PSCI

1.0.11

modules/teamcityExtensions/MetaRunners/PSCI_ZapAction.xml

                                <?xml version="1.0" encoding="UTF-8"?>

<meta-runner name="PSCI: ZAP action">

  <description>Performs selected ZAP actions, generates report and stops the process</description>

  <settings>

    <parameters>

        <param name="zap.rootPath" value="%env.TC_ZAP%" spec="text description='Path to root ZAP directory' validationMode='not_empty' label='Path to ZAP' display='normal'" />

        <param name="zap.apikey" value="12345" spec="text description='ZAP API key' validationMode='any' label='API key' display='normal'" />

        <param name="zap.url" value="" spec="text description='Url for which Active Scan should be run.' validationMode='not_empty' label='Url to application' display='normal'" />

        <param name="zap.port" value="8080" spec="text description='Overrides the port used for proxying specified in the configuration file' validationMode='any' label='Port' display='normal'" />

        <param name="zap.minimalFailureThreshold" value="high" spec="text description='Can be High, Medium or Low. The test will fail when there is at least one alert of given risk (or higher).' label='Minimal failure threshold' display='normal'" />

        <param name="zap.spiderEnabled" value="%zap.spiderEnabled%" spec="text description='Put true in order to perform a spider scan.' label='Start a spider' display='normal'" />

        <param name="zap.spiderMaxChildren" value="" spec="text description='This parameter can be set to limit the number of children scanned.' validationMode='any' label='Spider max children' display='normal'" />

        <param name="zap.spiderRecurse" value="" spec="text description='This parameter can be used to prevent the spider from seeding recursively.' validationMode='any' label='Spider recurse' display='normal'" />

        <param name="zap.ajaxSpiderEnabled" value="%zap.ajaxSpiderEnabled%" spec="text description='Put true in order to  perform an ajax spider scan' label='Start an ajax spider scan' display='normal'" />

        <param name="zap.ajaxSpiderInScope" value="" spec="text description='In scope option for an ajax spider scan.' validationMode='any' label='Ajax spider in scope option' display='normal'" />

        <param name="zap.scanEnabled" value="%zap.scanEnabled%" spec="text description='Put true in order to perform an active scan' label='Start an active scan' display='normal'" />

        <param name="zap.scanRecurse" value="" spec="text description='Recurse option for an active scan.' validationMode='any' label='Active scan recurse option' display='normal'" />

        <param name="zap.scanInScopeOnly" value="" spec="text description='In scope only option for an active scan.' validationMode='any' label='Active scan in scope only option' display='normal'" />

        <param name="zap.scanPolicyName" value="" spec="text description='Scan policy name option for an active scan.' validationMode='any' label='Active scan policy name option' display='normal'" />

        <param name="zap.scanMethod" value="" spec="text description='Method option for an active scan.' validationMode='any' label='Active scan method option' display='normal'" />

        <param name="zap.scanPostData" value="" spec="text description='Post data option for an active scan.' validationMode='any' label='Active scan post data option' display='normal'" />

        <param name="zap.enabled" value="true" spec="text description='Put false if this whole step should not run.' validationMode='any' label='Enabled' display='normal'" />

    </parameters>

    <build-runners>

      <runner name="ZAP action" type="jetbrains_powershell">

        <parameters>

          <param name="jetbrains_powershell_bitness" value="x86" />

          <param name="jetbrains_powershell_execution" value="PS1" />

          <param name="jetbrains_powershell_minVersion" value="4.0" />

          <param name="jetbrains_powershell_script_code">

              <![CDATA[if ('%zap.enabled%' -and '%zap.enabled%' -ine 'true') {

  Write-Host "zap.enabled is set to %zap.enabled% - skipping."

  exit 0

} 

. c:\PSCI\Boot\PSCI.boot.ps1

$ErrorActionPreference = "Stop"

try {  

    if ('%zap.spiderEnabled%' -eq 'true') {

        Start-ZapSpider -Url '%zap.url%' -ApiKey '%zap.apikey%' -Port %zap.port% -MaxChildren '%zap.spiderMaxChildren%' -Recurse '%zap.spiderRecurse%'

    }

    if ('%zap.ajaxSpiderEnabled%' -eq 'true') {

        Start-ZapAjaxSpider -Url '%zap.url%' -ApiKey '%zap.apikey%' -Port %zap.port% -InScope '%zap.ajaxSpiderInScope%'

    }

    if ('%zap.scanEnabled%' -eq 'true') {

        Start-ZapAScan -Url '%zap.url%' -ApiKey '%zap.apikey%' -Port %zap.port% -Recurse '%zap.scanRecurse%' -InScopeOnly '%zap.scanInScopeOnly%' `

                       -ScanPolicyName '%zap.scanPolicyName%' -Method '%zap.scanMethod%' -PostData '%zap.scanPostData%' 

    }    

    New-ZapReport -ApiKey '%zap.apikey%' -ReportFilePath 'ZAP\zap.html' -Port %zap.port% -MinimalFailureThreshold '%zap.minimalFailureThreshold%'

    Write-Host "##teamcity[publishArtifacts 'ZAP\zap.html => ZAP']" 

} catch {

    Write-ErrorRecord

} finally {

    Close-Zap -ApiKey '%zap.apikey%' -PidFilePath 'zappid.txt' -Port %zap.port%

}

]]></param>

          <param name="jetbrains_powershell_script_mode" value="CODE" />

          <param name="teamcity.step.mode" value="default" />

        </parameters>

      </runner>

    </build-runners>

    <requirements />

  </settings>

</meta-runner>