testing lack of anti-CSRF tokens - typically invoked via ZAP
         """
         return (self.zap._request_other(self.zap.base_other + 'acsrf/other/genForm/', {'hrefId' : hrefid, 'apikey' : apikey}))
 
 
@@ -31,11 +31,16 @@ def status(self):
         """
         return next(self.zap._request(self.zap.base + 'ajaxSpider/view/status/').itervalues())
 
-    def results(self, start='', count=''):
+    def results(self, start=None, count=None):
         """
         This component is optional and therefore the API will only work if it is installed
         """
-        return next(self.zap._request(self.zap.base + 'ajaxSpider/view/results/', {'start' : start, 'count' : count}).itervalues())
+        params = {}
+        if start is not None:
+            params['start'] = start
+        if count is not None:
+            params['count'] = count
+        return next(self.zap._request(self.zap.base + 'ajaxSpider/view/results/', params).itervalues())
 
     @property
     def number_of_results(self):
@@ -45,39 +50,18 @@ def number_of_results(self):
         return next(self.zap._request(self.zap.base + 'ajaxSpider/view/numberOfResults/').itervalues())
 
     @property
-    def option_browser_id(self):
-        """
-        This component is optional and therefore the API will only work if it is installed
-        """
-        return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionBrowserId/').itervalues())
-
-    @property
-    def option_config_version_key(self):
+    def full_results(self):
         """
         This component is optional and therefore the API will only work if it is installed
         """
-        return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionConfigVersionKey/').itervalues())
+        return next(self.zap._request(self.zap.base + 'ajaxSpider/view/fullResults/').itervalues())
 
     @property
-    def option_current_version(self):
-        """
-        This component is optional and therefore the API will only work if it is installed
-        """
-        return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionCurrentVersion/').itervalues())
-
-    @property
-    def option_elems(self):
-        """
-        This component is optional and therefore the API will only work if it is installed
-        """
-        return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionElems/').itervalues())
-
-    @property
-    def option_elems_names(self):
+    def option_browser_id(self):
         """
         This component is optional and therefore the API will only work if it is installed
         """
-        return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionElemsNames/').itervalues())
+        return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionBrowserId/').itervalues())
 
     @property
     def option_event_wait(self):
@@ -142,17 +126,31 @@ def option_random_inputs(self):
         """
         return next(self.zap._request(self.zap.base + 'ajaxSpider/view/optionRandomInputs/').itervalues())
 
-    def scan(self, url='', inscope='', contextname='', subtreeonly='', apikey=''):
+    def scan(self, url=None, inscope=None, contextname=None, subtreeonly=None, apikey=''):
         """
         This component is optional and therefore the API will only work if it is installed
         """
-        return next(self.zap._request(self.zap.base + 'ajaxSpider/action/scan/', {'url' : url, 'inScope' : inscope, 'contextName' : contextname, 'subtreeOnly' : subtreeonly, 'apikey' : apikey}).itervalues())
+        params = {'apikey' : apikey}
+        if url is not None:
+            params['url'] = url
+        if inscope is not None:
+            params['inScope'] = inscope
+        if contextname is not None:
+            params['contextName'] = contextname
+        if subtreeonly is not None:
+            params['subtreeOnly'] = subtreeonly
+        return next(self.zap._request(self.zap.base + 'ajaxSpider/action/scan/', params).itervalues())
 
-    def scan_as_user(self, contextname, username, url='', subtreeonly='', apikey=''):
+    def scan_as_user(self, contextname, username, url=None, subtreeonly=None, apikey=''):
         """
         This component is optional and therefore the API will only work if it is installed
         """
-        return next(self.zap._request(self.zap.base + 'ajaxSpider/action/scanAsUser/', {'contextName' : contextname, 'userName' : username, 'url' : url, 'subtreeOnly' : subtreeonly, 'apikey' : apikey}).itervalues())
+        params = {'contextName' : contextname, 'userName' : username, 'apikey' : apikey}
+        if url is not None:
+            params['url'] = url
+        if subtreeonly is not None:
+            params['subtreeOnly'] = subtreeonly
+        return next(self.zap._request(self.zap.base + 'ajaxSpider/action/scanAsUser/', params).itervalues())
 
     def stop(self, apikey=''):
         """
 
@@ -52,6 +52,9 @@ def scan_policy_names(self):
 
     @property
     def excluded_from_scan(self):
+        """
+        Gets the regexes of URLs excluded from the active scans.
+        """
         return next(self.zap._request(self.zap.base + 'ascan/view/excludedFromScan/').itervalues())
 
     def scanners(self, scanpolicyname=None, policyid=None):
@@ -74,6 +77,27 @@ def policies(self, scanpolicyname=None, policyid=None):
     def attack_mode_queue(self):
         return next(self.zap._request(self.zap.base + 'ascan/view/attackModeQueue/').itervalues())
 
+    @property
+    def excluded_params(self):
+        """
+        Gets all the parameters that are excluded. For each parameter the following are shown: the name, the URL, and the parameter type.
+        """
+        return next(self.zap._request(self.zap.base + 'ascan/view/excludedParams/').itervalues())
+
+    @property
+    def option_excluded_param_list(self):
+        """
+        Use view excludedParams instead.
+        """
+        return next(self.zap._request(self.zap.base + 'ascan/view/optionExcludedParamList/').itervalues())
+
+    @property
+    def excluded_param_types(self):
+        """
+        Gets all the types of excluded parameters. For each type the following are shown: the ID and the name.
+        """
+        return next(self.zap._request(self.zap.base + 'ascan/view/excludedParamTypes/').itervalues())
+
     @property
     def option_attack_policy(self):
         return next(self.zap._request(self.zap.base + 'ascan/view/optionAttackPolicy/').itervalues())
@@ -86,10 +110,6 @@ def option_default_policy(self):
     def option_delay_in_ms(self):
         return next(self.zap._request(self.zap.base + 'ascan/view/optionDelayInMs/').itervalues())
 
-    @property
-    def option_excluded_param_list(self):
-        return next(self.zap._request(self.zap.base + 'ascan/view/optionExcludedParamList/').itervalues())
-
     @property
     def option_handle_anti_csrf_tokens(self):
         return next(self.zap._request(self.zap.base + 'ascan/view/optionHandleAntiCSRFTokens/').itervalues())
@@ -106,6 +126,14 @@ def option_max_chart_time_in_mins(self):
     def option_max_results_to_list(self):
         return next(self.zap._request(self.zap.base + 'ascan/view/optionMaxResultsToList/').itervalues())
 
+    @property
+    def option_max_rule_duration_in_mins(self):
+        return next(self.zap._request(self.zap.base + 'ascan/view/optionMaxRuleDurationInMins/').itervalues())
+
+    @property
+    def option_max_scan_duration_in_mins(self):
+        return next(self.zap._request(self.zap.base + 'ascan/view/optionMaxScanDurationInMins/').itervalues())
+
     @property
     def option_max_scans_in_ui(self):
         return next(self.zap._request(self.zap.base + 'ascan/view/optionMaxScansInUI/').itervalues())
@@ -128,6 +156,9 @@ def option_allow_attack_on_start(self):
 
     @property
     def option_inject_plugin_id_in_header(self):
+        """
+        Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.
+        """
         return next(self.zap._request(self.zap.base + 'ascan/view/optionInjectPluginIdInHeader/').itervalues())
 
     @property
@@ -153,8 +184,13 @@ def option_scan_headers_all_requests(self):
     def option_show_advanced_dialog(self):
         return next(self.zap._request(self.zap.base + 'ascan/view/optionShowAdvancedDialog/').itervalues())
 
-    def scan(self, url, recurse=None, inscopeonly=None, scanpolicyname=None, method=None, postdata=None, apikey=''):
-        params = {'url' : url, 'apikey' : apikey}
+    def scan(self, url=None, recurse=None, inscopeonly=None, scanpolicyname=None, method=None, postdata=None, contextid=None, apikey=''):
+        """
+        Runs the active scanner against the given URL and/or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if a Context is specified), the parameter 'scanPolicyName' allows to specify the scan policy (if none is given it uses the default scan policy), the parameters 'method' and 'postData' allow to select a given request in conjunction with the given URL.
+        """
+        params = {'apikey' : apikey}
+        if url is not None:
+            params['url'] = url
         if recurse is not None:
             params['recurse'] = recurse
         if inscopeonly is not None:
@@ -165,13 +201,21 @@ def scan(self, url, recurse=None, inscopeonly=None, scanpolicyname=None, method=
             params['method'] = method
         if postdata is not None:
             params['postData'] = postdata
+        if contextid is not None:
+            params['contextId'] = contextid
         return next(self.zap._request(self.zap.base + 'ascan/action/scan/', params).itervalues())
 
-    def scan_as_user(self, url, contextid, userid, recurse=None, scanpolicyname=None, method=None, postdata=None, apikey=''):
+    def scan_as_user(self, url=None, contextid=None, userid=None, recurse=None, scanpolicyname=None, method=None, postdata=None, apikey=''):
         """
         Active Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.
         """
-        params = {'url' : url, 'contextId' : contextid, 'userId' : userid, 'apikey' : apikey}
+        params = {'apikey' : apikey}
+        if url is not None:
+            params['url'] = url
+        if contextid is not None:
+            params['contextId'] = contextid
+        if userid is not None:
+            params['userId'] = userid
         if recurse is not None:
             params['recurse'] = recurse
         if scanpolicyname is not None:
@@ -207,9 +251,15 @@ def remove_all_scans(self, apikey=''):
         return next(self.zap._request(self.zap.base + 'ascan/action/removeAllScans/', {'apikey' : apikey}).itervalues())
 
     def clear_excluded_from_scan(self, apikey=''):
+        """
+        Clears the regexes of URLs excluded from the active scans.
+        """
         return next(self.zap._request(self.zap.base + 'ascan/action/clearExcludedFromScan/', {'apikey' : apikey}).itervalues())
 
     def exclude_from_scan(self, regex, apikey=''):
+        """
+        Adds a regex of URLs that should be excluded from the active scans.
+        """
         return next(self.zap._request(self.zap.base + 'ascan/action/excludeFromScan/', {'regex' : regex, 'apikey' : apikey}).itervalues())
 
     def enable_all_scanners(self, scanpolicyname=None, apikey=''):
@@ -266,12 +316,55 @@ def set_scanner_alert_threshold(self, id, alertthreshold, scanpolicyname=None, a
             params['scanPolicyName'] = scanpolicyname
         return next(self.zap._request(self.zap.base + 'ascan/action/setScannerAlertThreshold/', params).itervalues())
 
-    def add_scan_policy(self, scanpolicyname, apikey=''):
-        return next(self.zap._request(self.zap.base + 'ascan/action/addScanPolicy/', {'scanPolicyName' : scanpolicyname, 'apikey' : apikey}).itervalues())
+    def add_scan_policy(self, scanpolicyname, alertthreshold=None, attackstrength=None, apikey=''):
+        params = {'scanPolicyName' : scanpolicyname, 'apikey' : apikey}
+        if alertthreshold is not None:
+            params['alertThreshold'] = alertthreshold
+        if attackstrength is not None:
+            params['attackStrength'] = attackstrength
+        return next(self.zap._request(self.zap.base + 'ascan/action/addScanPolicy/', params).itervalues())
 
     def remove_scan_policy(self, scanpolicyname, apikey=''):
         return next(self.zap._request(self.zap.base + 'ascan/action/removeScanPolicy/', {'scanPolicyName' : scanpolicyname, 'apikey' : apikey}).itervalues())
 
+    def update_scan_policy(self, scanpolicyname, alertthreshold=None, attackstrength=None, apikey=''):
+        params = {'scanPolicyName' : scanpolicyname, 'apikey' : apikey}
+        if alertthreshold is not None:
+            params['alertThreshold'] = alertthreshold
+        if attackstrength is not None:
+            params['attackStrength'] = attackstrength
+        return next(self.zap._request(self.zap.base + 'ascan/action/updateScanPolicy/', params).itervalues())
+
+    def add_excluded_param(self, name, type=None, url=None, apikey=''):
+        """
+        Adds a new parameter excluded from the scan, using the specified name. Optionally sets if the new entry applies to a specific URL (default, all URLs) and sets the ID of the type of the parameter (default, ID of any type). The type IDs can be obtained with the view excludedParamTypes. 
+        """
+        params = {'name' : name, 'apikey' : apikey}
+        if type is not None:
+            params['type'] = type
+        if url is not None:
+            params['url'] = url
+        return next(self.zap._request(self.zap.base + 'ascan/action/addExcludedParam/', params).itervalues())
+
+    def modify_excluded_param(self, idx, name=None, type=None, url=None, apikey=''):
+        """
+        Modifies a parameter excluded from the scan. Allows to modify the name, the URL and the type of parameter. The parameter is selected with its index, which can be obtained with the view excludedParams.
+        """
+        params = {'idx' : idx, 'apikey' : apikey}
+        if name is not None:
+            params['name'] = name
+        if type is not None:
+            params['type'] = type
+        if url is not None:
+            params['url'] = url
+        return next(self.zap._request(self.zap.base + 'ascan/action/modifyExcludedParam/', params).itervalues())
+
+    def remove_excluded_param(self, idx, apikey=''):
+        """
+        Removes a parameter excluded from the scan, with the given index. The index can be obtained with the view excludedParams.
+        """
+        return next(self.zap._request(self.zap.base + 'ascan/action/removeExcludedParam/', {'idx' : idx, 'apikey' : apikey}).itervalues())
+
     def set_option_attack_policy(self, string, apikey=''):
         return next(self.zap._request(self.zap.base + 'ascan/action/setOptionAttackPolicy/', {'String' : string, 'apikey' : apikey}).itervalues())
 
@@ -291,6 +384,9 @@ def set_option_host_per_scan(self, integer, apikey=''):
         return next(self.zap._request(self.zap.base + 'ascan/action/setOptionHostPerScan/', {'Integer' : integer, 'apikey' : apikey}).itervalues())
 
     def set_option_inject_plugin_id_in_header(self, boolean, apikey=''):
+        """
+        Sets whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scanner that's sending the requests.
+        """
         return next(self.zap._request(self.zap.base + 'ascan/action/setOptionInjectPluginIdInHeader/', {'Boolean' : boolean, 'apikey' : apikey}).itervalues())
 
     def set_option_max_chart_time_in_mins(self, integer, apikey=''):
@@ -299,6 +395,12 @@ def set_option_max_chart_time_in_mins(self, integer, apikey=''):
     def set_option_max_results_to_list(self, integer, apikey=''):
         return next(self.zap._request(self.zap.base + 'ascan/action/setOptionMaxResultsToList/', {'Integer' : integer, 'apikey' : apikey}).itervalues())
 
+    def set_option_max_rule_duration_in_mins(self, integer, apikey=''):
+        return next(self.zap._request(self.zap.base + 'ascan/action/setOptionMaxRuleDurationInMins/', {'Integer' : integer, 'apikey' : apikey}).itervalues())
+
+    def set_option_max_scan_duration_in_mins(self, integer, apikey=''):
+        return next(self.zap._request(self.zap.base + 'ascan/action/setOptionMaxScanDurationInMins/', {'Integer' : integer, 'apikey' : apikey}).itervalues())
+
     def set_option_max_scans_in_ui(self, integer, apikey=''):
         return next(self.zap._request(self.zap.base + 'ascan/action/setOptionMaxScansInUI/', {'Integer' : integer, 'apikey' : apikey}).itervalues())