client: limit spider scope and use own proxies

Limit to context, subtree, or target preventing any accesses outside the selected spider scope. Use own proxies when spidering instead of the main one, to limit the scope and allow later to track the requests of each action. Signed-off-by: thc202 <[email protected]>
zaproxy · Dec 30, 2024 · 8afa427 · 8afa427
1 parent bc4a00c
commit 8afa427
Show file tree

Hide file tree

Showing 12 changed files with 1,332 additions and 104 deletions.
diff --git a/addOns/client/src/main/java/org/zaproxy/addon/client/ExtensionClientIntegration.java b/addOns/client/src/main/java/org/zaproxy/addon/client/ExtensionClientIntegration.java
@@ -91,6 +91,7 @@
 import org.zaproxy.zap.extension.selenium.Browser;
 import org.zaproxy.zap.extension.selenium.ExtensionSelenium;
 import org.zaproxy.zap.extension.selenium.ProfileManager;
+import org.zaproxy.zap.model.Context;
 import org.zaproxy.zap.model.ScanEventPublisher;
 import org.zaproxy.zap.model.Target;
 import org.zaproxy.zap.users.User;
@@ -700,10 +701,14 @@ private static String abbreviateDisplayName(String displayName) {
         return StringUtils.abbreviateMiddle(displayName, "..", 30);
     }
 
-    public int startScan(String url, ClientOptions options, User user)
+    public int startScan(
+            String url, ClientOptions options, Context context, User user, boolean subtreeOnly)
             throws URIException, NullPointerException {
         return this.startScan(
-                abbreviateDisplayName(url), null, user, new Object[] {new URI(url, true), options});
+                abbreviateDisplayName(url),
+                null,
+                user,
+                new Object[] {new URI(url, true), options, context, subtreeOnly});
     }
 
     public int startScan(