What are the fields returned by the ZAP API

537 views
Skip to first unread message

Beccy Stafford

unread,
May 26, 2017, 10:25:44 AM5/26/17
to OWASP ZAP User Group
Hi there,

I'm using the ZAP API, but I'm struggling to understand some of the fields that are being returned in various responses, and I can't find any documentation on them - not sure if I'm looking in the wrong place?

For example, I am calling:
/JSON/core/view/messages/?zapapiformat=JSON&formMethod=GET&baseurl=&start=&count=


Which returns the following:

But I cannot find out what "type", "id", "rtt" or "note" are?
I've tried searching in the wiki and the repo, but nothing seems to be forthcoming :) Could someone help explain what these are, or point me to the place that explains please? :)

Thanks,
Beccy

Simon Bennetts

unread,
May 26, 2017, 10:40:24 AM5/26/17
to OWASP ZAP User Group
Hi Beccy,

Yes, I'm afraid our API docs could be better :(
However the API maps closely to the internal ZAP data structures most of which are then exposed via the Desktop UI.
The messages are shown in windows like the History tab which is described in the help: https://github.com/zaproxy/zap-core-help/wiki/HelpUiTabsHistory
So...
  • type is the type of the message, which are defined in HistoryReference.java
  • id is the request index - each request is numbered, starting at 1
  • rrt is the length of time the whole request took
  • note is a field that a user can manually add to the message
Does that help?

Simon

Beccy Stafford

unread,
May 26, 2017, 11:04:05 AM5/26/17
to OWASP ZAP User Group
Hi Simon,

Thank you so much! That is super useful :)

I had made the assumption that id was as you suggest, but I noticed that the id's were not contiguous - i.e. I would have call with ID = 1, call with ID = 2 and then call with ID = 5. Is that a known issue?

Thanks,
Beccy

Simon Bennetts

unread,
May 26, 2017, 11:09:14 AM5/26/17
to OWASP ZAP User Group

Beccy Stafford

unread,
May 26, 2017, 11:16:06 AM5/26/17
to OWASP ZAP User Group
Ah brilliant - thank you Simon.

I'm now trying something different, using the API to create an alerts filter and then add it to a context. I see that I have to fill out some parameters:
{"newLevel": "1","parameter": "","contextId": "4","ruleId": "1","url": "","urlIsRegex": "false","enabled": "true"}


Can you tell me what these parameters mean? Specifically - newLevel and ruleId?

Thanks,
Beccy

Simon Bennetts

unread,
May 26, 2017, 11:28:19 AM5/26/17
to OWASP ZAP User Group
The help for the Context Alert Filters is here: https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAlertFiltersAlertFilter
newLevel is the new level you want the alert to have, which is either:
  • -1 : False Positive
  • 0 : Info
  • 1 : Low
  • 2 : Medium
  • 3 : High

The ruleId is the id of the rule you want the filter to apply to.

The ids can be read via the API, are included in any alerts raised and also in this doc: https://github.com/zaproxy/zaproxy/blob/develop/src/doc/scanners.md


BTW I'm making a note of all of the questions people ask about the API so that we know where we need to improve our docs ;)


Cheers,


Simon

Beccy Stafford

unread,
Jun 2, 2017, 10:06:22 AM6/2/17
to OWASP ZAP User Group
Hi Simon,

I'm now looking at the alerts coming back, and I'm trying to figure out what these fields mean:
cweid
sourceid
wascid
param
pluginId

Could you point me in the right direction? I've tried looking in the help section, but I can't find anything at the moment.

Any help would be much appreciated :).

Thanks,
Beccy


kingthorin+owaspzap

unread,
Jun 2, 2017, 11:01:19 AM6/2/17
to OWASP ZAP User Group
Reply all
Reply to author
Forward
0 new messages