Merge branch 'v0.2.0'

Grunny · Feb 21, 2016 · 0d64376 · 0d64376
2 parents 22e6145 + 84b231a
commit 0d64376
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 3 deletions.
diff --git a/HISTORY.rst b/HISTORY.rst
@@ -1,6 +1,15 @@
 Release History
 ===============
 
+v0.2.0 (2016-02-21)
+-------------------
+* Add support for running AJAX Spider both on its own and as part of a
+  quick scan.
+* Add documentation to clarify the difference between active-scan and
+  quick-scan, and add a few more examples of how they can work.
+* Better active-scan error handling when a URL is not found in the site tree.
+* Upgrade python-owasp-zap-v2.4 dependency to 0.0.7
+
 v0.1.1 (2015-10-14)
 -------------------
 * Upgrade python-owasp-zap-v2.4 dependency to 0.0.5

diff --git a/README.rst b/README.rst
@@ -7,6 +7,12 @@ executing quick, targeted attacks.
 Installation
 ============
 
+To install the latest release from PyPI, you can run the following command:
+
+::
+
+    pip install --upgrade zapcli
+
 To install the latest development version of ZAP CLI, you can run the
 following:
 
@@ -34,7 +40,7 @@ ZAP CLI can then be used with the following commands:
 
     Usage: zap-cli [OPTIONS] COMMAND [ARGS]...
 
-      ZAP CLI.
+      ZAP CLI - A simple commandline tool for OWASP ZAP.
 
     Options:
       --boring            Remove color from console output.
@@ -51,6 +57,7 @@ ZAP CLI can then be used with the following commands:
 
     Commands:
       active-scan  Run an Active Scan.
+      ajax-spider  Run the AJAX Spider against a URL.
       alerts       Show alerts at the given alert level.
       exclude      Exclude a pattern from all scanners.
       open-url     Open a URL using the ZAP proxy.

diff --git a/setup.py b/setup.py
@@ -34,7 +34,7 @@
     ],
     install_requires=[
         'click==4.0',
-        'python-owasp-zap-v2.4==0.0.5',
+        'python-owasp-zap-v2.4==0.0.7',
         'tabulate==0.7.5',
         'termcolor==1.1.0',
     ],

diff --git a/tests/zap_helper_test.py b/tests/zap_helper_test.py
@@ -228,6 +228,15 @@ def test_run_active_scan_error(self):
         with self.assertRaises(ZAPError):
             self.zap_helper.run_active_scan('http://localhost')
 
+    def test_run_active_scan_url_not_found(self):
+        """Test running an active scan when the URL is not in the site tree."""
+        class_mock = MagicMock()
+        class_mock.scan.return_value = 'URL Not Found in the Scan Tree'
+        self.zap_helper.zap.ascan = class_mock
+
+        with self.assertRaises(ZAPError):
+            self.zap_helper.run_active_scan('http://localhost')
+
     def test_run_ajax_spider(self):
         """Test running the AJAX Spider."""
         def status_result():

diff --git a/zapcli/__init__.py b/zapcli/__init__.py
@@ -4,4 +4,4 @@
 .. moduleauthor:: Daniel Grunwell (grunny)
 """
 
-__version__ = '0.1.1'
+__version__ = '0.2.0'
diff --git a/zapcli/zap_helper.py b/zapcli/zap_helper.py
@@ -142,6 +142,12 @@ def run_active_scan(self, target_url, recursive=False, status_check_sleep=10):
 
         if not scan_id:
             raise ZAPError('Error running active scan.')
+        elif not scan_id.isdigit():
+            raise ZAPError(('Error running active scan: "{0}". Make sure the URL is in the site ' +
+                            'tree by using the open-url or scanner commands before running an active ' +
+                            'scan.').format(scan_id))
+
+        self.logger.debug('Started scan with ID {0}...'.format(scan_id))
 
         while int(self.zap.ascan.status()) < 100:
             self.logger.debug('Scan progress %: {0}'.format(self.zap.ascan.status()))