diff --git a/other/CHANGELOG.md b/other/CHANGELOG.md index c63cde0e..27e729e4 100644 --- a/other/CHANGELOG.md +++ b/other/CHANGELOG.md @@ -3,6 +3,10 @@ All notable changes to the 'other' section of this repository will be documented The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +### 2024-02-06 +- Added af-plans/FullScanBrokenCrystals.yaml +- Added af-plans/ScriptEnvVarAccess.yaml + ### 2024-01-16 - Introduced this changelog - Added af-plans/FullScanExample.yaml diff --git a/other/af-plans/FullScanBrokenCrystals.yaml b/other/af-plans/FullScanBrokenCrystals.yaml new file mode 100644 index 00000000..17169004 --- /dev/null +++ b/other/af-plans/FullScanBrokenCrystals.yaml @@ -0,0 +1,61 @@ +--- +# A simple plan that performs a full unauthenticated scan against brokencrystals.com +# It uses both of the spiders and active scanning. +# The 2 spider tests will fail as they do not find at least 100 URLs, +# but they do not fail the whole plan as they just report at INFO level. +env: + contexts: + - name: "BrokenCrystals" + urls: + - "https://brokencrystals.com/" + includePaths: [] + excludePaths: [] + parameters: + failOnError: true + failOnWarning: false + progressToStdout: true + vars: {} +jobs: +- parameters: + scanOnlyInScope: true + enableTags: false + rules: [] + name: "passiveScan-config" + type: "passiveScan-config" +- parameters: {} + name: "spider" + type: "spider" + tests: + - onFail: "INFO" + statistic: "automation.spider.urls.added" + site: "" + operator: ">=" + value: 100 + type: "stats" + name: "At least 100 URLs found" +- parameters: + maxDuration: 10 + maxCrawlDepth: 10 + name: "spiderAjax" + type: "spiderAjax" + tests: + - onFail: "INFO" + statistic: "spiderAjax.urls.added" + site: "" + operator: ">=" + value: 100 + type: "stats" + name: "At least 100 URLs found" +- parameters: {} + name: "activeScan" + type: "activeScan" +- parameters: {} + name: "passiveScan-wait" + type: "passiveScan-wait" +- parameters: + template: "modern" + reportTitle: "ZAP Scanning Report" + reportDescription: "" + name: "report" + type: "report" + diff --git a/other/af-plans/ScriptEnvVarAccess.yaml b/other/af-plans/ScriptEnvVarAccess.yaml new file mode 100644 index 00000000..309f7b2f --- /dev/null +++ b/other/af-plans/ScriptEnvVarAccess.yaml @@ -0,0 +1,23 @@ +--- +# This plan show how you can access an env var in a script. +env: + contexts: + - name: "Script EnvVar Example" + urls: + - "https://example.com/" +jobs: +- parameters: + action: "add" + type: "standalone" + engine: "ECMAScript : Graal.js" + name: "print-env-vars.js" + inline: | + print(Java.type("java.lang.System").getenv("PATH")); + name: "script" + type: "script" +- parameters: + action: "run" + type: "standalone" + name: "print-env-vars.js" + name: "script" + type: "script" \ No newline at end of file