First push of new independent Python API for ZAP#1
First push of new independent Python API for ZAP#1cr0hn wants to merge 3 commits intozaproxy:mainfrom
Conversation
examples/usage_example.py
Outdated
| target = 'http://127.0.0.1' | ||
|
|
||
| # By default ZAP API client will connect to port 8080 | ||
| zap = ZAPv2(proxies={'http': '127.0.0.1:9090', 'https': '127.0.0.1:9090'}) |
There was a problem hiding this comment.
Should specify the proxy in this statement? If so, the comment and following example needs to be updated.
There was a problem hiding this comment.
It's a mistake. I'll fix it ni next PR with new example
fix: removed redundant license file
setup.py
Outdated
| required = f.read().splitlines() | ||
|
|
||
| setup( | ||
| name="python-owasp-zap-v2.4", |
There was a problem hiding this comment.
Hum, should this be renamed to python-owasp-zap-v2.5 ? As 2.5.0 is coming out soon?
There was a problem hiding this comment.
Really, IMHO, the better choice si to use a standard name and unify the version. So there's a "version" param in setup(..). Currently in Pypi are available 3 different libraries:
This is not a the correct way to send an update to Pypi. I'll change the name to:
setup(name="python-owasp-zap" ...
And only update the "version" param:
setup(... version=1.0.0 ...
For Python developers is more intuitive and easy if only one library is available, with different versions release.
When we update for a new version, not change the name name of library, only de version param, doing:
python setup.py sdist upload
Of, for the first release (if we change the name):
python setup.py sdist register upload
There was a problem hiding this comment.
If you agree, I'll send a PR with the change
There was a problem hiding this comment.
The Python library is using those names to prevent "incompatibility issues" between releases of ZAP. For example, newer versions include functionalities that will not work with older versions of ZAP, so the v2.4 (or v2.5) indicates the version of ZAP that the client implementation is targeting.
There was a problem hiding this comment.
To do that, I think a better approach with having only one library, but with a different API. This is:
For version 2.4 of ZAP
from zap import ZAP_24
c = ZAP_24()
For version 2.5 of ZAP
from zap import ZAP_25
c = ZAP_25()
And so on. This way, all ZAP versions are unified in only one library.
There was a problem hiding this comment.
The API is continually evolving, and will carry on doing so for the foreseeable future.
And we know users arent able to update to new versions of ZAP immediately, especially if any refactoring is involved.
I think we do need a plan for this, and I also like the idea of having just one library.
So a proposal would be great :)
There was a problem hiding this comment.
The idea could be:
New organization of code, refactoring the Python entry point classes (ZAP_23, ZAP_25..) but, the entry points generated automatically with Java. Doing this, maybe we can unify the two approaches.
|
Done with my comments - cant comment on the python code but looks better than the stuff I hacked together ;) |
|
Hi @psiinon! What's about pull requests? |
|
Ah, I was assuming we would need to sort out the proxying problem before the new code could be merged. Am I wrong? |
|
What's the proxying problem? I don't know if I understand what you mean :) |
|
Just going to write my thoughts about this PR. First things first, I don't even know if this works with Python3. I see that you have imported the API accessor ( |
4 participants
No description provided.