zaproxy · kingthorin · Jan 23, 2025 · Jan 20, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,7 +3,22 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 
-## [Unreleased]
+## [2.0.0-rc.6] - 2025-01-20
+### Added
+- Add the API of the following add-on:
+  - OAST Support
+
+### Changed
+- Update core APIs for 2.16.
+- Update the APIs of the following add-ons:
+  - AJAX Spider
+  - Import/Export
+  - OpenAPI Support
+  - Passive Scanner
+  - Replacer
+  - Script Console
+  - Selenium
+  - Spider
 
 ## [2.0.0-rc.5] - 2024-04-10
 ### Changed
@@ -104,7 +119,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 ## 0.3.0 - 2017-12-04
 
 
-[Unreleased]: https://github.com/zaproxy/zap-api-nodejs/compare/v2.0.0-rc.5...HEAD
+[2.0.0-rc.6]: https://github.com/zaproxy/zap-api-nodejs/compare/v2.0.0-rc.5...v2.0.0-rc.6
 [2.0.0-rc.5]: https://github.com/zaproxy/zap-api-nodejs/compare/v2.0.0-rc.4...v2.0.0-rc.5
 [2.0.0-rc.4]: https://github.com/zaproxy/zap-api-nodejs/compare/v2.0.0-rc.3...v2.0.0-rc.4
 [2.0.0-rc.3]: https://github.com/zaproxy/zap-api-nodejs/compare/v2.0.0-rc.2...v2.0.0-rc.3

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "zaproxy",
   "description": "ZAP API Client for Node.js",
-  "version": "2.0.0-rc.5",
+  "version": "2.0.0-rc.6",
   "homepage": "https://github.com/zaproxy/zap-api-nodejs",
   "author": {
     "name": "Najam Ul Saqib",

diff --git a/src/ajaxSpider.js b/src/ajaxSpider.js
@@ -156,6 +156,13 @@ AjaxSpider.prototype.optionClickElemsOnce = function () {
   return this.api.request('/ajaxSpider/view/optionClickElemsOnce/')
 }
 
+/**
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+AjaxSpider.prototype.optionEnableExtensions = function () {
+  return this.api.request('/ajaxSpider/view/optionEnableExtensions/')
+}
+
 /**
  * Gets if the AJAX Spider will use random values in form fields when crawling, if set to true.
  * This component is optional and therefore the API will only work if it is installed
@@ -354,6 +361,13 @@ AjaxSpider.prototype.setOptionClickElemsOnce = function (args) {
   return this.api.request('/ajaxSpider/action/setOptionClickElemsOnce/', { Boolean: args.bool })
 }
 
+/**
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+AjaxSpider.prototype.setOptionEnableExtensions = function (args) {
+  return this.api.request('/ajaxSpider/action/setOptionEnableExtensions/', { Boolean: args.bool })
+}
+
 /**
  * Sets the time to wait after an event (in milliseconds). For example: the wait delay after the cursor hovers over an element, in order for a menu to display, etc.
  * This component is optional and therefore the API will only work if it is installed

diff --git a/src/exim.js b/src/exim.js
@@ -62,6 +62,24 @@ Exim.prototype.importModsec2Logs = function (args) {
   return this.api.request('/exim/action/importModsec2Logs/', { filePath: args.filepath })
 }
 
+/**
+ * Exports the Sites Tree in the Sites Tree YAML format.
+ * This component is optional and therefore the API will only work if it is installed
+ * @param {string} filepath
+ **/
+Exim.prototype.exportSitesTree = function (args) {
+  return this.api.request('/exim/action/exportSitesTree/', { filePath: args.filepath })
+}
+
+/**
+ * Prunes the Sites Tree based on a file in the Sites Tree YAML format.
+ * This component is optional and therefore the API will only work if it is installed
+ * @param {string} filepath
+ **/
+Exim.prototype.pruneSitesTree = function (args) {
+  return this.api.request('/exim/action/pruneSitesTree/', { filePath: args.filepath })
+}
+
 /**
  * Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
  * This component is optional and therefore the API will only work if it is installed

diff --git a/src/index.js b/src/index.js
@@ -36,6 +36,7 @@ const ForcedUser = require('./forcedUser')
 const Graphql = require('./graphql')
 const HttpSessions = require('./httpSessions')
 const Network = require('./network')
+const Oast = require('./oast')
 const Openapi = require('./openapi')
 const Params = require('./params')
 const Pnh = require('./pnh')
@@ -87,6 +88,7 @@ function ClientApi (options) {
   this.graphql = new Graphql(this)
   this.httpSessions = new HttpSessions(this)
   this.network = new Network(this)
+  this.oast = new Oast(this)
   this.openapi = new Openapi(this)
   this.params = new Params(this)
   this.pnh = new Pnh(this)

diff --git a/src/oast.js b/src/oast.js
@@ -0,0 +1,127 @@
+/* Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2025 the ZAP development team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+'use strict'
+
+/**
+ * This file was automatically generated.
+ */
+function Oast (clientApi) {
+  this.api = clientApi
+}
+
+/**
+ * Gets the service used with the active scanner, if any.
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+Oast.prototype.getActiveScanService = function () {
+  return this.api.request('/oast/view/getActiveScanService/')
+}
+
+/**
+ * Gets all of the services.
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+Oast.prototype.getServices = function () {
+  return this.api.request('/oast/view/getServices/')
+}
+
+/**
+ * Gets the BOAST options.
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+Oast.prototype.getBoastOptions = function () {
+  return this.api.request('/oast/view/getBoastOptions/')
+}
+
+/**
+ * Gets the Callback options.
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+Oast.prototype.getCallbackOptions = function () {
+  return this.api.request('/oast/view/getCallbackOptions/')
+}
+
+/**
+ * Gets the Interactsh options.
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+Oast.prototype.getInteractshOptions = function () {
+  return this.api.request('/oast/view/getInteractshOptions/')
+}
+
+/**
+ * Gets the number of days the OAST records will be kept for.
+ * This component is optional and therefore the API will only work if it is installed
+ **/
+Oast.prototype.getDaysToKeepRecords = function () {
+  return this.api.request('/oast/view/getDaysToKeepRecords/')
+}
+
+/**
+ * Sets the service used with the active scanner.
+ * This component is optional and therefore the API will only work if it is installed
+ * @param {string} name - The name of the service.
+ **/
+Oast.prototype.setActiveScanService = function (args) {
+  return this.api.request('/oast/action/setActiveScanService/', { name: args.name })
+}
+
+/**
+ * Sets the BOAST options.
+ * This component is optional and therefore the API will only work if it is installed
+ * @param {string} server - The server URL.
+ * @param {string} pollinsecs - The polling frequency.
+ **/
+Oast.prototype.setBoastOptions = function (args) {
+  return this.api.request('/oast/action/setBoastOptions/', { server: args.server, pollInSecs: args.pollinsecs })
+}
+
+/**
+ * Sets the Callback options.
+ * This component is optional and therefore the API will only work if it is installed
+ * @param {string} localaddress - The local address
+ * @param {string} remoteaddress - The remote address.
+ * @param {string} port - The port to listen on.
+ **/
+Oast.prototype.setCallbackOptions = function (args) {
+  return this.api.request('/oast/action/setCallbackOptions/', { localAddress: args.localaddress, remoteAddress: args.remoteaddress, port: args.port })
+}
+
+/**
+ * Sets the Interactsh options.
+ * This component is optional and therefore the API will only work if it is installed
+ * @param {string} server - The server URL.
+ * @param {string} pollinsecs - The polling frequency.
+ * @param {string} authtoken - The Interactsh authentication token.
+ **/
+Oast.prototype.setInteractshOptions = function (args) {
+  return this.api.request('/oast/action/setInteractshOptions/', { server: args.server, pollInSecs: args.pollinsecs, authToken: args.authtoken })
+}
+
+/**
+ * Sets the number of days the OAST records will be kept for.
+ * This component is optional and therefore the API will only work if it is installed
+ * @param {string} days - The number of days.
+ **/
+Oast.prototype.setDaysToKeepRecords = function (args) {
+  return this.api.request('/oast/action/setDaysToKeepRecords/', { days: args.days })
+}
+
+module.exports = Oast
diff --git a/src/openapi.js b/src/openapi.js
@@ -31,7 +31,8 @@ function Openapi (clientApi) {
  * This component is optional and therefore the API will only work if it is installed
  * @param {string} file - The file that contains the OpenAPI definition.
  * @param {string} target - The Target URL to override the server URL present in the definition.
- * @param {string} contextid
+ * @param {string} contextid - The ID of the context. Defaults to the first context, if any.
+ * @param {string} userid - The ID of the user.
  **/
 Openapi.prototype.importFile = function (args) {
   const params = { file: args.file }
@@ -41,6 +42,9 @@ Openapi.prototype.importFile = function (args) {
   if (args.contextid && args.contextid !== null) {
     params.contextId = args.contextid
   }
+  if (args.userid && args.userid !== null) {
+    params.userId = args.userid
+  }
   return this.api.request('/openapi/action/importFile/', params)
 }
 
@@ -49,7 +53,8 @@ Openapi.prototype.importFile = function (args) {
  * This component is optional and therefore the API will only work if it is installed
  * @param {string} url - The URL locating the OpenAPI definition.
  * @param {string} hostoverride - The Target URL (called hostOverride for historical reasons) to override the server URL present in the definition.
- * @param {string} contextid
+ * @param {string} contextid - The ID of the context. Defaults to the first context, if any.
+ * @param {string} userid - The ID of the user.
  **/
 Openapi.prototype.importUrl = function (args) {
   const params = { url: args.url }
@@ -59,6 +64,9 @@ Openapi.prototype.importUrl = function (args) {
   if (args.contextid && args.contextid !== null) {
     params.contextId = args.contextid
   }
+  if (args.userid && args.userid !== null) {
+    params.userId = args.userid
+  }
   return this.api.request('/openapi/action/importUrl/', params)
 }