Zap API: endpoints unavailable

Question

I am running Zap version 2.10.0 and was hoping to gain more control of logins with users.authenticate_as_user, link

It is, however, unavailable as when I list attributes of a users object in python I only get (besides dunder methods):

'get_authentication_credentials', 'get_authentication_credentials_config_params', 'get_user_by_id', 'new_user', 'remove_user',
'set_authentication_credentials', 'set_user_enabled', 'set_user_name', 'users_list', 'zap'.

Appreciate any help.

Which version of the ZAP python API do you have installed? The latest version is 0.0.18: https://pypi.org/project/python-owasp-zap-v2.4/ — Simon Bennetts, Feb 16 '21 at 09:29
@Simon Bennetts Using a docker image: FROM owasp/zap2docker-stable:2.10.0. When I run pip install python-owasp-zap-v2.4 I get: Requirement already satisfied. — postoronnim, Feb 16 '21 at 14:23

kingthorin · Accepted Answer · 2021-02-19T02:38:06.470

I think you're making assumptions about how the API and API client work that are wrong.

Your best bet is to look at the examples and extensive documentation here: https://www.zaproxy.org/docs/api/

Also while I can understand the urge to jump right in and automate things, you'll have a much easier time if you get it working in the desktop UI first. Then automate it.

If you're only seeing the methods you listed then it seems you have v0.17 of the python API package (or well at least not the latest 0.0.18 version that corresponds with Zap 2.10) .

user@host:~$ pip install -Iv python-owasp-zap-v2.4==0.0.17 --quiet
user@host:~$ pip show python-owasp-zap-v2.4|grep Version && python3 ./test.py
Version: 0.0.17
['get_authentication_credentials', 'get_authentication_credentials_config_params', 
'get_user_by_id', 'new_user', 'remove_user', 
'set_authentication_credentials', 'set_user_enabled', 'set_user_name', 'users_list', 'zap']
user@host:~$ pip uninstall python-owasp-zap-v2.4
...
user@host:~$ pip install python-owasp-zap-v2.4 --quiet
user@host:~$ pip show python-owasp-zap-v2.4|grep Version && python3 ./test.py
Version: 0.0.18
['authenticate_as_user', 'get_authentication_credentials', 
'get_authentication_credentials_config_params', 'get_authentication_session', 
'get_authentication_state', 'get_user_by_id', 'new_user', 'poll_as_user', 
'remove_user', 'set_authentication_credentials', 'set_authentication_state', 'set_cookie', 
'set_user_enabled', 'set_user_name', 'users_list', 'zap']

So while you stated When I run pip install python-owasp-zap-v2.4 I get: Requirement already satisfied. That simply means the package is installed, not necessarily latest because you didn't ask pip to upgrade it.

https://pip.pypa.io/en/stable/reference/pip_install/

Note that pip install prefers to leave the installed version as-is unless --upgrade is specified.

Expecting the code to do what the documentation says is expecting too much? — postoronnim, Feb 18 '21 at 22:01
Yes the code is commented as you've outlined, unfortunately it seem the package you're using is older than the code you linked. Code comments/docs should not necessarily be treated as user/usage docs. — kingthorin, Feb 19 '21 at 02:34

Zap API: endpoints unavailable

1 Answers1