vpereira / owasp_zap Goto Github PK

as described here https://groups.google.com/forum/#!topic/zaproxy-users/p1aXvO6oWu4

does we really need it? one thing that should be changed is the fork call that isnt supported as suggested here: #8

Hello,
I wanted to know if we could control the depth to crawl in spidering using owasp_zap gem in ruby or could we pass parameters while calling the spider

spider = zap.spider

Also can we limit the number of urls visted during active scan in ruby?

There is no implementation for the code called here:
https://github.com/vpereira/owasp_zap/blob/master/lib/owasp_zap.rb#L39

When I start owasp zap through this client, I noticed the flag to disable api key isn't sent.

quite often the scan status doesnt move towards 100.. it hangs on 0.

The below code

def depth
     JSON.parse(RestClient::get("#{@base}/JSON/spider/view/status/?zapapiformat=JSON"))
 end

This is to view the status of spider rather than the depth right?
Incase we want to view the set depth shouldnt we be using

JSON.parse(RestClient::get("#{@base}/JSON/spider/view/optionMaxDepth/?zapapiformat=JSON"))

it would be cool also if your gem would add support to configure the logger to go to a file, right now I see the testsuite output mixed with zapproxy messages and some exceptions

starting on version 2.4.1 api comes automatically configured.

We should support it in all write/destructive actions. For now I'm disabling it and supporting it in the zap initialization. However It's not implemented in any method.. please check https://github.com/vpereira/owasp_zap/blob/master/lib/owasp_zap.rb#L88