/** * QA360 ZAP DAST Adapter (Sécurité Réelle) * OWASP ZAP baseline scan for dynamic application security testing */ import { PackSecurity } from '../types/pack-v1.js'; export interface ZapDastConfig { targetUrl: string; security?: PackSecurity; timeout?: number; scanType?: 'baseline' | 'full' | 'api'; contextFile?: string; excludeUrls?: string[]; includeUrls?: string[]; authScript?: string; configFile?: string; } export interface ZapAlert { pluginid: string; alertRef: string; alert: string; name: string; riskcode: string; confidence: string; riskdesc: string; desc: string; instances: Array<{ uri: string; method: string; param: string; attack: string; evidence: string; otherinfo: string; }>; count: string; solution: string; otherinfo: string; reference: string; cweid: string; wascid: string; sourceid: string; } export interface ZapDastResult { success: boolean; alerts: ZapAlert[]; summary: { total: number; high: number; medium: number; low: number; informational: number; by_category: Record; }; budgetCheck: { high_passed: boolean; critical_passed: boolean; medium_passed: boolean; }; targetUrl: string; scanDuration: number; error?: string; rawOutput?: string; reportPath?: string; junit?: string; errorCode?: string; } export declare class ZapDastAdapter { private redactor; private workingDir; constructor(workingDir?: string); /** * Execute ZAP DAST scan */ runDastScan(config: ZapDastConfig): Promise; /** * Validate URL format */ private isValidUrl; /** * Execute ZAP scanner */ private executeZapScan; /** * Check if Docker should be used for ZAP */ private shouldUseDocker; /** * Build ZAP command arguments */ private buildZapArgs; /** * Parse ZAP scan results */ private parseZapResults; /** * Fallback mock scan when ZAP not available */ private fallbackMockScan; /** * Calculate alerts summary */ private calculateSummary; /** * Generate budget check based on security config */ private generateBudgetCheck; /** * Get empty summary structure */ private getEmptySummary; /** * Get default budget check structure */ private getDefaultBudgetCheck; /** * Generate JUnit XML report */ private generateJUnit; /** * Validate ZAP scan configuration */ static validateConfig(config: ZapDastConfig): { valid: boolean; errors: string[]; }; /** * Check if ZAP is available (Docker or local) */ static isAvailable(): Promise<{ available: boolean; method?: 'docker' | 'local'; error?: string; }>; }