binarymist
commented
2 years ago PurpleTeam no longer uses the zap-api-nodejs package
Closed binarymist closed 2 years ago
binarymist
commented
2 years ago PurpleTeam no longer uses the zap-api-nodejs package
This is another you could dive into @ricekot. If and when you do, let me know and I'll dig out as much info as I have. I've done this once before. My fork is here: https://github.com/binarymist/zap-api-nodejs
purpleteam-app-scanner interfaces with Zap via the zap-api-nodejs. The app-scanner is currently pointing at a commit (https://github.com/purpleteam-labs/purpleteam-app-scanner/blob/main/package.json#L88)
Basically we need to update the HTTP library (move away from request as it's now depricated): https://github.com/binarymist/zap-api-nodejs/blob/master/package.json#L28-L29
I'd probably use got again. I moved from request to got in the CLI. Most of the changes were in the apiDecoratingAdapter.js: https://github.com/purpleteam-labs/purpleteam/commit/a705ae86a61294c2eb1e7694b4991665ba346e40
The zap-api-nodejs is all generated JavaScript, so you need to play a little with Java, not a big deal though. When you get there give me a yell. This not only affects purpleteam-labs but also Zap obviously and all of it's consumers via the Node API @psiinon would also be happy :smile:
Update: (2021-02-25) See issue in zaproxy