From 2365f45be6e11d50824fc3e9e213155ff6ecb9fb Mon Sep 17 00:00:00 2001
From: zapbot <12745184+zapbot@users.noreply.github.com>
Date: Mon, 13 Jan 2025 06:43:23 +0000
Subject: [PATCH] Update localized resources
Update resources from Crowdin.
Signed-off-by: zapbot <12745184+zapbot@users.noreply.github.com>
---
.../help_ar_SA/contents/ascanrules.html | 8 +-
.../help_az_AZ/contents/ascanrules.html | 8 +-
.../help_bs_BA/contents/ascanrules.html | 8 +-
.../help_da_DK/contents/ascanrules.html | 8 +-
.../help_de_DE/contents/ascanrules.html | 8 +-
.../help_el_GR/contents/ascanrules.html | 8 +-
.../help_es_ES/contents/ascanrules.html | 8 +-
.../help_fa_IR/contents/ascanrules.html | 8 +-
.../help_fil_PH/contents/ascanrules.html | 8 +-
.../help_fr_FR/contents/ascanrules.html | 8 +-
.../help_hi_IN/contents/ascanrules.html | 8 +-
.../help_hu_HU/contents/ascanrules.html | 8 +-
.../help_id_ID/contents/ascanrules.html | 8 +-
.../help_it_IT/contents/ascanrules.html | 8 +-
.../help_ja_JP/contents/ascanrules.html | 8 +-
.../help_ms_MY/contents/ascanrules.html | 8 +-
.../help_pl_PL/contents/ascanrules.html | 8 +-
.../help_pt_BR/contents/ascanrules.html | 8 +-
.../help_ro_RO/contents/ascanrules.html | 8 +-
.../help_ru_RU/contents/ascanrules.html | 8 +-
.../help_sr_CS/contents/ascanrules.html | 8 +-
.../help_tr_TR/contents/ascanrules.html | 8 +-
.../help_ur_PK/contents/ascanrules.html | 8 +-
.../help_zh_CN/contents/ascanrules.html | 12 ++-
.../resources/Messages_ar_SA.properties | 2 +-
.../resources/Messages_az_AZ.properties | 2 +-
.../resources/Messages_bn_BD.properties | 2 +-
.../resources/Messages_bs_BA.properties | 2 +-
.../resources/Messages_ceb_PH.properties | 2 +-
.../resources/Messages_da_DK.properties | 2 +-
.../resources/Messages_de_DE.properties | 2 +-
.../resources/Messages_el_GR.properties | 2 +-
.../resources/Messages_es_ES.properties | 2 +-
.../resources/Messages_fa_IR.properties | 2 +-
.../resources/Messages_fil_PH.properties | 2 +-
.../resources/Messages_fr_FR.properties | 2 +-
.../resources/Messages_ha_HG.properties | 2 +-
.../resources/Messages_he_IL.properties | 2 +-
.../resources/Messages_hi_IN.properties | 2 +-
.../resources/Messages_hr_HR.properties | 2 +-
.../resources/Messages_hu_HU.properties | 2 +-
.../resources/Messages_id_ID.properties | 2 +-
.../resources/Messages_it_IT.properties | 2 +-
.../resources/Messages_ja_JP.properties | 2 +-
.../resources/Messages_ko_KR.properties | 2 +-
.../resources/Messages_mk_MK.properties | 2 +-
.../resources/Messages_ms_MY.properties | 2 +-
.../resources/Messages_nb_NO.properties | 2 +-
.../resources/Messages_nl_NL.properties | 2 +-
.../resources/Messages_pcm_NG.properties | 2 +-
.../resources/Messages_pl_PL.properties | 2 +-
.../resources/Messages_pt_BR.properties | 2 +-
.../resources/Messages_pt_PT.properties | 2 +-
.../resources/Messages_ro_RO.properties | 2 +-
.../resources/Messages_ru_RU.properties | 2 +-
.../resources/Messages_si_LK.properties | 2 +-
.../resources/Messages_sk_SK.properties | 2 +-
.../resources/Messages_sl_SI.properties | 2 +-
.../resources/Messages_sq_AL.properties | 2 +-
.../resources/Messages_sr_CS.properties | 2 +-
.../resources/Messages_sr_SP.properties | 2 +-
.../resources/Messages_tr_TR.properties | 2 +-
.../resources/Messages_uk_UA.properties | 2 +-
.../resources/Messages_ur_PK.properties | 2 +-
.../resources/Messages_vi_VN.properties | 2 +-
.../resources/Messages_yo_NG.properties | 2 +-
.../resources/Messages_zh_CN.properties | 2 +-
.../resources/Messages_zh_TW.properties | 2 +-
.../resources/Messages_ar_SA.properties | 3 +
.../resources/Messages_az_AZ.properties | 3 +
.../resources/Messages_bn_BD.properties | 3 +
.../resources/Messages_bs_BA.properties | 3 +
.../resources/Messages_ceb_PH.properties | 3 +
.../resources/Messages_da_DK.properties | 3 +
.../resources/Messages_de_DE.properties | 3 +
.../resources/Messages_el_GR.properties | 3 +
.../resources/Messages_es_ES.properties | 3 +
.../resources/Messages_fa_IR.properties | 3 +
.../resources/Messages_fil_PH.properties | 3 +
.../resources/Messages_fr_FR.properties | 3 +
.../resources/Messages_ha_HG.properties | 3 +
.../resources/Messages_he_IL.properties | 3 +
.../resources/Messages_hi_IN.properties | 3 +
.../resources/Messages_hr_HR.properties | 3 +
.../resources/Messages_hu_HU.properties | 3 +
.../resources/Messages_id_ID.properties | 3 +
.../resources/Messages_it_IT.properties | 3 +
.../resources/Messages_ja_JP.properties | 3 +
.../resources/Messages_ko_KR.properties | 3 +
.../resources/Messages_mk_MK.properties | 3 +
.../resources/Messages_ms_MY.properties | 3 +
.../resources/Messages_nb_NO.properties | 3 +
.../resources/Messages_nl_NL.properties | 3 +
.../resources/Messages_pcm_NG.properties | 3 +
.../resources/Messages_pl_PL.properties | 3 +
.../resources/Messages_pt_BR.properties | 3 +
.../resources/Messages_pt_PT.properties | 3 +
.../resources/Messages_ro_RO.properties | 3 +
.../resources/Messages_ru_RU.properties | 3 +
.../resources/Messages_si_LK.properties | 3 +
.../resources/Messages_sk_SK.properties | 3 +
.../resources/Messages_sl_SI.properties | 3 +
.../resources/Messages_sq_AL.properties | 3 +
.../resources/Messages_sr_CS.properties | 3 +
.../resources/Messages_sr_SP.properties | 3 +
.../resources/Messages_tr_TR.properties | 3 +
.../resources/Messages_uk_UA.properties | 3 +
.../resources/Messages_ur_PK.properties | 3 +
.../resources/Messages_vi_VN.properties | 3 +
.../resources/Messages_yo_NG.properties | 3 +
.../resources/Messages_zh_CN.properties | 3 +
.../resources/Messages_zh_TW.properties | 3 +
.../help_ar_SA/contents/automation.html | 40 +++++++---
.../help_ar_SA/contents/job-ascan.html | 8 +-
.../help_ar_SA/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_ar_SA/contents/job-ascanpolicy.html | 32 ++++++++
.../help_ar_SA/contents/job-exitstatus.html | 37 +++++++++
.../help_ar_SA/contents/job-requestor.html | 3 +-
.../automation/resources/help_ar_SA/index.xml | 5 ++
.../automation/resources/help_ar_SA/toc.xml | 5 ++
.../help_az_AZ/contents/automation.html | 40 +++++++---
.../help_az_AZ/contents/job-ascan.html | 8 +-
.../help_az_AZ/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_az_AZ/contents/job-ascanpolicy.html | 32 ++++++++
.../help_az_AZ/contents/job-exitstatus.html | 37 +++++++++
.../help_az_AZ/contents/job-requestor.html | 3 +-
.../automation/resources/help_az_AZ/index.xml | 5 ++
.../automation/resources/help_az_AZ/toc.xml | 5 ++
.../help_bs_BA/contents/automation.html | 40 +++++++---
.../help_bs_BA/contents/job-ascan.html | 8 +-
.../help_bs_BA/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_bs_BA/contents/job-ascanpolicy.html | 32 ++++++++
.../help_bs_BA/contents/job-exitstatus.html | 37 +++++++++
.../help_bs_BA/contents/job-requestor.html | 3 +-
.../automation/resources/help_bs_BA/index.xml | 5 ++
.../automation/resources/help_bs_BA/toc.xml | 5 ++
.../help_da_DK/contents/automation.html | 40 +++++++---
.../help_da_DK/contents/job-ascan.html | 8 +-
.../help_da_DK/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_da_DK/contents/job-ascanpolicy.html | 32 ++++++++
.../help_da_DK/contents/job-exitstatus.html | 37 +++++++++
.../help_da_DK/contents/job-requestor.html | 3 +-
.../automation/resources/help_da_DK/index.xml | 5 ++
.../automation/resources/help_da_DK/toc.xml | 5 ++
.../help_de_DE/contents/automation.html | 40 +++++++---
.../help_de_DE/contents/job-ascan.html | 8 +-
.../help_de_DE/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_de_DE/contents/job-ascanpolicy.html | 32 ++++++++
.../help_de_DE/contents/job-exitstatus.html | 37 +++++++++
.../help_de_DE/contents/job-requestor.html | 3 +-
.../automation/resources/help_de_DE/index.xml | 5 ++
.../automation/resources/help_de_DE/toc.xml | 5 ++
.../help_el_GR/contents/automation.html | 40 +++++++---
.../help_el_GR/contents/job-ascan.html | 8 +-
.../help_el_GR/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_el_GR/contents/job-ascanpolicy.html | 32 ++++++++
.../help_el_GR/contents/job-exitstatus.html | 37 +++++++++
.../help_el_GR/contents/job-requestor.html | 3 +-
.../automation/resources/help_el_GR/index.xml | 5 ++
.../automation/resources/help_el_GR/toc.xml | 5 ++
.../help_es_ES/contents/automation.html | 40 +++++++---
.../help_es_ES/contents/job-ascan.html | 8 +-
.../help_es_ES/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_es_ES/contents/job-ascanpolicy.html | 32 ++++++++
.../help_es_ES/contents/job-exitstatus.html | 37 +++++++++
.../help_es_ES/contents/job-requestor.html | 3 +-
.../automation/resources/help_es_ES/index.xml | 5 ++
.../automation/resources/help_es_ES/toc.xml | 5 ++
.../help_fa_IR/contents/automation.html | 40 +++++++---
.../help_fa_IR/contents/job-ascan.html | 8 +-
.../help_fa_IR/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_fa_IR/contents/job-ascanpolicy.html | 32 ++++++++
.../help_fa_IR/contents/job-exitstatus.html | 37 +++++++++
.../help_fa_IR/contents/job-requestor.html | 3 +-
.../automation/resources/help_fa_IR/index.xml | 5 ++
.../automation/resources/help_fa_IR/toc.xml | 5 ++
.../help_fil_PH/contents/automation.html | 40 +++++++---
.../help_fil_PH/contents/job-ascan.html | 8 +-
.../help_fil_PH/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_fil_PH/contents/job-ascanpolicy.html | 32 ++++++++
.../help_fil_PH/contents/job-exitstatus.html | 37 +++++++++
.../help_fil_PH/contents/job-requestor.html | 3 +-
.../resources/help_fil_PH/index.xml | 5 ++
.../automation/resources/help_fil_PH/toc.xml | 5 ++
.../help_fr_FR/contents/automation.html | 40 +++++++---
.../help_fr_FR/contents/job-ascan.html | 8 +-
.../help_fr_FR/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_fr_FR/contents/job-ascanpolicy.html | 32 ++++++++
.../help_fr_FR/contents/job-exitstatus.html | 37 +++++++++
.../help_fr_FR/contents/job-requestor.html | 3 +-
.../automation/resources/help_fr_FR/index.xml | 5 ++
.../automation/resources/help_fr_FR/toc.xml | 5 ++
.../help_hi_IN/contents/automation.html | 40 +++++++---
.../help_hi_IN/contents/job-ascan.html | 8 +-
.../help_hi_IN/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_hi_IN/contents/job-ascanpolicy.html | 32 ++++++++
.../help_hi_IN/contents/job-exitstatus.html | 37 +++++++++
.../help_hi_IN/contents/job-requestor.html | 3 +-
.../automation/resources/help_hi_IN/index.xml | 5 ++
.../automation/resources/help_hi_IN/toc.xml | 5 ++
.../help_hu_HU/contents/automation.html | 40 +++++++---
.../help_hu_HU/contents/job-ascan.html | 8 +-
.../help_hu_HU/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_hu_HU/contents/job-ascanpolicy.html | 32 ++++++++
.../help_hu_HU/contents/job-exitstatus.html | 37 +++++++++
.../help_hu_HU/contents/job-requestor.html | 3 +-
.../automation/resources/help_hu_HU/index.xml | 5 ++
.../automation/resources/help_hu_HU/toc.xml | 5 ++
.../help_id_ID/contents/automation.html | 40 +++++++---
.../help_id_ID/contents/job-ascan.html | 8 +-
.../help_id_ID/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_id_ID/contents/job-ascanpolicy.html | 32 ++++++++
.../help_id_ID/contents/job-exitstatus.html | 37 +++++++++
.../help_id_ID/contents/job-requestor.html | 3 +-
.../automation/resources/help_id_ID/index.xml | 5 ++
.../automation/resources/help_id_ID/toc.xml | 5 ++
.../help_it_IT/contents/automation.html | 40 +++++++---
.../help_it_IT/contents/job-ascan.html | 8 +-
.../help_it_IT/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_it_IT/contents/job-ascanpolicy.html | 32 ++++++++
.../help_it_IT/contents/job-exitstatus.html | 37 +++++++++
.../help_it_IT/contents/job-requestor.html | 3 +-
.../automation/resources/help_it_IT/index.xml | 5 ++
.../automation/resources/help_it_IT/toc.xml | 5 ++
.../help_ja_JP/contents/automation.html | 40 +++++++---
.../help_ja_JP/contents/job-ascan.html | 8 +-
.../help_ja_JP/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_ja_JP/contents/job-ascanpolicy.html | 32 ++++++++
.../help_ja_JP/contents/job-exitstatus.html | 37 +++++++++
.../help_ja_JP/contents/job-requestor.html | 3 +-
.../automation/resources/help_ja_JP/index.xml | 5 ++
.../automation/resources/help_ja_JP/toc.xml | 5 ++
.../help_ms_MY/contents/automation.html | 40 +++++++---
.../help_ms_MY/contents/job-ascan.html | 8 +-
.../help_ms_MY/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_ms_MY/contents/job-ascanpolicy.html | 32 ++++++++
.../help_ms_MY/contents/job-exitstatus.html | 37 +++++++++
.../help_ms_MY/contents/job-requestor.html | 3 +-
.../automation/resources/help_ms_MY/index.xml | 5 ++
.../automation/resources/help_ms_MY/toc.xml | 5 ++
.../help_pl_PL/contents/automation.html | 40 +++++++---
.../help_pl_PL/contents/job-ascan.html | 8 +-
.../help_pl_PL/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_pl_PL/contents/job-ascanpolicy.html | 32 ++++++++
.../help_pl_PL/contents/job-exitstatus.html | 37 +++++++++
.../help_pl_PL/contents/job-requestor.html | 3 +-
.../automation/resources/help_pl_PL/index.xml | 5 ++
.../automation/resources/help_pl_PL/toc.xml | 5 ++
.../help_pt_BR/contents/automation.html | 40 +++++++---
.../help_pt_BR/contents/job-ascan.html | 8 +-
.../help_pt_BR/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_pt_BR/contents/job-ascanpolicy.html | 32 ++++++++
.../help_pt_BR/contents/job-exitstatus.html | 37 +++++++++
.../help_pt_BR/contents/job-requestor.html | 3 +-
.../automation/resources/help_pt_BR/index.xml | 5 ++
.../automation/resources/help_pt_BR/toc.xml | 5 ++
.../help_ro_RO/contents/automation.html | 40 +++++++---
.../help_ro_RO/contents/job-ascan.html | 8 +-
.../help_ro_RO/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_ro_RO/contents/job-ascanpolicy.html | 32 ++++++++
.../help_ro_RO/contents/job-exitstatus.html | 37 +++++++++
.../help_ro_RO/contents/job-requestor.html | 3 +-
.../automation/resources/help_ro_RO/index.xml | 5 ++
.../automation/resources/help_ro_RO/toc.xml | 5 ++
.../help_ru_RU/contents/automation.html | 42 +++++++---
.../help_ru_RU/contents/job-ascan.html | 8 +-
.../help_ru_RU/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_ru_RU/contents/job-ascanpolicy.html | 32 ++++++++
.../help_ru_RU/contents/job-exitstatus.html | 37 +++++++++
.../help_ru_RU/contents/job-requestor.html | 3 +-
.../automation/resources/help_ru_RU/index.xml | 5 ++
.../automation/resources/help_ru_RU/toc.xml | 5 ++
.../help_sr_CS/contents/automation.html | 40 +++++++---
.../help_sr_CS/contents/job-ascan.html | 8 +-
.../help_sr_CS/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_sr_CS/contents/job-ascanpolicy.html | 32 ++++++++
.../help_sr_CS/contents/job-exitstatus.html | 37 +++++++++
.../help_sr_CS/contents/job-requestor.html | 3 +-
.../automation/resources/help_sr_CS/index.xml | 5 ++
.../automation/resources/help_sr_CS/toc.xml | 5 ++
.../help_tr_TR/contents/automation.html | 40 +++++++---
.../help_tr_TR/contents/job-ascan.html | 8 +-
.../help_tr_TR/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_tr_TR/contents/job-ascanpolicy.html | 32 ++++++++
.../help_tr_TR/contents/job-exitstatus.html | 37 +++++++++
.../help_tr_TR/contents/job-requestor.html | 3 +-
.../automation/resources/help_tr_TR/index.xml | 5 ++
.../automation/resources/help_tr_TR/toc.xml | 5 ++
.../help_ur_PK/contents/automation.html | 40 +++++++---
.../help_ur_PK/contents/job-ascan.html | 8 +-
.../help_ur_PK/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_ur_PK/contents/job-ascanpolicy.html | 32 ++++++++
.../help_ur_PK/contents/job-exitstatus.html | 37 +++++++++
.../help_ur_PK/contents/job-requestor.html | 3 +-
.../automation/resources/help_ur_PK/index.xml | 5 ++
.../automation/resources/help_ur_PK/toc.xml | 5 ++
.../help_zh_CN/contents/automation.html | 40 +++++++---
.../help_zh_CN/contents/job-ascan.html | 8 +-
.../help_zh_CN/contents/job-ascanconfig.html | 51 ++++++++++++
.../help_zh_CN/contents/job-ascanpolicy.html | 32 ++++++++
.../help_zh_CN/contents/job-exitstatus.html | 37 +++++++++
.../help_zh_CN/contents/job-requestor.html | 3 +-
.../automation/resources/help_zh_CN/index.xml | 5 ++
.../automation/resources/help_zh_CN/toc.xml | 5 ++
.../resources/Messages_ar_SA.properties | 50 ++++++++++++
.../resources/Messages_az_AZ.properties | 50 ++++++++++++
.../resources/Messages_bn_BD.properties | 50 ++++++++++++
.../resources/Messages_bs_BA.properties | 50 ++++++++++++
.../resources/Messages_ceb_PH.properties | 50 ++++++++++++
.../resources/Messages_da_DK.properties | 50 ++++++++++++
.../resources/Messages_de_DE.properties | 50 ++++++++++++
.../resources/Messages_el_GR.properties | 50 ++++++++++++
.../resources/Messages_es_ES.properties | 50 ++++++++++++
.../resources/Messages_fa_IR.properties | 50 ++++++++++++
.../resources/Messages_fil_PH.properties | 50 ++++++++++++
.../resources/Messages_fr_FR.properties | 50 ++++++++++++
.../resources/Messages_ha_HG.properties | 50 ++++++++++++
.../resources/Messages_he_IL.properties | 50 ++++++++++++
.../resources/Messages_hi_IN.properties | 50 ++++++++++++
.../resources/Messages_hr_HR.properties | 50 ++++++++++++
.../resources/Messages_hu_HU.properties | 50 ++++++++++++
.../resources/Messages_id_ID.properties | 50 ++++++++++++
.../resources/Messages_it_IT.properties | 50 ++++++++++++
.../resources/Messages_ja_JP.properties | 50 ++++++++++++
.../resources/Messages_ko_KR.properties | 50 ++++++++++++
.../resources/Messages_mk_MK.properties | 50 ++++++++++++
.../resources/Messages_ms_MY.properties | 50 ++++++++++++
.../resources/Messages_nb_NO.properties | 50 ++++++++++++
.../resources/Messages_nl_NL.properties | 50 ++++++++++++
.../resources/Messages_pcm_NG.properties | 50 ++++++++++++
.../resources/Messages_pl_PL.properties | 50 ++++++++++++
.../resources/Messages_pt_BR.properties | 50 ++++++++++++
.../resources/Messages_pt_PT.properties | 50 ++++++++++++
.../resources/Messages_ro_RO.properties | 50 ++++++++++++
.../resources/Messages_ru_RU.properties | 50 ++++++++++++
.../resources/Messages_si_LK.properties | 50 ++++++++++++
.../resources/Messages_sk_SK.properties | 50 ++++++++++++
.../resources/Messages_sl_SI.properties | 50 ++++++++++++
.../resources/Messages_sq_AL.properties | 50 ++++++++++++
.../resources/Messages_sr_CS.properties | 50 ++++++++++++
.../resources/Messages_sr_SP.properties | 50 ++++++++++++
.../resources/Messages_tr_TR.properties | 50 ++++++++++++
.../resources/Messages_uk_UA.properties | 50 ++++++++++++
.../resources/Messages_ur_PK.properties | 50 ++++++++++++
.../resources/Messages_vi_VN.properties | 50 ++++++++++++
.../resources/Messages_yo_NG.properties | 50 ++++++++++++
.../resources/Messages_zh_CN.properties | 50 ++++++++++++
.../resources/Messages_zh_TW.properties | 50 ++++++++++++
.../help_ar_SA/contents/ajax-scan.html | 7 ++
.../help_ar_SA/contents/automation.html | 35 +++++++++
.../resources/help_ar_SA/contents/client.html | 43 +++++++++-
.../resources/help_ar_SA/contents/spider.html | 55 +++++++++++++
.../client/resources/help_ar_SA/index.xml | 2 +
.../addon/client/resources/help_ar_SA/toc.xml | 2 +
.../help_az_AZ/contents/ajax-scan.html | 7 ++
.../help_az_AZ/contents/automation.html | 35 +++++++++
.../resources/help_az_AZ/contents/client.html | 43 +++++++++-
.../resources/help_az_AZ/contents/spider.html | 55 +++++++++++++
.../client/resources/help_az_AZ/index.xml | 2 +
.../addon/client/resources/help_az_AZ/toc.xml | 2 +
.../help_bs_BA/contents/ajax-scan.html | 7 ++
.../help_bs_BA/contents/automation.html | 35 +++++++++
.../resources/help_bs_BA/contents/client.html | 43 +++++++++-
.../resources/help_bs_BA/contents/spider.html | 55 +++++++++++++
.../client/resources/help_bs_BA/index.xml | 2 +
.../addon/client/resources/help_bs_BA/toc.xml | 2 +
.../help_da_DK/contents/ajax-scan.html | 7 ++
.../help_da_DK/contents/automation.html | 35 +++++++++
.../resources/help_da_DK/contents/client.html | 43 +++++++++-
.../resources/help_da_DK/contents/spider.html | 55 +++++++++++++
.../client/resources/help_da_DK/index.xml | 2 +
.../addon/client/resources/help_da_DK/toc.xml | 2 +
.../help_de_DE/contents/ajax-scan.html | 7 ++
.../help_de_DE/contents/automation.html | 35 +++++++++
.../resources/help_de_DE/contents/client.html | 43 +++++++++-
.../resources/help_de_DE/contents/spider.html | 55 +++++++++++++
.../client/resources/help_de_DE/index.xml | 2 +
.../addon/client/resources/help_de_DE/toc.xml | 2 +
.../help_el_GR/contents/ajax-scan.html | 7 ++
.../help_el_GR/contents/automation.html | 35 +++++++++
.../resources/help_el_GR/contents/client.html | 43 +++++++++-
.../resources/help_el_GR/contents/spider.html | 55 +++++++++++++
.../client/resources/help_el_GR/index.xml | 2 +
.../addon/client/resources/help_el_GR/toc.xml | 2 +
.../help_es_ES/contents/ajax-scan.html | 7 ++
.../help_es_ES/contents/automation.html | 35 +++++++++
.../resources/help_es_ES/contents/client.html | 43 +++++++++-
.../resources/help_es_ES/contents/spider.html | 55 +++++++++++++
.../client/resources/help_es_ES/index.xml | 2 +
.../addon/client/resources/help_es_ES/toc.xml | 2 +
.../help_fa_IR/contents/ajax-scan.html | 7 ++
.../help_fa_IR/contents/automation.html | 35 +++++++++
.../resources/help_fa_IR/contents/client.html | 43 +++++++++-
.../resources/help_fa_IR/contents/spider.html | 55 +++++++++++++
.../client/resources/help_fa_IR/index.xml | 2 +
.../addon/client/resources/help_fa_IR/toc.xml | 2 +
.../help_fil_PH/contents/ajax-scan.html | 7 ++
.../help_fil_PH/contents/automation.html | 35 +++++++++
.../help_fil_PH/contents/client.html | 43 +++++++++-
.../help_fil_PH/contents/spider.html | 55 +++++++++++++
.../client/resources/help_fil_PH/index.xml | 2 +
.../client/resources/help_fil_PH/toc.xml | 2 +
.../help_fr_FR/contents/ajax-scan.html | 7 ++
.../help_fr_FR/contents/automation.html | 35 +++++++++
.../resources/help_fr_FR/contents/client.html | 43 +++++++++-
.../resources/help_fr_FR/contents/spider.html | 55 +++++++++++++
.../client/resources/help_fr_FR/index.xml | 2 +
.../addon/client/resources/help_fr_FR/toc.xml | 2 +
.../help_hi_IN/contents/ajax-scan.html | 7 ++
.../help_hi_IN/contents/automation.html | 35 +++++++++
.../resources/help_hi_IN/contents/client.html | 43 +++++++++-
.../resources/help_hi_IN/contents/spider.html | 55 +++++++++++++
.../client/resources/help_hi_IN/index.xml | 2 +
.../addon/client/resources/help_hi_IN/toc.xml | 2 +
.../help_hu_HU/contents/ajax-scan.html | 7 ++
.../help_hu_HU/contents/automation.html | 35 +++++++++
.../resources/help_hu_HU/contents/client.html | 43 +++++++++-
.../resources/help_hu_HU/contents/spider.html | 55 +++++++++++++
.../client/resources/help_hu_HU/index.xml | 2 +
.../addon/client/resources/help_hu_HU/toc.xml | 2 +
.../help_id_ID/contents/ajax-scan.html | 7 ++
.../help_id_ID/contents/automation.html | 35 +++++++++
.../resources/help_id_ID/contents/client.html | 43 +++++++++-
.../resources/help_id_ID/contents/spider.html | 55 +++++++++++++
.../client/resources/help_id_ID/index.xml | 2 +
.../addon/client/resources/help_id_ID/toc.xml | 2 +
.../help_it_IT/contents/ajax-scan.html | 7 ++
.../help_it_IT/contents/automation.html | 35 +++++++++
.../resources/help_it_IT/contents/client.html | 43 +++++++++-
.../resources/help_it_IT/contents/spider.html | 55 +++++++++++++
.../client/resources/help_it_IT/index.xml | 2 +
.../addon/client/resources/help_it_IT/toc.xml | 2 +
.../help_ja_JP/contents/ajax-scan.html | 7 ++
.../help_ja_JP/contents/automation.html | 35 +++++++++
.../resources/help_ja_JP/contents/client.html | 43 +++++++++-
.../resources/help_ja_JP/contents/spider.html | 55 +++++++++++++
.../client/resources/help_ja_JP/index.xml | 2 +
.../addon/client/resources/help_ja_JP/toc.xml | 2 +
.../help_ms_MY/contents/ajax-scan.html | 7 ++
.../help_ms_MY/contents/automation.html | 35 +++++++++
.../resources/help_ms_MY/contents/client.html | 43 +++++++++-
.../resources/help_ms_MY/contents/spider.html | 55 +++++++++++++
.../client/resources/help_ms_MY/index.xml | 2 +
.../addon/client/resources/help_ms_MY/toc.xml | 2 +
.../help_pl_PL/contents/ajax-scan.html | 7 ++
.../help_pl_PL/contents/automation.html | 35 +++++++++
.../resources/help_pl_PL/contents/client.html | 43 +++++++++-
.../resources/help_pl_PL/contents/spider.html | 55 +++++++++++++
.../client/resources/help_pl_PL/index.xml | 2 +
.../addon/client/resources/help_pl_PL/toc.xml | 2 +
.../help_pt_BR/contents/ajax-scan.html | 7 ++
.../help_pt_BR/contents/automation.html | 35 +++++++++
.../resources/help_pt_BR/contents/client.html | 43 +++++++++-
.../resources/help_pt_BR/contents/spider.html | 55 +++++++++++++
.../client/resources/help_pt_BR/index.xml | 2 +
.../addon/client/resources/help_pt_BR/toc.xml | 2 +
.../help_ro_RO/contents/ajax-scan.html | 7 ++
.../help_ro_RO/contents/automation.html | 35 +++++++++
.../resources/help_ro_RO/contents/client.html | 43 +++++++++-
.../resources/help_ro_RO/contents/spider.html | 55 +++++++++++++
.../client/resources/help_ro_RO/index.xml | 2 +
.../addon/client/resources/help_ro_RO/toc.xml | 2 +
.../help_ru_RU/contents/ajax-scan.html | 7 ++
.../help_ru_RU/contents/automation.html | 35 +++++++++
.../resources/help_ru_RU/contents/client.html | 43 +++++++++-
.../resources/help_ru_RU/contents/spider.html | 55 +++++++++++++
.../client/resources/help_ru_RU/index.xml | 2 +
.../addon/client/resources/help_ru_RU/toc.xml | 2 +
.../help_sr_CS/contents/ajax-scan.html | 7 ++
.../help_sr_CS/contents/automation.html | 35 +++++++++
.../resources/help_sr_CS/contents/client.html | 43 +++++++++-
.../resources/help_sr_CS/contents/spider.html | 55 +++++++++++++
.../client/resources/help_sr_CS/index.xml | 2 +
.../addon/client/resources/help_sr_CS/toc.xml | 2 +
.../help_tr_TR/contents/ajax-scan.html | 7 ++
.../help_tr_TR/contents/automation.html | 35 +++++++++
.../resources/help_tr_TR/contents/client.html | 43 +++++++++-
.../resources/help_tr_TR/contents/spider.html | 55 +++++++++++++
.../client/resources/help_tr_TR/index.xml | 2 +
.../addon/client/resources/help_tr_TR/toc.xml | 2 +
.../help_ur_PK/contents/ajax-scan.html | 7 ++
.../help_ur_PK/contents/automation.html | 35 +++++++++
.../resources/help_ur_PK/contents/client.html | 43 +++++++++-
.../resources/help_ur_PK/contents/spider.html | 55 +++++++++++++
.../client/resources/help_ur_PK/index.xml | 2 +
.../addon/client/resources/help_ur_PK/toc.xml | 2 +
.../help_zh_CN/contents/ajax-scan.html | 7 ++
.../help_zh_CN/contents/automation.html | 35 +++++++++
.../resources/help_zh_CN/contents/client.html | 43 +++++++++-
.../resources/help_zh_CN/contents/spider.html | 55 +++++++++++++
.../client/resources/help_zh_CN/index.xml | 2 +
.../addon/client/resources/help_zh_CN/toc.xml | 2 +
.../resources/Messages_ar_SA.properties | 75 ++++++++++++++++++
.../resources/Messages_az_AZ.properties | 75 ++++++++++++++++++
.../resources/Messages_bn_BD.properties | 75 ++++++++++++++++++
.../resources/Messages_bs_BA.properties | 75 ++++++++++++++++++
.../resources/Messages_ceb_PH.properties | 75 ++++++++++++++++++
.../resources/Messages_da_DK.properties | 75 ++++++++++++++++++
.../resources/Messages_de_DE.properties | 75 ++++++++++++++++++
.../resources/Messages_el_GR.properties | 75 ++++++++++++++++++
.../resources/Messages_es_ES.properties | 75 ++++++++++++++++++
.../resources/Messages_fa_IR.properties | 75 ++++++++++++++++++
.../resources/Messages_fil_PH.properties | 75 ++++++++++++++++++
.../resources/Messages_fr_FR.properties | 75 ++++++++++++++++++
.../resources/Messages_ha_HG.properties | 75 ++++++++++++++++++
.../resources/Messages_he_IL.properties | 75 ++++++++++++++++++
.../resources/Messages_hi_IN.properties | 75 ++++++++++++++++++
.../resources/Messages_hr_HR.properties | 75 ++++++++++++++++++
.../resources/Messages_hu_HU.properties | 75 ++++++++++++++++++
.../resources/Messages_id_ID.properties | 75 ++++++++++++++++++
.../resources/Messages_it_IT.properties | 75 ++++++++++++++++++
.../resources/Messages_ja_JP.properties | 75 ++++++++++++++++++
.../resources/Messages_ko_KR.properties | 75 ++++++++++++++++++
.../resources/Messages_mk_MK.properties | 75 ++++++++++++++++++
.../resources/Messages_ms_MY.properties | 75 ++++++++++++++++++
.../resources/Messages_nb_NO.properties | 75 ++++++++++++++++++
.../resources/Messages_nl_NL.properties | 75 ++++++++++++++++++
.../resources/Messages_pcm_NG.properties | 75 ++++++++++++++++++
.../resources/Messages_pl_PL.properties | 75 ++++++++++++++++++
.../resources/Messages_pt_BR.properties | 75 ++++++++++++++++++
.../resources/Messages_pt_PT.properties | 75 ++++++++++++++++++
.../resources/Messages_ro_RO.properties | 75 ++++++++++++++++++
.../resources/Messages_ru_RU.properties | 75 ++++++++++++++++++
.../resources/Messages_si_LK.properties | 75 ++++++++++++++++++
.../resources/Messages_sk_SK.properties | 75 ++++++++++++++++++
.../resources/Messages_sl_SI.properties | 75 ++++++++++++++++++
.../resources/Messages_sq_AL.properties | 75 ++++++++++++++++++
.../resources/Messages_sr_CS.properties | 75 ++++++++++++++++++
.../resources/Messages_sr_SP.properties | 75 ++++++++++++++++++
.../resources/Messages_tr_TR.properties | 75 ++++++++++++++++++
.../resources/Messages_uk_UA.properties | 75 ++++++++++++++++++
.../resources/Messages_ur_PK.properties | 75 ++++++++++++++++++
.../resources/Messages_vi_VN.properties | 75 ++++++++++++++++++
.../resources/Messages_yo_NG.properties | 75 ++++++++++++++++++
.../resources/Messages_zh_CN.properties | 75 ++++++++++++++++++
.../resources/Messages_zh_TW.properties | 75 ++++++++++++++++++
.../internal/vulns/vulnerabilities_ar_SA.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_az_AZ.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_bn_BD.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_bs_BA.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_ceb_PH.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_da_DK.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_de_DE.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_el_GR.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_es_ES.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_fa_IR.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_fil_PH.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_fr_FR.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_ha_HG.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_he_IL.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_hi_IN.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_hr_HR.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_hu_HU.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_id_ID.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_it_IT.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_ja_JP.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_ko_KR.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_mk_MK.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_ms_MY.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_nb_NO.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_nl_NL.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_pcm_NG.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_pl_PL.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_pt_BR.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_pt_PT.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_ro_RO.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_ru_RU.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_si_LK.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_sk_SK.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_sl_SI.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_sq_AL.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_sr_CS.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_sr_SP.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_tr_TR.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_uk_UA.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_ur_PK.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_vi_VN.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_yo_NG.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_zh_CN.xml | 27 ++++++-
.../internal/vulns/vulnerabilities_zh_TW.xml | 27 ++++++-
.../resources/Messages_ar_SA.properties | 1 +
.../resources/Messages_az_AZ.properties | 1 +
.../resources/Messages_bn_BD.properties | 1 +
.../resources/Messages_bs_BA.properties | 1 +
.../resources/Messages_ceb_PH.properties | 1 +
.../resources/Messages_da_DK.properties | 1 +
.../resources/Messages_de_DE.properties | 1 +
.../resources/Messages_el_GR.properties | 1 +
.../resources/Messages_es_ES.properties | 1 +
.../resources/Messages_fa_IR.properties | 1 +
.../resources/Messages_fil_PH.properties | 1 +
.../resources/Messages_fr_FR.properties | 1 +
.../resources/Messages_ha_HG.properties | 1 +
.../resources/Messages_he_IL.properties | 1 +
.../resources/Messages_hi_IN.properties | 1 +
.../resources/Messages_hr_HR.properties | 1 +
.../resources/Messages_hu_HU.properties | 1 +
.../resources/Messages_id_ID.properties | 1 +
.../resources/Messages_it_IT.properties | 1 +
.../resources/Messages_ja_JP.properties | 1 +
.../resources/Messages_ko_KR.properties | 1 +
.../resources/Messages_mk_MK.properties | 1 +
.../resources/Messages_ms_MY.properties | 1 +
.../resources/Messages_nb_NO.properties | 1 +
.../resources/Messages_nl_NL.properties | 1 +
.../resources/Messages_pcm_NG.properties | 1 +
.../resources/Messages_pl_PL.properties | 1 +
.../resources/Messages_pt_BR.properties | 1 +
.../resources/Messages_pt_PT.properties | 1 +
.../resources/Messages_ro_RO.properties | 1 +
.../resources/Messages_ru_RU.properties | 1 +
.../resources/Messages_si_LK.properties | 1 +
.../resources/Messages_sk_SK.properties | 1 +
.../resources/Messages_sl_SI.properties | 1 +
.../resources/Messages_sq_AL.properties | 1 +
.../resources/Messages_sr_CS.properties | 1 +
.../resources/Messages_sr_SP.properties | 1 +
.../resources/Messages_tr_TR.properties | 1 +
.../resources/Messages_uk_UA.properties | 1 +
.../resources/Messages_ur_PK.properties | 1 +
.../resources/Messages_vi_VN.properties | 1 +
.../resources/Messages_yo_NG.properties | 1 +
.../resources/Messages_zh_CN.properties | 1 +
.../resources/Messages_zh_TW.properties | 1 +
.../help_ar_SA/contents/encoder.html | 26 ++++++-
.../help_az_AZ/contents/encoder.html | 26 ++++++-
.../help_bs_BA/contents/encoder.html | 26 ++++++-
.../help_da_DK/contents/encoder.html | 26 ++++++-
.../help_de_DE/contents/encoder.html | 26 ++++++-
.../help_el_GR/contents/encoder.html | 26 ++++++-
.../help_es_ES/contents/encoder.html | 26 ++++++-
.../help_fa_IR/contents/encoder.html | 26 ++++++-
.../help_fil_PH/contents/encoder.html | 26 ++++++-
.../help_fr_FR/contents/encoder.html | 26 ++++++-
.../help_hi_IN/contents/encoder.html | 26 ++++++-
.../help_hu_HU/contents/encoder.html | 26 ++++++-
.../help_id_ID/contents/encoder.html | 26 ++++++-
.../help_it_IT/contents/encoder.html | 26 ++++++-
.../help_ja_JP/contents/encoder.html | 26 ++++++-
.../help_ms_MY/contents/encoder.html | 26 ++++++-
.../help_pl_PL/contents/encoder.html | 26 ++++++-
.../help_pt_BR/contents/encoder.html | 26 ++++++-
.../help_ro_RO/contents/encoder.html | 26 ++++++-
.../help_ru_RU/contents/encoder.html | 26 ++++++-
.../help_sr_CS/contents/encoder.html | 26 ++++++-
.../help_tr_TR/contents/encoder.html | 26 ++++++-
.../help_ur_PK/contents/encoder.html | 26 ++++++-
.../help_zh_CN/contents/encoder.html | 26 ++++++-
.../resources/Messages_ar_SA.properties | 4 +
.../resources/Messages_az_AZ.properties | 4 +
.../resources/Messages_bn_BD.properties | 4 +
.../resources/Messages_bs_BA.properties | 4 +
.../resources/Messages_ceb_PH.properties | 4 +
.../resources/Messages_da_DK.properties | 4 +
.../resources/Messages_de_DE.properties | 4 +
.../resources/Messages_el_GR.properties | 4 +
.../resources/Messages_es_ES.properties | 4 +
.../resources/Messages_fa_IR.properties | 4 +
.../resources/Messages_fil_PH.properties | 4 +
.../resources/Messages_fr_FR.properties | 4 +
.../resources/Messages_ha_HG.properties | 4 +
.../resources/Messages_he_IL.properties | 4 +
.../resources/Messages_hi_IN.properties | 4 +
.../resources/Messages_hr_HR.properties | 4 +
.../resources/Messages_hu_HU.properties | 4 +
.../resources/Messages_id_ID.properties | 4 +
.../resources/Messages_it_IT.properties | 4 +
.../resources/Messages_ja_JP.properties | 4 +
.../resources/Messages_ko_KR.properties | 4 +
.../resources/Messages_mk_MK.properties | 4 +
.../resources/Messages_ms_MY.properties | 4 +
.../resources/Messages_nb_NO.properties | 4 +
.../resources/Messages_nl_NL.properties | 4 +
.../resources/Messages_pcm_NG.properties | 4 +
.../resources/Messages_pl_PL.properties | 4 +
.../resources/Messages_pt_BR.properties | 4 +
.../resources/Messages_pt_PT.properties | 4 +
.../resources/Messages_ro_RO.properties | 4 +
.../resources/Messages_ru_RU.properties | 4 +
.../resources/Messages_si_LK.properties | 4 +
.../resources/Messages_sk_SK.properties | 4 +
.../resources/Messages_sl_SI.properties | 4 +
.../resources/Messages_sq_AL.properties | 4 +
.../resources/Messages_sr_CS.properties | 4 +
.../resources/Messages_sr_SP.properties | 4 +
.../resources/Messages_tr_TR.properties | 4 +
.../resources/Messages_uk_UA.properties | 4 +
.../resources/Messages_ur_PK.properties | 4 +
.../resources/Messages_vi_VN.properties | 4 +
.../resources/Messages_yo_NG.properties | 4 +
.../resources/Messages_zh_CN.properties | 4 +
.../resources/Messages_zh_TW.properties | 4 +
.../help_ar_SA/contents/automation.html | 28 ++++++-
.../javahelp/help_ar_SA/contents/exim.html | 78 +++++++++++--------
.../help_ar_SA/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_ar_SA/index.xml | 1 +
.../exim/src/main/javahelp/help_ar_SA/toc.xml | 1 +
.../help_az_AZ/contents/automation.html | 28 ++++++-
.../javahelp/help_az_AZ/contents/exim.html | 78 +++++++++++--------
.../help_az_AZ/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_az_AZ/index.xml | 1 +
.../exim/src/main/javahelp/help_az_AZ/toc.xml | 1 +
.../help_bs_BA/contents/automation.html | 28 ++++++-
.../javahelp/help_bs_BA/contents/exim.html | 78 +++++++++++--------
.../help_bs_BA/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_bs_BA/index.xml | 1 +
.../exim/src/main/javahelp/help_bs_BA/toc.xml | 1 +
.../help_da_DK/contents/automation.html | 28 ++++++-
.../javahelp/help_da_DK/contents/exim.html | 78 +++++++++++--------
.../help_da_DK/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_da_DK/index.xml | 1 +
.../exim/src/main/javahelp/help_da_DK/toc.xml | 1 +
.../help_de_DE/contents/automation.html | 28 ++++++-
.../javahelp/help_de_DE/contents/exim.html | 78 +++++++++++--------
.../help_de_DE/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_de_DE/index.xml | 1 +
.../exim/src/main/javahelp/help_de_DE/toc.xml | 1 +
.../help_el_GR/contents/automation.html | 28 ++++++-
.../javahelp/help_el_GR/contents/exim.html | 78 +++++++++++--------
.../help_el_GR/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_el_GR/index.xml | 1 +
.../exim/src/main/javahelp/help_el_GR/toc.xml | 1 +
.../help_es_ES/contents/automation.html | 28 ++++++-
.../javahelp/help_es_ES/contents/exim.html | 78 +++++++++++--------
.../help_es_ES/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_es_ES/index.xml | 1 +
.../exim/src/main/javahelp/help_es_ES/toc.xml | 1 +
.../help_fa_IR/contents/automation.html | 28 ++++++-
.../javahelp/help_fa_IR/contents/exim.html | 78 +++++++++++--------
.../help_fa_IR/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_fa_IR/index.xml | 1 +
.../exim/src/main/javahelp/help_fa_IR/toc.xml | 1 +
.../help_fil_PH/contents/automation.html | 28 ++++++-
.../javahelp/help_fil_PH/contents/exim.html | 78 +++++++++++--------
.../help_fil_PH/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_fil_PH/index.xml | 1 +
.../src/main/javahelp/help_fil_PH/toc.xml | 1 +
.../help_fr_FR/contents/automation.html | 28 ++++++-
.../javahelp/help_fr_FR/contents/exim.html | 78 +++++++++++--------
.../help_fr_FR/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_fr_FR/index.xml | 1 +
.../exim/src/main/javahelp/help_fr_FR/toc.xml | 1 +
.../help_hi_IN/contents/automation.html | 28 ++++++-
.../javahelp/help_hi_IN/contents/exim.html | 78 +++++++++++--------
.../help_hi_IN/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_hi_IN/index.xml | 1 +
.../exim/src/main/javahelp/help_hi_IN/toc.xml | 1 +
.../help_hu_HU/contents/automation.html | 28 ++++++-
.../javahelp/help_hu_HU/contents/exim.html | 78 +++++++++++--------
.../help_hu_HU/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_hu_HU/index.xml | 1 +
.../exim/src/main/javahelp/help_hu_HU/toc.xml | 1 +
.../help_id_ID/contents/automation.html | 28 ++++++-
.../javahelp/help_id_ID/contents/exim.html | 78 +++++++++++--------
.../help_id_ID/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_id_ID/index.xml | 1 +
.../exim/src/main/javahelp/help_id_ID/toc.xml | 1 +
.../help_it_IT/contents/automation.html | 28 ++++++-
.../javahelp/help_it_IT/contents/exim.html | 78 +++++++++++--------
.../help_it_IT/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_it_IT/index.xml | 1 +
.../exim/src/main/javahelp/help_it_IT/toc.xml | 1 +
.../help_ja_JP/contents/automation.html | 28 ++++++-
.../javahelp/help_ja_JP/contents/exim.html | 78 +++++++++++--------
.../help_ja_JP/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_ja_JP/index.xml | 1 +
.../exim/src/main/javahelp/help_ja_JP/toc.xml | 1 +
.../help_ms_MY/contents/automation.html | 28 ++++++-
.../javahelp/help_ms_MY/contents/exim.html | 78 +++++++++++--------
.../help_ms_MY/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_ms_MY/index.xml | 1 +
.../exim/src/main/javahelp/help_ms_MY/toc.xml | 1 +
.../help_pl_PL/contents/automation.html | 28 ++++++-
.../javahelp/help_pl_PL/contents/exim.html | 78 +++++++++++--------
.../help_pl_PL/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_pl_PL/index.xml | 1 +
.../exim/src/main/javahelp/help_pl_PL/toc.xml | 1 +
.../help_pt_BR/contents/automation.html | 28 ++++++-
.../javahelp/help_pt_BR/contents/exim.html | 78 +++++++++++--------
.../help_pt_BR/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_pt_BR/index.xml | 1 +
.../exim/src/main/javahelp/help_pt_BR/toc.xml | 1 +
.../help_ro_RO/contents/automation.html | 28 ++++++-
.../javahelp/help_ro_RO/contents/exim.html | 78 +++++++++++--------
.../help_ro_RO/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_ro_RO/index.xml | 1 +
.../exim/src/main/javahelp/help_ro_RO/toc.xml | 1 +
.../help_ru_RU/contents/automation.html | 28 ++++++-
.../javahelp/help_ru_RU/contents/exim.html | 78 +++++++++++--------
.../help_ru_RU/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_ru_RU/index.xml | 1 +
.../exim/src/main/javahelp/help_ru_RU/toc.xml | 1 +
.../help_sr_CS/contents/automation.html | 28 ++++++-
.../javahelp/help_sr_CS/contents/exim.html | 78 +++++++++++--------
.../help_sr_CS/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_sr_CS/index.xml | 1 +
.../exim/src/main/javahelp/help_sr_CS/toc.xml | 1 +
.../help_tr_TR/contents/automation.html | 28 ++++++-
.../javahelp/help_tr_TR/contents/exim.html | 78 +++++++++++--------
.../help_tr_TR/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_tr_TR/index.xml | 1 +
.../exim/src/main/javahelp/help_tr_TR/toc.xml | 1 +
.../help_ur_PK/contents/automation.html | 28 ++++++-
.../javahelp/help_ur_PK/contents/exim.html | 78 +++++++++++--------
.../help_ur_PK/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_ur_PK/index.xml | 1 +
.../exim/src/main/javahelp/help_ur_PK/toc.xml | 1 +
.../help_zh_CN/contents/automation.html | 28 ++++++-
.../javahelp/help_zh_CN/contents/exim.html | 78 +++++++++++--------
.../help_zh_CN/contents/sitestreeformat.html | 67 ++++++++++++++++
.../src/main/javahelp/help_zh_CN/index.xml | 1 +
.../exim/src/main/javahelp/help_zh_CN/toc.xml | 1 +
.../exim/resources/Messages_ar_SA.properties | 66 ++++++++++++++--
.../exim/resources/Messages_az_AZ.properties | 66 ++++++++++++++--
.../exim/resources/Messages_bn_BD.properties | 66 ++++++++++++++--
.../exim/resources/Messages_bs_BA.properties | 66 ++++++++++++++--
.../exim/resources/Messages_ceb_PH.properties | 66 ++++++++++++++--
.../exim/resources/Messages_da_DK.properties | 66 ++++++++++++++--
.../exim/resources/Messages_de_DE.properties | 66 ++++++++++++++--
.../exim/resources/Messages_el_GR.properties | 66 ++++++++++++++--
.../exim/resources/Messages_es_ES.properties | 66 ++++++++++++++--
.../exim/resources/Messages_fa_IR.properties | 66 ++++++++++++++--
.../exim/resources/Messages_fil_PH.properties | 66 ++++++++++++++--
.../exim/resources/Messages_fr_FR.properties | 66 ++++++++++++++--
.../exim/resources/Messages_ha_HG.properties | 66 ++++++++++++++--
.../exim/resources/Messages_he_IL.properties | 66 ++++++++++++++--
.../exim/resources/Messages_hi_IN.properties | 66 ++++++++++++++--
.../exim/resources/Messages_hr_HR.properties | 66 ++++++++++++++--
.../exim/resources/Messages_hu_HU.properties | 66 ++++++++++++++--
.../exim/resources/Messages_id_ID.properties | 66 ++++++++++++++--
.../exim/resources/Messages_it_IT.properties | 66 ++++++++++++++--
.../exim/resources/Messages_ja_JP.properties | 66 ++++++++++++++--
.../exim/resources/Messages_ko_KR.properties | 66 ++++++++++++++--
.../exim/resources/Messages_mk_MK.properties | 66 ++++++++++++++--
.../exim/resources/Messages_ms_MY.properties | 66 ++++++++++++++--
.../exim/resources/Messages_nb_NO.properties | 66 ++++++++++++++--
.../exim/resources/Messages_nl_NL.properties | 66 ++++++++++++++--
.../exim/resources/Messages_pcm_NG.properties | 66 ++++++++++++++--
.../exim/resources/Messages_pl_PL.properties | 66 ++++++++++++++--
.../exim/resources/Messages_pt_BR.properties | 66 ++++++++++++++--
.../exim/resources/Messages_pt_PT.properties | 66 ++++++++++++++--
.../exim/resources/Messages_ro_RO.properties | 66 ++++++++++++++--
.../exim/resources/Messages_ru_RU.properties | 66 ++++++++++++++--
.../exim/resources/Messages_si_LK.properties | 66 ++++++++++++++--
.../exim/resources/Messages_sk_SK.properties | 66 ++++++++++++++--
.../exim/resources/Messages_sl_SI.properties | 66 ++++++++++++++--
.../exim/resources/Messages_sq_AL.properties | 66 ++++++++++++++--
.../exim/resources/Messages_sr_CS.properties | 66 ++++++++++++++--
.../exim/resources/Messages_sr_SP.properties | 66 ++++++++++++++--
.../exim/resources/Messages_tr_TR.properties | 66 ++++++++++++++--
.../exim/resources/Messages_uk_UA.properties | 66 ++++++++++++++--
.../exim/resources/Messages_ur_PK.properties | 66 ++++++++++++++--
.../exim/resources/Messages_vi_VN.properties | 66 ++++++++++++++--
.../exim/resources/Messages_yo_NG.properties | 66 ++++++++++++++--
.../exim/resources/Messages_zh_CN.properties | 66 ++++++++++++++--
.../exim/resources/Messages_zh_TW.properties | 66 ++++++++++++++--
.../help_ar_SA/contents/FormHandlerHelp.html | 14 ++--
.../help_az_AZ/contents/FormHandlerHelp.html | 14 ++--
.../help_bs_BA/contents/FormHandlerHelp.html | 14 ++--
.../help_da_DK/contents/FormHandlerHelp.html | 14 ++--
.../help_de_DE/contents/FormHandlerHelp.html | 14 ++--
.../help_el_GR/contents/FormHandlerHelp.html | 14 ++--
.../help_es_ES/contents/FormHandlerHelp.html | 14 ++--
.../help_fa_IR/contents/FormHandlerHelp.html | 14 ++--
.../help_fil_PH/contents/FormHandlerHelp.html | 14 ++--
.../help_fr_FR/contents/FormHandlerHelp.html | 14 ++--
.../help_hi_IN/contents/FormHandlerHelp.html | 14 ++--
.../help_hu_HU/contents/FormHandlerHelp.html | 14 ++--
.../help_id_ID/contents/FormHandlerHelp.html | 14 ++--
.../help_it_IT/contents/FormHandlerHelp.html | 14 ++--
.../help_ja_JP/contents/FormHandlerHelp.html | 14 ++--
.../help_ms_MY/contents/FormHandlerHelp.html | 14 ++--
.../help_pl_PL/contents/FormHandlerHelp.html | 14 ++--
.../help_pt_BR/contents/FormHandlerHelp.html | 14 ++--
.../help_ro_RO/contents/FormHandlerHelp.html | 14 ++--
.../help_ru_RU/contents/FormHandlerHelp.html | 14 ++--
.../help_sr_CS/contents/FormHandlerHelp.html | 14 ++--
.../help_tr_TR/contents/FormHandlerHelp.html | 14 ++--
.../help_ur_PK/contents/FormHandlerHelp.html | 14 ++--
.../help_zh_CN/contents/FormHandlerHelp.html | 14 ++--
.../resources/Messages_ar_SA.properties | 2 +-
.../resources/Messages_az_AZ.properties | 2 +-
.../resources/Messages_bn_BD.properties | 2 +-
.../resources/Messages_bs_BA.properties | 2 +-
.../resources/Messages_ceb_PH.properties | 2 +-
.../resources/Messages_da_DK.properties | 2 +-
.../resources/Messages_de_DE.properties | 2 +-
.../resources/Messages_el_GR.properties | 2 +-
.../resources/Messages_es_ES.properties | 2 +-
.../resources/Messages_fa_IR.properties | 2 +-
.../resources/Messages_fil_PH.properties | 2 +-
.../resources/Messages_fr_FR.properties | 2 +-
.../resources/Messages_ha_HG.properties | 2 +-
.../resources/Messages_he_IL.properties | 2 +-
.../resources/Messages_hi_IN.properties | 2 +-
.../resources/Messages_hr_HR.properties | 2 +-
.../resources/Messages_hu_HU.properties | 2 +-
.../resources/Messages_id_ID.properties | 2 +-
.../resources/Messages_it_IT.properties | 2 +-
.../resources/Messages_ja_JP.properties | 2 +-
.../resources/Messages_ko_KR.properties | 2 +-
.../resources/Messages_mk_MK.properties | 2 +-
.../resources/Messages_ms_MY.properties | 2 +-
.../resources/Messages_nb_NO.properties | 2 +-
.../resources/Messages_nl_NL.properties | 2 +-
.../resources/Messages_pcm_NG.properties | 2 +-
.../resources/Messages_pl_PL.properties | 2 +-
.../resources/Messages_pt_BR.properties | 2 +-
.../resources/Messages_pt_PT.properties | 2 +-
.../resources/Messages_ro_RO.properties | 2 +-
.../resources/Messages_ru_RU.properties | 2 +-
.../resources/Messages_si_LK.properties | 2 +-
.../resources/Messages_sk_SK.properties | 2 +-
.../resources/Messages_sl_SI.properties | 2 +-
.../resources/Messages_sq_AL.properties | 2 +-
.../resources/Messages_sr_CS.properties | 2 +-
.../resources/Messages_sr_SP.properties | 2 +-
.../resources/Messages_tr_TR.properties | 2 +-
.../resources/Messages_uk_UA.properties | 2 +-
.../resources/Messages_ur_PK.properties | 2 +-
.../resources/Messages_vi_VN.properties | 2 +-
.../resources/Messages_yo_NG.properties | 2 +-
.../resources/Messages_zh_CN.properties | 2 +-
.../resources/Messages_zh_TW.properties | 2 +-
.../resources/help_ar_SA/contents/alerts.html | 43 +++++++++-
.../resources/help_az_AZ/contents/alerts.html | 43 +++++++++-
.../resources/help_bs_BA/contents/alerts.html | 43 +++++++++-
.../resources/help_da_DK/contents/alerts.html | 43 +++++++++-
.../resources/help_de_DE/contents/alerts.html | 43 +++++++++-
.../resources/help_el_GR/contents/alerts.html | 43 +++++++++-
.../resources/help_es_ES/contents/alerts.html | 43 +++++++++-
.../resources/help_fa_IR/contents/alerts.html | 43 +++++++++-
.../help_fil_PH/contents/alerts.html | 43 +++++++++-
.../resources/help_fr_FR/contents/alerts.html | 43 +++++++++-
.../resources/help_hi_IN/contents/alerts.html | 43 +++++++++-
.../resources/help_hu_HU/contents/alerts.html | 43 +++++++++-
.../resources/help_id_ID/contents/alerts.html | 43 +++++++++-
.../resources/help_it_IT/contents/alerts.html | 43 +++++++++-
.../resources/help_ja_JP/contents/alerts.html | 43 +++++++++-
.../resources/help_ms_MY/contents/alerts.html | 43 +++++++++-
.../resources/help_pl_PL/contents/alerts.html | 43 +++++++++-
.../resources/help_pt_BR/contents/alerts.html | 43 +++++++++-
.../resources/help_ro_RO/contents/alerts.html | 43 +++++++++-
.../resources/help_ru_RU/contents/alerts.html | 43 +++++++++-
.../resources/help_sr_CS/contents/alerts.html | 43 +++++++++-
.../resources/help_tr_TR/contents/alerts.html | 43 +++++++++-
.../resources/help_ur_PK/contents/alerts.html | 43 +++++++++-
.../resources/help_zh_CN/contents/alerts.html | 43 +++++++++-
.../resources/Messages_ar_SA.properties | 22 ++++++
.../resources/Messages_az_AZ.properties | 22 ++++++
.../resources/Messages_bn_BD.properties | 22 ++++++
.../resources/Messages_bs_BA.properties | 22 ++++++
.../resources/Messages_ceb_PH.properties | 22 ++++++
.../resources/Messages_da_DK.properties | 22 ++++++
.../resources/Messages_de_DE.properties | 22 ++++++
.../resources/Messages_el_GR.properties | 22 ++++++
.../resources/Messages_es_ES.properties | 22 ++++++
.../resources/Messages_fa_IR.properties | 22 ++++++
.../resources/Messages_fil_PH.properties | 22 ++++++
.../resources/Messages_fr_FR.properties | 22 ++++++
.../resources/Messages_ha_HG.properties | 22 ++++++
.../resources/Messages_he_IL.properties | 22 ++++++
.../resources/Messages_hi_IN.properties | 22 ++++++
.../resources/Messages_hr_HR.properties | 22 ++++++
.../resources/Messages_hu_HU.properties | 22 ++++++
.../resources/Messages_id_ID.properties | 22 ++++++
.../resources/Messages_it_IT.properties | 22 ++++++
.../resources/Messages_ja_JP.properties | 22 ++++++
.../resources/Messages_ko_KR.properties | 22 ++++++
.../resources/Messages_mk_MK.properties | 22 ++++++
.../resources/Messages_ms_MY.properties | 22 ++++++
.../resources/Messages_nb_NO.properties | 22 ++++++
.../resources/Messages_nl_NL.properties | 22 ++++++
.../resources/Messages_pcm_NG.properties | 22 ++++++
.../resources/Messages_pl_PL.properties | 22 ++++++
.../resources/Messages_pt_BR.properties | 22 ++++++
.../resources/Messages_pt_PT.properties | 22 ++++++
.../resources/Messages_ro_RO.properties | 22 ++++++
.../resources/Messages_ru_RU.properties | 22 ++++++
.../resources/Messages_si_LK.properties | 22 ++++++
.../resources/Messages_sk_SK.properties | 22 ++++++
.../resources/Messages_sl_SI.properties | 22 ++++++
.../resources/Messages_sq_AL.properties | 22 ++++++
.../resources/Messages_sr_CS.properties | 22 ++++++
.../resources/Messages_sr_SP.properties | 22 ++++++
.../resources/Messages_tr_TR.properties | 22 ++++++
.../resources/Messages_uk_UA.properties | 22 ++++++
.../resources/Messages_ur_PK.properties | 22 ++++++
.../resources/Messages_vi_VN.properties | 22 ++++++
.../resources/Messages_yo_NG.properties | 22 ++++++
.../resources/Messages_zh_CN.properties | 22 ++++++
.../resources/Messages_zh_TW.properties | 22 ++++++
.../help_ar_SA/contents/pscanrules.html | 11 ++-
.../help_az_AZ/contents/pscanrules.html | 11 ++-
.../help_bs_BA/contents/pscanrules.html | 11 ++-
.../help_da_DK/contents/pscanrules.html | 11 ++-
.../help_de_DE/contents/pscanrules.html | 11 ++-
.../help_el_GR/contents/pscanrules.html | 11 ++-
.../help_es_ES/contents/pscanrules.html | 11 ++-
.../help_fa_IR/contents/pscanrules.html | 11 ++-
.../help_fil_PH/contents/pscanrules.html | 11 ++-
.../help_fr_FR/contents/pscanrules.html | 11 ++-
.../help_hi_IN/contents/pscanrules.html | 11 ++-
.../help_hu_HU/contents/pscanrules.html | 11 ++-
.../help_id_ID/contents/pscanrules.html | 11 ++-
.../help_it_IT/contents/pscanrules.html | 11 ++-
.../help_ja_JP/contents/pscanrules.html | 11 ++-
.../help_ms_MY/contents/pscanrules.html | 11 ++-
.../help_pl_PL/contents/pscanrules.html | 11 ++-
.../help_pt_BR/contents/pscanrules.html | 11 ++-
.../help_ro_RO/contents/pscanrules.html | 11 ++-
.../help_ru_RU/contents/pscanrules.html | 13 ++--
.../help_sr_CS/contents/pscanrules.html | 11 ++-
.../help_tr_TR/contents/pscanrules.html | 11 ++-
.../help_ur_PK/contents/pscanrules.html | 11 ++-
.../help_zh_CN/contents/pscanrules.html | 11 ++-
1016 files changed, 23496 insertions(+), 2048 deletions(-)
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-exitstatus.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascanconfig.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascanpolicy.html
create mode 100644 addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-exitstatus.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/spider.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/automation.html
create mode 100644 addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/spider.html
create mode 100644 addOns/exim/src/main/javahelp/help_ar_SA/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_az_AZ/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_bs_BA/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_da_DK/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_de_DE/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_el_GR/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_es_ES/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_fa_IR/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_fil_PH/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_fr_FR/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_hi_IN/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_hu_HU/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_id_ID/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_it_IT/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_ja_JP/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_ms_MY/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_pl_PL/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_pt_BR/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_ro_RO/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_ru_RU/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_sr_CS/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_tr_TR/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_ur_PK/contents/sitestreeformat.html
create mode 100644 addOns/exim/src/main/javahelp/help_zh_CN/contents/sitestreeformat.html
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ar_SA/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ar_SA/contents/ascanrules.html
index 1f0e8022f42..a604aa25886 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ar_SA/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ar_SA/contents/ascanrules.html
@@ -178,7 +178,9 @@ Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_az_AZ/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_az_AZ/contents/ascanrules.html
index b35a424169b..237da8336cd 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_az_AZ/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_az_AZ/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_bs_BA/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_bs_BA/contents/ascanrules.html
index 0ca1ec5e81d..c8de8004fd5 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_bs_BA/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_bs_BA/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_da_DK/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_da_DK/contents/ascanrules.html
index 1f0e8022f42..a604aa25886 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_da_DK/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_da_DK/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_de_DE/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_de_DE/contents/ascanrules.html
index 014a6c458b2..dfafde3c16e 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_de_DE/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_de_DE/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_el_GR/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_el_GR/contents/ascanrules.html
index 1f0e8022f42..a604aa25886 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_el_GR/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_el_GR/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_es_ES/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_es_ES/contents/ascanrules.html
index 2d1a8a5d7a8..59cbea58d0c 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_es_ES/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_es_ES/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fa_IR/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fa_IR/contents/ascanrules.html
index 1f0e8022f42..a604aa25886 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fa_IR/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fa_IR/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fil_PH/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fil_PH/contents/ascanrules.html
index 02d617ad90a..cd67c8e31e8 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fil_PH/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fil_PH/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fr_FR/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fr_FR/contents/ascanrules.html
index 644d5d8eacf..8074402618a 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fr_FR/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_fr_FR/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_hi_IN/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_hi_IN/contents/ascanrules.html
index 161121cd592..2463bc4f840 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_hi_IN/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_hi_IN/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_hu_HU/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_hu_HU/contents/ascanrules.html
index 1f0e8022f42..a604aa25886 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_hu_HU/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_hu_HU/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_id_ID/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_id_ID/contents/ascanrules.html
index 77ac83ac21e..852dabe3222 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_id_ID/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_id_ID/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_it_IT/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_it_IT/contents/ascanrules.html
index 1f0e8022f42..a604aa25886 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_it_IT/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_it_IT/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ja_JP/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ja_JP/contents/ascanrules.html
index 658458c3b9f..53982fb2905 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ja_JP/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ja_JP/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ms_MY/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ms_MY/contents/ascanrules.html
index 1f0e8022f42..a604aa25886 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ms_MY/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ms_MY/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_pl_PL/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_pl_PL/contents/ascanrules.html
index 1f0e8022f42..a604aa25886 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_pl_PL/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_pl_PL/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_pt_BR/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_pt_BR/contents/ascanrules.html
index 4517deb3936..016559d3c03 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_pt_BR/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_pt_BR/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ro_RO/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ro_RO/contents/ascanrules.html
index 1f0e8022f42..a604aa25886 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ro_RO/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ro_RO/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ru_RU/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ru_RU/contents/ascanrules.html
index 8617cb21a54..403316852ae 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ru_RU/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ru_RU/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_sr_CS/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_sr_CS/contents/ascanrules.html
index 0ca1ec5e81d..c8de8004fd5 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_sr_CS/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_sr_CS/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_tr_TR/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_tr_TR/contents/ascanrules.html
index 34904ebe180..3dda0f2e2a5 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_tr_TR/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_tr_TR/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ur_PK/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ur_PK/contents/ascanrules.html
index 1f0e8022f42..a604aa25886 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ur_PK/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_ur_PK/contents/ascanrules.html
@@ -178,7 +178,9 @@
Hidden File Finder
The original included set of payloads were based on Snallygaster by Hanno Böck.
Such payloads are verified by checking response code, and content. If the response code is 200 (Ok) then additional content checks are performed to increase alert confidence.
If the response code is 401 (Unauthorized) or 403 (Forbidden) or the content checks are un-successful then an alert is raised with lower confidence (at LOW Threshold).
-Note: If the Custom Payloads addon is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
For custom payloads only the response status code is checked. If there is a requirement to include a content check then it is also possible to add payloads to
the json/hidden_files.json file in ZAP's user directory (in which case they will be treated as included payloads).
@@ -443,7 +445,9 @@
Trace.axd Information Leak
User Agent Fuzzer
This active scan rule checks for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). The rule compares the response statuscode and the hashcode of the response body with the original response.
-Note: If the Custom Payloads addon is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
Latest code: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_zh_CN/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_zh_CN/contents/ascanrules.html
index 8c2881e1e3d..39575f15e15 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_zh_CN/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help_zh_CN/contents/ascanrules.html
@@ -154,8 +154,10 @@
隐藏文件查找器
。
最初包含的有效负载基于汉诺-博克(Hanno Böck)的Snallygaster。
此类有效负载通过检查响应代码和内容进行验证。 如果响应代码为 200(OK),则会执行额外的内容检查,以提高警报的可信度。
如果响应代码为 401(未授权)或 403(禁止)或内容检查不成功,则会以较低的置信度(低阈值)发出警报。
-注意:如果安装了自定义有效负载插件,则可以在自定义有效负载选项面板中添加自己的隐藏文件路径(有效负载)。
-对于自定义有效负载,只检查响应状态代码。 如果需要包含内容检查,也可以将有效负载添加到 ZAP用户目录中的json/hidden_files.json文件中添加有效负载(在这种情况下,它们将被视为包含的有效负载)。
+Note: If the Custom Payloads add-on is installed you can add your own hidden file paths (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: Hidden-File.
+For custom payloads only the response status code is checked. 如果需要包含内容检查,也可以将有效负载添加到 ZAP用户目录中的json/hidden_files.json文件中添加有效负载(在这种情况下,它们将被视为包含的有效负载)。
下面介绍 JSON 条目的字段。
@@ -388,8 +390,10 @@ Trace.axd 信息泄露
警报 ID: 40029.
用户代理模糊器 (Fuzzer)
-此活动扫描规则根据模糊用户代理检查响应的差异(例如: 移动网站,作为搜索引擎爬虫访问)。 该规则将响应状态代码和响应正文的哈希代码与原始响应进行比较。
-注意:如果安装了自定义负载插件,则可以在自定义负载选项面板中添加自己的用户代理字符串(负载)。
+此活动扫描规则根据模糊用户代理检查响应的差异(例如: 移动网站,作为搜索引擎爬虫访问)。 The rule compares the response statuscode and the hashcode of the response body with the original response.
+Note: If the Custom Payloads add-on is installed you can add your own User Agent strings (payloads) in the Custom Payloads options panel.
+
+The Custom Payloads category for this rule is: User-Agent.
最新代码: UserAgentScanRule.java
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ar_SA.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ar_SA.properties
index 22d07137b15..99f768d9da5 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ar_SA.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ar_SA.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_az_AZ.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_az_AZ.properties
index 0292fa43a39..5fa4b69e289 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_az_AZ.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_az_AZ.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_bn_BD.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_bn_BD.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_bn_BD.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_bn_BD.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_bs_BA.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_bs_BA.properties
index 1d26155dd85..f0290934d97 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_bs_BA.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_bs_BA.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ceb_PH.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ceb_PH.properties
index 9b537e49774..7c4ead98b60 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ceb_PH.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ceb_PH.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_da_DK.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_da_DK.properties
index 3db0833d48b..2bfbfad424e 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_da_DK.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_da_DK.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_de_DE.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_de_DE.properties
index d45a8703ad5..d77d5d2df06 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_de_DE.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_de_DE.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_el_GR.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_el_GR.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_el_GR.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_el_GR.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_es_ES.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_es_ES.properties
index 202a25b0797..f8351f8a1b1 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_es_ES.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_es_ES.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Actualiza Log4j2 a la versi\u00f3n 2.17.1 o una superior.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no se ha seleccionado ning\u00fan servicio de Escaneo Activo OAST.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Reglas de Escaneo Activas
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fa_IR.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fa_IR.properties
index f80a5428eae..2a897a2fef5 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fa_IR.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fa_IR.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fil_PH.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fil_PH.properties
index 0963c560d57..4c604848cb5 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fil_PH.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fil_PH.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fr_FR.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fr_FR.properties
index 9423610b199..66f07fde111 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fr_FR.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_fr_FR.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = R\u00e8gles d'analyse active
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ha_HG.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ha_HG.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ha_HG.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ha_HG.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_he_IL.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_he_IL.properties
index b536f98682f..6292b43ac60 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_he_IL.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_he_IL.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hi_IN.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hi_IN.properties
index ce56a2842ea..b32dafd60a4 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hi_IN.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hi_IN.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hr_HR.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hr_HR.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hr_HR.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hr_HR.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hu_HU.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hu_HU.properties
index 48c3128c510..81d9867fd8c 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hu_HU.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_hu_HU.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_id_ID.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_id_ID.properties
index 3bcec1370f9..54747692637 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_id_ID.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_id_ID.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_it_IT.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_it_IT.properties
index d7280a566bf..acee14a2312 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_it_IT.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_it_IT.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Regole di Scansione Attiva
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ja_JP.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ja_JP.properties
index 9a8f6b6e729..75b6c0dee20 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ja_JP.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ja_JP.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ko_KR.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ko_KR.properties
index 330d00f8cf6..97138bcf90f 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ko_KR.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ko_KR.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_mk_MK.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_mk_MK.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_mk_MK.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_mk_MK.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ms_MY.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ms_MY.properties
index 4292acc7e8b..1fc7adce662 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ms_MY.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ms_MY.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_nb_NO.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_nb_NO.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_nb_NO.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_nb_NO.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_nl_NL.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_nl_NL.properties
index dbd607c01d1..ff027d0590b 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_nl_NL.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_nl_NL.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pcm_NG.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pcm_NG.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pcm_NG.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pcm_NG.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pl_PL.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pl_PL.properties
index da4e9e391f5..f67db211438 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pl_PL.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pl_PL.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pt_BR.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pt_BR.properties
index 4925441f065..219293c6dc5 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pt_BR.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pt_BR.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pt_PT.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pt_PT.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pt_PT.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_pt_PT.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ro_RO.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ro_RO.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ro_RO.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ro_RO.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ru_RU.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ru_RU.properties
index b98771d7a68..c20c5383fec 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ru_RU.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ru_RU.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = \u041e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 Log4j2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.17.1 \u0438\u043b\u0438 \u043d\u043e\u0432\u0435\u0435.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = \u041f\u0440\u0430\u0432\u0438\u043b\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_si_LK.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_si_LK.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_si_LK.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_si_LK.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sk_SK.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sk_SK.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sk_SK.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sk_SK.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sl_SI.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sl_SI.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sl_SI.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sl_SI.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sq_AL.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sq_AL.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sq_AL.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sq_AL.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sr_CS.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sr_CS.properties
index 575851528c3..7523381b2b5 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sr_CS.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sr_CS.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sr_SP.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sr_SP.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sr_SP.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_sr_SP.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_tr_TR.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_tr_TR.properties
index 6fb074d89eb..49a809dae0f 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_tr_TR.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_tr_TR.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_uk_UA.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_uk_UA.properties
index cfc32173957..6839a983845 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_uk_UA.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_uk_UA.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = \u041e\u043d\u043e\u0432\u0456\u0442\u044c Log4j2 \u0434\u043e \u0432\u0435\u0440\u0441\u0456\u0457 2.17.1 \u0430\u0431\u043e \u0432\u0438\u0449\u0435.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = \u043d\u0435 \u0432\u0438\u0431\u0440\u0430\u043d\u043e \u0441\u043b\u0443\u0436\u0431\u0443 Active Scan OAST.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = \u041f\u0440\u0430\u0432\u0438\u043b\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0441\u043a\u0430\u043d\u0443\u0432\u0430\u043d\u043d\u044f
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ur_PK.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ur_PK.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ur_PK.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_ur_PK.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_vi_VN.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_vi_VN.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_vi_VN.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_vi_VN.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_yo_NG.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_yo_NG.properties
index a17d9ce6b80..6e9b5e4bedf 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_yo_NG.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_yo_NG.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_zh_CN.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_zh_CN.properties
index da3e705b11a..5b59feef4f8 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_zh_CN.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_zh_CN.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = \u5c06 Log4j2 \u5347\u7ea7\u5230\u7248\u672c 2.17.1 \u6216\u66f4\u65b0\u7248\u672c\u3002
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = \u672a\u9009\u62e9\u4e3b\u52a8\u626b\u63cf OAST \u670d\u52a1\u3002
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = \u4e3b\u52a8\u626b\u63cf\u89c4\u5219
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_zh_TW.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_zh_TW.properties
index 7373114cca6..cb3eb8e0dbe 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_zh_TW.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages_zh_TW.properties
@@ -101,7 +101,7 @@ ascanrules.log4shell.cve45046.name = Log4Shell (CVE-2021-45046)
ascanrules.log4shell.cve45046.refs = https\://www.lunasec.io/docs/blog/log4j-zero-day/\nhttps\://nvd.nist.gov/vuln/detail/CVE-2021-45046
ascanrules.log4shell.cve45046.soln = Upgrade Log4j2 to version 2.17.1 or newer.
ascanrules.log4shell.name = Log4Shell
-ascanrules.log4shell.skipped = no Active Scan OAST service is selected.
+ascanrules.log4shell.skipped = no Active Scan OAST service is selected
ascanrules.name = Active Scan Rules
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ar_SA.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ar_SA.properties
index 9afa72f8978..2695aa3b96e 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ar_SA.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ar_SA.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = اختبار
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_az_AZ.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_az_AZ.properties
index 06cdda0769f..6f0b2bb84ca 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_az_AZ.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_az_AZ.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_bn_BD.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_bn_BD.properties
index 9fcab4c6bf6..83e2f9a1895 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_bn_BD.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_bn_BD.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_bs_BA.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_bs_BA.properties
index 7fd0e8de646..37314e5fd9d 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_bs_BA.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_bs_BA.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ceb_PH.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ceb_PH.properties
index fd7f864cb11..07f86e37023 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ceb_PH.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ceb_PH.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_da_DK.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_da_DK.properties
index fc98322c458..2028d2ad83c 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_da_DK.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_da_DK.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_de_DE.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_de_DE.properties
index 880644fdd26..93b259a16db 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_de_DE.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_de_DE.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_el_GR.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_el_GR.properties
index e7dbd4f3e4e..4d54c066792 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_el_GR.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_el_GR.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_es_ES.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_es_ES.properties
index 395c52c897f..13320d4ef0f 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_es_ES.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_es_ES.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Prueba
authhelper.auth.test.dialog.title = Tester de autenticación
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Ayuda de Autenticación
authhelper.name = Ayuda de Autenticación
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fa_IR.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fa_IR.properties
index 0a324d738f1..90826829597 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fa_IR.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fa_IR.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fil_PH.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fil_PH.properties
index 7501fa9b08c..e3b00a91adc 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fil_PH.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fil_PH.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Ang pagsubok
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fr_FR.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fr_FR.properties
index c9cfc0776dc..509f366bfc3 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fr_FR.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_fr_FR.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ha_HG.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ha_HG.properties
index 5695315071d..6a712f25d0c 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ha_HG.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ha_HG.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_he_IL.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_he_IL.properties
index 5695315071d..6a712f25d0c 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_he_IL.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_he_IL.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hi_IN.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hi_IN.properties
index 1c9d9a341ad..a58c2e7dbce 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hi_IN.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hi_IN.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hr_HR.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hr_HR.properties
index 5695315071d..6a712f25d0c 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hr_HR.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hr_HR.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hu_HU.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hu_HU.properties
index addc53c4def..aabc17cd151 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hu_HU.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_hu_HU.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Teszt
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_id_ID.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_id_ID.properties
index 4beaeeb4ed0..fdfca299f2f 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_id_ID.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_id_ID.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Uji
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_it_IT.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_it_IT.properties
index d8c03417334..c01823d14de 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_it_IT.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_it_IT.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ja_JP.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ja_JP.properties
index 16c42c3ce8c..87732775b37 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ja_JP.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ja_JP.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = テスト
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ko_KR.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ko_KR.properties
index 37ce140739d..ef879720a15 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ko_KR.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ko_KR.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_mk_MK.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_mk_MK.properties
index 5695315071d..6a712f25d0c 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_mk_MK.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_mk_MK.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ms_MY.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ms_MY.properties
index ee8d3f71798..ee31c70ef07 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ms_MY.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ms_MY.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_nb_NO.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_nb_NO.properties
index 5695315071d..6a712f25d0c 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_nb_NO.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_nb_NO.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_nl_NL.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_nl_NL.properties
index ab3c3db92ff..97d53711a39 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_nl_NL.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_nl_NL.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pcm_NG.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pcm_NG.properties
index 5695315071d..6a712f25d0c 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pcm_NG.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pcm_NG.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pl_PL.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pl_PL.properties
index 00fa618302c..8c9047cc378 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pl_PL.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pl_PL.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pt_BR.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pt_BR.properties
index 7a5d15b7cb2..819cbb6541d 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pt_BR.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pt_BR.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Teste
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pt_PT.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pt_PT.properties
index 643b55ee0a4..bc915058e60 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pt_PT.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_pt_PT.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ro_RO.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ro_RO.properties
index 4b56f884f4d..6f9d8bbe23b 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ro_RO.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ro_RO.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ru_RU.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ru_RU.properties
index 19217f70805..85447fad29e 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ru_RU.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ru_RU.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Тест
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_si_LK.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_si_LK.properties
index 8cb4aad4269..af25e11f910 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_si_LK.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_si_LK.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sk_SK.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sk_SK.properties
index 5695315071d..6a712f25d0c 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sk_SK.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sk_SK.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sl_SI.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sl_SI.properties
index c77a4fbca85..1c5b703db5d 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sl_SI.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sl_SI.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sq_AL.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sq_AL.properties
index 3afa9e5aee6..3b829cd833f 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sq_AL.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sq_AL.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sr_CS.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sr_CS.properties
index 1146d455493..b4caef8b925 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sr_CS.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sr_CS.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Tester Autentifikacije
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sr_SP.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sr_SP.properties
index 0b39ec9dd7f..3db90013f9a 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sr_SP.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_sr_SP.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_tr_TR.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_tr_TR.properties
index e1568a877f9..cb0c094ac36 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_tr_TR.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_tr_TR.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_uk_UA.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_uk_UA.properties
index 5a95ab29f51..dab385cc81b 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_uk_UA.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_uk_UA.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Перевірити
authhelper.auth.test.dialog.title = Тестувальник автентифікації
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Помічник автентифікації
authhelper.name = Помічник автентифікації
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ur_PK.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ur_PK.properties
index c7ef08d0db1..940b36a69fe 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ur_PK.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_ur_PK.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_vi_VN.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_vi_VN.properties
index 5695315071d..6a712f25d0c 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_vi_VN.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_vi_VN.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_yo_NG.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_yo_NG.properties
index 5695315071d..6a712f25d0c 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_yo_NG.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_yo_NG.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = Test
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_zh_CN.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_zh_CN.properties
index 49102524567..a5a147ad73e 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_zh_CN.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_zh_CN.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = 测试
authhelper.auth.test.dialog.title = 身份验证测试器
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = 身份验证助手
authhelper.name = 身份验证助手
diff --git a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_zh_TW.properties b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_zh_TW.properties
index 58eba178e80..480ceada39f 100644
--- a/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_zh_TW.properties
+++ b/addOns/authhelper/src/main/resources/org/zaproxy/addon/authhelper/resources/Messages_zh_TW.properties
@@ -44,6 +44,9 @@ authhelper.auth.test.dialog.tab.test = 測試
authhelper.auth.test.dialog.title = Authentication Tester
+authhelper.client.desc = Enables browser based authentication when performing an authenticated Client Spider scan.
+authhelper.client.name = Client Spider Browser Based Authentication Support
+
authhelper.desc = Authentication Helper
authhelper.name = Authentication Helper
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ar_SA/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_az_AZ/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_bs_BA/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_da_DK/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/automation.html
index 7adb526b2d8..705fdcd3a06 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/automation.html
@@ -8,7 +8,9 @@
Automatisierungsframework
Diese Erweiterung liefert ein Framework, welches es erlaubt ZAP einfach und flexibel zu automatisieren.
-
+
+
+
Es enthält die folgenden Kommandozeilenoptionen:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automatisierungsframework
- -autogenconf <filename> Generate template automation file using the current configuration.
-Wenn die -autorun-Option mit der ZAP -cmd-Option verwendet wird, setzt ZAP den Exit Code wie folgt:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - Der Plan konnte erfolgreich und ohne Fehler abgeschlossen werden
- 1 - Der Plan hatte einen oder mehrere Fehler
- 2 - Der Plan hatte keine Fehler aber eine oder mehrere Warnungen
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automatisierungsframework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/toc.xml
index 3bec12e6ab0..5795c74c4a9 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_de_DE/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_el_GR/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_es_ES/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fa_IR/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fil_PH/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_fr_FR/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hi_IN/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_hu_HU/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_id_ID/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_it_IT/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ja_JP/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ms_MY/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pl_PL/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_pt_BR/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ro_RO/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/automation.html
index 8fc7141190f..3d235394a26 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/automation.html
@@ -8,7 +8,9 @@
Автоматизация Фреймворк
Это дополнение обеспечивает структуру, которая позволяет автоматизировать ZAP простым и гибким способом.
-
+
+
+
Он предоставляет следующие параметры командной строки:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Автоматизация Фреймворк
- -autogenconf <filename> Сгенерировать файл автоматизации шаблона с использованием текущей конфигурации.
-Если параметр -autorun используется с параметром ZAP -cmd , тогда значение выхода ZAP будет установлено следующим образом:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - план выполнен успешно, ошибок и предупреждений нет.
- 1 - План сообщил об одной или нескольких ошибках
- 2 - План не сообщил об ошибках, кроме одного или нескольких предупреждений.
-Завершится ли план после обнаружения ошибок или предупреждений, будет зависеть от настроек, используемых в среде .
-
+These values can be overridden by the exitStatus job.
+Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
+
+
Чтобы использовать среду автоматизации:
- Создайте файл автоматизации шаблона, используя один из параметров командной строки
-autogen *
@@ -32,20 +37,22 @@ Автоматизация Фреймворк
- Запустите файл с помощью параметра командной строки
-autorun , например. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
В большинстве случаев рекомендуется также использовать параметр командной строки -cmd , чтобы рабочий стол ZAP не отображался.
и ZAP завершает работу, как только завершит создание или выполнение заданий, определенных в файле.
Однако вы можете запускать задания Automation Framework с помощью рабочего стола ZAP, чтобы помочь вам отладить проблемы.
-
Аутентификация
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI (Графический Интерфейс)
+
GUI находится в стадии разработки и предоставляет постоянно расширяющийся набор функций.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Действие: runPlan (filePath) - загружает и асинхронно запускает план в указанном файле, возвращая planId
@@ -54,21 +61,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - приостанавливает выполнение плана на указанный период времени или выполняется определенное условие
- requestor - crafts specific requests to send отправить по соответствующим целям
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Рабочие тесты могут быть добавлены к заданиям, чтобы проверить, что задания выполняются должным образом.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascan.html
index 5157ea70637..e3618cc588a 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascan.html
@@ -33,7 +33,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -45,6 +45,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-requestor.html
index f8bfa74f9f1..eb604c202a9 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/index.xml
index 8468574a970..b043be96098 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/toc.xml
index 5df33518a47..fde39d61374 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ru_RU/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_sr_CS/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_tr_TR/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_ur_PK/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/automation.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/automation.html
index da467f09d5a..14d15debacf 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/automation.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/automation.html
@@ -8,7 +8,9 @@
Automation Framework
This add-on provides a framework that allows ZAP to be automated in an easy and flexible way.
-
+
+
+
It provides the following command line options:
- -autorun <source> Run the automation jobs specified in the file or from the URL.
@@ -17,14 +19,17 @@
Automation Framework
- -autogenconf <filename> Generate template automation file using the current configuration.
-If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set as follows:
+
+If the -autorun option is used with the ZAP -cmd option then the ZAP exit value will be set by default as follows:
- 0 - The plan completed successfully with no errors or warnings
- 1 - The plan reported one or more errors
- 2 - The plan reported no errors but one or more warnings
+These values can be overridden by the exitStatus job.
Whether the plan completed after encountering errors or warnings will depend on the settings used in the environment.
-
+
+
To use the automation framework:
- Generate a template automation file using one of the
-autogen* command line options
@@ -32,20 +37,22 @@ Automation Framework
- Run the file using the
-autorun commandline option e.g. ./zap.sh -cmd -autorun config.yaml
+Note: The Jobs are executed in the order in which they appear (top to bottom) within the Plan.
+
In most cases it is recommended to also use the -cmd command line option so that the ZAP desktop is not displayed
and ZAP exits as soon as it has finished generating or running the jobs defined in the file.
However you can choose to run Automation Framework jobs using the ZAP desktop to help you debug issues.
-
Authentication
+
The Automation Framework supports all of the authentication mechanisms supported by ZAP.
-GUI
+
A GUI is under development and provides an ever increasing set of features.
-Options
+
The Automation Options screen allows you to configure specific options.
-API
+
The following API endpoints are provided by this add-on:
- Action: runPlan(filePath) - loads and asynchronously runs the plan in the specified file, returning a planId
@@ -53,21 +60,34 @@ API
If the ZAP desktop is being used then the plan will also be shown in the GUI to make it easier to diagnose any problems.
-Environment
+
The environment section of the file defines the applications which the rest of the jobs can act on.
-File Paths
+
All file and directory paths can either be absolute or relative to the directory containing the plan.
Relative paths are recommended for portability.
-Jobs
+
+The jobs can be enabled/disabled through the GUI and the automation plan, with the enabled flag. Jobs are enabled by default.
+
The following automation jobs are supported by this add-on:
+- activeScan-config - configures the active scanner
+- activeScan-policy - creates an active policy
- addOns - add-on management, now deprecated
- delay - pauses the plan for a specified period of time or a specific condition is met
- requestor - crafts specific requests to send to the corresponding targets
- activeScan - runs the active scanner
+- exitStatus - sets ZAP's exit code based on scan results
+
+Importance of Job Order
+The order of jobs is relevant and important. For example:
+
+ - there is no point putting a passiveScan-wait job before any sort of spidering or importing
+ - configuring an alertFilter job after alerts have been generated by passive or active scanning will have no effect on the Alerts that were raised by those components in earlier jobs
+
>
+
Job tests can be added to jobs to check that the jobs have performed as expected.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascan.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascan.html
index d58eee7b8be..e06039e9863 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascan.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascan.html
@@ -32,7 +32,7 @@
YAML
handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
injectPluginIdInHeader: # Bool: If set then the relevant rule Id will be injected into the X-ZAP-Scan-ID header of each request, default: false
scanHeadersAllRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned, default: false
- threadPerHost: # Int: The max number of threads per host, default: 2
+ threadPerHost: # Int: The max number of threads per host, default: 2 * Number of available processor cores
maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
policyDefinition: # The policy definition - only used if the 'policy' is not set
defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
@@ -44,6 +44,12 @@ YAML
threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+Note: Unless the defaultThreshold of the policyDefinition is OFF all rules will be enabled to start with.
+
+
+The policy can be one defined by a previous activeScan-policy job, or by a scan policy file
+that has been put in policies directory under ZAP's HOME directory .
+
Job Data
The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on.
Note that in this case the data is from the last Active Scan, regardless of whether it was started by the Automation Framework, the UI, or the API.
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascanconfig.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascanconfig.html
new file mode 100644
index 00000000000..99d909f155d
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascanconfig.html
@@ -0,0 +1,51 @@
+
+
+
+
+Automation Framework - activeScan-config Job
+
+
+
+Automation Framework - activeScan-config Job
+
+This job configures the active scanner, for custom active scans (e.g. Sequence).
+
+YAML
+
+
+ - type: activeScan-config # Configures the settings of the active scanner.
+ parameters:
+ maxRuleDurationInMins: # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
+ maxScanDurationInMins: # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
+ maxAlertsPerRule: # Int: Maximum number of alerts to raise per rule, default: 0 unlimited
+ defaultPolicy: # String: The name of the default scan policy to use, default: Default Policy
+ handleAntiCSRFTokens: # Bool: If set then automatically handle anti CSRF tokens, default: false
+ injectPluginIdInHeader: # Bool: If set then the relevant rule ID will be injected into the X-ZAP-Scan-ID header of each request, default: false
+ threadPerHost: # Int: The max number of threads per host, default: 2
+ inputVectors: # The input vectors used during the active scan.
+ urlQueryStringAndDataDrivenNodes: # Configures the scanning of query parameters and DDNs.
+ enabled: # Bool: If query parameters and DDNs scanning should be enabled. Default: true
+ addParam: # Bool: If a query parameter should be added if none present. Default: false
+ odata: # Bool: If OData query filters should be scanned. Default: true
+ postData: # Configures the scanning of request bodies.
+ enabled: # Bool: If enabled. Default: true
+ multiPartFormData: # Bool: If multipart form data bodies should be scanned. Default: true
+ xml: # Bool: If XML bodies should be scanned. Default: true
+ json: # Configures the scanning of JSON bodies.
+ enabled: # Bool: If JSON scanning should be enabled. Default: true
+ scanNullValues: # Bool: If null values should be scanned. Default: false
+ googleWebToolkit: # Bool: If GWT scanning should be enabled. Default: false
+ directWebRemoting: # Bool: If DWR scanning should be enabled. Default: false
+ urlPath: # Bool: If URL path segments should be scanned. Default: false
+ httpHeaders: # Configures the scanning of HTTP headers.
+ enabled: # Bool: If HTTP header scanning should be enabled. Default: false
+ allRequests: # Bool: If set then the headers of requests that do not include any parameters will be scanned. Default: false
+ cookieData: # Configures the scanning of cookies.
+ enabled: # Bool: If enabled. Default: false
+ encodeCookieValues: # Bool: If cookie values should be encoded. Default: false
+ scripts: # Bool: If Input Vector scripts should be used. Default: true
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascanpolicy.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascanpolicy.html
new file mode 100644
index 00000000000..c998e017f95
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-ascanpolicy.html
@@ -0,0 +1,32 @@
+
+
+
+
+Automation Framework - activeScan-policy Job
+
+
+
+Automation Framework - activeScan-policy Job
+
+This job defines an active scan policy. This policy can be used later in the plan by active scan related jobs,
+like activeScan job.
+
+YAML
+
+
+ - type: activeScan-policy # Defines a new active scan policy which can be used by later activeScan related jobs
+ parameters:
+ name: # String: Name of the policy, mandatory
+ policyDefinition: # The policy definition
+ defaultStrength: # String: The default Attack Strength for all rules, one of Low, Medium, High, Insane (not recommended), default: Medium
+ defaultThreshold: # String: The default Alert Threshold for all rules, one of Off, Low, Medium, High, default: Medium
+ rules: # A list of one or more active scan rules and associated settings which override the defaults
+ - id: # Int: The rule id as per https://www.zaproxy.org/docs/alerts/
+ name: # Comment: The name of the rule for documentation purposes - this is not required or actually used
+ strength: # String: The Attack Strength for this rule, one of Low, Medium, High, Insane, default: Medium
+ threshold: # String: The Alert Threshold for this rule, one of Off, Low, Medium, High, default: Medium
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-exitstatus.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-exitstatus.html
new file mode 100644
index 00000000000..6cae027f9e8
--- /dev/null
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-exitstatus.html
@@ -0,0 +1,37 @@
+
+
+
+
+Automation Framework - exitStatus Job
+
+
+
+Automation Framework - exitStatus Job
+
+This job sets ZAP's exit code based on scan results.
+It also allows you to choose which exit values are used.
+It should typically be the last job in a plan.
+
+If warnLevel or errorLevel are set then the job will report a warning or error if any alerts
+are raised which have the same risk level or greater.
+
+By default when ZAP is run with the -cmd and -autorun options then it will
+exit with a 1 if there are any errors, with a 2 if there are any warnings, and if everything is ok
+then it will exit with a 0.
+These values can be overriden by the *ExitValue options. The *ExitValues can be used together
+with the warn/errorLevel or completely independently of them.
+
+
YAML
+
+
+ - type: exitStatus # Sets the exit code based on scan results
+ parameters:
+ errorLevel: # String: Informational, Low, Medium, High, default: not set
+ warnLevel: # String: Informational, Low, Medium, High, default: not set
+ okExitValue: # Integer: Exit value if all ok, default 0
+ errorExitValue: # Integer: Exit value if there are errors, default 1
+ warnExitValue: # Integer: Exit value if there are warnings, default 2
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-requestor.html b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-requestor.html
index 252faf42fa8..0ef0de0b9c5 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-requestor.html
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/contents/job-requestor.html
@@ -21,11 +21,12 @@ YAML
user: # String: An optional user to use for authenticated requests, must be defined in the env
requests: # A list of requests to make
- url: # String: A mandatory URL of the request to be made
+ name: # String: Optional name for the request, for documentation only
method: # String: A non-empty request method, default: GET
httpVersion: # String: The HTTP version to send the request with, default: HTTP/1.1
headers: # An optional list of additional headers to include in the request
- "header1:value1"
- data: # String: Optional data to send in the request body
+ data: # String: Optional data to send in the request body, supports vars
responseCode: # Int: An optional, expected response code against which the actual response code will be matched
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/index.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/index.xml
index ef319ba9100..12115ef3b69 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/index.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/index.xml
@@ -8,7 +8,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/toc.xml b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/toc.xml
index 5a28e4fdf70..edff332d4ae 100644
--- a/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/toc.xml
+++ b/addOns/automation/src/main/javahelp/org/zaproxy/addon/automation/resources/help_zh_CN/toc.xml
@@ -9,7 +9,12 @@
+
+
+
+
+
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ar_SA.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ar_SA.properties
index 15e2e0c61ff..cc5b043f09c 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ar_SA.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ar_SA.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = تمكين\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = نهاية
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = اتصال مباشر شبكة عن بعد
+automation.dialog.ascanconfig.iv.post.gwt = مجموعة أدوات الويب من جووجل
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = بيانات نموذج متعددة الأجزاء
+automation.dialog.ascanconfig.iv.post.xml = علامة XML / سمة
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData معرف / تصفية
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = إتجاهات مدخلة
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = إضافة
automation.dialog.button.modify = تعديل
automation.dialog.button.remove = إزالة
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = الاسم
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = تمكين
automation.panel.table.header.info = Info
automation.panel.table.header.name = الاسم
automation.panel.table.header.status = الحالة
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = لم تبدأ
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = نجح
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_az_AZ.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_az_AZ.properties
index 9722f46567b..4319e9e2b52 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_az_AZ.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_az_AZ.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Yandırılıb\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Başlanğıc
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Veb İnstrumentləri
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML teq/atribut
+automation.dialog.ascanconfig.iv.query = URL Sorğu Mətni
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData Id/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Daxili Vektorlar
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Əlavə et
automation.dialog.button.modify = Dəyiş
automation.dialog.button.remove = Poz
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Qiymət\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Ad
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Yandırılıb
automation.panel.table.header.info = Məlumat
automation.panel.table.header.name = Ad
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Xoda düşməyib
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_bn_BD.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_bn_BD.properties
index ad7ce7c381a..852d4f0e14c 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_bn_BD.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_bn_BD.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = সক্ষম
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = অতিক্রম করা
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_bs_BA.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_bs_BA.properties
index 664cebdd20b..ea66516a2dd 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_bs_BA.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_bs_BA.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Omogućeno\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Prag
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Podaci
+automation.dialog.ascanconfig.iv.post.dwr = Direktni Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Višeulazni Form-Podaci
+automation.dialog.ascanconfig.iv.post.xml = XML tag/atribut
+automation.dialog.ascanconfig.iv.query = URL Query String
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData Id/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Ulazni vektori
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Morate unijeti naziv politike
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Dodaj
automation.dialog.button.modify = Promijeni
automation.dialog.button.remove = Ukloni
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Vrijednost\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Naziv
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Omogućeno
automation.panel.table.header.info = Info
automation.panel.table.header.name = Naziv
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Nije startano
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Prošao
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ceb_PH.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ceb_PH.properties
index 23f8746b4d3..d317f962ff8 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ceb_PH.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ceb_PH.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Gipagana\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = Ang pag-PASKIL sa datos
+automation.dialog.ascanconfig.iv.post.dwr = Direkta nga pag-remote sa web
+automation.dialog.ascanconfig.iv.post.gwt = Ang toolkit nga web sa google
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Balik-balik nga forma sa datos
+automation.dialog.ascanconfig.iv.post.xml = XML pag-tag/pag-attribute
+automation.dialog.ascanconfig.iv.query = Ang mga pangutana sa URL sa String ug Data Driven nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = Ang OData nga ID/Salaon
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Pagbutang ug Mga Vector
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Kinakahanglan kang magbutang ug pangalan sa polisiya
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Dungagan
automation.dialog.button.modify = Pag-usab
automation.dialog.button.remove = Tangtanga
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Bili\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Pangan
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Napaandar
automation.panel.table.header.info = Info
automation.panel.table.header.name = Pangan
automation.panel.table.header.status = Istado
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_da_DK.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_da_DK.properties
index 67b1669f144..497bb911803 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_da_DK.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_da_DK.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Aktiveret\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Tilføj
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Fjern
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Navn
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Aktiveret
automation.panel.table.header.info = Info
automation.panel.table.header.name = Navn
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_de_DE.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_de_DE.properties
index e9bc74474f2..4385c573b7e 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_de_DE.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_de_DE.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Aktiviert\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Schwellwert
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST-Daten
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Hinzufügen
automation.dialog.button.modify = Ändern
automation.dialog.button.remove = Entfernen
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Wert\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Unterschiede in Antwortcodes für Nach
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = Die updateAddons-Option wurde deaktiviert, da beim Update Probleme mit laufenden Jobs auftreten
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Aktiviert
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Nicht gestartet
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Erfolgreich
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_el_GR.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_el_GR.properties
index b00b2f1a09a..db1573e94d7 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_el_GR.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_el_GR.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Ενεργοποιημένο\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Προσθήκη
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Διαγραφή
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = όνομα
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Ενεργοποιημένο
automation.panel.table.header.info = Info
automation.panel.table.header.name = όνομα
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = Ok
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_es_ES.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_es_ES.properties
index 8bffad5f782..eaee223b64b 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_es_ES.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_es_ES.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Id de Regla de Escaneo\:
automation.dialog.alerttest.title = Alerta de Prueba
automation.dialog.alerttest.url = URL (expresión regular)
+automation.dialog.all.enabled = Activado\:
automation.dialog.all.name = Nombre de la Tarea\:
automation.dialog.all.user = Usuario Autenticado\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Umbral
automation.dialog.ascan.threads = Hilos por Host\:
automation.dialog.ascan.title = Tarea de Escaneo Activa
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Datos de la Cookie
+automation.dialog.ascanconfig.iv.cookie.encode = Valores de Cookie Codificados
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = Ruta URL
+automation.dialog.ascanconfig.iv.post = Datos POST
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting (Java)
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Escanear valores nulos
+automation.dialog.ascanconfig.iv.post.multipart = Formulario con Partes Múltiples
+automation.dialog.ascanconfig.iv.post.xml = Etiqueta/Atributo XML
+automation.dialog.ascanconfig.iv.query = Secuencia de Consulta URL y nodos controlados por datos
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData de ID/Filtro
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Alertas máximas por regla\:
+automation.dialog.ascanconfig.maxruleduration = Duración Max de la Regla (minutos)\:
+automation.dialog.ascanconfig.maxscanduration = Duración máxima de escaneo (en minutos)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Vectores de Entrada
+automation.dialog.ascanconfig.threads = Hilos por Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Debes proporcionar un nombre de política
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Añadir
automation.dialog.button.modify = Modificar
automation.dialog.button.remove = Eliminar
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Valor\:
automation.dialog.error.misc = Error Inesperado\: {0}
automation.dialog.error.save = No se pudo guardar el plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Nombre
automation.dialog.header.remove.confirm = ¿Está seguro de que quiere eliminar esta cabecera?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Unidades de X de verificación
automation.error.env.verification.type.bad = Método de verificación no válido\: {0}
automation.error.job.baduser = Tarea {0} usuario no reconocido\: {1}
automation.error.job.data = Formato de tarea no soportado\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Tarea {0} error interno\: {1}
automation.error.job.name = Formato de nombre de tarea no soportado\: {0}
automation.error.job.notype = Falta el tipo de tarea\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Diferencia en los valores del código
automation.error.requestor.httpversion = La tarea {0} tiene una versión de HTTP inválida {1} en la petición \: {2}
automation.error.requestor.invalidmethod = La tarea {0} tiene un método inválido {1} en la petición \: {2}
automation.error.requestor.norequests = Falta cualquier peticion de la tarea {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Error inesperado al acceder al fichero {0} \: {1} - compruebe los logs para más detalles
automation.error.unexpected.internal = Error inesperado {0} - compruebe los logs para más detalles
automation.error.urlsfound = Tarea {0} encontró únicamente {1} URLs, se esperaba al menos {2}
automation.error.write = No se puede escribir en el fichero\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = La opción updateAddons se ha desactivado debido a problemas para actualizar el framework y las tareas mientras se están ejecutando.
automation.info.ascan.rule.setstrength = Tarea {0} establece la regla {1} forzando a {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Tarea {0} finalizada por llamada programática o
automation.info.delay.filecreated = Tarea {0} finalizada por creación de fichero {1}
automation.info.delay.interrupted = Tarea {0} interrumpida
automation.info.delay.timeout = Tarea {0} terminada después del tiempo especificado {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Tarea {0} terminada, tiempo empleado\: {1}
automation.info.jobstart = Tarea {0} iniciada
automation.info.jobstopped = Tarea {0} terminada
@@ -359,6 +407,7 @@ automation.panel.load.failed = Error al cargar el archivo YAML\: {0}
automation.panel.load.warning = Archivo YAML cargado con advertencias\: {0}
automation.panel.load.yaml = Archivos de Configuración YAML
automation.panel.table.env.name = Entorno
+automation.panel.table.header.enabled = Habilitado
automation.panel.table.header.info = Información
automation.panel.table.header.name = Nombre
automation.panel.table.header.status = Estado
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = ADVERTENCIA\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FALLIDO
automation.panel.table.status.notcreated = No creado
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = No iniciado
automation.panel.table.status.ok = Aceptar
automation.panel.table.status.passed = OK
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fa_IR.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fa_IR.properties
index f4d7b780681..15b68fded7c 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fa_IR.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fa_IR.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = فعال شد\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = آستانه
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = ابزار وب گوگل
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = بردارهای ورودی
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = شما باید نام سیاست را وارد کنید
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = اضافه کردن
automation.dialog.button.modify = اصلاح کردن
automation.dialog.button.remove = پاک کردن
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = مقدار\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = نام
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = فعال
automation.panel.table.header.info = اطلاعات
automation.panel.table.header.name = نام
automation.panel.table.header.status = وضعیت
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = تصویب
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fil_PH.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fil_PH.properties
index b0070a5dfa4..b9405607382 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fil_PH.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fil_PH.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Pinagana\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Limitasyon
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = Datos ng POST
+automation.dialog.ascanconfig.iv.post.dwr = Direcktang Remoting ng Web
+automation.dialog.ascanconfig.iv.post.gwt = Toolkit ng Google Web
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Datos
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Katangian
+automation.dialog.ascanconfig.iv.query = String ng URL Query & Mga Data Driven na Node
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Mga Input Vector
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Kailangan mong magbigay ng pangalan ng patakaran
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Idagdag
automation.dialog.button.modify = Ang binago
automation.dialog.button.remove = Alisin
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Ang halaga\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Pangalan
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Pinagana
automation.panel.table.header.info = Impormasyon
automation.panel.table.header.name = Pangalan
automation.panel.table.header.status = Kalagayan
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Hindi nagsimula
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Pumasa
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fr_FR.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fr_FR.properties
index 3abc3bd1a88..06aa415d5f3 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fr_FR.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_fr_FR.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Activé \:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Seuil
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = Données POST
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Données de formulaire multipart
+automation.dialog.ascanconfig.iv.post.xml = Balise/attribut XML
+automation.dialog.ascanconfig.iv.query = Chaîne de requête URL
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = Id/Filtre OData
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Vecteurs d'entrée
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Vous devez fournir un nom à la stratégie
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Ajouter
automation.dialog.button.modify = Modifier
automation.dialog.button.remove = Supprimer
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Valeur \:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Nom
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Activé
automation.panel.table.header.info = Info
automation.panel.table.header.name = Nom
automation.panel.table.header.status = Statut
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Non démarré
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passé
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ha_HG.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ha_HG.properties
index 5598d935274..52af996d3dc 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ha_HG.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ha_HG.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_he_IL.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_he_IL.properties
index 3ed37a9f7bf..d87af8f99a2 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_he_IL.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_he_IL.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = מאופשר
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hi_IN.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hi_IN.properties
index 5e74742902b..80b5c389440 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hi_IN.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hi_IN.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hr_HR.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hr_HR.properties
index 9546f25a6ce..666dcfafbd2 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hr_HR.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hr_HR.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Dodaj
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Omogućeno
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hu_HU.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hu_HU.properties
index 869095c0448..a30c3b7a159 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hu_HU.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_hu_HU.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Engedélyezve\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Küszöb
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST adat
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData Id/szűrő
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Bemeneti vektorok
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Hozzáad
automation.dialog.button.modify = Módosít
automation.dialog.button.remove = Eltávolít
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Érték\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Név
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Engedélyezve
automation.panel.table.header.info = Infó
automation.panel.table.header.name = Név
automation.panel.table.header.status = Állapot
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Nincs elindítva
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Sikeres
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_id_ID.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_id_ID.properties
index fb56d79a978..1a2034cfa61 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_id_ID.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_id_ID.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Aktifkan\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Ambang
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = Data POST
+automation.dialog.ascanconfig.iv.post.dwr = Web langsung Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Formulir Multipart-Data
+automation.dialog.ascanconfig.iv.post.xml = Tag XML/Atribut
+automation.dialog.ascanconfig.iv.query = Requester Addon
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Masukan vektor
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Anda harus memberikan nama kebijakan
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Tambah
automation.dialog.button.modify = Memodifikasi
automation.dialog.button.remove = Hilangkan
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Nilai\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Nama
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Aktifkan
automation.panel.table.header.info = Info
automation.panel.table.header.name = Nama
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Belum dimulai
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Lulus
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_it_IT.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_it_IT.properties
index 0f4adff79be..faec298849d 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_it_IT.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_it_IT.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Abilitato\:
automation.dialog.all.name = Nome dell'Attività\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Soglia
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = Dati POST
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Dati dei form multiform
+automation.dialog.ascanconfig.iv.post.xml = Tag/attributo XML
+automation.dialog.ascanconfig.iv.query = Stringa di Query dell'URL
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = Filtro/Id OData
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Vettori in ingresso
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = È necessario fornire un nome di criterio
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Aggiungi
automation.dialog.button.modify = Modifica
automation.dialog.button.remove = Rimuovi
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Nome
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Abilitato
automation.panel.table.header.info = Info
automation.panel.table.header.name = Nome
automation.panel.table.header.status = Stato
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Non avviato
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passato
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ja_JP.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ja_JP.properties
index 0650bfe4f7e..f133f4f7fce 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ja_JP.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ja_JP.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = 有効\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = しきい値
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = 入力ベクトル
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = ポリシー名を入力してください。
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = 追加
automation.dialog.button.modify = 変更
automation.dialog.button.remove = 削除
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = 名前
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = 有効
automation.panel.table.header.info = Info
automation.panel.table.header.name = 名前
automation.panel.table.header.status = 状態
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = 停止
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ko_KR.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ko_KR.properties
index 1e9c875097e..67179ddbdd9 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ko_KR.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ko_KR.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST 데이터
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = 미시작
automation.panel.table.status.ok = 확인
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_mk_MK.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_mk_MK.properties
index 5598d935274..52af996d3dc 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_mk_MK.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_mk_MK.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ms_MY.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ms_MY.properties
index db2c0bb7591..8a296c23eb3 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ms_MY.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ms_MY.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Kawalan Jauh sesawang secara langsung
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML tag/atribut
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input vektor
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Anda perlu bekalkan nama polisi
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Tambah
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Kebolehan
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Berlalu
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_nb_NO.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_nb_NO.properties
index a76f3d2db9a..1157559a748 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_nb_NO.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_nb_NO.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Ikke startet
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_nl_NL.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_nl_NL.properties
index 4e9b3257e44..7a0effe6544 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_nl_NL.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_nl_NL.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Ingeschakeld\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Drempel
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Meerdelige Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML tag/attribuut
+automation.dialog.ascanconfig.iv.query = URL Query String
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData Id/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Invoer Vectoren
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = U moet een naam voor dit beleid opgeven
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Toevoegen
automation.dialog.button.modify = Wijzig
automation.dialog.button.remove = Verwijder
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Waarde\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Naam
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Ingeschakeld
automation.panel.table.header.info = Info
automation.panel.table.header.name = Naam
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Niet gestart
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Geslaagd
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pcm_NG.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pcm_NG.properties
index a51236d5d2b..edbcd4a1f6b 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pcm_NG.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pcm_NG.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You gats to supply de policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pl_PL.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pl_PL.properties
index 4bb62b835f9..5e9b08872d5 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pl_PL.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pl_PL.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Aktywne\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Próg
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = Dane POST
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Skanuj Wartości Null
+automation.dialog.ascanconfig.iv.post.multipart = Wieloczęściowy formularz danych
+automation.dialog.ascanconfig.iv.post.xml = tag/atrybut XML
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Wektory wejściowe
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Należy podać nazwę polityki
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Dodaj
automation.dialog.button.modify = Modyfikuj
automation.dialog.button.remove = Usuń
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Wartość\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Nazwa
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Aktywne
automation.panel.table.header.info = Informacje
automation.panel.table.header.name = Nazwa
automation.panel.table.header.status = Stan
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Nierozpoczęte
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pt_BR.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pt_BR.properties
index 39d4bfb0dbd..a32292b0c3d 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pt_BR.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pt_BR.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Habilitado\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Limite
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = Dados do POST
+automation.dialog.ascanconfig.iv.post.dwr = Web Remota Direta
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Verificar valores nulos
+automation.dialog.ascanconfig.iv.post.multipart = Dados multipart de formulários
+automation.dialog.ascanconfig.iv.post.xml = Tag/Atributo XML
+automation.dialog.ascanconfig.iv.query = String de Consulta de URL & Nós Orientados a Dados
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = ID/Filtro OData
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Vetores de Entrada
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Você deve fornecer um nome para a política
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Adicionar
automation.dialog.button.modify = Modificar
automation.dialog.button.remove = Remover
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Valor\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Nome
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Habilitado
automation.panel.table.header.info = Informações
automation.panel.table.header.name = Nome
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Não iniciado
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passou
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pt_PT.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pt_PT.properties
index cf63ba0dd31..c2de23dfc3b 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pt_PT.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_pt_PT.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Habilitado\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Limite
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Vetores de entrada
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Deve fornecer um nome para a política
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modificar
automation.dialog.button.remove = Remover
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Permitido
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ro_RO.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ro_RO.properties
index 28f603e96aa..12ae7cae79e 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ro_RO.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ro_RO.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Șir de Interogare & Date Condus Noduri
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Trebuie să furnizați o politica de nume
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Elimină
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Activat
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ru_RU.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ru_RU.properties
index 7d28744205d..09de068d947 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ru_RU.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ru_RU.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Правила сканирования Id\
automation.dialog.alerttest.title = Оповещение теста
automation.dialog.alerttest.url = Регулярные выражения для URL-адресов
+automation.dialog.all.enabled = Подключена\:
automation.dialog.all.name = Название Задания\:
automation.dialog.all.user = Авторизованный пользователь\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Порог
automation.dialog.ascan.threads = Потоков на хост\:
automation.dialog.ascan.title = Задание активного сканирования
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST параметры
+automation.dialog.ascanconfig.iv.post.dwr = Прямое удаление сети
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Сканировать нулевые значения
+automation.dialog.ascanconfig.iv.post.multipart = Многофункциональные данные
+automation.dialog.ascanconfig.iv.post.xml = XML Tag / атрибут
+automation.dialog.ascanconfig.iv.query = URL-запрос строки и узлы управляемых данных
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = ID/Фильтр OData
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Максимальные оповещения правил\:
+automation.dialog.ascanconfig.maxruleduration = Максимальная продолжительность правила (в минутах)\:
+automation.dialog.ascanconfig.maxscanduration = Максимальная продолжительность сканирования (в минутах)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Входные векторы
+automation.dialog.ascanconfig.threads = Потоков на хост\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Необходимо указать имя политики
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Добавить
automation.dialog.button.modify = Изменить
automation.dialog.button.remove = Удалить
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Значение\:
automation.dialog.error.misc = Неожиданная ошибка\: {0}
automation.dialog.error.save = Не удалось сохранить план\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Название
automation.dialog.header.remove.confirm = Вы уверены, что хотите удалить этот заголовок?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Недействительны
automation.error.env.verification.type.bad = Недействительный метод подтверждения\: {0}
automation.error.job.baduser = Задание {0} неопознанный пользователь\: {1}
automation.error.job.data = Неподдерживаемый формат данных задания\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Задание {0} внутренняя ошибка\: {1}
automation.error.job.name = Неподдерживаемый формат названия задания\: {0}
automation.error.job.notype = Отсутствует тип Задания\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Разница в значениях
automation.error.requestor.httpversion = Задание {0} имеет недопустимую версию HTTP {1} для запроса\: {2}
automation.error.requestor.invalidmethod = Задание {0} имеет недопустимый метод {1} для запроса\: {2}
automation.error.requestor.norequests = Отсутствуют какие-либо запросы для задания {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Неожиданная ошибка при доступе к файлу {0}\: {1} - подробности смотри в журнале
automation.error.unexpected.internal = Неожиданная ошибка {0} - подробности смотри в журнале
automation.error.urlsfound = Задание {0} найдено только {1} URL, ожидается не менее {2}
automation.error.write = Невозможно записать в файл\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = Опция updateAddons была отключена из-за проблем с обновлением фреймворка и заданий во время их выполнения.
automation.info.ascan.rule.setstrength = Задание {0} установило силу правила {1} на {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Задание {0} завершено прогр
automation.info.delay.filecreated = Задание {0} завершено созданием файла {1}
automation.info.delay.interrupted = Задание {0} прервано
automation.info.delay.timeout = Задание {0} завершено по истечении указанного времени {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Задание {0} началось
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = Не удалось загрузить файл Y
automation.panel.load.warning = Файл YAML загружен с предупреждениями\: {0}
automation.panel.load.yaml = Файлы конфигурации YAML
automation.panel.table.env.name = окружающая среда
+automation.panel.table.header.enabled = Включено
automation.panel.table.header.info = Информация
automation.panel.table.header.name = Название
automation.panel.table.header.status = Статус
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = ВНИМАНИЕ\: {0}
automation.panel.table.status.error = ОШИБКА
automation.panel.table.status.failed = НЕ СМОГЛИ
automation.panel.table.status.notcreated = Не создано
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Не запущена
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Прошёл
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_si_LK.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_si_LK.properties
index d80bf128bf4..c15d0df795f 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_si_LK.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_si_LK.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sk_SK.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sk_SK.properties
index d1ef19da610..c99ea00a9ee 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sk_SK.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sk_SK.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sl_SI.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sl_SI.properties
index 7111719ce95..496294576d4 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sl_SI.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sl_SI.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Omogočeno\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Dodaj
automation.dialog.button.modify = Spremeni
automation.dialog.button.remove = Odstrani
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Ime
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Omogočeno
automation.panel.table.header.info = Info
automation.panel.table.header.name = Ime
automation.panel.table.header.status = Stanje
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sq_AL.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sq_AL.properties
index 2eb4d9f6811..625c6330953 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sq_AL.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sq_AL.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sr_CS.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sr_CS.properties
index 0322d9d4ce2..f5a5f856cef 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sr_CS.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sr_CS.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Dodaj
automation.dialog.button.modify = Izmeni
automation.dialog.button.remove = Ukloni
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Vrednost\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Ime
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Ime
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Nije startovano
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sr_SP.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sr_SP.properties
index 5598d935274..52af996d3dc 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sr_SP.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_sr_SP.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_tr_TR.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_tr_TR.properties
index 75add5f3d03..89650194caf 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_tr_TR.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_tr_TR.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Etkin\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Eşik
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Verisi
+automation.dialog.ascanconfig.iv.post.dwr = Doğrudan Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Araç kiti
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Çok parçalı Form-Verisi
+automation.dialog.ascanconfig.iv.post.xml = XML Etiketi/Niteliği
+automation.dialog.ascanconfig.iv.query = URL Sorgu Satırı & Veri Tabanlı Düğümler
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData Kimlik/Filtre
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Giriş Vektörleri
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Bir ilke adı sağlamalısınız
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Ekle
automation.dialog.button.modify = Değiştir
automation.dialog.button.remove = Kaldır
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Değeri\:
automation.dialog.error.misc = Beklenmeyen hata
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = İsim
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Etkin
automation.panel.table.header.info = Bilgi
automation.panel.table.header.name = İsim
automation.panel.table.header.status = Durum
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Başlamadı
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Geçti
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_uk_UA.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_uk_UA.properties
index 7c032d8afe4..151510d64df 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_uk_UA.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_uk_UA.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Ідентифікатор правила
automation.dialog.alerttest.title = Тест оповіщення
automation.dialog.alerttest.url = URL (регулярний вираз)\:
+automation.dialog.all.enabled = Ввімкнено\:
automation.dialog.all.name = Назва завдання\:
automation.dialog.all.user = Автентифікований користувач\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Граничне значенн
automation.dialog.ascan.threads = Потоки на хоста\:
automation.dialog.ascan.title = Активне завдання сканування
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Максимальна кількість сповіщень на правило\:
+automation.dialog.ascanconfig.maxruleduration = Максимальна тривалість правила (у хвилинах)\:
+automation.dialog.ascanconfig.maxscanduration = Максимальна тривалість сканування (у хвилинах)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Вхідні вектори
+automation.dialog.ascanconfig.threads = Потоки на хоста\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = Необхідно призначити ім'я політики
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Додати
automation.dialog.button.modify = Змінити
automation.dialog.button.remove = Видалити
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Значення\:
automation.dialog.error.misc = Неочікувана помилка\: {0}
automation.dialog.error.save = Не вдалося зберегти план\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Ім'я
automation.dialog.header.remove.confirm = Справді видалити цей заголовок?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Недійсна переві
automation.error.env.verification.type.bad = Недійсний метод підтвердження\: {0}
automation.error.job.baduser = Завдання {0} нерозпізнаний користувач\: {1}
automation.error.job.data = Непідтримуваний формат даних завдання\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Внутрішня помилка завдання {0}\: {1}
automation.error.job.name = Непідтримуваний формат назви завдання\: {0}
automation.error.job.notype = Відсутній тип завдання\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Різниця у значеннях
automation.error.requestor.httpversion = Завдання {0} має неприпустиму версію HTTP {1} для запиту \: {2}
automation.error.requestor.invalidmethod = Завдання {0} має невірний метод {1} для запиту \: {2}
automation.error.requestor.norequests = Немає жодного запиту для завдання {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Неочікувана помилка під час доступу до файлу {0}\: {1} – докладніше див. у журналі
automation.error.unexpected.internal = Неочікувана помилка – докладніше див. у журналі
automation.error.urlsfound = Завдання {0} знайшло лише URL-адрес\: {1}, очікується принаймні {2}
automation.error.write = Неможливо записати у файл\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = Параметр updateAddons вимкнено через проблеми з оновленням фреймворку та завдань під час їх виконання
automation.info.ascan.rule.setstrength = Завдання {0} силу правила {1} на {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Завдання {0} завершено прог
automation.info.delay.filecreated = Завдання {0} завершено створенням файлу {1}
automation.info.delay.interrupted = Завдання {0} перервано
automation.info.delay.timeout = Завдання {0} завершено після вказаного часу {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Завдання {0} завершено, витрачено часу\: {1}
automation.info.jobstart = Завдання {0} розпочато
automation.info.jobstopped = Завдання {0} завершено
@@ -359,6 +407,7 @@ automation.panel.load.failed = Не вдалося завантажити фай
automation.panel.load.warning = Файл типу YAML завантажено з попередженнями\: {0}
automation.panel.load.yaml = Конфігураційні файли YAML
automation.panel.table.env.name = Середовище
+automation.panel.table.header.enabled = Ввімкнено
automation.panel.table.header.info = Інформація
automation.panel.table.header.name = Ім'я
automation.panel.table.header.status = Стан
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = Попередження\: {0}
automation.panel.table.status.error = Помилка
automation.panel.table.status.failed = Помилка
automation.panel.table.status.notcreated = Не створено
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Не запущено
automation.panel.table.status.ok = ОК
automation.panel.table.status.passed = Виконано
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ur_PK.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ur_PK.properties
index 9e52247af54..53ca6342dd5 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ur_PK.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_ur_PK.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_vi_VN.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_vi_VN.properties
index e70b7674037..ae531ee9db4 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_vi_VN.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_vi_VN.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Dữ liệu
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_yo_NG.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_yo_NG.properties
index b2a5af50419..5ae6827dd80 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_yo_NG.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_yo_NG.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = Add
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = Name
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = Enabled
automation.panel.table.header.info = Info
automation.panel.table.header.name = Name
automation.panel.table.header.status = Status
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_zh_CN.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_zh_CN.properties
index d1ff8b687c4..0a670e00d03 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_zh_CN.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_zh_CN.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = 扫描规则Id:
automation.dialog.alerttest.title = 警报测试
automation.dialog.alerttest.url = URL(正则):
+automation.dialog.all.enabled = 启用:
automation.dialog.all.name = 作业名称:
automation.dialog.all.user = 认证用户:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = 阈值
automation.dialog.ascan.threads = 每个主机的线程数:
automation.dialog.ascan.title = 主动扫描作业
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie数据
+automation.dialog.ascanconfig.iv.cookie.encode = 编码 Cookie 值
+automation.dialog.ascanconfig.iv.headers = HTTP标头
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL路径
+automation.dialog.ascanconfig.iv.post = POST 数据
+automation.dialog.ascanconfig.iv.post.dwr = 直接 Web 远程处理
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = 扫描Null空值
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML标记/属性
+automation.dialog.ascanconfig.iv.query = URL查询字符串和数据驱动节点
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/过滤器
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = 每个规则的最大警报数:
+automation.dialog.ascanconfig.maxruleduration = 最大规则持续时间(以分钟为单位):
+automation.dialog.ascanconfig.maxscanduration = 最长扫描持续时间(分钟):
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = 输入向量
+automation.dialog.ascanconfig.threads = 每个主机的线程数:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = 您必须提供一个策略名称
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = 添加
automation.dialog.button.modify = 修改
automation.dialog.button.remove = 删除
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = 值:
automation.dialog.error.misc = 意外错误:{0}
automation.dialog.error.save = 无法保存计划:{0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = 名称
automation.dialog.header.remove.confirm = 您确定要删除这个Header吗?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = 在pollUnits中的验证无效
automation.error.env.verification.type.bad = 无效的验证方法:{0}
automation.error.job.baduser = 作业 {0} 无法识别的用户:{1}
automation.error.job.data = 不支持的作业数据格式:{0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = 作业 {0} 内部错误:{1}
automation.error.job.name = 不支持的作业名称格式:{0}
automation.error.job.notype = 缺少作业类型:{0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = 作业缺少请求信息 {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = 访问文件 {0} 时出现意外错误:{1} - 请参阅日志了解详细信息
automation.error.unexpected.internal = 意外错误 {0} - 有关详细信息,请参阅日志
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = 不能写入文件:{0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = 由于在运行时更新框架和作业时出现问题,updateAddons 选项已被禁用
automation.info.ascan.rule.setstrength = 作业 {0} 将规则 {1} 强度设置为 {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = 作业 {0} 以程序化方式或API调用方式
automation.info.delay.filecreated = 作业 {0} 因创建文件 {1} 而结束
automation.info.delay.interrupted = 作业 {0} 已中断
automation.info.delay.timeout = 作业 {0} 在指定时间 {1} 后结束
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = 作业 {0} 已完成,耗时:{1}
automation.info.jobstart = 作业 {0} 已开始
automation.info.jobstopped = 作业 {0} 已终止
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML文件加载失败 :{0}
automation.panel.load.warning = YAML文件加载时有警告 :{0}
automation.panel.load.yaml = YAML配置文件
automation.panel.table.env.name = 环境
+automation.panel.table.header.enabled = 启用
automation.panel.table.header.info = 信息。
automation.panel.table.header.name = 名称
automation.panel.table.header.status = 状态
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = 警搞: {0}
automation.panel.table.status.error = 错误
automation.panel.table.status.failed = 失败
automation.panel.table.status.notcreated = 未产生
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = 未开始
automation.panel.table.status.ok = 确定
automation.panel.table.status.passed = 已通过
diff --git a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_zh_TW.properties b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_zh_TW.properties
index 28b8f3674a4..86cedfeab68 100644
--- a/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_zh_TW.properties
+++ b/addOns/automation/src/main/resources/org/zaproxy/addon/automation/resources/Messages_zh_TW.properties
@@ -57,6 +57,7 @@ automation.dialog.alerttest.ruleid = Scan Rule Id\:
automation.dialog.alerttest.title = Alert Test
automation.dialog.alerttest.url = URL (regex)\:
+automation.dialog.all.enabled = Enabled\:
automation.dialog.all.name = Job Name\:
automation.dialog.all.user = Authenticated User\:
@@ -85,6 +86,39 @@ automation.dialog.ascan.table.header.threshold = Threshold
automation.dialog.ascan.threads = Threads Per Host\:
automation.dialog.ascan.title = Active Scan Job
+automation.dialog.ascanconfig.defaultpolicy = Default Policy\:
+automation.dialog.ascanconfig.error.field = Job {0}\: Error reading {1}, cause\: {2}
+automation.dialog.ascanconfig.handleanticsrf = Handle Anti CSRF Tokens
+automation.dialog.ascanconfig.injectid = Inject Scan Rule ID\:
+automation.dialog.ascanconfig.iv.cookie = Cookie Data
+automation.dialog.ascanconfig.iv.cookie.encode = Encode Cookie Values
+automation.dialog.ascanconfig.iv.headers = HTTP Headers
+automation.dialog.ascanconfig.iv.headers.allrequests = HTTP Headers of All Requests
+automation.dialog.ascanconfig.iv.path = URL Path
+automation.dialog.ascanconfig.iv.post = POST Data
+automation.dialog.ascanconfig.iv.post.dwr = Direct Web Remoting
+automation.dialog.ascanconfig.iv.post.gwt = Google Web Toolkit
+automation.dialog.ascanconfig.iv.post.json = JSON
+automation.dialog.ascanconfig.iv.post.json.nulls = Scan Null Values
+automation.dialog.ascanconfig.iv.post.multipart = Multipart Form-Data
+automation.dialog.ascanconfig.iv.post.xml = XML Tag/Attribute
+automation.dialog.ascanconfig.iv.query = URL Query String & Data Driven Nodes
+automation.dialog.ascanconfig.iv.query.addparam = Add URL Query Parameter
+automation.dialog.ascanconfig.iv.query.odata = OData ID/Filter
+automation.dialog.ascanconfig.iv.scripts = Script Input Vectors
+automation.dialog.ascanconfig.maxalertsperrule = Max Alerts Per Rule\:
+automation.dialog.ascanconfig.maxruleduration = Max Rule Duration (in mins)\:
+automation.dialog.ascanconfig.maxscanduration = Max Scan Duration (in mins)\:
+automation.dialog.ascanconfig.summary = Active Scan Config
+automation.dialog.ascanconfig.tab.iv = Input Vectors
+automation.dialog.ascanconfig.threads = Threads Per Host\:
+automation.dialog.ascanconfig.title = Active Scan Config Job
+
+automation.dialog.ascanpolicy.error.badname = You must supply a policy name
+automation.dialog.ascanpolicy.name = Policy Name\:
+automation.dialog.ascanpolicy.summary = Scan Policy\: {0}
+automation.dialog.ascanpolicy.title = Active Scan Policy Job
+
automation.dialog.button.add = 新增
automation.dialog.button.modify = Modify
automation.dialog.button.remove = Remove
@@ -140,6 +174,14 @@ automation.dialog.envvar.value = Value\:
automation.dialog.error.misc = Unexpected error\: {0}
automation.dialog.error.save = Failed to save plan\: {0}
+automation.dialog.exitstatus.errorExitValue = Error Exit Value\:
+
+automation.dialog.exitstatus.errorLevel = Error Level\:
+automation.dialog.exitstatus.okExitValue = OK Exit Value\:
+automation.dialog.exitstatus.summary = Error\: {0}, Warn\: {1}
+automation.dialog.exitstatus.title = Exit Status Job
+automation.dialog.exitstatus.warnExitValue = Warn Exit Value\:
+automation.dialog.exitstatus.warnLevel = Warning Level\:
automation.dialog.header.name = 名稱
automation.dialog.header.remove.confirm = Are you sure you want to remove this header?
@@ -296,6 +338,7 @@ automation.error.env.verification.pollunits.bad = Invalid verification pollUnits
automation.error.env.verification.type.bad = Invalid verification method\: {0}
automation.error.job.baduser = Job {0} unrecognised user\: {1}
automation.error.job.data = Unsupported job data format\: {0}
+automation.error.job.enabled = Unsupported job enabled format\: {0}
automation.error.job.internal = Job {0} internal error\: {1}
automation.error.job.name = Unsupported job name format\: {0}
automation.error.job.notype = Missing job type\: {0}
@@ -322,10 +365,14 @@ automation.error.requestor.codemismatch = Difference in response code values for
automation.error.requestor.httpversion = Job {0} has invalid HTTP version {1} for request \: {2}
automation.error.requestor.invalidmethod = Job {0} has invalid method {1} for request \: {2}
automation.error.requestor.norequests = Missing any requests for job {0}
+automation.error.scanpolicy.exists = Job {0} scan policy {1} already exists
automation.error.unexpected = Unexpected error accessing file {0} \: {1} - see log for details
automation.error.unexpected.internal = Unexpected error {0} - see log for details
automation.error.urlsfound = Job {0} only found {1} URLs, expected at least {2}
automation.error.write = Cannot write to file\: {0}
+automation.exitstatus.alert = An alert has been raised with a risk of at least\: {0}
+
+automation.exitstatus.error.badlevels = Error level\: {0} is lower than warn level\: {1}
automation.info.addons.noupdate = The updateAddons option has been disabled due to problems updating the framework and jobs while they are running
automation.info.ascan.rule.setstrength = Job {0} set rule {1} strength to {2}
@@ -336,6 +383,7 @@ automation.info.delay.endjob = Job {0} ended by programmatic or API call
automation.info.delay.filecreated = Job {0} ended by creation of file {1}
automation.info.delay.interrupted = Job {0} interrupted
automation.info.delay.timeout = Job {0} ended after specified time {1}
+automation.info.jobdisabled = Job {0} is disabled
automation.info.jobend = Job {0} finished, time taken\: {1}
automation.info.jobstart = Job {0} started
automation.info.jobstopped = Job {0} terminated
@@ -359,6 +407,7 @@ automation.panel.load.failed = YAML file failed to load\: {0}
automation.panel.load.warning = YAML file loaded with warnings\: {0}
automation.panel.load.yaml = YAML Configuration Files
automation.panel.table.env.name = Environment
+automation.panel.table.header.enabled = 已啟用
automation.panel.table.header.info = 資訊
automation.panel.table.header.name = 名稱
automation.panel.table.header.status = 狀態
@@ -371,6 +420,7 @@ automation.panel.table.info.warning = WARNING\: {0}
automation.panel.table.status.error = ERROR
automation.panel.table.status.failed = FAILED
automation.panel.table.status.notcreated = Not created
+automation.panel.table.status.notenabled = Not enabled
automation.panel.table.status.notstarted = Not started
automation.panel.table.status.ok = OK
automation.panel.table.status.passed = Passed
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+  |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+  |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+  |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+  |
+ A URL which redirects to another URL |
+
+
+  |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ar_SA/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_az_AZ/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_bs_BA/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_da_DK/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_de_DE/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_el_GR/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_es_ES/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fa_IR/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fil_PH/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_fr_FR/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hi_IN/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_hu_HU/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_id_ID/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_it_IT/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ja_JP/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ms_MY/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pl_PL/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_pt_BR/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ro_RO/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ru_RU/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_sr_CS/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_tr_TR/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_ur_PK/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/ajax-scan.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/ajax-scan.html
index 572f17f7464..cc292e89a58 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/ajax-scan.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/ajax-scan.html
@@ -8,6 +8,12 @@
Client Side Integration - AJAX Spider Enhancement
+This add-on now adds a Client Spider which is designed to explore modern web apps more effectively.
+You are recommended to try this out as it is likely to be more effective that the AJAX Spider Enhancement detailed here.
+
+Also note that from ZAP 2.16.0 the AJAX Spider has an option to enable browser extensions, and that option is turned off by default.
+You will need to turn it on in order for this integration to work.
+
The AJAX Spider works by launching browsers, clicking links, and filling in fields.
It is an effective way to crawl modern web apps but it is not able to directly access the DOM.
@@ -18,6 +24,7 @@
Client Side Integration - AJAX Spider Enhancement
If it finds any 'missed' URLs that were part of the AJAX Spider scan scope then it makes direct requests to these URLs.
You will be able to see these requests in the History, Sites Tree, and Output tabs.
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/automation.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/automation.html
new file mode 100644
index 00000000000..7229a22ceee
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/automation.html
@@ -0,0 +1,35 @@
+
+
+
+
+
+Client Side Integration - Automation Framework Support
+
+
+
+Client Side Integration - Automation Framework Support
+This add-on supports the Automation Framework.
+
+Job: spiderClient
+The spiderClient job allows you to run the Client Spider, which is designed to explore modern web apps more effectively.
+
+This job supports monitor tests.
+
+
+ - type: spiderClient # The client spider - a spider which explores modern web apps more effectively
+ parameters:
+ context: # String: Name of the context to spider, default: first context
+ user: # String: An optional user to use for authentication, must be defined in the env
+ url: # String: URL to start spidering from, default: first context URL
+ maxDuration: # Int: The max time in minutes the spider will be allowed to run for, default: 0 unlimited
+ maxCrawlDepth: # Int: The maximum tree depth to explore, default 5
+ maxChildren: # Int: The maximum number of children to add to each node in the tree
+ numberOfBrowsers: # Int: The number of browsers the spider will use, more will be faster but will use up more memory, default: number of cores
+ browserId: # String: Browser ID to use, default: firefox-headless
+ initialLoadTime: # Int: The time in seconds to wait after the initial URL is loaded, default: 5
+ pageLoadTime: # Int: The time in seconds to wait after a new URL is loaded, default: 1
+ shutdownTime: # Int: The time in seconds to wait after no activity before shutting down, default: 5
+
+
+
+
\ No newline at end of file
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/client.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/client.html
index 341ee84e19b..ed3b0a0a2f5 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/client.html
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/client.html
@@ -8,6 +8,14 @@
Client Side Integration
+This add-on adds the following features to ZAP.
+
+Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+Browser Extensions
+
This add-on adds a ZAP browser extension to both Firefox and Chrome when they are launched from ZAP.
The extensions stream significant browser based events back to ZAP, giving ZAP an insight into what is going on in the browser.
@@ -16,7 +24,7 @@
Client Side Integration
Note that you may need to configure the extensions via their options pages to update the host and API key.
@@ -27,7 +35,7 @@ Passive Scanning
User Interface
-The add-on adds 3 new tabs to ZAP:
+The add-on adds 4 new tabs to ZAP:
Client Map
@@ -38,7 +46,32 @@ Client Map
This means that the Client Map looks very different to the Sites tree for modern web apps, and may give you a better understanding of the
client side structure of the sites.
-Any leaf nodes in the Map with a small red 'minus' sign represent URLs which have been found in the DOM but which have not been directly accessed by ZAP.
+The following icons are used for leaf nodes so that you can easily tell their status:
+
+
+
+ |
+ A URL which will be present in both the Site Tree and the Client Map |
+
+
+ |
+ A URL which will only be present in Client Map as the URL contains a fragment |
+
+
+ |
+ A URL which was found in the DOM but which has not been accessed yet |
+
+
+ |
+ A URL which redirects to another URL |
+
+
+ |
+ A URL which was loaded as content by the browser (e.g. JavaScript files) rather than as HTML |
+
+
+
+
Selecting a node that has been visited by ZAP will display details about that node in the Client Details tab.
@@ -127,6 +160,10 @@
Copy Types
Copies the Types of the selected entries into the clipboard, separated by newlines.
+Client Spider
+
+This is detailed in the Client Spider help page.
+
AJAX Spider Enhancement
This add-on provides an AJAX Spider Enhancement which can detect URLs referenced in the DOM which were not
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/spider.html b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/spider.html
new file mode 100644
index 00000000000..1275bb2d31a
--- /dev/null
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/contents/spider.html
@@ -0,0 +1,55 @@
+
+
+
+
+Client Side Integration - Client Spider
+
+
+
+Client Side Integration - Client Spider
+
+This add-on adds a Client Spider which is designed to explore modern web apps more effectively.
+
+The Client Spider works in a similar way to the AJAX Spider but it has access to the DOM via the ZAP Browser Extension
+which means that it can find content which the AJAX Spider cannot find.
+
+The Client Spider supports all of the authentication options supported by ZAP (including Browser Based Authentication),
+and will run any enabled Selenium scripts in the browsers that it launches.
+
+While it is still at an early stage we believe it is a more effective approach than the AJAX Spider.
+
+We will be focussing on improving the Client Spider and the current plan is for it to supersede the AJAX Spider
+as the recommended way of crawling modern web apps.
+
+We would appreciate feedback via the ZAP User Group
+to let us know how effectively it works for you, especially in comparison with the AJAX Spider.
+
+
+The spider can be invoked via:
+
+- Context specific "Attack" menu
+
- "Tools / Client Spider" menu item
+
- Automation Framework spiderClient job
+
+
+Client Spider tab
+
+The Client Spider tab allows you start and monitor the Client Spider.
+It provides 3 sub tabs:
+
+Added Nodes
+
+These are the nodes that have been added to the Client Map.
+
+Tasks
+
+These are the tasks that spider uses to crawl the application.
+The tasks are updated when they are added to the task list, when they start running, and when they complete.
+This allows you to understand what the Client Spider is actually doing much more clearly.
+
+Messages
+
+These are the HTTP(S) messages sent from the browsers that the client uses.
+
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/index.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/index.xml
index 07188169453..c34e3e2f556 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/index.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/index.xml
@@ -3,6 +3,8 @@
+
+
diff --git a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/toc.xml b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/toc.xml
index 7973ba3824e..375c80f0547 100644
--- a/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/toc.xml
+++ b/addOns/client/src/main/javahelp/org/zaproxy/addon/client/resources/help_zh_CN/toc.xml
@@ -4,6 +4,8 @@
+
+
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ar_SA.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ar_SA.properties
index 3816ba8ef90..2a59b5ffc04 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ar_SA.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ar_SA.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = سياق\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = خيارات
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = مستخدم\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = المدى
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = بدأ الفحص
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = سياق\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = مستخدم\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = المدى
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = عناوين الصفحات
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = مسموح
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = خطأ
+client.spider.panel.table.header.id = معرف
+client.spider.panel.table.header.state = الوضع
+client.spider.panel.table.header.status = الحالة
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = فشل
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = تعمل
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = المسح الحالي\:
+client.spider.toolbar.button.clear = تنظيف الفحوصات المكتملة
+client.spider.toolbar.button.new = فحص جديد
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = التقدم\:
+client.spider.toolbar.progress.select = --اختر الفحص--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = الهجوم
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_az_AZ.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_az_AZ.properties
index c85d3d1ffd1..3ad374f2cf3 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_az_AZ.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_az_AZ.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Susmaya görə
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Kontekst\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Seçimlər
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = İstifadəçi\:
+client.automation.dialog.summary = Susmaya görə
+
+client.automation.dialog.tab.params = Əhatə
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Sıfırla
client.scandialog.button.scan = Skana başla
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Kontekst\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = İstifadəçi\:
client.scandialog.nostart.error = Siz başlanma nöqtəsi seçməlisiz
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Əhatə
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLlər
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = İcazə veilib
+client.spider.panel.table.cell.excluded = Daxil deyil
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Ətraflı məlumat
+client.spider.panel.table.header.error = Səhv
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Vəziyyəti
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Uğursuz
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = İcra olunur
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Cari skanlar\:
+client.spider.toolbar.button.clear = Bitmiş skanları təmizlə
+client.spider.toolbar.button.new = Yeni skan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Spayderi pauza et
+client.spider.toolbar.button.stop = Spayderi saxla
+client.spider.toolbar.button.unpause = Spayderi bərpa et
+client.spider.toolbar.progress.label = Proqress\:
+client.spider.toolbar.progress.select = --Skan seç--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Hücum et
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_bn_BD.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_bn_BD.properties
index 026561e84b7..982691faf2f 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_bn_BD.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_bn_BD.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = ব্যবহারকারী\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = ক্ষেত্র
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = স্ক্যান শুরু
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = ব্যবহারকারী\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = ক্ষেত্র
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_bs_BA.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_bs_BA.properties
index 73b7ada4258..fa2795f672a 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_bs_BA.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_bs_BA.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Podrazumjevano
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Kontekst\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Opcije
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Korisnik\:
+client.automation.dialog.summary = Podrazumjevano
+
+client.automation.dialog.tab.params = Opseg
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Startaj Sken
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Kontekst\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Korisnik\:
client.scandialog.nostart.error = Morate odabrati početnu tačku
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Opseg
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URL-ovi
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Dopušteno
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Van konteksta
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Detalji
+client.spider.panel.table.header.error = Greška
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Stanje
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Nije uspjelo
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Pokrenuto
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Čvor dodan\:
+client.spider.toolbar.ascans.label = Trenutni Skenovi\:
+client.spider.toolbar.button.clear = Očisti završena skeniranja
+client.spider.toolbar.button.new = Novi Sken
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pauziraj Pauka
+client.spider.toolbar.button.stop = Stopiraj Pauka
+client.spider.toolbar.button.unpause = Nastavi Pauka
+client.spider.toolbar.progress.label = Progres\:
+client.spider.toolbar.progress.select = --Odaberite Sken--
+client.spider.toolbar.urls.label = Jedinstvenih Pretraženih URL-ova\:
client.tree.popup.attack = Napad
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ceb_PH.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ceb_PH.properties
index 2064d01c291..007fb889507 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ceb_PH.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ceb_PH.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Konteksto\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Mga kapilian
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Tagagamit\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Pagbalik
client.scandialog.button.scan = Pagsugod sa Pag-scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Konteksto\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Tagagamit\:
client.scandialog.nostart.error = Kailangan ka nga mopili ug usa ka balido na pagsugod nga punto\nlakip na ang protocol pan. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Dugang pa na mga Node
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = Mga URL
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Wala sa Konteksto
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Sayop
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Istado
+client.spider.panel.table.header.uri = URl
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Pakyas
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Gadagan
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Mga Node kay Gidugang\:
+client.spider.toolbar.ascans.label = Mga Pag-scan Karun\:
+client.spider.toolbar.button.clear = Limpyuha ang mga nakumpletong pag-scan
+client.spider.toolbar.button.new = Bag-ong Pag-scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Paghunong Kadali sa Spider
+client.spider.toolbar.button.stop = Paghunong sa Spider
+client.spider.toolbar.button.unpause = Ibalik ang Spider
+client.spider.toolbar.progress.label = Progreso\:
+client.spider.toolbar.progress.select = --Pili ug Pag-scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Atake
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_da_DK.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_da_DK.properties
index cabf767ea3c..089c5f0df11 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_da_DK.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_da_DK.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Indstillinger
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Fejl
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Nuværende Scanninger\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Sæt Spider på Pause
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Fortsæt Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Angrib
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_de_DE.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_de_DE.properties
index 9f6155c1626..1e90bd7b21c 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_de_DE.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_de_DE.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Kontext\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Optionen
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Benutzer\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Gültigkeitsbereich
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form-ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Scan starten
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Kontext\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Benutzer\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Gültigkeitsbereich
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Erlaubt
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = E/A-Fehler
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Fehler
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Zustand
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Fehlgeschlagen
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Wird ausgeführt
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Laufende Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Sitecrawler unterbrechen
+client.spider.toolbar.button.stop = Sitecrawler stoppen
+client.spider.toolbar.button.unpause = Sitecrawler fortsetzen
+client.spider.toolbar.progress.label = Fortschritt\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Gecrawlte URLs (einzigartig)\:
client.tree.popup.attack = Angriff
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_el_GR.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_el_GR.properties
index 45f76f15497..3ca7ebc3154 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_el_GR.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_el_GR.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Προεπιλογή
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Πλαίσιο\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Επιλογές
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Προεπιλογή
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Πλαίσιο\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Επιτρέπεται
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Σφάλμα
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Κατάσταση
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Τρέχοντες Σαρώσεις\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Παύση Αράχνης
+client.spider.toolbar.button.stop = Τερματισμός Αράχνης
+client.spider.toolbar.button.unpause = Συνέχιση Αράχνης
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Επίθεση
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_es_ES.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_es_ES.properties
index ff15133a383..5e26005191f 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_es_ES.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_es_ES.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Clientes activos haciendo "Spidering"\: {0}
client.attack.spider = Cliente para Spider...
+client.automation.default = Defecto
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Mostrar opciones avanzadas\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Contexto\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Profundidad máxima de rastreo\:
+client.automation.dialog.spider.maxduration = Duración Máxima\:
+client.automation.dialog.spider.name = Nombre de Tarea\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Opciones
+client.automation.dialog.spider.title = Cliente para el Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Usuario\:
+client.automation.dialog.summary = Defecto
+
+client.automation.dialog.tab.params = Ámbito
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Tiempo de Apagado (segundos)\:
client.options.name = Integración de Clientes
client.output.requrl = Solicitud add-on del cliente\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Se ha almacenado información en el navegador {0}.\nEsto no es inusual o necesariamente inseguro - esta alerta informativa se ha planteado para ayudarle a obtener una mejor comprensión de lo que esta aplicación está haciendo. Para más detalles vea las pestañas de Cliente - esta información se estableció directamente en el navegador y por lo tanto no aparecerá necesariamente de esta forma en ningún mensaje HTTP(S).
client.pscan.infoinstorage.name = Divulgación de información - Información en el navegador {0}
client.pscan.infoinstorage.other = Se han establecido los siguientes datos (key\=value)\: {0}\nTenga en cuenta que esta alerta sólo se activará una vez por cada key de URL.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reiniciar
client.scandialog.button.scan = Iniciar escaneo
client.scandialog.label.adv = Mostrar opciones avanzadas\:
client.scandialog.label.browser = Explorador\:
+client.scandialog.label.context = Contexto\:
client.scandialog.label.spiderSubtreeOnly = Solo el árbol del Spider\:
client.scandialog.label.start = Punto de inicio\:
+client.scandialog.label.user = Usuario\:
client.scandialog.nostart.error = Selecciona un punto de partida válido\nincluyendo el protocolo, por ejemplo\: https\://www.ejemplo.com
client.scandialog.notSafe.error = Los análisis con Cliente Spider no están permitidos en el modo “seguro”.
client.scandialog.startProtectedMode.error = El punto de inicial no está en el alcance y el modo es “Protegido”.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Ámbito
client.scandialog.title = Cliente para el Spider
client.spider.menu.tools.label = Cliente para el Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Nodos ingresados
+client.spider.panel.tab.messages = Mensajes
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs vulnerables
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Permitido
+client.spider.panel.table.cell.excluded = Excluido
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Fuera de contexto
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Detalles
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Estado
+client.spider.panel.table.header.status = Estado
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Cliente para el Spider
+client.spider.task.stats.failed = Falló
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Ejecutando
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodos ingresados\:
+client.spider.toolbar.ascans.label = Escaneo actual\:
+client.spider.toolbar.button.clear = Borrar escaneos completados
+client.spider.toolbar.button.new = Nuevo escaneo
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pausar Spider
+client.spider.toolbar.button.stop = Parar Spider
+client.spider.toolbar.button.unpause = Reanudar Spider
+client.spider.toolbar.progress.label = Progreso\:
+client.spider.toolbar.progress.select = --Elegir escaneo--
+client.spider.toolbar.urls.label = Páginas únicas encontradas\:
client.tree.popup.attack = Atacar
client.tree.popup.browser = Abrir en Navegador...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fa_IR.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fa_IR.properties
index 4350ac2f387..b9e38694cf6 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fa_IR.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fa_IR.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = پیش فرض
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = چهار چوب\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = گزینه ها
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = کاربر\:
+client.automation.dialog.summary = پیش فرض
+
+client.automation.dialog.tab.params = محدوده
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = تنظیم مجدد
client.scandialog.button.scan = شروع اسکن
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = چهار چوب\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = کاربر\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = محدوده
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = آدرس های صفحات اینترنت
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = مجاز
+client.spider.panel.table.cell.excluded = مستثنی
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = خطا
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = وضعیت
+client.spider.panel.table.header.status = وضعیت
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = انجام نشد
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = در حال اجرا
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = پویش کنونی\:
+client.spider.toolbar.button.clear = پاک کردن پویشها پایان یافته
+client.spider.toolbar.button.new = اسکن جدید
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = مکث عنکبوت
+client.spider.toolbar.button.stop = متوقف کردن عنکبوت
+client.spider.toolbar.button.unpause = ادامه دادن عنکبوت
+client.spider.toolbar.progress.label = پیشرفت\:
+client.spider.toolbar.progress.select = --انتخاب پویش--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = حمله
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fil_PH.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fil_PH.properties
index 290d3ca7794..7a945b99c91 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fil_PH.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fil_PH.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Konteksto\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Mga Opsyon
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Gumagamit\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Saklaw
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = I-set muli
client.scandialog.button.scan = Simulan ang Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Ang browser\:
+client.scandialog.label.context = Konteksto\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Gumagamit\:
client.scandialog.nostart.error = Kailangan mong pumili ng isang panimulang punto\nkabilang ang protocol hal. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Saklaw
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Dinagdag ng mga Node
+client.spider.panel.tab.messages = Ang mga mensahe
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Pinahintulutan
+client.spider.panel.table.cell.excluded = Ang hindi kabilang
+client.spider.panel.table.cell.ioerror = Ang I/O na kamalian
+client.spider.panel.table.cell.outofcontext = Wala sa Konteksto
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Mga detalye
+client.spider.panel.table.header.error = Ang mali
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Estado
+client.spider.panel.table.header.status = Kalagayan
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Nabigo
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Tumatakbo
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Naidagdag ang mga Node\:
+client.spider.toolbar.ascans.label = Kasalukuyang ini-scan\:
+client.spider.toolbar.button.clear = Linisin ang nakumpletong mga scan
+client.spider.toolbar.button.new = Bagong Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Sandaling pahintuin ang Spider
+client.spider.toolbar.button.stop = Pahintuin ang Spider
+client.spider.toolbar.button.unpause = I-resume ang Spider
+client.spider.toolbar.progress.label = Progreso\:
+client.spider.toolbar.progress.select = --Pumili ng Scan--
+client.spider.toolbar.urls.label = Hindi pangkaraniwan na pag-gapang ng mga URL\:
client.tree.popup.attack = Atake
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fr_FR.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fr_FR.properties
index b40b6877695..75d7d6c8d1a 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fr_FR.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_fr_FR.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Défaut
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Contexte\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL \:
+client.automation.dialog.spider.user = Utilisateur\:
+client.automation.dialog.summary = Défaut
+
+client.automation.dialog.tab.params = Périmètre
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Remettre à zéro
client.scandialog.button.scan = Lancer le balayage
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Navigateur\:
+client.scandialog.label.context = Contexte\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Utilisateur\:
client.scandialog.nostart.error = Vous devez sélectionner un point de départ
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Périmètre
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Permis
+client.spider.panel.table.cell.excluded = Exclus
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Hors contexte
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Détails
+client.spider.panel.table.header.error = Erreur
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = État
+client.spider.panel.table.header.status = Statut
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Échec
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = En cours d'exécution
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Scans en cours\:
+client.spider.toolbar.button.clear = Ranger les balayages effectués
+client.spider.toolbar.button.new = Nouveau balayage
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Suspendre l'indexation
+client.spider.toolbar.button.stop = Arrêter l'indexation
+client.spider.toolbar.button.unpause = Relancer l'indexation
+client.spider.toolbar.progress.label = Progression\:
+client.spider.toolbar.progress.select = --Sélectionnez le balayage--
+client.spider.toolbar.urls.label = URL uniques analysées\:
client.tree.popup.attack = Attaquer
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ha_HG.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ha_HG.properties
index 7906373b5cd..a8f254517fe 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ha_HG.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ha_HG.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_he_IL.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_he_IL.properties
index d62d473abe4..84ad5e40c65 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_he_IL.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_he_IL.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = כתובת URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = כתובות URL
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = מורשה
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hi_IN.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hi_IN.properties
index 403fba23e52..bfe15c59207 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hi_IN.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hi_IN.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = यूआरएल
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = अनुमति दी गई
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = वर्तमान स्कैन\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = हमला
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hr_HR.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hr_HR.properties
index 3ba115a33a0..f9842b78e8c 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hr_HR.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hr_HR.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hu_HU.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hu_HU.properties
index 2cb99594109..e5c3adb703e 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hu_HU.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_hu_HU.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Kontextus\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Beállítások
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Felhasználó\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Hatókör
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Vizsgálat indítása
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Böngésző\:
+client.scandialog.label.context = Kontextus\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Felhasználó\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Hatókör
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Üzenetek
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URL-ek
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Engedélyezve
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Részletek
+client.spider.panel.table.header.error = Hiba
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Státusz
+client.spider.panel.table.header.status = Állapot
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Sikertelen
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Jelenlegi vizsgálat\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = Új vizsgálat
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Vizsgálat kiválasztása-
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Támadás
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_id_ID.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_id_ID.properties
index 08e796bcadb..eb99e3f2e83 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_id_ID.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_id_ID.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Konteks\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Pilihan
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Pengguna\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Ruang lingkup
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Mulai Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Peramban\:
+client.scandialog.label.context = Konteks\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Pengguna\:
client.scandialog.nostart.error = Anda harus memilih titik awal yang valid\ntermasuk protokol mis. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Ruang lingkup
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Ditambahkan Node
+client.spider.panel.tab.messages = Pesan
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URL
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Diizinkan
+client.spider.panel.table.cell.excluded = Dikecualikan
+client.spider.panel.table.cell.ioerror = I/o Error
+client.spider.panel.table.cell.outofcontext = Keluar dari konteks
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Rincian
+client.spider.panel.table.header.error = Kesalahan
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Negara
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URL
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Gagal
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Lari
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Ditambahkan\:
+client.spider.toolbar.ascans.label = Scan Saat Ini\:
+client.spider.toolbar.button.clear = Bersihkan scan lengkap
+client.spider.toolbar.button.new = Scan baru
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Laba-laba Jeda
+client.spider.toolbar.button.stop = Hentikan Spider
+client.spider.toolbar.button.unpause = Lanjutkan Spider
+client.spider.toolbar.progress.label = Kemajuan\:
+client.spider.toolbar.progress.select = --Pilih Host--
+client.spider.toolbar.urls.label = URL yang dijelajahi\:
client.tree.popup.attack = Serang
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_it_IT.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_it_IT.properties
index d40b1bcb8ad..cba4c687ccc 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_it_IT.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_it_IT.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Mostra Opzioni Avanzate\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Contesto\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Nome dell'Attività\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Opzioni
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Utente\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Ambito
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Inizia scansione
client.scandialog.label.adv = Mostra Opzioni Avanzate\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Contesto\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Utente\:
client.scandialog.nostart.error = Si selezioni un punto di partenza
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Ambito
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Nodi aggiunti
+client.spider.panel.tab.messages = Messaggi
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Consentito
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Fuori contesto
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Dettagli
+client.spider.panel.table.header.error = Errore
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Stato
+client.spider.panel.table.header.status = Stato
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Fallito
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = In esecuzione
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodi aggiunti\:
+client.spider.toolbar.ascans.label = Scansione corrente\:
+client.spider.toolbar.button.clear = Pulisci le scansioni completate
+client.spider.toolbar.button.new = Nuova scansione
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Metti in pausa lo spider
+client.spider.toolbar.button.stop = Ferma lo spider
+client.spider.toolbar.button.unpause = Riprendi lo spider
+client.spider.toolbar.progress.label = Progresso\:
+client.spider.toolbar.progress.select = -Selezionare Scansione-
+client.spider.toolbar.urls.label = URL univoci indicizzati\:
client.tree.popup.attack = Attacco
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ja_JP.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ja_JP.properties
index 1832c47bcbc..f34df430456 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ja_JP.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ja_JP.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = 既定
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = コンテキスト\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = オプション
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = ユーザー\:
+client.automation.dialog.summary = 既定
+
+client.automation.dialog.tab.params = スコープ
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = リセット
client.scandialog.button.scan = スキャンを開始
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = コンテキスト\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = ユーザー\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = スコープ
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URL
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = 許可
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = 詳細
+client.spider.panel.table.header.error = エラー
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = 状態
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = 失敗
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = 実行中
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = 現在のスキャン\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = 新規スキャン
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Spider検索一時停止
+client.spider.toolbar.button.stop = スパイダー検索中止
+client.spider.toolbar.button.unpause = スパイダー検索再開
+client.spider.toolbar.progress.label = 進行状況\:
+client.spider.toolbar.progress.select = --スキャンを選択--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = 攻撃
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ko_KR.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ko_KR.properties
index 015267ba776..89ce8a52825 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ko_KR.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ko_KR.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = 허용된
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = 현재 검색\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = 진행\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = 공격
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_mk_MK.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_mk_MK.properties
index 7906373b5cd..a8f254517fe 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_mk_MK.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_mk_MK.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ms_MY.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ms_MY.properties
index 086d37c0d78..2a7fa083b89 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ms_MY.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ms_MY.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Pengguna\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Skop
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Mulakan Imbasan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Pengguna\:
client.scandialog.nostart.error = Anda perlu memilih titik permulaan
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Skop
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URL
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Dibenarkan
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Datail
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Imbasan Semasa\:
+client.spider.toolbar.button.clear = Bersihkan imbasan sudah siap
+client.spider.toolbar.button.new = Imbasan baru
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Kemajuan\:
+client.spider.toolbar.progress.select = --Pilih imbasan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Serang
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_nb_NO.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_nb_NO.properties
index 7906373b5cd..338ed47e0c0 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_nb_NO.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_nb_NO.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Tillatt
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_nl_NL.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_nl_NL.properties
index 85059fe404c..d9592292703 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_nl_NL.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_nl_NL.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Opties
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Gebruiker\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Omvang
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Scan starten
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Startpunt\:
+client.scandialog.label.user = Gebruiker\:
client.scandialog.nostart.error = U moet een beginpunt selecteren
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Omvang
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Berichten
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URL's
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Toegestaan
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Fout
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Staat
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Mislukt
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Wordt uitgevoerd
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Huidige Scans\:
+client.spider.toolbar.button.clear = Voltooide scans opschonen
+client.spider.toolbar.button.new = Nieuwe Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pauzeer Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Vervolg Spider
+client.spider.toolbar.progress.label = Voortgang\:
+client.spider.toolbar.progress.select = --Selecteer Scan--
+client.spider.toolbar.urls.label = Uniek verkende URL's\:
client.tree.popup.attack = Aanval
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pcm_NG.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pcm_NG.properties
index 7906373b5cd..2f78625771b 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pcm_NG.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pcm_NG.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --choose Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pl_PL.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pl_PL.properties
index 612aa7e925b..5f313733447 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pl_PL.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pl_PL.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Domyślny
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Kontekst\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Opcje
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Użytkownik\:
+client.automation.dialog.summary = Domyślny
+
+client.automation.dialog.tab.params = Zakres
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Rozpocznij Skanowanie
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Przeglądarka\:
+client.scandialog.label.context = Kontekst\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Punkt początkowy\:
+client.scandialog.label.user = Użytkownik\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Zakres
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = Adresy URL
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Wyłączone
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Szczegóły
+client.spider.panel.table.header.error = Błąd
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Stan
+client.spider.panel.table.header.status = Stan
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Nie powiodło się
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Uruchomiony
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Obecnie Skanowane\:
+client.spider.toolbar.button.clear = Wyczyść zakończone skany
+client.spider.toolbar.button.new = Nowe skanowanie
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Wstrzymaj Spider
+client.spider.toolbar.button.stop = Zatrzymaj Spider
+client.spider.toolbar.button.unpause = Wznów Spider
+client.spider.toolbar.progress.label = Postęp\:
+client.spider.toolbar.progress.select = --Wybierz skanowanie--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Atak
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pt_BR.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pt_BR.properties
index fe053f5c554..c0cd323616d 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pt_BR.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pt_BR.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Padrão
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Contexto\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Opções
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Usuário\:
+client.automation.dialog.summary = Padrão
+
+client.automation.dialog.tab.params = Escopo
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Resetar
client.scandialog.button.scan = Iniciar Varredura
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Navegador web\:
+client.scandialog.label.context = Contexto\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Ponto de partida\:
+client.scandialog.label.user = Usuário\:
client.scandialog.nostart.error = Você deve selecionar um ponto de partida válido\nincluindo o protocolo, por ex. https\://www.exemplo.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Escopo
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Nós Adicionados
+client.spider.panel.tab.messages = Mensagens
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Permitido
+client.spider.panel.table.cell.excluded = Excluído
+client.spider.panel.table.cell.ioerror = Erro de I/O
+client.spider.panel.table.cell.outofcontext = Fora de Contexto
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Detalhes
+client.spider.panel.table.header.error = Erro
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Estado
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Falhou
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Executando
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nós Adicionados\:
+client.spider.toolbar.ascans.label = Varreduras em Curso\:
+client.spider.toolbar.button.clear = Limpar varreduras concluídas
+client.spider.toolbar.button.new = Nova Varredura
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pausar o Spider
+client.spider.toolbar.button.stop = Parar o Spider
+client.spider.toolbar.button.unpause = Resumir o Spider
+client.spider.toolbar.progress.label = Progresso\:
+client.spider.toolbar.progress.select = --Selecionar Varredura--
+client.spider.toolbar.urls.label = URLs únicas encontradas\:
client.tree.popup.attack = Ataque
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pt_PT.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pt_PT.properties
index ae588ea78c2..2d6be48e145 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pt_PT.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_pt_PT.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Contexto\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Opções
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Usuário\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Alcance
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Começar o Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Contexto\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Usuário\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Alcance
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Permitido
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Erro
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Executando
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Scans decorrentes\:
+client.spider.toolbar.button.clear = Limpar scans completos
+client.spider.toolbar.button.new = Novo Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progresso\:
+client.spider.toolbar.progress.select = --Selecionar Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Atacar
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ro_RO.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ro_RO.properties
index 7f8ee43b8bf..fb469e30cc1 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ro_RO.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ro_RO.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Utilizator\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Pornește scanarea
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Utilizator\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URL-uri
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Permis
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Stare
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Scanări curente\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = Scanare Nouă
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Atac
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ru_RU.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ru_RU.properties
index 65b00e98d05..360d6dc97c9 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ru_RU.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ru_RU.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = По умолчанию
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Показать дополнительные параметры\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Контекст\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Максимальная глубина сканирования\:
+client.automation.dialog.spider.maxduration = Максимальная продолжительность\:
+client.automation.dialog.spider.name = Название Задания\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Параметры
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL-адрес\:
+client.automation.dialog.spider.user = Пользователь\:
+client.automation.dialog.summary = По умолчанию
+
+client.automation.dialog.tab.params = Область
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Сброс
client.scandialog.button.scan = Начать сканирование
client.scandialog.label.adv = Показать дополнительные параметры\:
client.scandialog.label.browser = Браузер\:
+client.scandialog.label.context = Контекст\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Отправная точка\:
+client.scandialog.label.user = Пользователь\:
client.scandialog.nostart.error = Вы должны выбрать действительную отправную точку\nвключая протокол, например https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Область
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Добавленные узлы
+client.spider.panel.tab.messages = Сообщения
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URL-адреса
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Допустимый
+client.spider.panel.table.cell.excluded = Исключать
+client.spider.panel.table.cell.ioerror = Ошибка ввода / вывода
+client.spider.panel.table.cell.outofcontext = Из контекста
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Детали
+client.spider.panel.table.header.error = Ошибка
+client.spider.panel.table.header.id = Идентификатор
+client.spider.panel.table.header.state = Состояние
+client.spider.panel.table.header.status = Статус
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Ошибка
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Запущено
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Добавлены узлы\:
+client.spider.toolbar.ascans.label = Текущие сканирования\:
+client.spider.toolbar.button.clear = Чистого завершения сканирования
+client.spider.toolbar.button.new = Новое сканирование
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Приостановить паук
+client.spider.toolbar.button.stop = Остановить паук
+client.spider.toolbar.button.unpause = Возобновить паук
+client.spider.toolbar.progress.label = Текущее состояние\:
+client.spider.toolbar.progress.select = --Выберите сайт--
+client.spider.toolbar.urls.label = Уникальные найденные URL\:
client.tree.popup.attack = Атака
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_si_LK.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_si_LK.properties
index 7906373b5cd..d705d14a3fd 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_si_LK.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_si_LK.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = සිදුවෙමින් තිබෙන පිරික්සීම\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sk_SK.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sk_SK.properties
index 7906373b5cd..a8f254517fe 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sk_SK.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sk_SK.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sl_SI.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sl_SI.properties
index 3f128a6d2c0..78f9a9dbf13 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sl_SI.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sl_SI.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Privzeto
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Možnosti
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Privzeto
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Ponastavitev
client.scandialog.button.scan = Začetek skandirati
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Napaka
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Stanje
+client.spider.panel.table.header.status = Stanje
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Ni uspelo
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = V teku
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Trenutni skandiranje\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Napad
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sq_AL.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sq_AL.properties
index 7906373b5cd..e63193442ec 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sq_AL.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sq_AL.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Scanimët e tanishme\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sr_CS.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sr_CS.properties
index 37dee2bd0d1..16c9cd2fb5d 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sr_CS.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sr_CS.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Podrazumevano
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Kontekst\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Opcije
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Podrazumevano
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Kontekst\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URL-ovi
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Dozvoljen
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Greška
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Stanje
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Trenutni Skenovi\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progres\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Napad
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sr_SP.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sr_SP.properties
index 7906373b5cd..a8f254517fe 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sr_SP.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_sr_SP.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_tr_TR.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_tr_TR.properties
index 79027d4edd8..1d7de22b4f2 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_tr_TR.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_tr_TR.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = İçerik\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Seçenekler
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Kullanıcı\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Kapsam
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Sıfırla
client.scandialog.button.scan = Tarama Başlat
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Tarayıcı\:
+client.scandialog.label.context = İçerik\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Kullanıcı\:
client.scandialog.nostart.error = İletişim kuralı içeren geçerli bir başlangıç noktası seçmelisiniz örneğin https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Kapsam
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Eklenen Düğümler
+client.spider.panel.tab.messages = Mesajlar
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URL'ler
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = İzin verilen
+client.spider.panel.table.cell.excluded = Harici
+client.spider.panel.table.cell.ioerror = I/O Hatası
+client.spider.panel.table.cell.outofcontext = Ortam Dışı
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Ayrıntılar
+client.spider.panel.table.header.error = Hata
+client.spider.panel.table.header.id = Kimlik
+client.spider.panel.table.header.state = Devlet
+client.spider.panel.table.header.status = Durum
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Başarısız
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Çalışıyor
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Eklenen Düğümler\:
+client.spider.toolbar.ascans.label = Güncel Taramalar\:
+client.spider.toolbar.button.clear = Tamamlanmış taramaları temizle
+client.spider.toolbar.button.new = Yeni Tarama
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Örümceği Duraklat
+client.spider.toolbar.button.stop = Örümceği Durdur
+client.spider.toolbar.button.unpause = Taramayı Devam Ettir
+client.spider.toolbar.progress.label = İlerleme\:
+client.spider.toolbar.progress.select = --Tarama Seç--
+client.spider.toolbar.urls.label = Benzersiz Paletli URL'ler\:
client.tree.popup.attack = Saldır
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_uk_UA.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_uk_UA.properties
index 72df4d67d9e..5123e71752c 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_uk_UA.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_uk_UA.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Сканування клієнта\: {0}
client.attack.spider = Клієнтський павук...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Показати додаткові параметри\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Контекст\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Максимальна глибина сканування\:
+client.automation.dialog.spider.maxduration = Максимальна тривалість\:
+client.automation.dialog.spider.name = Назва завдання\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Опції
+client.automation.dialog.spider.title = Клієнтський павук
+client.automation.dialog.spider.url = URL-адреса\:
+client.automation.dialog.spider.user = Користувач\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Діапазон
+client.automation.name = Client Spider Automation
client.components.table.header.form = Ідентифікатор форми
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Час вимкнення (секунди)\:
client.options.name = Інтеграція клієнта
client.output.requrl = Надсилання запиту доповнення клієнта\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Інформація була збережена в браузері {0}.\nЦе не є чимось незвичайним або обов’язково небезпечним – це інформаційне сповіщення було створено, щоб допомогти вам краще зрозуміти, що робить ця програма. Щоб отримати докладніші відомості, перегляньте вкладки «Клієнт» — цю інформацію було встановлено безпосередньо в браузері, тому вона не обов’язково відображатиметься в цій формі в будь-яких повідомленнях HTTP(S).
client.pscan.infoinstorage.name = Розголошення інформації – інформація у вебпереглядачі {0}
client.pscan.infoinstorage.other = Було встановлено такі дані (ключ\=значення)\: {0}\nЗверніть увагу, що це сповіщення буде створено лише один раз для кожного ключа URL-адреси.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Скинути
client.scandialog.button.scan = Почати сканування
client.scandialog.label.adv = Показати додаткові параметри\:
client.scandialog.label.browser = Браузер\:
+client.scandialog.label.context = Контекст\:
client.scandialog.label.spiderSubtreeOnly = Лише піддерево Spider\:
client.scandialog.label.start = Початкова точка\:
+client.scandialog.label.user = Користувач\:
client.scandialog.nostart.error = Потрібно вибрати дійсну початкову точку, включно з протоколом e.g. https\://www.example.com
client.scandialog.notSafe.error = Сканування клієнтського павука заборонено в безпечному режимі.
client.scandialog.startProtectedMode.error = Початкова точка не знаходиться в області видимості, а режим - «Захищений».
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Діапазон
client.scandialog.title = Клієнтський павук
client.spider.menu.tools.label = Клієнтський павук
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Повідомлення
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Дозволено
+client.spider.panel.table.cell.excluded = Виключено
+client.spider.panel.table.cell.ioerror = Помилка введення/виведення
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Відомості
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = Стан
+client.spider.panel.table.header.status = Стан
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Клієнтський павук
+client.spider.task.stats.failed = Помилка
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Працює
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Поточні сканування\:
+client.spider.toolbar.button.clear = Очистити виконані сканування
+client.spider.toolbar.button.new = Нове сканування
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Стан\:
+client.spider.toolbar.progress.select = --Вибрати скан--
+client.spider.toolbar.urls.label = Проскановані URL-адреси\:
client.tree.popup.attack = Атака
client.tree.popup.browser = Відкрити в браузері...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ur_PK.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ur_PK.properties
index d0d3dde8b0a..b917b650c27 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ur_PK.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_ur_PK.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = موجودہ سکین\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = حملہ
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_vi_VN.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_vi_VN.properties
index 3ae8c1f1fbe..0cdacc5c6df 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_vi_VN.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_vi_VN.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = Người dùng\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = Người dùng\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = Các URL
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Được cho phép
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Tấn công
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_yo_NG.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_yo_NG.properties
index 7906373b5cd..3dabe72756b 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_yo_NG.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_yo_NG.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = Url\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = Reset
client.scandialog.button.scan = Start Scan
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = Browser\:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = Error
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = Status
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = Failed
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = Pause Spider
+client.spider.toolbar.button.stop = Stop Spider
+client.spider.toolbar.button.unpause = Resume Spider
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_zh_CN.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_zh_CN.properties
index cf05f80f9a4..6c41f24809d 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_zh_CN.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_zh_CN.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = 显示高级选项:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = 上下文\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = 最大爬取深度:
+client.automation.dialog.spider.maxduration = 最大时长:
+client.automation.dialog.spider.name = 作业名称:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = 选项
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL:
+client.automation.dialog.spider.user = 用户:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = 范围
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = 客户端集成
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = 重置
client.scandialog.button.scan = 开始扫描
client.scandialog.label.adv = 显示高级选项:
client.scandialog.label.browser = 浏览器:
+client.scandialog.label.context = 上下文\:
client.scandialog.label.spiderSubtreeOnly = 仅爬取子树:
client.scandialog.label.start = 起点:
+client.scandialog.label.user = 用户:
client.scandialog.nostart.error = 你必须选择一个有效起点\n包括协议例如:https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = 范围
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = 已添加的节点
+client.spider.panel.tab.messages = 消息
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = 网址
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = 允许
+client.spider.panel.table.cell.excluded = 已排除的
+client.spider.panel.table.cell.ioerror = I/O 错误
+client.spider.panel.table.cell.outofcontext = 超出上下文
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = 详情
+client.spider.panel.table.header.error = 错误
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = 状态
+client.spider.panel.table.header.status = 状态
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = 失败
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = 运行\n
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = 增加的节点:
+client.spider.toolbar.ascans.label = 当前扫描\:
+client.spider.toolbar.button.clear = 清除已完成的扫描
+client.spider.toolbar.button.new = 新扫描
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = 暂停 Spider
+client.spider.toolbar.button.stop = 停止 Spider
+client.spider.toolbar.button.unpause = 继续运行 Spider
+client.spider.toolbar.progress.label = 进展:
+client.spider.toolbar.progress.select = --选择扫描--
+client.spider.toolbar.urls.label = 抓取的 URLs:
client.tree.popup.attack = 攻击
client.tree.popup.browser = 在浏览器中打开...
diff --git a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_zh_TW.properties b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_zh_TW.properties
index 9d65cc19468..1c67fbee8bb 100644
--- a/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_zh_TW.properties
+++ b/addOns/client/src/main/resources/org/zaproxy/addon/client/resources/Messages_zh_TW.properties
@@ -1,6 +1,28 @@
client.activeActionPrefix = Client Spidering\: {0}
client.attack.spider = Client Spider...
+client.automation.default = Default
+
+client.automation.desc = Client Spider Automation Framework Integration
+client.automation.dialog.spider.advanced = Show Advanced Options\:
+client.automation.dialog.spider.browserid = Browser ID\:
+client.automation.dialog.spider.context = Context\:
+client.automation.dialog.spider.initialtime = Initial Page Load Time\:
+client.automation.dialog.spider.loadtime = Page Load Time\:
+client.automation.dialog.spider.maxchildren = Maximum Children\:
+client.automation.dialog.spider.maxcrawldepth = Max Crawl Depth\:
+client.automation.dialog.spider.maxduration = Max Duration\:
+client.automation.dialog.spider.name = Job Name\:
+client.automation.dialog.spider.numbrowsers = Number of Browsers\:
+client.automation.dialog.spider.shutdowntime = Shutdown Time\:
+client.automation.dialog.spider.tab.adv = Options
+client.automation.dialog.spider.title = Client Spider
+client.automation.dialog.spider.url = URL\:
+client.automation.dialog.spider.user = User\:
+client.automation.dialog.summary = Default
+
+client.automation.dialog.tab.params = Scope
+client.automation.name = Client Spider Automation
client.components.table.header.form = Form ID
client.components.table.header.href = HREF
@@ -48,6 +70,8 @@ client.options.label.shutdowntime = Shutdown Time (seconds)\:
client.options.name = Client Integration
client.output.requrl = Client add-on requesting\: {0}
+client.pscan.footer.label = Client Passive Scan Queue
+
client.pscan.infoinstorage.desc = Information was stored in browser {0}.\nThis is not unusual or necessarily unsafe - this informational alert has been raised to help you get a better understanding of what this app is doing. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
client.pscan.infoinstorage.name = Information Disclosure - Information in Browser {0}
client.pscan.infoinstorage.other = The following data (key\=value) was set\: {0}\nNote that this alert will only be raised once for each URL key.
@@ -78,8 +102,10 @@ client.scandialog.button.reset = 重設
client.scandialog.button.scan = 開始掃描
client.scandialog.label.adv = Show Advanced Options\:
client.scandialog.label.browser = 瀏覽器:
+client.scandialog.label.context = Context\:
client.scandialog.label.spiderSubtreeOnly = Spider Subtree Only\:
client.scandialog.label.start = Starting Point\:
+client.scandialog.label.user = User\:
client.scandialog.nostart.error = You must select a valid starting point\nincluding the protocol e.g. https\://www.example.com
client.scandialog.notSafe.error = Client Spider scans are not allowed in 'Safe' mode.
client.scandialog.startProtectedMode.error = The starting point is not in scope and the mode is 'Protected'.
@@ -89,6 +115,55 @@ client.scandialog.tab.scope = Scope
client.scandialog.title = Client Spider
client.spider.menu.tools.label = Client Spider
+client.spider.options.title = Client Options
+client.spider.outofscope.response = (403 Forbidden) Out of Client Spider scope
+client.spider.panel.tab.addednodes = Added Nodes
+client.spider.panel.tab.messages = Messages
+client.spider.panel.tab.tasks = Tasks
+client.spider.panel.tab.urls = URLs
+
+client.spider.panel.table.action.click = Click
+client.spider.panel.table.action.get = Get
+client.spider.panel.table.action.submit = submit
+
+client.spider.panel.table.cell.allowed = Allowed
+client.spider.panel.table.cell.excluded = Excluded
+client.spider.panel.table.cell.ioerror = I/O Error
+client.spider.panel.table.cell.outofcontext = Out of Context
+client.spider.panel.table.cell.outofhost = Out of Host
+client.spider.panel.table.cell.outofsubtree = Out of Subtree
+
+client.spider.panel.table.details.button = Button\: {0}
+client.spider.panel.table.details.link = Link\: {0} {1}
+
+client.spider.panel.table.header.action = Action
+client.spider.panel.table.header.details = Details
+client.spider.panel.table.header.error = 錯誤
+client.spider.panel.table.header.id = ID
+client.spider.panel.table.header.state = State
+client.spider.panel.table.header.status = 狀態
+client.spider.panel.table.header.uri = URI
+
+client.spider.panel.title = Client Spider
+client.spider.task.stats.failed = 失敗
+client.spider.task.stats.finished = Finished
+client.spider.task.stats.paused = Paused
+
+client.spider.task.stats.queued = Queued
+client.spider.task.stats.running = Running
+client.spider.task.stats.stopped = Stopped
+
+client.spider.toolbar.added.label = Nodes Added\:
+client.spider.toolbar.ascans.label = Current Scans\:
+client.spider.toolbar.button.clear = Clean completed scans
+client.spider.toolbar.button.new = New Scan
+client.spider.toolbar.button.options = Client Options
+client.spider.toolbar.button.pause = 暫停爬蟲
+client.spider.toolbar.button.stop = 停止爬蟲
+client.spider.toolbar.button.unpause = 繼續爬蟲
+client.spider.toolbar.progress.label = Progress\:
+client.spider.toolbar.progress.select = --Select Scan--
+client.spider.toolbar.urls.label = Crawled URLs\:
client.tree.popup.attack = Attack
client.tree.popup.browser = Open in Browser...
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ar_SA.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ar_SA.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ar_SA.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ar_SA.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_az_AZ.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_az_AZ.xml
index a03eacfc734..1fec868fd05 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_az_AZ.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_az_AZ.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_bn_BD.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_bn_BD.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_bn_BD.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_bn_BD.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_bs_BA.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_bs_BA.xml
index 4cf3127fe16..d14190ab0b1 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_bs_BA.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_bs_BA.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ceb_PH.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ceb_PH.xml
index be8bc4c19df..504c9f095eb 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ceb_PH.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ceb_PH.xml
@@ -437,8 +437,19 @@ Kapakyasan sa pag-scrub sa HTML/Script na mga komento una sa pagduso sa produksy
Mga numero sa software bersyon ug verbose na sayop na mga mensahe (sama sa ASP.NET na mga numero sa bersyon) kay ang mga panig-ingnan sa dili sato nga server kumpigurasyon. Kini nga impormasyon kay mapahimuslanon sa tig-atake na pinaagi sa paghatag ug detalye sa gipasabot na sama sa framework, mga language, o mga pre-built function nga gigamit sa web aplikasyon. Kasagaran sa default server na mga kumpigurasyon kay nagahatag ug software bersyon na mga numero ug verbose na sayop na mga mensahe para sa pag-debug ug pag-troubleshoor na mga katuyoan. Ang Kumpigurasyon na mga gipangusab kay mahimong dili magamit ang maong mga bahin, pagpugong sa gipakita sa impormasyon niini.
Mga panid kay naghatag ug lainlaing mga tubag base sa pagkabalido sa datos na mahimo usab nga magdala sa Impormasyon na Pagka-awas; ilabina na kon ang datos kay giisip na kompidensyal na gipadayag isip resulta sa disenyo sa web aplikasyon. Mga pananglitan sa sensitibo nga datos naglakip (apan dili limitado sa): mga numero sa account, mga identifier sa tiggamitan (Numero sa lisensya sa driver, Numero sa passport, Mga numero sa Social Security, ug uban pa.) ug tiggamit-espesipiko na impormasyon (mga password, mga sesyon, ug mga address). Ang Pag-awas sa Impormasyon niini nga konteksto kay naghisgot sa pagkaladlad sa yano nga datos sa gumagamit nga giisip na kompidensyal, o sekreto, nga dili dapat kinahanglan ibutyag sa plain na pagtan-aw, na bisan ang tiggamit. Ang mga numero sa credit card ug uban pa na hilabihan nga gikontrol nga kasayuran kay maoy pangunang mga panig-ingnan sa datos sa tiggamitan na nagkinahanglan ug gugang na pagprotektar gikan sa pagkaladlad o pag-awas na bisan pa ang tukmang pag-encrypt ug pagsulod sa mga kontrol na anaa nakabutang.
- Pagpili sa imong sistema aron makabaton ug "luwas" nga mga lugar nga diin ang pagsalig na mga utlanan kay mahimong tin-aw nga paaagi nga mapaggawas. Ayaw tugota ang sensitibo nga datos sa paggawas sa pagsalig nga utlanan ug permanenteng mag-amping kung pag-interface gamit ang lawak sa gawas sa luwas nga lugar.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -984,7 +995,17 @@ Aduhay duha ka pangunang mga matang sa mga proseso nga nagkinahanglan ug balidas
Ang "Pagdumala sa agos" kay nagtumong sa multi-step na mga proseso nga nagkinahanglan ug matag lakang nga gihimo sa espesipiko na order pinaagi sa tiggamit. Kung ang tig-atake kay naghimo ug lakang na dili sakto o dili apil, ang access na mga kontrol na mahimong ma-bypass ug usa ka aplikasyon na integridad na sayop kay mahimong mahitabo. Mga Pananglitan sa multi-step na mga proseso na naglakip ug pagbalhin sa wire, pagkuha sa password, pagpalit sa checkout, ug account sign-up.
"Logic sa negosyo" kay nagtumong sa konteksto diin usa ka proseso kay padaganon ingon nga gidumala sa kinahanglanon sa negosyo. Pagpahimulos sa usa ka negosyo sa kahuyang sa lohika nga nanginahanglan ug kahibalo sa negosyo; kung walay kahibalo nga kinahanglanon sa pagpahimulos niini, dayon lagmit kini dili usa ka kulangan sa lohika sa negosyo. Tungod niini, kasagaran na pagsukod sa seguridad sama sa mga scan ug pagtan-aw sa code kay dili makakita sa unsa ang klase sa kahuyang niini. Usa ka paagi sa pagsulay kay gihatag sa OWASP sa iyang Pagsulay na Giya.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_da_DK.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_da_DK.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_da_DK.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_da_DK.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_de_DE.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_de_DE.xml
index de15dee5d4e..b22ca2ea118 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_de_DE.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_de_DE.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_el_GR.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_el_GR.xml
index 5d35fe1b580..7bc53560c4c 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_el_GR.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_el_GR.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_es_ES.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_es_ES.xml
index 2bf17125fd0..f9bedcd9f5c 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_es_ES.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_es_ES.xml
@@ -435,8 +435,19 @@ Si no se eliminan los comentarios HTML/Script antes de enviarlos al entorno de p
Los números de versión de software y los mensajes de error detallados (como los números de versión de ASP.NET) son ejemplos de configuraciones de servidor incorrectas. Esta información es muy útil para un atacante al proporcionar información muy detallada sobre el marco de trabajo, los lenguajes o las funciones que se encuentran prediseñadas que utiliza una aplicación web. La mayoría de las configuraciones de servidor predeterminadas proporcionan números de versión de software y mensajes de error detallados para fines de depuración y solución de problemas. Se pueden realizar cambios en la configuración para deshabilitar estas funciones, evitando mostrar esa información.
Las páginas que brindan diferentes respuestas según la validez de los datos también pueden provocar una fuga de información; específicamente cuando se revelan datos considerados confidenciales como resultado del diseño de la aplicación web. Los ejemplos de datos confidenciales incluyen (pero no se limitan solamente a): números de cuenta, identificadores de usuario (número de licencia de conducir, número de pasaporte, números de seguridad social, etc) e información muy puntual del usuario (contraseñas, sesiones, direcciones). La fuga de información en este contexto se refiere a la exposición de datos clave del usuario considerados confidenciales o secretos, que no deben exponerse a la vista, ni siquiera para el usuario. Los números de tarjetas de crédito y otra información fuertemente regulada son excelentes ejemplos de datos de usuario que deben protegerse aún más contra la exposición o filtración, incluso con el cifrado adecuado y los controles de acceso ya implementados.
- Compartimente su sistema para tener áreas "seguras" donde se puedan trazar límites de confianza sin ambigüedades. No permita que datos confidenciales salgan del límite de confianza y siempre tenga cuidado al interactuar con un compartimento fuera del área segura.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -979,7 +990,17 @@ Hay dos tipos principales de procesos que requieren validación: control de fluj
“Control de flujo” se refiere a procesos multi-pasos que requieren que cada paso sea ejecutado por el usuario en un orden específico. Cuando un atacante ejecuta el paso de manera incorrecta o fuera del orden, los controles de acceso pueden ser pasados por alto y puede ocurrir un error de integridad en la aplicación. Ejemplos de procesos multi-pasos incluyen transferencias bancarias, recupero de contraseñas, salida luego de hacer una compra e inicio de sesión para en una cuenta.
“Lógica de negocio” se refiere al contexto en el cual un proceso será ejecutado bajo la orden de los requerimientos del negocio. Explotar la debilidad de una lógica de negocio requiere conocimiento acerca negocio; si no se necesita conocimiento para explotarlo, entonces muy probablemente no es una falla de lógica de negocio. Debido a esto, medidas de seguridad típicas como escaneos y revisión de códigos no encontrarán esta clase de debilidad. OWASP presenta una forma de enfoque para las pruebas en su Guía de Prueba.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fa_IR.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fa_IR.xml
index ec2f78e3375..a8bab6b26f6 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fa_IR.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fa_IR.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fil_PH.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fil_PH.xml
index aa774c7a7ba..bbb4f665651 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fil_PH.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fil_PH.xml
@@ -436,8 +436,19 @@ Kabiguan sa pagkuskus sa HTML/Script na mga komento bago sa isang tulak patungon
ANg software na bersyon ng mga numero at verbose na maling mga mensahe (tulad ng ASP.NET na mga numero ng bersyon) ay mga halimbawa sa maling server na mga kumpigurasyon. Ang impormasyon na ito ay kapaki-pakinabang sa isang umatake sa pamamagitan ng detalyadong kabatiran sa framework, mga wika, o pre-built na mga function na napapakinabangan ng isang aplikasyon sa web. Karamihan sa default na server na mga kumpigurasyon ay nagbibigay ng software bersyon ng mga numero at verbose na maling mga mensahe para sa pagde-debug at paglutas na mga layunin. Kumpigurasyon ay nagbabago ay maaaring gawin na hindi paganahin ang mga tampok na ito, upang mapigilan ang pagdispley sa impormasyon na ito.
Mga pahina na nagbibigay ng iba't ibang mga tugon batay sa kabuluhan ng datos ay maaari ring humantong sa pagtagas ng impormasyon; lalo na kapag ang datos ay itinuturing na kumpidensyal ay inihayag bilang resulta ng disenyo ng aplikasyon ng web. Mga halimbawa sa sensitibong datos ay kabilang (ngunit hindi limitado sa): mga numero ng account, mga pagkakilanlan ng gumagamit (Numero ng lisensya ng drayber, numero ng passport, mga numero sa social security, atbp.) at gumagamit-partikular na impormasyon (mga password, mga sesyon, mga tirahan). Pagtagas ng impormasyon sa kontekstong ito ay tumatakay sa pagkalantad ng pangunahing gumagamit ng datos na itinuturing na kumpidensyal, o lihim, na dapat hindi nakalantad sa simpleng pananaw, maging ang gumagamit. Ang mga numero ng credit card at iba pang mabigat na regulated na impormasyon ay pangunahing halimbawa ng gumagamit ng datos na nangangailangan ng karagdagang maprotektahan mula sa exposure o pagtagas kahit na may wastong encrypsyon at pagpasok ng mga kontrol na nasa lugar na.
- Paghiwa-hiwalayin ang iyong sistema na magkaroon ng "ligtas" na lugar na kung saan ang mga hangganan ng tiwala ay hindi magagalaw o makukuha ng iba. Huwag payagan ang mga sensitibong datos na mag punta sa labas ng pinagkaktiwalaang lugar o lalagyanan at kaialngang lagi ay maging maingat lalo na sa pag interface sa mga kasama sa labas ng ligtas na lalagyan o lugar.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -982,7 +993,17 @@ Mayroong dalawang pangunahing uri ng mga proseso na nangangailangan ng pagpapatu
Ang "kontrol ng daloy" ay tumutukoy sa maraming-hakbang na mga proseso na kinakailangang ang bawat hakbang ay maisagawa sa isang partikular na pagkakasunud-sunod ng gumagamit. Kapag ang isang taga-atake ay nagsagawa ng hindi tamang hakbang o wala sa pagkasunod-sunod, ang mga kontrol ng access ay maaaring na-bypass at isang kamalian sa integridad ng aplikasyon ang maaaring mangyari. Mga halimbawa ng maramihang-hakbang na mga proseso ay kinabibilangan ng wire transfer, pagrekober ng password, checkout ng purchase, at pag-sign-up ng account.
"Lohika ng negosyo" ay tumutukoy sa konteksto kung saan ang isang proseso ay magsasagawa ayon sa pinamamahalaan ng mga kinakailangan sa negosyo. Ang pagsasamantala sa kahinaan ng lohika ng negosyo ay nangangailangan ng kaalaman sa negosyo; kung walang kinakailangang kaalaman para pagsamantalahan ito, malamang na hindi ito isang kapintasan ng lohika ng negosyo. Dahil dito, ang tipikal na mga hakbang ng seguridad tulad ng pag-scan at pagsusuri ng code ay hindi makikita ang ganitong klase ng kahinaan. Isang paraan sa pagsusuri ay inaalok ng OWASP sa kanilang Gabay sa Pagsusuri.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fr_FR.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fr_FR.xml
index 115082cdf4e..7cd060f413f 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fr_FR.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_fr_FR.xml
@@ -436,8 +436,19 @@ Oublier de retirer les commentaires des pages HTML ou des scripts avant un dépl
Les numéros de version de logiciel et des messages d'erreur détaillés (par exemple les numéros de version ASP.NET) sont des exemples de configurations de serveur incorrectes. Cette information est utile pour un agresseur, en lui fournissant un aperçu détaillé sur le framework, les langages ou les fonctions prédéfinies utilisées par une application internet. La plupart des configurations serveur par défaut fournissent les numéros de version de logiciel et des messages d'erreur détaillés pour le débogage et à des fins de dépannage. Ces configurations peuvent être modifiées pour désactiver ces fonctionnalités, empêchant l'affichage de ces informations.
Des pages fournissant des réponses différentes selon la validité des données injectées peuvent aussi conduire à une fuite d'information; plus précisément lorsque des données jugées confidentielles sont révélées à cause de la conception de l'application web. Des exemples de données sensibles incluent (mais ne sont pas limités à): numéros de compte, identifiants de l'utilisateur (numéro du permis de conduire, numéro de passeport, numéros de sécurité sociale, etc.) et les informations spécifiques à l'utilisateur (mots de passe, sessions, adresses). Dans ce contexte, la fuite d'informations concerne la divulgation de données-clés de l'utilisateur, données jugées confidentielles ou secrètes, et qui ne doivent en aucun cas être exposées en claire, pas même à l'utilisateur. Les numéros de carte de crédit et autres informations fortement réglementées sont d'excellents exemples de données de l'utilisateur qui ont besoin d'être davantage protégées contre l'exposition ou la fuite, même si des mesures appropriées de cryptage et d'accès ont déjà été mises en place.
- Compartimentez votre système pour avoir des zones "sécurisées", où les limites de confiance peuvent être établies sans ambiguïté. Ne permettez pas que des données sensibles sortent de la limite de confiance et soyez toujours attentif à l'interface avec un compartiment situé hors de la zone sûre.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -980,7 +991,17 @@ Il existe deux principaux types de processus nécessitant une validation: le flu
Le "flux de contrôle" se réfère à des processus en plusieurs étapes, qui nécessitent que chacune des étapes soit effectuée par l'utilisateur dans un ordre spécifique. Quand un agresseur effectue l'étape incorrectement ou dans un ordre différent, les contrôles d'accès peuvent être contournés et une erreur d'intégrité peut se produire dans l'application. Des exemples de procéssus à plusieurs étapes sont: virements, récupération de mot de passe, achats en ligne et enregistrement de nouveau compte.
La "logique métier" se réfère au contexte dans lequel un processus s'exécutera selon les exigences métier. Exploiter une faille de logique métier exige la connaissance de l'entreprise et de ses affaires; si aucune connaissance n'est nécessaire pour exploiter cette faille, alors il ne s'agit très probablement pas d'un défaut de logique métier. Pour cette raison, les mesures de sécurité typiques, telles que les analyses de code et les revues de code, ne permettront pas de trouver cette classe de faille. Une approche pour tester la logique métier est fournie par OWASP dans leur Guide de test.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ha_HG.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ha_HG.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ha_HG.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ha_HG.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_he_IL.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_he_IL.xml
index 884bb4fd22f..0ac39eb8854 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_he_IL.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_he_IL.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hi_IN.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hi_IN.xml
index 3d34a242853..ad3a5a9b48d 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hi_IN.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hi_IN.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hr_HR.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hr_HR.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hr_HR.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hr_HR.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hu_HU.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hu_HU.xml
index 45724637445..9371aec0d2f 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hu_HU.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_hu_HU.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_id_ID.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_id_ID.xml
index c863682e055..3c5f147af9e 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_id_ID.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_id_ID.xml
@@ -417,8 +417,19 @@ Kegagalan untuk menggosok HTML/Script komentar sebelum mendorong ke lingkungan p
Nomor versi perangkat lunak dan pesan kesalahan verbose (seperti nomor versi ASP.NET) adalah contoh konfigurasi server yang tidak semestinya. Informasi ini berguna untuk seorang penyerang dengan memberikan wawasan rinci untuk kerangka kerja, bahasa, atau pre-built fungsi yang digunakan oleh aplikasi web. Konfigurasi server paling default yang menyediakan perangkat lunak dan nomor versi verbose kesalahan pesan untuk debugging dan tujuan pemecahan masalah. Perubahan konfigurasi dapat dibuat untuk menonaktifkan fitur ini, mencegah tampilan dari informasi ini.
Laman yang memberikan tanggapan berbeda berdasarkan validitas data juga dapat menyebabkan Kebocoran Informasi; khususnya ketika data dianggap rahasia sedang diungkapkan sebagai hasil dari desain aplikasi web. Contoh data sensitif termasuk (namun tidak terbatas pada): nomor rekening, pengenal pengguna (nomor lisensi Driver, nomor Paspor, Nomor Jaminan Sosial, dll.) Dan informasi khusus pengguna (kata sandi, sesi, alamat). Informasi Kebocoran dalam konteks ini berkaitan dengan pemaparan data pengguna kunci yang dianggap rahasia, atau rahasia, yang seharusnya tidak terpapar secara polos, bahkan untuk pengguna. Nomor kartu kredit dan informasi lain yang sangat diatur adalah contoh utama data pengguna yang perlu dilindungi lebih jauh dari paparan atau kebocoran bahkan dengan enkripsi dan kontrol akses yang benar.
- Kompartemen sistem Anda untuk memiliki area "aman" dimana batas kepercayaan dapat ditarik dengan jelas. Jangan biarkan data sensitif keluar dari batas kepercayaan dan selalu berhati-hati saat berinteraksi dengan kompartemen di luar area aman.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -967,7 +978,17 @@ Ada dua jenis proses utama yang memerlukan validasi: flow control dan logika bis
"Flow control" mengacu pada proses multi langkah yang mengharuskan setiap langkah dilakukan dalam urutan tertentu oleh pengguna. Bila penyerang melakukan langkah yang salah atau tidak sesuai, kontrol akses mungkin dilewati dan kesalahan integritas aplikasi mungkin terjadi. Contoh proses multi langkah termasuk transfer kawat, pemulihan kata sandi, checkout pembelian, dan pendaftaran akun.
"Logika bisnis" mengacu pada konteks di mana proses akan dijalankan sesuai dengan kebutuhan bisnis. Memanfaatkan kelemahan logika bisnis membutuhkan pengetahuan bisnis; Jika tidak ada pengetahuan yang dibutuhkan untuk memanfaatkannya, kemungkinan besar itu bukan kesalahan logika bisnis. Karena ini, tindakan pengamanan khas seperti pemindaian dan pengkajian kode tidak akan menemukan kelas kelemahan ini. Salah satu pendekatan pengujian ditawarkan oleh OWASP dalam Panduan Pengujian mereka.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_it_IT.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_it_IT.xml
index 64430df7e15..b36818be07b 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_it_IT.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_it_IT.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ja_JP.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ja_JP.xml
index e9477c06764..43726d483c7 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ja_JP.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ja_JP.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ko_KR.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ko_KR.xml
index ad887d136b9..52dd441663a 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ko_KR.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ko_KR.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_mk_MK.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_mk_MK.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_mk_MK.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_mk_MK.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ms_MY.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ms_MY.xml
index 2e6282dbbde..709c90bf703 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ms_MY.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ms_MY.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_nb_NO.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_nb_NO.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_nb_NO.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_nb_NO.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_nl_NL.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_nl_NL.xml
index 8f8c1f62408..ae756796b94 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_nl_NL.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_nl_NL.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Sta niet toe dat gevoelige gegevens buiten de betrouwbaarheidslimiet vallen en wees altijd op de hoogte van de interface met een compartiment buiten de veilige zone.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pcm_NG.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pcm_NG.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pcm_NG.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pcm_NG.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pl_PL.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pl_PL.xml
index b98d2fa4426..3df975d398d 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pl_PL.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pl_PL.xml
@@ -438,8 +438,19 @@ Brak możliwości wyszukania komentarzy HTML / Skryptu przed przekazaniem do śr
Numery wersji oprogramowania i szczegółowe komunikaty o błędach (takie jak numery wersji ASP.NET) są przykładami niewłaściwych konfiguracji serwerów. Ta informacja jest przydatna atakującemu, dostarczając szczegółowych informacji o strukturze, językach lub predefiniowanych funkcjach wykorzystywanych przez aplikację internetową. Większość domyślnych konfiguracji serwerów udostępnia numery wersji oprogramowania i szczegółowe komunikaty o błędach do celów debugowania i rozwiązywania problemów. Zmiany w konfiguracji mogą być zrobione do wyłączenia tych funkcji, zapobiegając wyświetlania tych informacji.
Strony, które podają różne odpowiedzi w oparciu o ważność danych, mogą również doprowadzić do wycieku informacji; w szczególności, gdy dane uznane za poufne ujawniają się w wyniku projektu aplikacji internetowej. Przykłady poufnych danych obejmują(ale nie są limitowane): numery kont, identyfikatory użytkowników(Numer prawa jazdy, Numer paszportu, Numery Ubezpieczenia Społecznego itd.) oraz konkretne informacje o użytkownikach (hasła, sesje, adresy). Wyciek informacji w tym kontekście dotyczy ujawnienia kluczowych danych użytkownika uznanych za poufne lub tajne, które nie powinny być ujawniane w zwykłym widoku, nawet dla użytkownika. Numery kart kredytowych i inne ściśle regulowane informacje są pierwszorzędnymi przykładami danych użytkowników, które należy dodatkowo zabezpieczyć przed ujawnieniem lub wyciekiem, nawet przy odpowiednim szyfrowaniu i kontroli dostępu, które już istnieją.
- Podziel twój system na "bezpieczne" strefy gdzie zaufane granice mogą być jednoznacznie narysowane. Nie pozwól poufnym danym wyjść poza granice zaufania i zawsze uważaj podczas kontaktowania się z przedziałem poza bezpiecznym obszarem.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -989,7 +1000,17 @@ Istnieją dwa główne typy procesów, które wymagają sprawdzenia poprawności
"Kontrola przepływu" odnosi się do procesów wieloetapowych, które wymagają, aby każdy krok był wykonywany w określonej kolejności przez użytkownika. Gdy atakujący wykonuje krok nieprawidłowo lub niezgodnie z kolejnością, kontrola dostępu może zostać ominięta i może wystąpić błąd integralności aplikacji. Przykładami wieloetapowych procesów są przelewy, odzyskiwanie hasła, przeprowadzenie zakupu i rejestracja konta.
"Logika biznesowa" odnosi się do kontekstu, w którym proces będzie wykonywany zgodnie z wymogami biznesowymi. Wykorzystanie słabości logiki biznesowej wymaga znajomości biznesu; jeśli nie jest potrzebna wiedza, aby ją wykorzystać, najprawdopodobniej nie jest to błąd logiki biznesowej. Z tego powodu typowe środki bezpieczeństwa, takie jak skanowanie i weryfikacja kodu, nie znajdą tej klasy słabości. Jedno z podejść do testowania oferuje OWASP w swoim Przewodniku Testowania.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pt_BR.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pt_BR.xml
index 49d3a2a298d..1ea49954edb 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pt_BR.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pt_BR.xml
@@ -489,8 +489,19 @@ A falha ao limpar os comentários de HTML/Script antes de enviar para o ambiente
Números de versão de software e mensagens de erro detalhadas (como números de versão ASP.NET) são exemplos de configurações de servidor inadequadas. Essas informações são úteis para um invasor, fornecendo uma visão detalhada da estrutura, linguagens ou funções pré-construídas utilizadas por uma aplicação web. A maioria das configurações de servidor padrão fornece números de versão de software e mensagens de erro detalhadas para fins de depuração e solução de problemas. Alterações de configuração podem ser feitas para desabilitar esses recursos, impedindo a exibição dessas informações.
Páginas que fornecem respostas diferentes com base na validade dos dados também podem levar ao vazamento de informações; especificamente quando dados considerados confidenciais estão sendo revelados como resultado do design do aplicativo da web. Exemplos de dados confidenciais incluem (mas não se limitam a): números de contas, identificadores de usuários (número da carteira de habilitação, número do passaporte, números de CPF etc.) e informações específicas do usuário (senhas, sessões, endereços). O Vazamento de Informações, neste contexto, trata da exposição dos principais dados do usuário considerados confidenciais ou secretos, que não devem ser expostos à vista, mesmo para o usuário. Números de cartão de crédito e outras informações altamente regulamentadas são exemplos importantes de dados do usuário que precisam ser protegidos contra exposição ou vazamento, mesmo com criptografia adequada e controles de acesso já implementados.
- Compartimentalize seu sistema para ter áreas "seguras" onde os limites de confiança possam ser definidos de forma inequívoca. Não permita que dados confidenciais saiam do limite de confiança e sempre tenha cuidado ao fazer a interface com um compartimento fora da área segura.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -1044,7 +1055,17 @@ Existem dois tipos principais de processos que requerem validação: controle de
"Controle de fluxo" refere-se a processos de várias etapas que exigem que cada etapa seja realizada em uma ordem específica pelo usuário. Quando um invasor executa a etapa incorretamente ou fora de ordem, os controles de acesso podem ser ignorados e pode ocorrer um erro de integridade do aplicativo. Exemplos de processos de várias etapas incluem transferência eletrônica, recuperação de senha, finalização da compra e inscrição na conta.
"Lógica de negócios" se refere ao contexto no qual um processo será executado conforme regido pelos requisitos de negócios. Explorar uma fraqueza da lógica de negócios requer conhecimento do negócio; se nenhum conhecimento é necessário para explorá-lo, provavelmente não é uma falha de lógica de negócios. Devido a isso, medidas de segurança típicas, como varreduras e revisão de código, não encontrarão essa classe de fraqueza. Uma abordagem de teste é oferecida pelo OWASP em seu Guia de Teste.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pt_PT.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pt_PT.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pt_PT.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_pt_PT.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ro_RO.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ro_RO.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ro_RO.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ro_RO.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ru_RU.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ru_RU.xml
index d8d47b0b449..1a2dd83e389 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ru_RU.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ru_RU.xml
@@ -441,8 +441,19 @@ Regularly monitor and review your security measures and adapt to evolving threat
Номера версий программного обеспечения и подробные сообщения об ошибках (например, номера версий ASP.NET) являются примерами неправильной конфигурации сервера. Эта информация полезна для злоумышленника, поскольку предоставляет подробные сведения о структуре, языках или встроенных функциях, используемых веб-приложением. Большинство конфигураций серверов по умолчанию предоставляют номера версий программного обеспечения и подробные сообщения об ошибках для целей отладки и устранения неполадок. Можно внести изменения в конфигурацию, чтобы отключить эти функции, предотвращая отображение этой информации.
Страницы, которые предоставляют разные ответы в зависимости от достоверности данных, также могут привести к утечке информации; особенно когда данные, которые считаются конфиденциальными, раскрываются в результате разработки веб-приложения. Примеры конфиденциальных данных включают (но не ограничиваются ими): номера учетных записей, идентификаторы пользователей (номер водительской лицензии, номер паспорта, номера социального страхования и т. Д.) И информацию о пользователях (пароли, сеансы, адреса). Утечка информации в этом контексте связана с раскрытием ключевых пользовательских данных, считающихся конфиденциальными или секретными, которые не должны быть открыты для всеобщего обозрения даже пользователю. Номера кредитных карт и другая строго регулируемая информация являются яркими примерами пользовательских данных, которые необходимо дополнительно защитить от раскрытия или утечки даже при наличии надлежащего шифрования и контроля доступа.
- Разделите свою систему, чтобы иметь «безопасные» области, где можно однозначно провести границы доверия. Не допускайте выхода конфиденциальных данных за пределы границ доверия и всегда будьте осторожны при взаимодействии с отсеком за пределами безопасной зоны.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -989,7 +1000,17 @@ For example, ID 1 could map to "/login.asp" and ID 2 could map to "https://www.e
«Управление потоком» относится к многоэтапным процессам, которые требуют, чтобы каждый шаг выполнялся пользователем в определенном порядке. Когда злоумышленник выполняет шаг неправильно или не по порядку, элементы управления доступом могут быть обойдены, и может возникнуть ошибка целостности приложения. Примеры многоэтапных процессов включают банковский перевод, восстановление пароля, оформление покупки и регистрацию учетной записи.
«Бизнес-логика» относится к контексту, в котором процесс будет выполняться в соответствии с бизнес-требованиями. Использование слабых мест бизнес-логики требует знания бизнеса; если для его использования не нужны знания, то, скорее всего, это не ошибка бизнес-логики. По этой причине типичные меры безопасности, такие как сканирование и проверка кода, не обнаруживают этот класс слабых мест. Один из подходов к тестированию предлагается OWASP в их Руководстве по тестированию.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_si_LK.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_si_LK.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_si_LK.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_si_LK.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sk_SK.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sk_SK.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sk_SK.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sk_SK.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sl_SI.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sl_SI.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sl_SI.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sl_SI.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sq_AL.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sq_AL.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sq_AL.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sq_AL.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sr_CS.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sr_CS.xml
index cceff8b5b41..290aa39028c 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sr_CS.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sr_CS.xml
@@ -434,8 +434,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -981,7 +992,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sr_SP.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sr_SP.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sr_SP.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_sr_SP.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_tr_TR.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_tr_TR.xml
index 58c2f430759..1ae6030b8c8 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_tr_TR.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_tr_TR.xml
@@ -434,8 +434,19 @@ HTML/Komut açıklamalarını üretim ortamına itmeden önce temizleme hatası,
Yazılım sürüm numaraları ve ayrıntılı hata mesajları (ASP.NET sürüm numaraları gibi) uygun olmayan sunucu yapılandırmalarına örnektir. Bu bilgi bir saldırgan için yararlıdır, bir web uygulaması tarafından kullanılan çerçeve, dil veya önceden oluşturulmuş işlevler hakkında ayrıntılı bilgi sağlar. Çoğu varsayılan sunucu yapılandırmaları, hata ayıklama ve sorun giderme amacıyla yazılım versiyon numaraları ve ayrıntılı hata mesajları sağlayacaktır. Bu bilgilerin görüntülenmesini engellemek ve bu özellikleri devre dışı bırakmak için yapılandırma da güncellemeler yapılabilir.
Verilerin geçerliliğine dayalı olarak farklı yanıtlar sunan sayfalar da bilgi sızıntılarına neden olabilir; özellikle de web uygulaması tasarımının bir sonucu olarak gizli olduğunu düşünülen bilgiler ortaya çıktığında. Hassas veri örnekleri, (ancak bunlarla sınırlı değildir.) hesap numaraları, kullanıcı tanımlayıcıları (Sürücü lisans numarası, Pasaport numarası, Sosyal Güvenlik Numaraları, vb.) ve kullanıcıya özgü bilgiler (şifreler, oturumlar, adresler) i içerir. Bilgi Sızıntısı, bu bağlamda, kullanıcıya bile açıkça gösterilmemesi gereken, gizli veya gizli sayılan temel kullanıcı bilgilerini ortaya koymaktadır. Kredi kartı numaraları ve diğer katı şekilde düzenlenen bilgiler, uygun şifreleme ve erişim kontrolleri yapılmış olsa dahi, kullanıcı verilerinin asıl örneklerinin maruz kalmaması veya sızıntıdan daha fazla korunması gerekir.
- Sisteminde, güven sınırlarının belirgin şekilde görünebilceği "güvenli" alanlar oluşturun. Hassas bilginin güven sınırları dışına gitmesine izin vermeyin ve güvenli alan dışındaki bir bölümle karşılaştığınızda her zaman dikkatli olun.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -981,7 +992,17 @@ Doğrulama gerektiren iki tür ana süreç vardır: akış kontrolü ve işletme
"Akış kontrolü", tüm adımların kullanıcı tarafından belirli bir sırada gerçekleşmesini gerektiren çoklu adım süreçlerini ifade eder. Bir saldırgan bir adımı yanlış veya düzensiz gerçekleştirirse, erişim kontrolleri es geçilebilir ve bir uygulama bütünlüğü hatası oluşabilir. Çoklu adım süreçlerine havale, şifre kurtarma, satın alma çıkışları ve hesaba girme örnek olarak verilebilir.
"İşletme mantığı", işletme gereksinimleri tarafından yönetilen süreç uygulamaları kapsamını ifade eder. İşletme mantığı zayıflığının kötüye kullanılması işletme bilgisi gerektirir. Eğer kötüye kullanım için bilgi gerekmiyorsa, o zaman büyük ihtimalle işletme mantık akışı değildir. Bundan dolayı, tarama ve kod değerlendirmeleri gibi güvenlik önlemleri bu zayıflık sınıfını bulamaz. Bir test yaklaşımı, Test Kılavuzunda OWASP tarafından sunulmuştur.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_uk_UA.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_uk_UA.xml
index af3941a99e2..780e4adc1d3 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_uk_UA.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_uk_UA.xml
@@ -437,8 +437,19 @@ CSRF в основному використовувався для викона
Номери версій програмного забезпечення та докладні повідомлення про помилки (наприклад, номери версій ASP.NET) є прикладами неправильних конфігурацій сервера. Ця інформація корисна для зловмисника, оскільки надає детальне уявлення про фреймворк, мови або вбудовані функції, що використовуються вебзастосунком. Більшість конфігурацій серверів за замовчуванням надають номери версій програмного забезпечення та докладні повідомлення про помилки для налагодження та усунення несправностей. Можна внести зміни до конфігурації, щоб вимкнути ці функції, запобігаючи відображенню цієї інформації.
Сторінки, які надають різні відповіді залежно від достовірності даних, також можуть призвести до витоку інформації; зокрема, коли дані, які вважаються конфіденційними, стають доступними в результаті дизайну вебзастосунку. Приклади конфіденційних даних включають (але не обмежуються ними): номери рахунків, ідентифікатори користувачів (номер водійських прав, номер паспорта, номери соціального страхування тощо) та інформацію про користувачів (паролі, сесії, адреси). Витік інформації в цьому контексті стосується витоку ключових даних користувача, які вважаються конфіденційними або секретними, і які не повинні бути доступними для огляду навіть самому користувачеві. Номери кредитних карток та інша суворо регульована інформація є яскравими прикладами даних користувачів, які потребують додаткового захисту від витоку, навіть за наявності належного шифрування та контролю доступу.
- Розділіть вашу систему на "безпечні" зони, де можна чітко окреслити межі довіри. Не дозволяйте конфіденційним даним виходити за межі довіри та завжди будьте обережні під час взаємодії з простором за межами безпечної зони.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -984,7 +995,17 @@ WS-Addressing - це новіший стандарт, опублікований
"Управління потоком" належить до багатокрокових процесів, які вимагають від користувача виконання кожного кроку в певному порядку. Якщо зловмисник виконує цей крок неправильно або не в тому порядку, контроль доступу може бути обійдений, що може призвести до помилки цілісності програми. Прикладами багатокрокових процесів є банківський переказ, відновлення пароля, оформлення покупки та реєстрація облікового запису.
"Бізнес-логіка" належить до контексту, в якому процес буде виконуватися відповідно до бізнес-вимог. Використання недоліків бізнес-логіки вимагає знання бізнесу; якщо для цього не потрібні знання, то, швидше за все, це не є недоліком бізнес-логіки. Через це типові заходи безпеки, такі як сканування та аналіз коду, не знайдуть цей клас вразливостей. Один із підходів до тестування пропонує OWASP у своєму Посібнику з тестування.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ur_PK.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ur_PK.xml
index 836cf89bbeb..74d2240acc9 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ur_PK.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_ur_PK.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_vi_VN.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_vi_VN.xml
index 194a21100e7..7b8587f0b6e 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_vi_VN.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_vi_VN.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_yo_NG.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_yo_NG.xml
index b3b32e4edae..f35200419a5 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_yo_NG.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_yo_NG.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_zh_CN.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_zh_CN.xml
index c24be32ebe7..d8a05979dd1 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_zh_CN.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_zh_CN.xml
@@ -436,8 +436,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -983,7 +994,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_zh_TW.xml b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_zh_TW.xml
index b6deaeeb4c4..0e84347e0d6 100644
--- a/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_zh_TW.xml
+++ b/addOns/commonlib/src/main/resources/org/zaproxy/addon/commonlib/internal/vulns/vulnerabilities_zh_TW.xml
@@ -438,8 +438,19 @@ Failure to scrub HTML/Script comments prior to a push to the production environm
Software version numbers and verbose error messages (such as ASP.NET version numbers) are examples of improper server configurations. This information is useful to an attacker by providing detailed insight as to the framework, languages, or pre-built functions being utilized by a web application. Most default server configurations provide software version numbers and verbose error messages for debugging and troubleshooting purposes. Configuration changes can be made to disable these features, preventing the display of this information.
Pages that provide different responses based on the validity of the data can also lead to Information Leakage; specifically when data deemed confidential is being revealed as a result of the web application's design. Examples of sensitive data includes (but is not limited to): account numbers, user identifiers (Drivers license number, Passport number, Social Security Numbers, etc.) and user-specific information (passwords, sessions, addresses). Information Leakage in this context deals with exposure of key user data deemed confidential, or secret, that should not be exposed in plain view, even to the user. Credit card numbers and other heavily regulated information are prime examples of user data that needs to be further protected from exposure or leakage even with proper encryption and access controls already in place.
- Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- https://cwe.mitre.org/data/definitions/200.html
+
+ * Have a clear definition of which information is considered sensitive and which isn't. Take privacy laws, regulatory requirements, and business needs into account.
+ * Store sensitive data only if you have to.
+ * Implement checks for sensitive information in your devops pipeline. Steps that could be taken include stripping developer comments, removing debugging information and sensitive logs, as well as making error messages less verbose.
+ * In situations where the sensitive information must be used, for instance, backend microservices, ensure trust boundaries are appropriately drawn. Example: set up an isolated, well secured kubernetes cluster with well configured access controls, then only grant access to authorized clients.
+ * In situations where error messages need to be returned to the user, use messages that are as generic as possible eg "invalid credentials" instead of "invalid username" or "invalid password".
+ * When using third party technologies, understand how the software works, its configuration, as well as security risks of using it. After understanding the technology, use only the features that you need and disable everything else.
+ * Detailed debug messages are sometimes necessary, for instance, when adding a new feature to an application. In this case, separate the development environment from the production one. Ensure appropriate access controls are implemented for the development environments.
+ * All sensitive data should be encrypted before storage. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
+
+https://portswigger.net/web-security/information-disclosure
+https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure
+https://cwe.mitre.org/data/definitions/200.html
wasc_14
@@ -985,7 +996,17 @@ There are two main types of processes that require validation: flow control and
"Flow control" refers to multi-step processes that require each step to be performed in a specific order by the user. When an attacker performs the step incorrectly or out of order, the access controls may be bypassed and an application integrity error may occur. Examples of multi-step processes include wire transfer, password recovery, purchase checkout, and account sign-up.
"Business logic" refers to the context in which a process will execute as governed by the business requirements. Exploiting a business logic weakness requires knowledge of the business; if no knowledge is needed to exploit it, then most likely it isn't a business logic flaw. Due to this, typical security measures such as scans and code review will not find this class of weakness. One approach to testing is offered by OWASP in their Testing Guide.
-
+ Make sure that all operations within a multi-step process are either performed entirely or not at all. If one step fails, the changes made must be canceled. Fuzzing inputs is a good way to test for anomalies and to verify the results after the flow completes.
+
+Make sure the correct order of steps in the flow is enforced and that the order cannot be changed or bypassed by the user.
+
+Developers and testers must have a solid understanding of the domain that the application serves.
+
+Do not rely on implicit assumptions about how users or different application parts will behave.
+
+Identify all references to other code that interacts with each component and evaluate the possible side-effects if a malicious actor manipulates these dependencies in unexpected ways.
+
+Maintain clear code, design documents, and data flow diagrams for all transactions and workflows, noting any assumptions made at each stage and what the expected behavior is.
https://owasp.org/www-community/vulnerabilities/Business_logic_vulnerability
https://cwe.mitre.org/data/definitions/840.html
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ar_SA.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ar_SA.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ar_SA.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ar_SA.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_az_AZ.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_az_AZ.properties
index 208e14be4f1..820fcc6d0ec 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_az_AZ.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_az_AZ.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_bn_BD.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_bn_BD.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_bn_BD.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_bn_BD.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_bs_BA.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_bs_BA.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_bs_BA.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_bs_BA.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ceb_PH.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ceb_PH.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ceb_PH.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ceb_PH.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_da_DK.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_da_DK.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_da_DK.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_da_DK.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_de_DE.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_de_DE.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_de_DE.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_de_DE.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_el_GR.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_el_GR.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_el_GR.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_el_GR.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_es_ES.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_es_ES.properties
index 3e09effca3a..dcee6d085b9 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_es_ES.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_es_ES.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fa_IR.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fa_IR.properties
index bbd9758cbcb..102b89b8b89 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fa_IR.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fa_IR.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fil_PH.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fil_PH.properties
index 10474cf3e09..2a63a82e913 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fil_PH.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fil_PH.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fr_FR.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fr_FR.properties
index b432ee638f5..f75df334319 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fr_FR.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_fr_FR.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ha_HG.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ha_HG.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ha_HG.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ha_HG.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_he_IL.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_he_IL.properties
index 2a60d69faf0..361472174a3 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_he_IL.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_he_IL.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hi_IN.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hi_IN.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hi_IN.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hi_IN.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hr_HR.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hr_HR.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hr_HR.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hr_HR.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hu_HU.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hu_HU.properties
index 592a5e3c51b..fcbfb6f8927 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hu_HU.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_hu_HU.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_id_ID.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_id_ID.properties
index dc6ce8f9194..41b7eb7fb47 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_id_ID.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_id_ID.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_it_IT.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_it_IT.properties
index 21eb32e5a2d..b30d357fee7 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_it_IT.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_it_IT.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ja_JP.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ja_JP.properties
index 9583199d4c6..ad253ad9f57 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ja_JP.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ja_JP.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ko_KR.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ko_KR.properties
index c11203742bb..a1aaac06fda 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ko_KR.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ko_KR.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_mk_MK.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_mk_MK.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_mk_MK.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_mk_MK.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ms_MY.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ms_MY.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ms_MY.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ms_MY.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_nb_NO.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_nb_NO.properties
index 621a1986d9b..2b81e404d66 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_nb_NO.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_nb_NO.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_nl_NL.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_nl_NL.properties
index cc0ad8830e7..ef41ce8ef77 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_nl_NL.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_nl_NL.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pcm_NG.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pcm_NG.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pcm_NG.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pcm_NG.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pl_PL.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pl_PL.properties
index 6063f63f979..ceb40da7a99 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pl_PL.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pl_PL.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pt_BR.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pt_BR.properties
index 8e17b52cd51..6f3b5749c42 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pt_BR.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pt_BR.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pt_PT.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pt_PT.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pt_PT.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_pt_PT.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ro_RO.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ro_RO.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ro_RO.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ro_RO.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ru_RU.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ru_RU.properties
index 69c746ddff4..99c05a91c92 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ru_RU.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ru_RU.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_si_LK.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_si_LK.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_si_LK.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_si_LK.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sk_SK.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sk_SK.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sk_SK.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sk_SK.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sl_SI.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sl_SI.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sl_SI.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sl_SI.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sq_AL.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sq_AL.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sq_AL.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sq_AL.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sr_CS.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sr_CS.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sr_CS.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sr_CS.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sr_SP.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sr_SP.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sr_SP.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_sr_SP.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_tr_TR.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_tr_TR.properties
index e620f263362..595b0947778 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_tr_TR.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_tr_TR.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_uk_UA.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_uk_UA.properties
index 1298ab9e8e8..42272ec8b3b 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_uk_UA.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_uk_UA.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ur_PK.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ur_PK.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ur_PK.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_ur_PK.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_vi_VN.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_vi_VN.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_vi_VN.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_vi_VN.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_yo_NG.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_yo_NG.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_yo_NG.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_yo_NG.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_zh_CN.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_zh_CN.properties
index f9401e6f50c..6881d8bf88e 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_zh_CN.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_zh_CN.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_zh_TW.properties b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_zh_TW.properties
index f47cb3b70f1..fb18f16abd5 100644
--- a/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_zh_TW.properties
+++ b/addOns/domxss/src/main/resources/org/zaproxy/zap/extension/domxss/resources/Messages_zh_TW.properties
@@ -6,4 +6,5 @@ domxss.step.access = Access\: {0}
domxss.step.click = Click element\: {0}
domxss.step.input = Write to {0} the value\: {1}
domxss.step.intro = The following steps were done to trigger the DOM XSS\:
+domxss.step.partial.xpath = (partial XPath)
domxss.step.payload = With {0} as\: {1}
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ar_SA/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ar_SA/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ar_SA/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ar_SA/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>
+ 鸟儿 becomes an empty string (all characters are dropped).
+
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_az_AZ/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_az_AZ/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_az_AZ/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_az_AZ/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_bs_BA/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_bs_BA/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_bs_BA/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_bs_BA/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_da_DK/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_da_DK/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_da_DK/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_da_DK/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_de_DE/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_de_DE/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_de_DE/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_de_DE/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_el_GR/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_el_GR/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_el_GR/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_el_GR/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_es_ES/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_es_ES/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_es_ES/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_es_ES/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fa_IR/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fa_IR/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fa_IR/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fa_IR/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fil_PH/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fil_PH/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fil_PH/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fil_PH/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fr_FR/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fr_FR/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fr_FR/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_fr_FR/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_hi_IN/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_hi_IN/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_hi_IN/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_hi_IN/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_hu_HU/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_hu_HU/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_hu_HU/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_hu_HU/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_id_ID/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_id_ID/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_id_ID/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_id_ID/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_it_IT/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_it_IT/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_it_IT/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_it_IT/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ja_JP/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ja_JP/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ja_JP/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ja_JP/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ms_MY/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ms_MY/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ms_MY/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ms_MY/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_pl_PL/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_pl_PL/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_pl_PL/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_pl_PL/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_pt_BR/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_pt_BR/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_pt_BR/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_pt_BR/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ro_RO/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ro_RO/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ro_RO/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ro_RO/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ru_RU/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ru_RU/contents/encoder.html
index ff6b73a4540..b2bfe18816c 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ru_RU/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ru_RU/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Декодеры
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Хэшеры
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_sr_CS/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_sr_CS/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_sr_CS/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_sr_CS/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_tr_TR/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_tr_TR/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_tr_TR/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_tr_TR/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ur_PK/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ur_PK/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ur_PK/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_ur_PK/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_zh_CN/contents/encoder.html b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_zh_CN/contents/encoder.html
index 75855dca418..b6c15cd63a4 100644
--- a/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_zh_CN/contents/encoder.html
+++ b/addOns/encoder/src/main/javahelp/org/zaproxy/addon/encoder/resources/help_zh_CN/contents/encoder.html
@@ -144,6 +144,10 @@ Unescaped Unicode Text
Will display the unescaped Unicode characters. For example, the text
%u0041%u00e7%u006f%u0072%u0065%u0073 would be decoded as Açores.
+Morse Code Encoder
+Will display dits (.) and dahs (-) and word breaks (/) representing the provided Alpha Numeric (including space) input.
+For example, the text SOS SOS would be encoded as ... --- .../... --- ....
+
Decoders
ASCII Hex Decode
@@ -152,7 +156,7 @@ ASCII Hex Decode
Base 64 Decode
Will display the base 64 decoding of the text you enter.
-Leveraging a Mime decoder to handle wrapped lines.
+Leveraging a Mime decoder to handle wrapped lines.
Base 64 URL Decode
Will display the base 64 URL decoding of the text you enter. Base64URL is a modification to the primary base 64 standard
@@ -174,6 +178,10 @@ URL Decode
Full URL Decode
Will display the URL decoding of the text you enter (percent signs removed and HEX decoded).
+Morse Code Decoder
+Will display Alpha Numeric (including space) output representing the provided morse code input.
+For example, the text ... --- .../... --- ... would be encoded as SOS SOS.
+
Hashers
MD5 Hash
@@ -198,7 +206,7 @@ To Lower Case
Converts the input to all lower case characters.
Remove Whitespace
-Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
+Removes all whitespace characters from the text, based on Character.isWhiteSpace(char).
Reverse
Reverses the order of the input.
@@ -206,6 +214,20 @@ Reverse
To Upper Case
Converts the input to all upper case characters.
+ASCify
+Converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.
+Examples:
+
+ Tĥïŝ ĩš â fůňķŷ Šťŕĭńġ: fi. étrange. becomes This is a funky String: fi. etrange..>br>鸟儿 becomes an empty string (all characters are dropped).
+
+See also:
+
+
Miscellaneous
PowerShell Encode
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ar_SA.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ar_SA.properties
index 506aeff80f8..98aa4a8a4b0 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ar_SA.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ar_SA.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_az_AZ.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_az_AZ.properties
index 7622dd85069..dd894581d50 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_az_AZ.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_az_AZ.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_bn_BD.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_bn_BD.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_bn_BD.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_bn_BD.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_bs_BA.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_bs_BA.properties
index 46806514777..225b934716d 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_bs_BA.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_bs_BA.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Haš
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ceb_PH.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ceb_PH.properties
index e239fd879c0..d5148d12309 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ceb_PH.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ceb_PH.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 na Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_da_DK.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_da_DK.properties
index ac1bcd68eeb..1af028fd9bc 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_da_DK.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_da_DK.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_de_DE.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_de_DE.properties
index 8cb7bc2dbb1..13fbdb1d60b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_de_DE.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_de_DE.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_el_GR.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_el_GR.properties
index f9ff882641b..97afb340959 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_el_GR.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_el_GR.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = Κατακερματισμός MD5
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_es_ES.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_es_ES.properties
index c9deca5ddd8..1b7ccaeb935 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_es_ES.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_es_ES.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Eliminar panel de salida
encoder.popup.replace.input = Reemplazar Texto Introducido
encoder.popup.title = Codificar/Decodificar/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Decodificicar Base64
encoder.predefined.base64encode = Codificar Base64
encoder.predefined.base64urldecode = Decodificación de URL Base64
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = Decodificación JavaScript
encoder.predefined.javascriptencode = Codificación de JavaScript
encoder.predefined.lowercase = A Minúsculas
encoder.predefined.md5hash = Hash MD5
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = Codificación PowerShell
encoder.predefined.removewhitespace = Eliminar Espacios en Blanco
encoder.predefined.reverse = Reverso
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fa_IR.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fa_IR.properties
index 6e3311eee46..7c07c593137 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fa_IR.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fa_IR.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = هش MD5
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fil_PH.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fil_PH.properties
index d551f58e0b9..3a1e0341e35 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fil_PH.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fil_PH.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Ang decode na Base64
encoder.predefined.base64encode = Ang encode na Base64
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = Ang MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fr_FR.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fr_FR.properties
index f690c95ea77..2c6a5c02100 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fr_FR.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_fr_FR.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = Hachage MD5
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ha_HG.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ha_HG.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ha_HG.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ha_HG.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_he_IL.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_he_IL.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_he_IL.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_he_IL.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hi_IN.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hi_IN.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hi_IN.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hi_IN.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hr_HR.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hr_HR.properties
index 5de7a892301..759c5bd1419 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hr_HR.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hr_HR.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hu_HU.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hu_HU.properties
index 6f90c5641e5..1f4011fe363 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hu_HU.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_hu_HU.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 dekódoló
encoder.predefined.base64encode = Base64 kódolás
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_id_ID.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_id_ID.properties
index 825874c0e0a..9348f5b9b9a 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_id_ID.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_id_ID.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Encode Base 64
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = Hash MD5
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_it_IT.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_it_IT.properties
index 256c84f2ce5..b34065673b8 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_it_IT.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_it_IT.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Elimina Pannello di Output
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Codifica/Decodifica/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Decodifica Base 64
encoder.predefined.base64encode = Codifica Base 64
encoder.predefined.base64urldecode = Decodifica URL Base64
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = Decodifica JavaScript
encoder.predefined.javascriptencode = Codifica JavaScript
encoder.predefined.lowercase = In Minuscole
encoder.predefined.md5hash = Hash MD5
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Rimuovi Spaziatura
encoder.predefined.reverse = Inverti
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ja_JP.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ja_JP.properties
index efc349288b5..886e38ba816 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ja_JP.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ja_JP.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 ハッシュ
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ko_KR.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ko_KR.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ko_KR.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ko_KR.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_mk_MK.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_mk_MK.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_mk_MK.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_mk_MK.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ms_MY.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ms_MY.properties
index ed910c6308a..02d89962e56 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ms_MY.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ms_MY.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_nb_NO.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_nb_NO.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_nb_NO.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_nb_NO.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_nl_NL.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_nl_NL.properties
index 99d65080b96..3a21f3a364b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_nl_NL.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_nl_NL.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decodeer
encoder.predefined.base64encode = Base64 Codeer
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pcm_NG.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pcm_NG.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pcm_NG.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pcm_NG.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pl_PL.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pl_PL.properties
index 0ffa5cb673b..24bb90de22e 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pl_PL.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pl_PL.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Dekodowanie Base 64
encoder.predefined.base64encode = Kodowanie Base 64
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = funkcja skrótu MD5
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pt_BR.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pt_BR.properties
index c4292472ca7..28b12233965 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pt_BR.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pt_BR.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Excluir painel de saída
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Codificar/Decodificar/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Decodificação Base64
encoder.predefined.base64encode = Codificação Base64
encoder.predefined.base64urldecode = Decodificação de URL Base64
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = Descodificação JavaScript
encoder.predefined.javascriptencode = Codificação JavaScript
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = Hash MD5
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverso
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pt_PT.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pt_PT.properties
index cf5bc063712..cd9aca7d252 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pt_PT.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_pt_PT.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ro_RO.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ro_RO.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ro_RO.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ro_RO.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ru_RU.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ru_RU.properties
index 15806fe072a..af70f72b59f 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ru_RU.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ru_RU.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Удалить панель вывода
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Кодировать / декодировать / хешировать ...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Декодирование Base 64
encoder.predefined.base64encode = Кодирование Base 64
encoder.predefined.base64urldecode = Расшифровка URL-адреса Base64
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = Декодирование JavaScript
encoder.predefined.javascriptencode = Кодирование JavaScript
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = Хэширование MD5
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Обратный
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_si_LK.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_si_LK.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_si_LK.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_si_LK.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sk_SK.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sk_SK.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sk_SK.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sk_SK.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sl_SI.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sl_SI.properties
index 41bcf3bfbe9..da10047b781 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sl_SI.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sl_SI.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sq_AL.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sq_AL.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sq_AL.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sq_AL.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sr_CS.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sr_CS.properties
index 63263aecb5c..11d9b059c06 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sr_CS.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sr_CS.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sr_SP.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sr_SP.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sr_SP.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_sr_SP.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_tr_TR.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_tr_TR.properties
index 567a9744948..1e8a058ff01 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_tr_TR.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_tr_TR.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_uk_UA.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_uk_UA.properties
index d43af2f6f8d..cfca284506e 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_uk_UA.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_uk_UA.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Видалити панель виводу
encoder.popup.replace.input = Замінити вхідний текст
encoder.popup.title = Кодувати, декодувати або гешувати...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Декодування Base64
encoder.predefined.base64encode = Кодування Base64
encoder.predefined.base64urldecode = Декодування URL-адреси Base64
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = Декодування JavaScript
encoder.predefined.javascriptencode = Кодування JavaScript
encoder.predefined.lowercase = До нижнього регістру\n
encoder.predefined.md5hash = MD5 геш
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = Кодування PowerShell
encoder.predefined.removewhitespace = Видалити пробіли
encoder.predefined.reverse = Зворотній
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ur_PK.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ur_PK.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ur_PK.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_ur_PK.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_vi_VN.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_vi_VN.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_vi_VN.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_vi_VN.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_yo_NG.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_yo_NG.properties
index 4ad4ccc3be9..a44d17e941b 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_yo_NG.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_yo_NG.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_zh_CN.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_zh_CN.properties
index cb8e7f6e342..909c80a6b74 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_zh_CN.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_zh_CN.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = 删除输出面板
encoder.popup.replace.input = 替换输入文本
encoder.popup.title = 编码/解码/哈希...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 解码
encoder.predefined.base64encode = Base 64 编码
encoder.predefined.base64urldecode = Base64 URL 解码
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript 解码
encoder.predefined.javascriptencode = JavaScript 编码
encoder.predefined.lowercase = 转为小写
encoder.predefined.md5hash = MD5 哈希
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell 编码
encoder.predefined.removewhitespace = 移除空白字符
encoder.predefined.reverse = 反转
diff --git a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_zh_TW.properties b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_zh_TW.properties
index 7a740940917..66b64354384 100644
--- a/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_zh_TW.properties
+++ b/addOns/encoder/src/main/resources/org/zaproxy/addon/encoder/resources/Messages_zh_TW.properties
@@ -31,6 +31,7 @@ encoder.popup.delete = Delete Output Panel
encoder.popup.replace.input = Replace Input Text
encoder.popup.title = Encode/Decode/Hash...
+encoder.predefined.ascify = ASCify (Strip accents, etc)
encoder.predefined.base64decode = Base64 Decode
encoder.predefined.base64encode = Base64 Encode
encoder.predefined.base64urldecode = Base64 URL Decode
@@ -49,6 +50,9 @@ encoder.predefined.javascriptdecode = JavaScript Decode
encoder.predefined.javascriptencode = JavaScript Encode
encoder.predefined.lowercase = To Lower Case
encoder.predefined.md5hash = MD5 Hash
+encoder.predefined.morse.error = Input contains one or more characters which can't be converted.
+encoder.predefined.morsecodedecode = Morse Code Decoder
+encoder.predefined.morsecodeencode = Morse Code Encoder
encoder.predefined.powershellencode = PowerShell Encode
encoder.predefined.removewhitespace = Remove Whitespace
encoder.predefined.reverse = Reverse
diff --git a/addOns/exim/src/main/javahelp/help_ar_SA/contents/automation.html b/addOns/exim/src/main/javahelp/help_ar_SA/contents/automation.html
index 2b5d20e7c62..2d9c0b7fca1 100644
--- a/addOns/exim/src/main/javahelp/help_ar_SA/contents/automation.html
+++ b/addOns/exim/src/main/javahelp/help_ar_SA/contents/automation.html
@@ -13,7 +13,7 @@ Automation Framework Support
Job: import
-The import job allows you to import HAR(HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
+The import job allows you to import HAR (HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
- type: import # Import a file of requests
parameters:
@@ -21,5 +21,31 @@ Job: import
fileName: # String: Name of the file containing the data
+Job: export
+The export job allows you to export messages in HAR format or as URLs as well as exporting the Sites Tree in the Sites Tree format.
+The supported sources are:
+
+- all: all messages, including those generated by ZAP, supports 'har' and 'url'
+
- history: the manually/proxied messages, supports 'har' and 'url'
+
- sitestree: the ZAP Sites Tree, supports 'yaml'
+
+
+ - type: export # Exports data into a file
+ parameters:
+ context: # String: Name of the context from which to export. Default: first context
+ type: # String: One of 'har', 'url', 'yaml'. Default: 'har'
+ source: # String: One of 'history', 'sitestree', 'all'. Default: 'history'
+ fileName: # String: Name/path to the file
+
+
+Job: prune
+The prune job allows you to remove nodes from the Sites Tree using data from a file.
+The file should use the Sites Tree format.
+
+ - type: prune # Prunes nodes from the Sites Tree using Sites Tree data (YAML) from a file
+ parameters:
+ fileName: # String: Name/path to the file
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_ar_SA/contents/exim.html b/addOns/exim/src/main/javahelp/help_ar_SA/contents/exim.html
index 6d8c2fdc415..ff6a3967ee1 100644
--- a/addOns/exim/src/main/javahelp/help_ar_SA/contents/exim.html
+++ b/addOns/exim/src/main/javahelp/help_ar_SA/contents/exim.html
@@ -8,20 +8,28 @@
-Copy URLs
+Import/Export
+
+This add-on allows you to import and export ZAP data in a range of formats.
+
+It supports the Automation Framework.
+
+
Menus
+
+Copy URLs
A context menu item to Copy URLs to the system clipboard.
-Save Selected Entries as HAR (HTTP Archive File)
+Save Selected Entries as HAR (HTTP Archive File)
A context menu item to save the selected HTTP messages in HAR format.
-Save Raw Message
+Save Raw Message
Provides a context menu to save content of HTTP messages as binary.
(While the files will probably open in a simple editor it may have null characters or malformed bytes.)
-Save XML Message
+Save XML Message
Provides a context menu to save content of HTTP messages as XML.
-Import HAR (HTTP Archive File)
+Import HAR (HTTP Archive File)
An option to import messages from a HTTP Archive (HAR), available via the 'Import' menu.
Note: The following modifications may be made when importing a HAR (HTTP Archive File):
@@ -29,57 +37,61 @@ Import HAR (HTTP Archive File)
- Missing HTTP Version - If the message is missing the httpVersion attribute it will be set to "HTTP/1.1".
- HTTP Version 3 - If the message has its httpVersion attribute set as "h3", "http/3", "http/3.0" it will be set to "HTTP/2".
- Carriage return (CR) or Line feed (LF) in Headers - If the message contains headers with CR or LF, the CRLF(s) will be removed.
-
-Import Log File
+Import Log File
Allows you to import log files from ModSecurity and files previously exported from ZAP.
-Import URLs
+Import URLs
An option to import a file of URLs is available via the 'Import' menu ('Import a File Containing URLs'). The file must be plain text with one URL per line.
Blank lines and lines starting with # will be ignored.
-
-It also supports the Automation Framework.
+Tools / Prune Sites Tree...
+This allows you to prune URLs from the Sites Tree using a file in the Sites Tree format
-Export
+Export
The add-on also adds a top level "Export" menu, providing the following functionality.
-Export Messages to File...
+Save Messages...
This allows you to save requests and responses to a text file.
Select the messages to save in the History tab (including multi-select).
-Export Response to File...
+Save Responses...
This allows you to save a specific responses to a file.
Select the relevant message in the History tab -
note that binary responses (such as images) can be saved as well as text responses.
-Export All URLs to File...
-This allows you to save all of the URLs accessed to a text or HTML file.
+Save Sites Tree...
+This allows you to save the Sites Tree in the Sites Tree format
+
+Save All URLs...
+This allows you to save all the accessed URLs to a text or HTML file.
This can be used, amongst other things, to compare the URLs available to users with
different roles or permissions on the same system.
(Also consider leveraging the Access Control Testing add-on.)
-This functionality is also available via the right-click context menu.
-
-Export Selected URLs to File...
-Based on the selection (including multi-select) in the Sites tree all URLs and child URLs of selected
-nodes are exported.
-This functionality is also available via the right-click context menu.
+This functionality is also available via the right-click context menu in the Sites tree panel.
-Export URLs for Context
-All URLs in the Sites tree that fall within the selected context are exported. This functionality is
-also available from the right-click menu when used on a Context node in the Sites tree panel.
+Save URLs...
+All URLs in the Sites tree that fall within the selected node are exported. This functionality is
+also available from the right-click menu when used on a Site or Context node in the Sites tree panel.
-ZAP API
+ZAP API
This add-on also exposes various ZAP API endpoints to facilitate programmatic use of the functionality.
+
+Actions
- /exim/action/importHar (filePath*)/exim/action/importModsec2Logs (filePath*)/exim/action/importUrls (filePath*)/exim/action/importZapLogs (filePath*)- ---
- /exim/other/exportHar (baseurl start count)/exim/other/exportHarById (ids*)/exim/other/sendHarRequest (request* followRedirects)exportSitesTree (filePath* ) Exports the Sites Tree in the Sites Tree YAML format.importHar (filePath* ) Imports a HAR file.importModsec2Logs (filePath* ) Imports ModSecurity2 logs from the file with the given file system path.importUrls (filePath* ) Imports URLs (one per line) from the file with the given file system path.importZapLogs (filePath* ) Imports previously exported ZAP messages from the file with the given file system path.pruneSitesTree (filePath* ) Prunes the Sites Tree based on a file in the Sites Tree YAML format.
+
+Others
+
exportHar (baseurl start count ) Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messagesexportHarById (ids* ) Gets the HTTP messages with the given IDs, in HAR format.sendHarRequest (request* followRedirects ) Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
diff --git a/addOns/exim/src/main/javahelp/help_ar_SA/contents/sitestreeformat.html b/addOns/exim/src/main/javahelp/help_ar_SA/contents/sitestreeformat.html
new file mode 100644
index 00000000000..76cea587905
--- /dev/null
+++ b/addOns/exim/src/main/javahelp/help_ar_SA/contents/sitestreeformat.html
@@ -0,0 +1,67 @@
+
+
+
+
+
+ Sites Tree File Format
+
+
+
+
+Sites Tree File Format
+
+The Sites Tree Format is a YAML representation of the ZAP Sites Tree.
+It is a hierarchy of nodes, each of which represents all of the essential information needed to uniquely identify the corresponding node in the Sites tree.
+
+Each node has the following format:
+
+
+ - node: # The name of the node, as shown in the ZAP Sites Tree
+ url: # The URL it represents, present for all apart from the top node
+ method: # The HTTP method, present for all apart from the top node
+ responseLength: # The length of the response, where relevant
+ statusCode: # The HTTP status code, where relevant
+ data: # The names of the data parameters, if any, separated with '=&'s
+ children: # A list of child nodes, present for all nodes apart from the leaves
+
+
+
+This format is used by the Automation Framework export and prune jobs, and by the corresponding
+desktop menus.
+
+
+A full simple example:
+
+
+- node: Sites
+ children:
+ - node: https://www.example.com
+ url: https://www.example.com
+ method: GET
+ children:
+ - node: missing
+ url: https://www.example.com/missing
+ method: GET
+ responseLength: 1221
+ statusCode: 404
+ - node: path
+ url: https://www.example.com/path
+ method: GET
+ responseLength: 1234
+ statusCode: 200
+ children:
+ - node: GET:query(q)
+ url: https://www.example.com/seq/query?q=search
+ method: GET
+ responseLength: 2345
+ statusCode: 200
+ - node: submit
+ url: https://www.example.com/seq/submit()(field1,field2,field3)
+ method: POST
+ data: field1=&field2=&field3=
+ responseLength: 3456
+ statusCode: 200
+
+
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_ar_SA/index.xml b/addOns/exim/src/main/javahelp/help_ar_SA/index.xml
index 976f7c3edea..4f7e3790c28 100644
--- a/addOns/exim/src/main/javahelp/help_ar_SA/index.xml
+++ b/addOns/exim/src/main/javahelp/help_ar_SA/index.xml
@@ -3,4 +3,5 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_ar_SA/toc.xml b/addOns/exim/src/main/javahelp/help_ar_SA/toc.xml
index 35069527f0a..0270e012e42 100644
--- a/addOns/exim/src/main/javahelp/help_ar_SA/toc.xml
+++ b/addOns/exim/src/main/javahelp/help_ar_SA/toc.xml
@@ -5,6 +5,7 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_az_AZ/contents/automation.html b/addOns/exim/src/main/javahelp/help_az_AZ/contents/automation.html
index 2b5d20e7c62..2d9c0b7fca1 100644
--- a/addOns/exim/src/main/javahelp/help_az_AZ/contents/automation.html
+++ b/addOns/exim/src/main/javahelp/help_az_AZ/contents/automation.html
@@ -13,7 +13,7 @@ Automation Framework Support
Job: import
-The import job allows you to import HAR(HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
+The import job allows you to import HAR (HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
- type: import # Import a file of requests
parameters:
@@ -21,5 +21,31 @@ Job: import
fileName: # String: Name of the file containing the data
+Job: export
+The export job allows you to export messages in HAR format or as URLs as well as exporting the Sites Tree in the Sites Tree format.
+The supported sources are:
+
+- all: all messages, including those generated by ZAP, supports 'har' and 'url'
+
- history: the manually/proxied messages, supports 'har' and 'url'
+
- sitestree: the ZAP Sites Tree, supports 'yaml'
+
+
+ - type: export # Exports data into a file
+ parameters:
+ context: # String: Name of the context from which to export. Default: first context
+ type: # String: One of 'har', 'url', 'yaml'. Default: 'har'
+ source: # String: One of 'history', 'sitestree', 'all'. Default: 'history'
+ fileName: # String: Name/path to the file
+
+
+Job: prune
+The prune job allows you to remove nodes from the Sites Tree using data from a file.
+The file should use the Sites Tree format.
+
+ - type: prune # Prunes nodes from the Sites Tree using Sites Tree data (YAML) from a file
+ parameters:
+ fileName: # String: Name/path to the file
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_az_AZ/contents/exim.html b/addOns/exim/src/main/javahelp/help_az_AZ/contents/exim.html
index 6d8c2fdc415..ff6a3967ee1 100644
--- a/addOns/exim/src/main/javahelp/help_az_AZ/contents/exim.html
+++ b/addOns/exim/src/main/javahelp/help_az_AZ/contents/exim.html
@@ -8,20 +8,28 @@
-Copy URLs
+Import/Export
+
+This add-on allows you to import and export ZAP data in a range of formats.
+
+It supports the Automation Framework.
+
+
Menus
+
+Copy URLs
A context menu item to Copy URLs to the system clipboard.
-Save Selected Entries as HAR (HTTP Archive File)
+Save Selected Entries as HAR (HTTP Archive File)
A context menu item to save the selected HTTP messages in HAR format.
-Save Raw Message
+Save Raw Message
Provides a context menu to save content of HTTP messages as binary.
(While the files will probably open in a simple editor it may have null characters or malformed bytes.)
-Save XML Message
+Save XML Message
Provides a context menu to save content of HTTP messages as XML.
-Import HAR (HTTP Archive File)
+Import HAR (HTTP Archive File)
An option to import messages from a HTTP Archive (HAR), available via the 'Import' menu.
Note: The following modifications may be made when importing a HAR (HTTP Archive File):
@@ -29,57 +37,61 @@ Import HAR (HTTP Archive File)
Missing HTTP Version - If the message is missing the httpVersion attribute it will be set to "HTTP/1.1".
HTTP Version 3 - If the message has its httpVersion attribute set as "h3", "http/3", "http/3.0" it will be set to "HTTP/2".
Carriage return (CR) or Line feed (LF) in Headers - If the message contains headers with CR or LF, the CRLF(s) will be removed.
-
-Import Log File
+Import Log File
Allows you to import log files from ModSecurity and files previously exported from ZAP.
-Import URLs
+Import URLs
An option to import a file of URLs is available via the 'Import' menu ('Import a File Containing URLs'). The file must be plain text with one URL per line.
Blank lines and lines starting with # will be ignored.
-
-It also supports the Automation Framework.
+Tools / Prune Sites Tree...
+This allows you to prune URLs from the Sites Tree using a file in the Sites Tree format
-Export
+Export
The add-on also adds a top level "Export" menu, providing the following functionality.
-Export Messages to File...
+Save Messages...
This allows you to save requests and responses to a text file.
Select the messages to save in the History tab (including multi-select).
-Export Response to File...
+Save Responses...
This allows you to save a specific responses to a file.
Select the relevant message in the History tab -
note that binary responses (such as images) can be saved as well as text responses.
-Export All URLs to File...
-This allows you to save all of the URLs accessed to a text or HTML file.
+Save Sites Tree...
+This allows you to save the Sites Tree in the Sites Tree format
+
+Save All URLs...
+This allows you to save all the accessed URLs to a text or HTML file.
This can be used, amongst other things, to compare the URLs available to users with
different roles or permissions on the same system.
(Also consider leveraging the Access Control Testing add-on.)
-This functionality is also available via the right-click context menu.
-
-Export Selected URLs to File...
-Based on the selection (including multi-select) in the Sites tree all URLs and child URLs of selected
-nodes are exported.
-This functionality is also available via the right-click context menu.
+This functionality is also available via the right-click context menu in the Sites tree panel.
-Export URLs for Context
-All URLs in the Sites tree that fall within the selected context are exported. This functionality is
-also available from the right-click menu when used on a Context node in the Sites tree panel.
+Save URLs...
+All URLs in the Sites tree that fall within the selected node are exported. This functionality is
+also available from the right-click menu when used on a Site or Context node in the Sites tree panel.
-ZAP API
+ZAP API
This add-on also exposes various ZAP API endpoints to facilitate programmatic use of the functionality.
+
+Actions
- /exim/action/importHar (filePath*)/exim/action/importModsec2Logs (filePath*)/exim/action/importUrls (filePath*)/exim/action/importZapLogs (filePath*)- ---
- /exim/other/exportHar (baseurl start count)/exim/other/exportHarById (ids*)/exim/other/sendHarRequest (request* followRedirects)exportSitesTree (filePath* ) Exports the Sites Tree in the Sites Tree YAML format.importHar (filePath* ) Imports a HAR file.importModsec2Logs (filePath* ) Imports ModSecurity2 logs from the file with the given file system path.importUrls (filePath* ) Imports URLs (one per line) from the file with the given file system path.importZapLogs (filePath* ) Imports previously exported ZAP messages from the file with the given file system path.pruneSitesTree (filePath* ) Prunes the Sites Tree based on a file in the Sites Tree YAML format.
+
+Others
+
exportHar (baseurl start count ) Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
+ exportHarById (ids* ) Gets the HTTP messages with the given IDs, in HAR format.
+ sendHarRequest (request* followRedirects ) Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
diff --git a/addOns/exim/src/main/javahelp/help_az_AZ/contents/sitestreeformat.html b/addOns/exim/src/main/javahelp/help_az_AZ/contents/sitestreeformat.html
new file mode 100644
index 00000000000..76cea587905
--- /dev/null
+++ b/addOns/exim/src/main/javahelp/help_az_AZ/contents/sitestreeformat.html
@@ -0,0 +1,67 @@
+
+
+
+
+
+ Sites Tree File Format
+
+
+
+
+Sites Tree File Format
+
+The Sites Tree Format is a YAML representation of the ZAP Sites Tree.
+It is a hierarchy of nodes, each of which represents all of the essential information needed to uniquely identify the corresponding node in the Sites tree.
+
+Each node has the following format:
+
+
+ - node: # The name of the node, as shown in the ZAP Sites Tree
+ url: # The URL it represents, present for all apart from the top node
+ method: # The HTTP method, present for all apart from the top node
+ responseLength: # The length of the response, where relevant
+ statusCode: # The HTTP status code, where relevant
+ data: # The names of the data parameters, if any, separated with '=&'s
+ children: # A list of child nodes, present for all nodes apart from the leaves
+
+
+
+This format is used by the Automation Framework export and prune jobs, and by the corresponding
+desktop menus.
+
+
+A full simple example:
+
+
+- node: Sites
+ children:
+ - node: https://www.example.com
+ url: https://www.example.com
+ method: GET
+ children:
+ - node: missing
+ url: https://www.example.com/missing
+ method: GET
+ responseLength: 1221
+ statusCode: 404
+ - node: path
+ url: https://www.example.com/path
+ method: GET
+ responseLength: 1234
+ statusCode: 200
+ children:
+ - node: GET:query(q)
+ url: https://www.example.com/seq/query?q=search
+ method: GET
+ responseLength: 2345
+ statusCode: 200
+ - node: submit
+ url: https://www.example.com/seq/submit()(field1,field2,field3)
+ method: POST
+ data: field1=&field2=&field3=
+ responseLength: 3456
+ statusCode: 200
+
+
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_az_AZ/index.xml b/addOns/exim/src/main/javahelp/help_az_AZ/index.xml
index 976f7c3edea..4f7e3790c28 100644
--- a/addOns/exim/src/main/javahelp/help_az_AZ/index.xml
+++ b/addOns/exim/src/main/javahelp/help_az_AZ/index.xml
@@ -3,4 +3,5 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_az_AZ/toc.xml b/addOns/exim/src/main/javahelp/help_az_AZ/toc.xml
index 35069527f0a..0270e012e42 100644
--- a/addOns/exim/src/main/javahelp/help_az_AZ/toc.xml
+++ b/addOns/exim/src/main/javahelp/help_az_AZ/toc.xml
@@ -5,6 +5,7 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_bs_BA/contents/automation.html b/addOns/exim/src/main/javahelp/help_bs_BA/contents/automation.html
index 2b5d20e7c62..2d9c0b7fca1 100644
--- a/addOns/exim/src/main/javahelp/help_bs_BA/contents/automation.html
+++ b/addOns/exim/src/main/javahelp/help_bs_BA/contents/automation.html
@@ -13,7 +13,7 @@ Automation Framework Support
Job: import
-The import job allows you to import HAR(HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
+The import job allows you to import HAR (HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
- type: import # Import a file of requests
parameters:
@@ -21,5 +21,31 @@ Job: import
fileName: # String: Name of the file containing the data
+Job: export
+The export job allows you to export messages in HAR format or as URLs as well as exporting the Sites Tree in the Sites Tree format.
+The supported sources are:
+
+- all: all messages, including those generated by ZAP, supports 'har' and 'url'
+
- history: the manually/proxied messages, supports 'har' and 'url'
+
- sitestree: the ZAP Sites Tree, supports 'yaml'
+
+
+ - type: export # Exports data into a file
+ parameters:
+ context: # String: Name of the context from which to export. Default: first context
+ type: # String: One of 'har', 'url', 'yaml'. Default: 'har'
+ source: # String: One of 'history', 'sitestree', 'all'. Default: 'history'
+ fileName: # String: Name/path to the file
+
+
+Job: prune
+The prune job allows you to remove nodes from the Sites Tree using data from a file.
+The file should use the Sites Tree format.
+
+ - type: prune # Prunes nodes from the Sites Tree using Sites Tree data (YAML) from a file
+ parameters:
+ fileName: # String: Name/path to the file
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_bs_BA/contents/exim.html b/addOns/exim/src/main/javahelp/help_bs_BA/contents/exim.html
index 6d8c2fdc415..ff6a3967ee1 100644
--- a/addOns/exim/src/main/javahelp/help_bs_BA/contents/exim.html
+++ b/addOns/exim/src/main/javahelp/help_bs_BA/contents/exim.html
@@ -8,20 +8,28 @@
-Copy URLs
+Import/Export
+
+This add-on allows you to import and export ZAP data in a range of formats.
+
+It supports the Automation Framework.
+
+
Menus
+
+Copy URLs
A context menu item to Copy URLs to the system clipboard.
-Save Selected Entries as HAR (HTTP Archive File)
+Save Selected Entries as HAR (HTTP Archive File)
A context menu item to save the selected HTTP messages in HAR format.
-Save Raw Message
+Save Raw Message
Provides a context menu to save content of HTTP messages as binary.
(While the files will probably open in a simple editor it may have null characters or malformed bytes.)
-Save XML Message
+Save XML Message
Provides a context menu to save content of HTTP messages as XML.
-Import HAR (HTTP Archive File)
+Import HAR (HTTP Archive File)
An option to import messages from a HTTP Archive (HAR), available via the 'Import' menu.
Note: The following modifications may be made when importing a HAR (HTTP Archive File):
@@ -29,57 +37,61 @@ Import HAR (HTTP Archive File)
Missing HTTP Version - If the message is missing the httpVersion attribute it will be set to "HTTP/1.1".
HTTP Version 3 - If the message has its httpVersion attribute set as "h3", "http/3", "http/3.0" it will be set to "HTTP/2".
Carriage return (CR) or Line feed (LF) in Headers - If the message contains headers with CR or LF, the CRLF(s) will be removed.
-
-Import Log File
+Import Log File
Allows you to import log files from ModSecurity and files previously exported from ZAP.
-Import URLs
+Import URLs
An option to import a file of URLs is available via the 'Import' menu ('Import a File Containing URLs'). The file must be plain text with one URL per line.
Blank lines and lines starting with # will be ignored.
-
-It also supports the Automation Framework.
+Tools / Prune Sites Tree...
+This allows you to prune URLs from the Sites Tree using a file in the Sites Tree format
-Export
+Export
The add-on also adds a top level "Export" menu, providing the following functionality.
-Export Messages to File...
+Save Messages...
This allows you to save requests and responses to a text file.
Select the messages to save in the History tab (including multi-select).
-Export Response to File...
+Save Responses...
This allows you to save a specific responses to a file.
Select the relevant message in the History tab -
note that binary responses (such as images) can be saved as well as text responses.
-Export All URLs to File...
-This allows you to save all of the URLs accessed to a text or HTML file.
+Save Sites Tree...
+This allows you to save the Sites Tree in the Sites Tree format
+
+Save All URLs...
+This allows you to save all the accessed URLs to a text or HTML file.
This can be used, amongst other things, to compare the URLs available to users with
different roles or permissions on the same system.
(Also consider leveraging the Access Control Testing add-on.)
-This functionality is also available via the right-click context menu.
-
-Export Selected URLs to File...
-Based on the selection (including multi-select) in the Sites tree all URLs and child URLs of selected
-nodes are exported.
-This functionality is also available via the right-click context menu.
+This functionality is also available via the right-click context menu in the Sites tree panel.
-Export URLs for Context
-All URLs in the Sites tree that fall within the selected context are exported. This functionality is
-also available from the right-click menu when used on a Context node in the Sites tree panel.
+Save URLs...
+All URLs in the Sites tree that fall within the selected node are exported. This functionality is
+also available from the right-click menu when used on a Site or Context node in the Sites tree panel.
-ZAP API
+ZAP API
This add-on also exposes various ZAP API endpoints to facilitate programmatic use of the functionality.
+
+Actions
- /exim/action/importHar (filePath*)/exim/action/importModsec2Logs (filePath*)/exim/action/importUrls (filePath*)/exim/action/importZapLogs (filePath*)- ---
- /exim/other/exportHar (baseurl start count)/exim/other/exportHarById (ids*)/exim/other/sendHarRequest (request* followRedirects)exportSitesTree (filePath* ) Exports the Sites Tree in the Sites Tree YAML format.importHar (filePath* ) Imports a HAR file.importModsec2Logs (filePath* ) Imports ModSecurity2 logs from the file with the given file system path.importUrls (filePath* ) Imports URLs (one per line) from the file with the given file system path.importZapLogs (filePath* ) Imports previously exported ZAP messages from the file with the given file system path.pruneSitesTree (filePath* ) Prunes the Sites Tree based on a file in the Sites Tree YAML format.
+
+Others
+
exportHar (baseurl start count ) Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
+ exportHarById (ids* ) Gets the HTTP messages with the given IDs, in HAR format.
+ sendHarRequest (request* followRedirects ) Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
diff --git a/addOns/exim/src/main/javahelp/help_bs_BA/contents/sitestreeformat.html b/addOns/exim/src/main/javahelp/help_bs_BA/contents/sitestreeformat.html
new file mode 100644
index 00000000000..76cea587905
--- /dev/null
+++ b/addOns/exim/src/main/javahelp/help_bs_BA/contents/sitestreeformat.html
@@ -0,0 +1,67 @@
+
+
+
+
+
+ Sites Tree File Format
+
+
+
+
+Sites Tree File Format
+
+The Sites Tree Format is a YAML representation of the ZAP Sites Tree.
+It is a hierarchy of nodes, each of which represents all of the essential information needed to uniquely identify the corresponding node in the Sites tree.
+
+Each node has the following format:
+
+
+ - node: # The name of the node, as shown in the ZAP Sites Tree
+ url: # The URL it represents, present for all apart from the top node
+ method: # The HTTP method, present for all apart from the top node
+ responseLength: # The length of the response, where relevant
+ statusCode: # The HTTP status code, where relevant
+ data: # The names of the data parameters, if any, separated with '=&'s
+ children: # A list of child nodes, present for all nodes apart from the leaves
+
+
+
+This format is used by the Automation Framework export and prune jobs, and by the corresponding
+desktop menus.
+
+
+A full simple example:
+
+
+- node: Sites
+ children:
+ - node: https://www.example.com
+ url: https://www.example.com
+ method: GET
+ children:
+ - node: missing
+ url: https://www.example.com/missing
+ method: GET
+ responseLength: 1221
+ statusCode: 404
+ - node: path
+ url: https://www.example.com/path
+ method: GET
+ responseLength: 1234
+ statusCode: 200
+ children:
+ - node: GET:query(q)
+ url: https://www.example.com/seq/query?q=search
+ method: GET
+ responseLength: 2345
+ statusCode: 200
+ - node: submit
+ url: https://www.example.com/seq/submit()(field1,field2,field3)
+ method: POST
+ data: field1=&field2=&field3=
+ responseLength: 3456
+ statusCode: 200
+
+
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_bs_BA/index.xml b/addOns/exim/src/main/javahelp/help_bs_BA/index.xml
index 976f7c3edea..4f7e3790c28 100644
--- a/addOns/exim/src/main/javahelp/help_bs_BA/index.xml
+++ b/addOns/exim/src/main/javahelp/help_bs_BA/index.xml
@@ -3,4 +3,5 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_bs_BA/toc.xml b/addOns/exim/src/main/javahelp/help_bs_BA/toc.xml
index 35069527f0a..0270e012e42 100644
--- a/addOns/exim/src/main/javahelp/help_bs_BA/toc.xml
+++ b/addOns/exim/src/main/javahelp/help_bs_BA/toc.xml
@@ -5,6 +5,7 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_da_DK/contents/automation.html b/addOns/exim/src/main/javahelp/help_da_DK/contents/automation.html
index 2b5d20e7c62..2d9c0b7fca1 100644
--- a/addOns/exim/src/main/javahelp/help_da_DK/contents/automation.html
+++ b/addOns/exim/src/main/javahelp/help_da_DK/contents/automation.html
@@ -13,7 +13,7 @@ Automation Framework Support
Job: import
-The import job allows you to import HAR(HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
+The import job allows you to import HAR (HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
- type: import # Import a file of requests
parameters:
@@ -21,5 +21,31 @@ Job: import
fileName: # String: Name of the file containing the data
+Job: export
+The export job allows you to export messages in HAR format or as URLs as well as exporting the Sites Tree in the Sites Tree format.
+The supported sources are:
+
+- all: all messages, including those generated by ZAP, supports 'har' and 'url'
+
- history: the manually/proxied messages, supports 'har' and 'url'
+
- sitestree: the ZAP Sites Tree, supports 'yaml'
+
+
+ - type: export # Exports data into a file
+ parameters:
+ context: # String: Name of the context from which to export. Default: first context
+ type: # String: One of 'har', 'url', 'yaml'. Default: 'har'
+ source: # String: One of 'history', 'sitestree', 'all'. Default: 'history'
+ fileName: # String: Name/path to the file
+
+
+Job: prune
+The prune job allows you to remove nodes from the Sites Tree using data from a file.
+The file should use the Sites Tree format.
+
+ - type: prune # Prunes nodes from the Sites Tree using Sites Tree data (YAML) from a file
+ parameters:
+ fileName: # String: Name/path to the file
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_da_DK/contents/exim.html b/addOns/exim/src/main/javahelp/help_da_DK/contents/exim.html
index 6d8c2fdc415..ff6a3967ee1 100644
--- a/addOns/exim/src/main/javahelp/help_da_DK/contents/exim.html
+++ b/addOns/exim/src/main/javahelp/help_da_DK/contents/exim.html
@@ -8,20 +8,28 @@
-Copy URLs
+Import/Export
+
+This add-on allows you to import and export ZAP data in a range of formats.
+
+It supports the Automation Framework.
+
+
Menus
+
+Copy URLs
A context menu item to Copy URLs to the system clipboard.
-Save Selected Entries as HAR (HTTP Archive File)
+Save Selected Entries as HAR (HTTP Archive File)
A context menu item to save the selected HTTP messages in HAR format.
-Save Raw Message
+Save Raw Message
Provides a context menu to save content of HTTP messages as binary.
(While the files will probably open in a simple editor it may have null characters or malformed bytes.)
-Save XML Message
+Save XML Message
Provides a context menu to save content of HTTP messages as XML.
-Import HAR (HTTP Archive File)
+Import HAR (HTTP Archive File)
An option to import messages from a HTTP Archive (HAR), available via the 'Import' menu.
Note: The following modifications may be made when importing a HAR (HTTP Archive File):
@@ -29,57 +37,61 @@ Import HAR (HTTP Archive File)
Missing HTTP Version - If the message is missing the httpVersion attribute it will be set to "HTTP/1.1".
HTTP Version 3 - If the message has its httpVersion attribute set as "h3", "http/3", "http/3.0" it will be set to "HTTP/2".
Carriage return (CR) or Line feed (LF) in Headers - If the message contains headers with CR or LF, the CRLF(s) will be removed.
-
-Import Log File
+Import Log File
Allows you to import log files from ModSecurity and files previously exported from ZAP.
-Import URLs
+Import URLs
An option to import a file of URLs is available via the 'Import' menu ('Import a File Containing URLs'). The file must be plain text with one URL per line.
Blank lines and lines starting with # will be ignored.
-
-It also supports the Automation Framework.
+Tools / Prune Sites Tree...
+This allows you to prune URLs from the Sites Tree using a file in the Sites Tree format
-Export
+Export
The add-on also adds a top level "Export" menu, providing the following functionality.
-Export Messages to File...
+Save Messages...
This allows you to save requests and responses to a text file.
Select the messages to save in the History tab (including multi-select).
-Export Response to File...
+Save Responses...
This allows you to save a specific responses to a file.
Select the relevant message in the History tab -
note that binary responses (such as images) can be saved as well as text responses.
-Export All URLs to File...
-This allows you to save all of the URLs accessed to a text or HTML file.
+Save Sites Tree...
+This allows you to save the Sites Tree in the Sites Tree format
+
+Save All URLs...
+This allows you to save all the accessed URLs to a text or HTML file.
This can be used, amongst other things, to compare the URLs available to users with
different roles or permissions on the same system.
(Also consider leveraging the Access Control Testing add-on.)
-This functionality is also available via the right-click context menu.
-
-Export Selected URLs to File...
-Based on the selection (including multi-select) in the Sites tree all URLs and child URLs of selected
-nodes are exported.
-This functionality is also available via the right-click context menu.
+This functionality is also available via the right-click context menu in the Sites tree panel.
-Export URLs for Context
-All URLs in the Sites tree that fall within the selected context are exported. This functionality is
-also available from the right-click menu when used on a Context node in the Sites tree panel.
+Save URLs...
+All URLs in the Sites tree that fall within the selected node are exported. This functionality is
+also available from the right-click menu when used on a Site or Context node in the Sites tree panel.
-ZAP API
+ZAP API
This add-on also exposes various ZAP API endpoints to facilitate programmatic use of the functionality.
+
+Actions
- /exim/action/importHar (filePath*)/exim/action/importModsec2Logs (filePath*)/exim/action/importUrls (filePath*)/exim/action/importZapLogs (filePath*)- ---
- /exim/other/exportHar (baseurl start count)/exim/other/exportHarById (ids*)/exim/other/sendHarRequest (request* followRedirects)exportSitesTree (filePath* ) Exports the Sites Tree in the Sites Tree YAML format.importHar (filePath* ) Imports a HAR file.importModsec2Logs (filePath* ) Imports ModSecurity2 logs from the file with the given file system path.importUrls (filePath* ) Imports URLs (one per line) from the file with the given file system path.importZapLogs (filePath* ) Imports previously exported ZAP messages from the file with the given file system path.pruneSitesTree (filePath* ) Prunes the Sites Tree based on a file in the Sites Tree YAML format.
+
+Others
+
exportHar (baseurl start count ) Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
+ exportHarById (ids* ) Gets the HTTP messages with the given IDs, in HAR format.
+ sendHarRequest (request* followRedirects ) Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
diff --git a/addOns/exim/src/main/javahelp/help_da_DK/contents/sitestreeformat.html b/addOns/exim/src/main/javahelp/help_da_DK/contents/sitestreeformat.html
new file mode 100644
index 00000000000..76cea587905
--- /dev/null
+++ b/addOns/exim/src/main/javahelp/help_da_DK/contents/sitestreeformat.html
@@ -0,0 +1,67 @@
+
+
+
+
+
+ Sites Tree File Format
+
+
+
+
+Sites Tree File Format
+
+The Sites Tree Format is a YAML representation of the ZAP Sites Tree.
+It is a hierarchy of nodes, each of which represents all of the essential information needed to uniquely identify the corresponding node in the Sites tree.
+
+Each node has the following format:
+
+
+ - node: # The name of the node, as shown in the ZAP Sites Tree
+ url: # The URL it represents, present for all apart from the top node
+ method: # The HTTP method, present for all apart from the top node
+ responseLength: # The length of the response, where relevant
+ statusCode: # The HTTP status code, where relevant
+ data: # The names of the data parameters, if any, separated with '=&'s
+ children: # A list of child nodes, present for all nodes apart from the leaves
+
+
+
+This format is used by the Automation Framework export and prune jobs, and by the corresponding
+desktop menus.
+
+
+A full simple example:
+
+
+- node: Sites
+ children:
+ - node: https://www.example.com
+ url: https://www.example.com
+ method: GET
+ children:
+ - node: missing
+ url: https://www.example.com/missing
+ method: GET
+ responseLength: 1221
+ statusCode: 404
+ - node: path
+ url: https://www.example.com/path
+ method: GET
+ responseLength: 1234
+ statusCode: 200
+ children:
+ - node: GET:query(q)
+ url: https://www.example.com/seq/query?q=search
+ method: GET
+ responseLength: 2345
+ statusCode: 200
+ - node: submit
+ url: https://www.example.com/seq/submit()(field1,field2,field3)
+ method: POST
+ data: field1=&field2=&field3=
+ responseLength: 3456
+ statusCode: 200
+
+
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_da_DK/index.xml b/addOns/exim/src/main/javahelp/help_da_DK/index.xml
index 976f7c3edea..4f7e3790c28 100644
--- a/addOns/exim/src/main/javahelp/help_da_DK/index.xml
+++ b/addOns/exim/src/main/javahelp/help_da_DK/index.xml
@@ -3,4 +3,5 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_da_DK/toc.xml b/addOns/exim/src/main/javahelp/help_da_DK/toc.xml
index 35069527f0a..0270e012e42 100644
--- a/addOns/exim/src/main/javahelp/help_da_DK/toc.xml
+++ b/addOns/exim/src/main/javahelp/help_da_DK/toc.xml
@@ -5,6 +5,7 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_de_DE/contents/automation.html b/addOns/exim/src/main/javahelp/help_de_DE/contents/automation.html
index 2b5d20e7c62..2d9c0b7fca1 100644
--- a/addOns/exim/src/main/javahelp/help_de_DE/contents/automation.html
+++ b/addOns/exim/src/main/javahelp/help_de_DE/contents/automation.html
@@ -13,7 +13,7 @@ Automation Framework Support
Job: import
-The import job allows you to import HAR(HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
+The import job allows you to import HAR (HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
- type: import # Import a file of requests
parameters:
@@ -21,5 +21,31 @@ Job: import
fileName: # String: Name of the file containing the data
+Job: export
+The export job allows you to export messages in HAR format or as URLs as well as exporting the Sites Tree in the Sites Tree format.
+The supported sources are:
+
+- all: all messages, including those generated by ZAP, supports 'har' and 'url'
+
- history: the manually/proxied messages, supports 'har' and 'url'
+
- sitestree: the ZAP Sites Tree, supports 'yaml'
+
+
+ - type: export # Exports data into a file
+ parameters:
+ context: # String: Name of the context from which to export. Default: first context
+ type: # String: One of 'har', 'url', 'yaml'. Default: 'har'
+ source: # String: One of 'history', 'sitestree', 'all'. Default: 'history'
+ fileName: # String: Name/path to the file
+
+
+Job: prune
+The prune job allows you to remove nodes from the Sites Tree using data from a file.
+The file should use the Sites Tree format.
+
+ - type: prune # Prunes nodes from the Sites Tree using Sites Tree data (YAML) from a file
+ parameters:
+ fileName: # String: Name/path to the file
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_de_DE/contents/exim.html b/addOns/exim/src/main/javahelp/help_de_DE/contents/exim.html
index 6d8c2fdc415..ff6a3967ee1 100644
--- a/addOns/exim/src/main/javahelp/help_de_DE/contents/exim.html
+++ b/addOns/exim/src/main/javahelp/help_de_DE/contents/exim.html
@@ -8,20 +8,28 @@
-Copy URLs
+Import/Export
+
+This add-on allows you to import and export ZAP data in a range of formats.
+
+It supports the Automation Framework.
+
+
Menus
+
+Copy URLs
A context menu item to Copy URLs to the system clipboard.
-Save Selected Entries as HAR (HTTP Archive File)
+Save Selected Entries as HAR (HTTP Archive File)
A context menu item to save the selected HTTP messages in HAR format.
-Save Raw Message
+Save Raw Message
Provides a context menu to save content of HTTP messages as binary.
(While the files will probably open in a simple editor it may have null characters or malformed bytes.)
-Save XML Message
+Save XML Message
Provides a context menu to save content of HTTP messages as XML.
-Import HAR (HTTP Archive File)
+Import HAR (HTTP Archive File)
An option to import messages from a HTTP Archive (HAR), available via the 'Import' menu.
Note: The following modifications may be made when importing a HAR (HTTP Archive File):
@@ -29,57 +37,61 @@ Import HAR (HTTP Archive File)
Missing HTTP Version - If the message is missing the httpVersion attribute it will be set to "HTTP/1.1".
HTTP Version 3 - If the message has its httpVersion attribute set as "h3", "http/3", "http/3.0" it will be set to "HTTP/2".
Carriage return (CR) or Line feed (LF) in Headers - If the message contains headers with CR or LF, the CRLF(s) will be removed.
-
-Import Log File
+Import Log File
Allows you to import log files from ModSecurity and files previously exported from ZAP.
-Import URLs
+Import URLs
An option to import a file of URLs is available via the 'Import' menu ('Import a File Containing URLs'). The file must be plain text with one URL per line.
Blank lines and lines starting with # will be ignored.
-
-It also supports the Automation Framework.
+Tools / Prune Sites Tree...
+This allows you to prune URLs from the Sites Tree using a file in the Sites Tree format
-Export
+Export
The add-on also adds a top level "Export" menu, providing the following functionality.
-Export Messages to File...
+Save Messages...
This allows you to save requests and responses to a text file.
Select the messages to save in the History tab (including multi-select).
-Export Response to File...
+Save Responses...
This allows you to save a specific responses to a file.
Select the relevant message in the History tab -
note that binary responses (such as images) can be saved as well as text responses.
-Export All URLs to File...
-This allows you to save all of the URLs accessed to a text or HTML file.
+Save Sites Tree...
+This allows you to save the Sites Tree in the Sites Tree format
+
+Save All URLs...
+This allows you to save all the accessed URLs to a text or HTML file.
This can be used, amongst other things, to compare the URLs available to users with
different roles or permissions on the same system.
(Also consider leveraging the Access Control Testing add-on.)
-This functionality is also available via the right-click context menu.
-
-Export Selected URLs to File...
-Based on the selection (including multi-select) in the Sites tree all URLs and child URLs of selected
-nodes are exported.
-This functionality is also available via the right-click context menu.
+This functionality is also available via the right-click context menu in the Sites tree panel.
-Export URLs for Context
-All URLs in the Sites tree that fall within the selected context are exported. This functionality is
-also available from the right-click menu when used on a Context node in the Sites tree panel.
+Save URLs...
+All URLs in the Sites tree that fall within the selected node are exported. This functionality is
+also available from the right-click menu when used on a Site or Context node in the Sites tree panel.
-ZAP API
+ZAP API
This add-on also exposes various ZAP API endpoints to facilitate programmatic use of the functionality.
+
+Actions
- /exim/action/importHar (filePath*)/exim/action/importModsec2Logs (filePath*)/exim/action/importUrls (filePath*)/exim/action/importZapLogs (filePath*)- ---
- /exim/other/exportHar (baseurl start count)/exim/other/exportHarById (ids*)/exim/other/sendHarRequest (request* followRedirects)exportSitesTree (filePath* ) Exports the Sites Tree in the Sites Tree YAML format.importHar (filePath* ) Imports a HAR file.importModsec2Logs (filePath* ) Imports ModSecurity2 logs from the file with the given file system path.importUrls (filePath* ) Imports URLs (one per line) from the file with the given file system path.importZapLogs (filePath* ) Imports previously exported ZAP messages from the file with the given file system path.pruneSitesTree (filePath* ) Prunes the Sites Tree based on a file in the Sites Tree YAML format.
+
+Others
+
exportHar (baseurl start count ) Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
+ exportHarById (ids* ) Gets the HTTP messages with the given IDs, in HAR format.
+ sendHarRequest (request* followRedirects ) Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
diff --git a/addOns/exim/src/main/javahelp/help_de_DE/contents/sitestreeformat.html b/addOns/exim/src/main/javahelp/help_de_DE/contents/sitestreeformat.html
new file mode 100644
index 00000000000..76cea587905
--- /dev/null
+++ b/addOns/exim/src/main/javahelp/help_de_DE/contents/sitestreeformat.html
@@ -0,0 +1,67 @@
+
+
+
+
+
+ Sites Tree File Format
+
+
+
+
+Sites Tree File Format
+
+The Sites Tree Format is a YAML representation of the ZAP Sites Tree.
+It is a hierarchy of nodes, each of which represents all of the essential information needed to uniquely identify the corresponding node in the Sites tree.
+
+Each node has the following format:
+
+
+ - node: # The name of the node, as shown in the ZAP Sites Tree
+ url: # The URL it represents, present for all apart from the top node
+ method: # The HTTP method, present for all apart from the top node
+ responseLength: # The length of the response, where relevant
+ statusCode: # The HTTP status code, where relevant
+ data: # The names of the data parameters, if any, separated with '=&'s
+ children: # A list of child nodes, present for all nodes apart from the leaves
+
+
+
+This format is used by the Automation Framework export and prune jobs, and by the corresponding
+desktop menus.
+
+
+A full simple example:
+
+
+- node: Sites
+ children:
+ - node: https://www.example.com
+ url: https://www.example.com
+ method: GET
+ children:
+ - node: missing
+ url: https://www.example.com/missing
+ method: GET
+ responseLength: 1221
+ statusCode: 404
+ - node: path
+ url: https://www.example.com/path
+ method: GET
+ responseLength: 1234
+ statusCode: 200
+ children:
+ - node: GET:query(q)
+ url: https://www.example.com/seq/query?q=search
+ method: GET
+ responseLength: 2345
+ statusCode: 200
+ - node: submit
+ url: https://www.example.com/seq/submit()(field1,field2,field3)
+ method: POST
+ data: field1=&field2=&field3=
+ responseLength: 3456
+ statusCode: 200
+
+
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_de_DE/index.xml b/addOns/exim/src/main/javahelp/help_de_DE/index.xml
index 976f7c3edea..4f7e3790c28 100644
--- a/addOns/exim/src/main/javahelp/help_de_DE/index.xml
+++ b/addOns/exim/src/main/javahelp/help_de_DE/index.xml
@@ -3,4 +3,5 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_de_DE/toc.xml b/addOns/exim/src/main/javahelp/help_de_DE/toc.xml
index 35069527f0a..0270e012e42 100644
--- a/addOns/exim/src/main/javahelp/help_de_DE/toc.xml
+++ b/addOns/exim/src/main/javahelp/help_de_DE/toc.xml
@@ -5,6 +5,7 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_el_GR/contents/automation.html b/addOns/exim/src/main/javahelp/help_el_GR/contents/automation.html
index 2b5d20e7c62..2d9c0b7fca1 100644
--- a/addOns/exim/src/main/javahelp/help_el_GR/contents/automation.html
+++ b/addOns/exim/src/main/javahelp/help_el_GR/contents/automation.html
@@ -13,7 +13,7 @@ Automation Framework Support
Job: import
-The import job allows you to import HAR(HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
+The import job allows you to import HAR (HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
- type: import # Import a file of requests
parameters:
@@ -21,5 +21,31 @@ Job: import
fileName: # String: Name of the file containing the data
+Job: export
+The export job allows you to export messages in HAR format or as URLs as well as exporting the Sites Tree in the Sites Tree format.
+The supported sources are:
+
+- all: all messages, including those generated by ZAP, supports 'har' and 'url'
+
- history: the manually/proxied messages, supports 'har' and 'url'
+
- sitestree: the ZAP Sites Tree, supports 'yaml'
+
+
+ - type: export # Exports data into a file
+ parameters:
+ context: # String: Name of the context from which to export. Default: first context
+ type: # String: One of 'har', 'url', 'yaml'. Default: 'har'
+ source: # String: One of 'history', 'sitestree', 'all'. Default: 'history'
+ fileName: # String: Name/path to the file
+
+
+Job: prune
+The prune job allows you to remove nodes from the Sites Tree using data from a file.
+The file should use the Sites Tree format.
+
+ - type: prune # Prunes nodes from the Sites Tree using Sites Tree data (YAML) from a file
+ parameters:
+ fileName: # String: Name/path to the file
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_el_GR/contents/exim.html b/addOns/exim/src/main/javahelp/help_el_GR/contents/exim.html
index 6d8c2fdc415..ff6a3967ee1 100644
--- a/addOns/exim/src/main/javahelp/help_el_GR/contents/exim.html
+++ b/addOns/exim/src/main/javahelp/help_el_GR/contents/exim.html
@@ -8,20 +8,28 @@
-Copy URLs
+Import/Export
+
+This add-on allows you to import and export ZAP data in a range of formats.
+
+It supports the Automation Framework.
+
+
Menus
+
+Copy URLs
A context menu item to Copy URLs to the system clipboard.
-Save Selected Entries as HAR (HTTP Archive File)
+Save Selected Entries as HAR (HTTP Archive File)
A context menu item to save the selected HTTP messages in HAR format.
-Save Raw Message
+Save Raw Message
Provides a context menu to save content of HTTP messages as binary.
(While the files will probably open in a simple editor it may have null characters or malformed bytes.)
-Save XML Message
+Save XML Message
Provides a context menu to save content of HTTP messages as XML.
-Import HAR (HTTP Archive File)
+Import HAR (HTTP Archive File)
An option to import messages from a HTTP Archive (HAR), available via the 'Import' menu.
Note: The following modifications may be made when importing a HAR (HTTP Archive File):
@@ -29,57 +37,61 @@ Import HAR (HTTP Archive File)
Missing HTTP Version - If the message is missing the httpVersion attribute it will be set to "HTTP/1.1".
HTTP Version 3 - If the message has its httpVersion attribute set as "h3", "http/3", "http/3.0" it will be set to "HTTP/2".
Carriage return (CR) or Line feed (LF) in Headers - If the message contains headers with CR or LF, the CRLF(s) will be removed.
-
-Import Log File
+Import Log File
Allows you to import log files from ModSecurity and files previously exported from ZAP.
-Import URLs
+Import URLs
An option to import a file of URLs is available via the 'Import' menu ('Import a File Containing URLs'). The file must be plain text with one URL per line.
Blank lines and lines starting with # will be ignored.
-
-It also supports the Automation Framework.
+Tools / Prune Sites Tree...
+This allows you to prune URLs from the Sites Tree using a file in the Sites Tree format
-Export
+Export
The add-on also adds a top level "Export" menu, providing the following functionality.
-Export Messages to File...
+Save Messages...
This allows you to save requests and responses to a text file.
Select the messages to save in the History tab (including multi-select).
-Export Response to File...
+Save Responses...
This allows you to save a specific responses to a file.
Select the relevant message in the History tab -
note that binary responses (such as images) can be saved as well as text responses.
-Export All URLs to File...
-This allows you to save all of the URLs accessed to a text or HTML file.
+Save Sites Tree...
+This allows you to save the Sites Tree in the Sites Tree format
+
+Save All URLs...
+This allows you to save all the accessed URLs to a text or HTML file.
This can be used, amongst other things, to compare the URLs available to users with
different roles or permissions on the same system.
(Also consider leveraging the Access Control Testing add-on.)
-This functionality is also available via the right-click context menu.
-
-Export Selected URLs to File...
-Based on the selection (including multi-select) in the Sites tree all URLs and child URLs of selected
-nodes are exported.
-This functionality is also available via the right-click context menu.
+This functionality is also available via the right-click context menu in the Sites tree panel.
-Export URLs for Context
-All URLs in the Sites tree that fall within the selected context are exported. This functionality is
-also available from the right-click menu when used on a Context node in the Sites tree panel.
+Save URLs...
+All URLs in the Sites tree that fall within the selected node are exported. This functionality is
+also available from the right-click menu when used on a Site or Context node in the Sites tree panel.
-ZAP API
+ZAP API
This add-on also exposes various ZAP API endpoints to facilitate programmatic use of the functionality.
+
+Actions
- /exim/action/importHar (filePath*)/exim/action/importModsec2Logs (filePath*)/exim/action/importUrls (filePath*)/exim/action/importZapLogs (filePath*)- ---
- /exim/other/exportHar (baseurl start count)/exim/other/exportHarById (ids*)/exim/other/sendHarRequest (request* followRedirects)exportSitesTree (filePath* ) Exports the Sites Tree in the Sites Tree YAML format.importHar (filePath* ) Imports a HAR file.importModsec2Logs (filePath* ) Imports ModSecurity2 logs from the file with the given file system path.importUrls (filePath* ) Imports URLs (one per line) from the file with the given file system path.importZapLogs (filePath* ) Imports previously exported ZAP messages from the file with the given file system path.pruneSitesTree (filePath* ) Prunes the Sites Tree based on a file in the Sites Tree YAML format.
+
+Others
+
exportHar (baseurl start count ) Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
+ exportHarById (ids* ) Gets the HTTP messages with the given IDs, in HAR format.
+ sendHarRequest (request* followRedirects ) Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
diff --git a/addOns/exim/src/main/javahelp/help_el_GR/contents/sitestreeformat.html b/addOns/exim/src/main/javahelp/help_el_GR/contents/sitestreeformat.html
new file mode 100644
index 00000000000..76cea587905
--- /dev/null
+++ b/addOns/exim/src/main/javahelp/help_el_GR/contents/sitestreeformat.html
@@ -0,0 +1,67 @@
+
+
+
+
+
+ Sites Tree File Format
+
+
+
+
+Sites Tree File Format
+
+The Sites Tree Format is a YAML representation of the ZAP Sites Tree.
+It is a hierarchy of nodes, each of which represents all of the essential information needed to uniquely identify the corresponding node in the Sites tree.
+
+Each node has the following format:
+
+
+ - node: # The name of the node, as shown in the ZAP Sites Tree
+ url: # The URL it represents, present for all apart from the top node
+ method: # The HTTP method, present for all apart from the top node
+ responseLength: # The length of the response, where relevant
+ statusCode: # The HTTP status code, where relevant
+ data: # The names of the data parameters, if any, separated with '=&'s
+ children: # A list of child nodes, present for all nodes apart from the leaves
+
+
+
+This format is used by the Automation Framework export and prune jobs, and by the corresponding
+desktop menus.
+
+
+A full simple example:
+
+
+- node: Sites
+ children:
+ - node: https://www.example.com
+ url: https://www.example.com
+ method: GET
+ children:
+ - node: missing
+ url: https://www.example.com/missing
+ method: GET
+ responseLength: 1221
+ statusCode: 404
+ - node: path
+ url: https://www.example.com/path
+ method: GET
+ responseLength: 1234
+ statusCode: 200
+ children:
+ - node: GET:query(q)
+ url: https://www.example.com/seq/query?q=search
+ method: GET
+ responseLength: 2345
+ statusCode: 200
+ - node: submit
+ url: https://www.example.com/seq/submit()(field1,field2,field3)
+ method: POST
+ data: field1=&field2=&field3=
+ responseLength: 3456
+ statusCode: 200
+
+
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_el_GR/index.xml b/addOns/exim/src/main/javahelp/help_el_GR/index.xml
index 976f7c3edea..4f7e3790c28 100644
--- a/addOns/exim/src/main/javahelp/help_el_GR/index.xml
+++ b/addOns/exim/src/main/javahelp/help_el_GR/index.xml
@@ -3,4 +3,5 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_el_GR/toc.xml b/addOns/exim/src/main/javahelp/help_el_GR/toc.xml
index 35069527f0a..0270e012e42 100644
--- a/addOns/exim/src/main/javahelp/help_el_GR/toc.xml
+++ b/addOns/exim/src/main/javahelp/help_el_GR/toc.xml
@@ -5,6 +5,7 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_es_ES/contents/automation.html b/addOns/exim/src/main/javahelp/help_es_ES/contents/automation.html
index 2b5d20e7c62..2d9c0b7fca1 100644
--- a/addOns/exim/src/main/javahelp/help_es_ES/contents/automation.html
+++ b/addOns/exim/src/main/javahelp/help_es_ES/contents/automation.html
@@ -13,7 +13,7 @@ Automation Framework Support
Job: import
-The import job allows you to import HAR(HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
+The import job allows you to import HAR (HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
- type: import # Import a file of requests
parameters:
@@ -21,5 +21,31 @@ Job: import
fileName: # String: Name of the file containing the data
+Job: export
+The export job allows you to export messages in HAR format or as URLs as well as exporting the Sites Tree in the Sites Tree format.
+The supported sources are:
+
+- all: all messages, including those generated by ZAP, supports 'har' and 'url'
+
- history: the manually/proxied messages, supports 'har' and 'url'
+
- sitestree: the ZAP Sites Tree, supports 'yaml'
+
+
+ - type: export # Exports data into a file
+ parameters:
+ context: # String: Name of the context from which to export. Default: first context
+ type: # String: One of 'har', 'url', 'yaml'. Default: 'har'
+ source: # String: One of 'history', 'sitestree', 'all'. Default: 'history'
+ fileName: # String: Name/path to the file
+
+
+Job: prune
+The prune job allows you to remove nodes from the Sites Tree using data from a file.
+The file should use the Sites Tree format.
+
+ - type: prune # Prunes nodes from the Sites Tree using Sites Tree data (YAML) from a file
+ parameters:
+ fileName: # String: Name/path to the file
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_es_ES/contents/exim.html b/addOns/exim/src/main/javahelp/help_es_ES/contents/exim.html
index 6d8c2fdc415..ff6a3967ee1 100644
--- a/addOns/exim/src/main/javahelp/help_es_ES/contents/exim.html
+++ b/addOns/exim/src/main/javahelp/help_es_ES/contents/exim.html
@@ -8,20 +8,28 @@
-Copy URLs
+Import/Export
+
+This add-on allows you to import and export ZAP data in a range of formats.
+
+It supports the Automation Framework.
+
+
Menus
+
+Copy URLs
A context menu item to Copy URLs to the system clipboard.
-Save Selected Entries as HAR (HTTP Archive File)
+Save Selected Entries as HAR (HTTP Archive File)
A context menu item to save the selected HTTP messages in HAR format.
-Save Raw Message
+Save Raw Message
Provides a context menu to save content of HTTP messages as binary.
(While the files will probably open in a simple editor it may have null characters or malformed bytes.)
-Save XML Message
+Save XML Message
Provides a context menu to save content of HTTP messages as XML.
-Import HAR (HTTP Archive File)
+Import HAR (HTTP Archive File)
An option to import messages from a HTTP Archive (HAR), available via the 'Import' menu.
Note: The following modifications may be made when importing a HAR (HTTP Archive File):
@@ -29,57 +37,61 @@ Import HAR (HTTP Archive File)
Missing HTTP Version - If the message is missing the httpVersion attribute it will be set to "HTTP/1.1".
HTTP Version 3 - If the message has its httpVersion attribute set as "h3", "http/3", "http/3.0" it will be set to "HTTP/2".
Carriage return (CR) or Line feed (LF) in Headers - If the message contains headers with CR or LF, the CRLF(s) will be removed.
-
-Import Log File
+Import Log File
Allows you to import log files from ModSecurity and files previously exported from ZAP.
-Import URLs
+Import URLs
An option to import a file of URLs is available via the 'Import' menu ('Import a File Containing URLs'). The file must be plain text with one URL per line.
Blank lines and lines starting with # will be ignored.
-
-It also supports the Automation Framework.
+Tools / Prune Sites Tree...
+This allows you to prune URLs from the Sites Tree using a file in the Sites Tree format
-Export
+Export
The add-on also adds a top level "Export" menu, providing the following functionality.
-Export Messages to File...
+Save Messages...
This allows you to save requests and responses to a text file.
Select the messages to save in the History tab (including multi-select).
-Export Response to File...
+Save Responses...
This allows you to save a specific responses to a file.
Select the relevant message in the History tab -
note that binary responses (such as images) can be saved as well as text responses.
-Export All URLs to File...
-This allows you to save all of the URLs accessed to a text or HTML file.
+Save Sites Tree...
+This allows you to save the Sites Tree in the Sites Tree format
+
+Save All URLs...
+This allows you to save all the accessed URLs to a text or HTML file.
This can be used, amongst other things, to compare the URLs available to users with
different roles or permissions on the same system.
(Also consider leveraging the Access Control Testing add-on.)
-This functionality is also available via the right-click context menu.
-
-Export Selected URLs to File...
-Based on the selection (including multi-select) in the Sites tree all URLs and child URLs of selected
-nodes are exported.
-This functionality is also available via the right-click context menu.
+This functionality is also available via the right-click context menu in the Sites tree panel.
-Export URLs for Context
-All URLs in the Sites tree that fall within the selected context are exported. This functionality is
-also available from the right-click menu when used on a Context node in the Sites tree panel.
+Save URLs...
+All URLs in the Sites tree that fall within the selected node are exported. This functionality is
+also available from the right-click menu when used on a Site or Context node in the Sites tree panel.
-ZAP API
+ZAP API
This add-on also exposes various ZAP API endpoints to facilitate programmatic use of the functionality.
+
+Actions
- /exim/action/importHar (filePath*)/exim/action/importModsec2Logs (filePath*)/exim/action/importUrls (filePath*)/exim/action/importZapLogs (filePath*)- ---
- /exim/other/exportHar (baseurl start count)/exim/other/exportHarById (ids*)/exim/other/sendHarRequest (request* followRedirects)exportSitesTree (filePath* ) Exports the Sites Tree in the Sites Tree YAML format.importHar (filePath* ) Imports a HAR file.importModsec2Logs (filePath* ) Imports ModSecurity2 logs from the file with the given file system path.importUrls (filePath* ) Imports URLs (one per line) from the file with the given file system path.importZapLogs (filePath* ) Imports previously exported ZAP messages from the file with the given file system path.pruneSitesTree (filePath* ) Prunes the Sites Tree based on a file in the Sites Tree YAML format.
+
+Others
+
exportHar (baseurl start count ) Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
+ exportHarById (ids* ) Gets the HTTP messages with the given IDs, in HAR format.
+ sendHarRequest (request* followRedirects ) Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
diff --git a/addOns/exim/src/main/javahelp/help_es_ES/contents/sitestreeformat.html b/addOns/exim/src/main/javahelp/help_es_ES/contents/sitestreeformat.html
new file mode 100644
index 00000000000..76cea587905
--- /dev/null
+++ b/addOns/exim/src/main/javahelp/help_es_ES/contents/sitestreeformat.html
@@ -0,0 +1,67 @@
+
+
+
+
+
+ Sites Tree File Format
+
+
+
+
+Sites Tree File Format
+
+The Sites Tree Format is a YAML representation of the ZAP Sites Tree.
+It is a hierarchy of nodes, each of which represents all of the essential information needed to uniquely identify the corresponding node in the Sites tree.
+
+Each node has the following format:
+
+
+ - node: # The name of the node, as shown in the ZAP Sites Tree
+ url: # The URL it represents, present for all apart from the top node
+ method: # The HTTP method, present for all apart from the top node
+ responseLength: # The length of the response, where relevant
+ statusCode: # The HTTP status code, where relevant
+ data: # The names of the data parameters, if any, separated with '=&'s
+ children: # A list of child nodes, present for all nodes apart from the leaves
+
+
+
+This format is used by the Automation Framework export and prune jobs, and by the corresponding
+desktop menus.
+
+
+A full simple example:
+
+
+- node: Sites
+ children:
+ - node: https://www.example.com
+ url: https://www.example.com
+ method: GET
+ children:
+ - node: missing
+ url: https://www.example.com/missing
+ method: GET
+ responseLength: 1221
+ statusCode: 404
+ - node: path
+ url: https://www.example.com/path
+ method: GET
+ responseLength: 1234
+ statusCode: 200
+ children:
+ - node: GET:query(q)
+ url: https://www.example.com/seq/query?q=search
+ method: GET
+ responseLength: 2345
+ statusCode: 200
+ - node: submit
+ url: https://www.example.com/seq/submit()(field1,field2,field3)
+ method: POST
+ data: field1=&field2=&field3=
+ responseLength: 3456
+ statusCode: 200
+
+
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_es_ES/index.xml b/addOns/exim/src/main/javahelp/help_es_ES/index.xml
index 976f7c3edea..4f7e3790c28 100644
--- a/addOns/exim/src/main/javahelp/help_es_ES/index.xml
+++ b/addOns/exim/src/main/javahelp/help_es_ES/index.xml
@@ -3,4 +3,5 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_es_ES/toc.xml b/addOns/exim/src/main/javahelp/help_es_ES/toc.xml
index 35069527f0a..0270e012e42 100644
--- a/addOns/exim/src/main/javahelp/help_es_ES/toc.xml
+++ b/addOns/exim/src/main/javahelp/help_es_ES/toc.xml
@@ -5,6 +5,7 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_fa_IR/contents/automation.html b/addOns/exim/src/main/javahelp/help_fa_IR/contents/automation.html
index 2b5d20e7c62..2d9c0b7fca1 100644
--- a/addOns/exim/src/main/javahelp/help_fa_IR/contents/automation.html
+++ b/addOns/exim/src/main/javahelp/help_fa_IR/contents/automation.html
@@ -13,7 +13,7 @@ Automation Framework Support
Job: import
-The import job allows you to import HAR(HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
+The import job allows you to import HAR (HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
- type: import # Import a file of requests
parameters:
@@ -21,5 +21,31 @@ Job: import
fileName: # String: Name of the file containing the data
+Job: export
+The export job allows you to export messages in HAR format or as URLs as well as exporting the Sites Tree in the Sites Tree format.
+The supported sources are:
+
+- all: all messages, including those generated by ZAP, supports 'har' and 'url'
+
- history: the manually/proxied messages, supports 'har' and 'url'
+
- sitestree: the ZAP Sites Tree, supports 'yaml'
+
+
+ - type: export # Exports data into a file
+ parameters:
+ context: # String: Name of the context from which to export. Default: first context
+ type: # String: One of 'har', 'url', 'yaml'. Default: 'har'
+ source: # String: One of 'history', 'sitestree', 'all'. Default: 'history'
+ fileName: # String: Name/path to the file
+
+
+Job: prune
+The prune job allows you to remove nodes from the Sites Tree using data from a file.
+The file should use the Sites Tree format.
+
+ - type: prune # Prunes nodes from the Sites Tree using Sites Tree data (YAML) from a file
+ parameters:
+ fileName: # String: Name/path to the file
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_fa_IR/contents/exim.html b/addOns/exim/src/main/javahelp/help_fa_IR/contents/exim.html
index 6d8c2fdc415..ff6a3967ee1 100644
--- a/addOns/exim/src/main/javahelp/help_fa_IR/contents/exim.html
+++ b/addOns/exim/src/main/javahelp/help_fa_IR/contents/exim.html
@@ -8,20 +8,28 @@
-Copy URLs
+Import/Export
+
+This add-on allows you to import and export ZAP data in a range of formats.
+
+It supports the Automation Framework.
+
+
Menus
+
+Copy URLs
A context menu item to Copy URLs to the system clipboard.
-Save Selected Entries as HAR (HTTP Archive File)
+Save Selected Entries as HAR (HTTP Archive File)
A context menu item to save the selected HTTP messages in HAR format.
-Save Raw Message
+Save Raw Message
Provides a context menu to save content of HTTP messages as binary.
(While the files will probably open in a simple editor it may have null characters or malformed bytes.)
-Save XML Message
+Save XML Message
Provides a context menu to save content of HTTP messages as XML.
-Import HAR (HTTP Archive File)
+Import HAR (HTTP Archive File)
An option to import messages from a HTTP Archive (HAR), available via the 'Import' menu.
Note: The following modifications may be made when importing a HAR (HTTP Archive File):
@@ -29,57 +37,61 @@ Import HAR (HTTP Archive File)
Missing HTTP Version - If the message is missing the httpVersion attribute it will be set to "HTTP/1.1".
HTTP Version 3 - If the message has its httpVersion attribute set as "h3", "http/3", "http/3.0" it will be set to "HTTP/2".
Carriage return (CR) or Line feed (LF) in Headers - If the message contains headers with CR or LF, the CRLF(s) will be removed.
-
-Import Log File
+Import Log File
Allows you to import log files from ModSecurity and files previously exported from ZAP.
-Import URLs
+Import URLs
An option to import a file of URLs is available via the 'Import' menu ('Import a File Containing URLs'). The file must be plain text with one URL per line.
Blank lines and lines starting with # will be ignored.
-
-It also supports the Automation Framework.
+Tools / Prune Sites Tree...
+This allows you to prune URLs from the Sites Tree using a file in the Sites Tree format
-Export
+Export
The add-on also adds a top level "Export" menu, providing the following functionality.
-Export Messages to File...
+Save Messages...
This allows you to save requests and responses to a text file.
Select the messages to save in the History tab (including multi-select).
-Export Response to File...
+Save Responses...
This allows you to save a specific responses to a file.
Select the relevant message in the History tab -
note that binary responses (such as images) can be saved as well as text responses.
-Export All URLs to File...
-This allows you to save all of the URLs accessed to a text or HTML file.
+Save Sites Tree...
+This allows you to save the Sites Tree in the Sites Tree format
+
+Save All URLs...
+This allows you to save all the accessed URLs to a text or HTML file.
This can be used, amongst other things, to compare the URLs available to users with
different roles or permissions on the same system.
(Also consider leveraging the Access Control Testing add-on.)
-This functionality is also available via the right-click context menu.
-
-Export Selected URLs to File...
-Based on the selection (including multi-select) in the Sites tree all URLs and child URLs of selected
-nodes are exported.
-This functionality is also available via the right-click context menu.
+This functionality is also available via the right-click context menu in the Sites tree panel.
-Export URLs for Context
-All URLs in the Sites tree that fall within the selected context are exported. This functionality is
-also available from the right-click menu when used on a Context node in the Sites tree panel.
+Save URLs...
+All URLs in the Sites tree that fall within the selected node are exported. This functionality is
+also available from the right-click menu when used on a Site or Context node in the Sites tree panel.
-ZAP API
+ZAP API
This add-on also exposes various ZAP API endpoints to facilitate programmatic use of the functionality.
+
+Actions
- /exim/action/importHar (filePath*)/exim/action/importModsec2Logs (filePath*)/exim/action/importUrls (filePath*)/exim/action/importZapLogs (filePath*)- ---
- /exim/other/exportHar (baseurl start count)/exim/other/exportHarById (ids*)/exim/other/sendHarRequest (request* followRedirects)exportSitesTree (filePath* ) Exports the Sites Tree in the Sites Tree YAML format.importHar (filePath* ) Imports a HAR file.importModsec2Logs (filePath* ) Imports ModSecurity2 logs from the file with the given file system path.importUrls (filePath* ) Imports URLs (one per line) from the file with the given file system path.importZapLogs (filePath* ) Imports previously exported ZAP messages from the file with the given file system path.pruneSitesTree (filePath* ) Prunes the Sites Tree based on a file in the Sites Tree YAML format.
+
+Others
+
exportHar (baseurl start count ) Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
+ exportHarById (ids* ) Gets the HTTP messages with the given IDs, in HAR format.
+ sendHarRequest (request* followRedirects ) Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirections), custom manual requests are not allowed in 'Safe' mode nor in 'Protected' mode if out of scope.
diff --git a/addOns/exim/src/main/javahelp/help_fa_IR/contents/sitestreeformat.html b/addOns/exim/src/main/javahelp/help_fa_IR/contents/sitestreeformat.html
new file mode 100644
index 00000000000..76cea587905
--- /dev/null
+++ b/addOns/exim/src/main/javahelp/help_fa_IR/contents/sitestreeformat.html
@@ -0,0 +1,67 @@
+
+
+
+
+
+ Sites Tree File Format
+
+
+
+
+Sites Tree File Format
+
+The Sites Tree Format is a YAML representation of the ZAP Sites Tree.
+It is a hierarchy of nodes, each of which represents all of the essential information needed to uniquely identify the corresponding node in the Sites tree.
+
+Each node has the following format:
+
+
+ - node: # The name of the node, as shown in the ZAP Sites Tree
+ url: # The URL it represents, present for all apart from the top node
+ method: # The HTTP method, present for all apart from the top node
+ responseLength: # The length of the response, where relevant
+ statusCode: # The HTTP status code, where relevant
+ data: # The names of the data parameters, if any, separated with '=&'s
+ children: # A list of child nodes, present for all nodes apart from the leaves
+
+
+
+This format is used by the Automation Framework export and prune jobs, and by the corresponding
+desktop menus.
+
+
+A full simple example:
+
+
+- node: Sites
+ children:
+ - node: https://www.example.com
+ url: https://www.example.com
+ method: GET
+ children:
+ - node: missing
+ url: https://www.example.com/missing
+ method: GET
+ responseLength: 1221
+ statusCode: 404
+ - node: path
+ url: https://www.example.com/path
+ method: GET
+ responseLength: 1234
+ statusCode: 200
+ children:
+ - node: GET:query(q)
+ url: https://www.example.com/seq/query?q=search
+ method: GET
+ responseLength: 2345
+ statusCode: 200
+ - node: submit
+ url: https://www.example.com/seq/submit()(field1,field2,field3)
+ method: POST
+ data: field1=&field2=&field3=
+ responseLength: 3456
+ statusCode: 200
+
+
+
+
\ No newline at end of file
diff --git a/addOns/exim/src/main/javahelp/help_fa_IR/index.xml b/addOns/exim/src/main/javahelp/help_fa_IR/index.xml
index 976f7c3edea..4f7e3790c28 100644
--- a/addOns/exim/src/main/javahelp/help_fa_IR/index.xml
+++ b/addOns/exim/src/main/javahelp/help_fa_IR/index.xml
@@ -3,4 +3,5 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_fa_IR/toc.xml b/addOns/exim/src/main/javahelp/help_fa_IR/toc.xml
index 35069527f0a..0270e012e42 100644
--- a/addOns/exim/src/main/javahelp/help_fa_IR/toc.xml
+++ b/addOns/exim/src/main/javahelp/help_fa_IR/toc.xml
@@ -5,6 +5,7 @@
+
diff --git a/addOns/exim/src/main/javahelp/help_fil_PH/contents/automation.html b/addOns/exim/src/main/javahelp/help_fil_PH/contents/automation.html
index 2b5d20e7c62..2d9c0b7fca1 100644
--- a/addOns/exim/src/main/javahelp/help_fil_PH/contents/automation.html
+++ b/addOns/exim/src/main/javahelp/help_fil_PH/contents/automation.html
@@ -13,7 +13,7 @@ Automation Framework Support
Job: import
-The import job allows you to import HAR(HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
+The import job allows you to import HAR (HTTP Archive File), ModSecurity2 Logs, ZAP Messages or a file containing URLs locally.
- type: import # Import a file of requests
parameters:
@@ -21,5 +21,31 @@ Job: import
fileName: # String: Name of the file containing the data
+Job: export
+The export job allows you to export messages in HAR format or as URLs as well as exporting the Sites Tree in the Sites Tree format.
+The supported sources are:
+
+- all: all messages, including those generated by ZAP, supports 'har' and 'url'
+
- history: the manually/proxied messages, supports 'har' and 'url'
+
- sitestree: the ZAP Sites Tree, supports 'yaml'
+
+
+ - type: export # Exports data into a file
+ parameters:
+ context: # String: Name of the context from which to export. Default: first context
+ type: # String: One of 'har', 'url', 'yaml'. Default: 'har'
+ source: # String: One of 'history', 'sitestree', 'all'. Default: 'history'
+ fileName: # String: Name/path to the file
+
+
+Job: prune
+The prune job allows you to remove nodes from the Sites Tree using data from a file.
+The file should use the Sites Tree format.
+
+ - type: prune # Prunes nodes from the Sites Tree using Sites Tree data (YAML) from a file
+ parameters:
+ fileName: # String: Name/path to the file
+
+