ZAP automation framework, how to use installed module ?

[Rop Ox41414141]

I am trying to use the automation framework to perform some access control testing.

I have it working with the classic API without any issue, now I m trying to use the automation framework, I have use the module addOns to add AccessControl but now how can I use it in the workflow ?

[Simon Bennetts]

Hiya,

Its good to hear that you have found the Access Control add-on useful - we've actually had very little feedback on it so we were not sure how much it is being used.

Right now the Access Control add-on does not have Automation Framework support.

The full list of supported jobs are on https://www.zaproxy.org/docs/automate/automation-framework/

However I have added an Access Control jonb to the AF tracker: https://github.com/zaproxy/zaproxy/issues/6461

Cheers,

Simon

[Rop Ox41414141]

I think the access control module should have the following parameters

The expected HTTP code result (ex: 200, 302) and also a regex to find a particular pattern that indicates if a specific message is displayed when reaching an unauthorised URL (for i.e. "You do not have access to this page")

That would help the efficiency of the access control module :)

[Simon Bennetts]

Thanks - I've added your suggestions to https://github.com/zaproxy/zaproxy/issues/6461#issuecomment-1073667062 so they dont get lost.