Scripts result via ZAP API

[Shubham Patel]

Hello, 

Can we access Script results via ZAP API? In the API documentation, I found the APIs for the loading and running scripts but I didn't see any API for the reading result.

If the API is not there, is there any common practice that you're using to access those results?

Thanks,

Shubham

[Simon Bennetts]

Hi Shubham,

There is not currently a single API endpoint which allows you to do that.

I've raised an issue for this: https://github.com/zaproxy/zaproxy/issues/7114

In that issue I describe 2 ways in which you can use extender scripts to have the same effect right now.

If you want to try implementing either of these options then let us know if you have any questions - a generic version of one or both of these solutions would be good to add to https://github.com/zaproxy/community-scripts

Cheers,

Simon

[Simon Bennetts]

Someone just reminded me that you could also use script variables - these are already supported by the API.

So you could change your script to outout data into a script variables and then read that via the existing API call.

https://www.zaproxy.org/docs/desktop/addons/script-console/#custom-globalscript-variables

Note that the API only returns Strings so you would need to parse the result.

Theres also going to be a size limit although I cant remember what that is offhand.

Cheers,

Simon

[Shubham Patel]

Thank you

[Shubham Patel]

Here is the variable I found in the code for the size limit

static final int MAX_VALUE_SIZE = 1024 * 1024;