Python parser for ZAP Reports
189 views
Skip to first unread message
matteo.d...@gmail.com
Jul 15, 2021, 4:39:16 AM7/15/21
to OWASP ZAP User Group
Hi Everyone
i wanted to ask you if someone already have tried to write a Python script to "parse" and generate a custom ZAP report. Something similar to this.
Why do i need this? The alert filter is still not working and the only thing i can do now is list all the URIs in a JSON and use a parser to exlude them from the report and create a new "whitelisted" report.
Thank you!
Navneet Debbadi
Nov 10, 2021, 4:41:56 AM11/10/21
to OWASP ZAP User Group
Hi,
am using Zap python API in our selenium python existing automation scripts to automate the Zap security tests.
In our existing Selenium +python automation framework, I have installed owasp python api v2.4 plugin to interact with Owasp Zap Tool via selenium scripts.
When I run my scripts in selenium python, the generated Zap reports should only have only Medium and High Level Alerts by eliminating Alerts of other Risk levels
How can we achieve Alert filteration in Zap reports via Zap python API through selenium code.
am using Zap python API in our selenium python existing automation scripts to automate the Zap security tests.
In our existing Selenium +python automation framework, I have installed owasp python api v2.4 plugin to interact with Owasp Zap Tool via selenium scripts.
When I run my scripts in selenium python, the generated Zap reports should only have only Medium and High Level Alerts by eliminating Alerts of other Risk levels
How can we achieve Alert filteration in Zap reports via Zap python API through selenium code.
Simon Bennetts
Nov 10, 2021, 4:44:46 AM11/10/21
to OWASP ZAP User Group
Hiya,
Use the new Report Generation add-on - that provides an API which allows you to filter on both risks and confidences.
Cheers,
Simon
Navneet Debbadi
Nov 11, 2021, 12:27:23 AM11/11/21
to OWASP ZAP User Group
The API method which allows us to filter alerts is Generate.
Below is the API method. The values for Title,template is throwing "Illegal target for variable annotation'. Can you let me know what values are supposed to be given for Title,Template ?
API method:
generate(self, title, template, theme=None, description=None, contexts=None, sites=None, sections=None, includedconfidences=None, includedrisks=None, reportfilename=None, reportfilenamepattern=None, reportdir=None, display=None, apikey=''):
generate(self, title, template, theme=None, description=None, contexts=None, sites=None, sections=None, includedconfidences=None, includedrisks=None, reportfilename=None, reportfilenamepattern=None, reportdir=None, display=None, apikey=''):
Simon Bennetts
Nov 11, 2021, 4:13:15 AM11/11/21
to OWASP ZAP User Group
Use the report generation add-on in the ZAP desktop to get an ide of what it will allow you to do.
Also check the zap.log file for details of and API errors.
I dont know which of the params is causing that specific error but supplying None for most of them wont work.
The title is the text that will be shown as the report title, eg "My Very First Report".
The 'templates' view will list the templates so that will tell you what values you can supply for that field.
If you supply None for both contexts and sites then you're telling ZAP that you dont want anything reported so you'll get nothing.
You also need to supply something other than None for reportdir and reportfilename - otherwise ZAP wont know where to write the file.
If you dont know what to supply then the best thing to do is to not supply anything - only the title and template are mandatory, the rest should have sensible defaults.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages