问题
I have trigger zap with Python API as below:-
Script source:-
https://github.com/zaproxy/zaproxy/wiki/ApiPython
I want an HTML report generated via command line.
I am trying to integrate same with Jenkins. I have found few plug-ins of Owasp in Jenkins but doesn't seem to work as expected.
Any idea, link, tutorials will really help me.
回答1:
At this URL/API ( http://ZAP-IP:PORT/UI/core/other/htmlreport/) user can get the report.
I havn't found any zap support plug-in so I have wrote selenium webdriver java script to accomplish my task. The code is :-
@Test
public void Report() {
System.setProperty("webdriver.chrome.driver",System.getProperty("user.dir")+"\\src\\lib\\chromedriver.exe");
ChromeOptions chromeOptions = new ChromeOptions();
chromeOptions.addArguments("--start-maximized");
WebDriver driver = new ChromeDriver(chromeOptions);
driver.manage().timeouts().implicitlyWait(30, TimeUnit.SECONDS);
driver.get("http://localhost:8080/UI/core/other/htmlreport");
driver.manage().timeouts().pageLoadTimeout(30, TimeUnit.SECONDS);
driver.findElement(By.id("apikey")).sendKeys("ChangeMe");
driver.findElement(By.id("button")).click();
SimpleDateFormat dateFormatForFoldername = new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss");
Date currentDate = new Date();
String folderDateFormat = dateFormatForFoldername.format(currentDate);
try {
URL oracle = new URL(driver.getCurrentUrl());
BufferedReader in = new BufferedReader(
new InputStreamReader(oracle.openStream()));
BufferedWriter writer = new BufferedWriter(new FileWriter("Reports"+File.separator+"OwaspReport-"+folderDateFormat+".html"));
String inputLine;
while ((inputLine = in.readLine()) != null){
try{
writer.write(inputLine);
}
catch(IOException e){
e.printStackTrace();
return;
}
}
in.close();
writer.close();
driver.quit();
}
catch(Exception ex) {
System.out.println(ex.getMessage());
ex.printStackTrace();
}
}
Note :- change the port in URL as per your zap port and replace the apiKey
Hope it will help you :)
回答2:
I found the python API would only connent to local zaproxy server, so jenkins slave and zaproxy server should be running in the same machine(pod).
I use jenkins pipeline and the publishHTML plugin to integrate report to jenkins result.
generate a report file in jenkins slave machine by python script
fHTML=open('/zap/report/zapreport.html', 'w') fHTML.write(zap.core.htmlreport()) fHTML.close()publish the report to jenkins result
sh "cp /zap/report/* ./report" publishHTML (target: [ allowMissing: false, alwaysLinkToLastBuild: false, keepAll: true, reportDir: 'report', reportFiles: 'zapreport.html', reportName: "Zaproxy Report" ])
来源:https://stackoverflow.com/questions/45617031/how-to-create-html-report-for-zapowasp-using-python-api-script-which-integrate