Created
August 9, 2024 10:08
-
-
Save oscarduignan/07ced7d71619fc334b1914f441a00c3f to your computer and use it in GitHub Desktop.
proof of concept build a java assembly (fat jar) that contains a release of zap and can run it with the config we want
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //> using dep com.lihaoyi::requests:0.9.0 | |
| //> using toolkit 0.5.0 | |
| //> using file RunZap.scala | |
| //> using mainClass getZap | |
| @main def getZap = | |
| os.write.over( | |
| os.pwd / "resources" / s"ZAP_${zapVersion}_Core.zip", | |
| requests.get.stream(s"https://github.com/zaproxy/zaproxy/releases/download/v$zapVersion/ZAP_${zapVersion}_Core.zip"), | |
| createFolders = true | |
| ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //> using resourceDir ./resources | |
| //> using dep "com.github.pathikrit::better-files:3.9.2" | |
| import better.files.* | |
| import java.nio.file.attribute.PosixFilePermission.* | |
| import scala.util.Using | |
| import scala.sys.process.* | |
| val zapVersion = "2.15.0" | |
| @main def runZap = | |
| val zapDir = File.newTemporaryDirectory("zap").deleteOnExit() | |
| Using(Resource.getAsStream(s"ZAP_${zapVersion}_Core.zip").asZipInputStream): zis => | |
| LazyList | |
| .continually(zis.getNextEntry) | |
| .takeWhile(_ != null) | |
| .foreach: zipEntry => | |
| val outFile = (zapDir / zipEntry.getName) | |
| if (zipEntry.isDirectory) | |
| then | |
| outFile.createDirectories() | |
| else | |
| outFile.parent.createDirectories() | |
| Using(outFile.newOutputStream)(zis.transferTo) | |
| val zapScript = zapDir / s"ZAP_$zapVersion" / "zap.sh" | |
| zapScript.addPermission(OWNER_EXECUTE) | |
| Process(Seq(zapScript.path.toAbsolutePath.toString, "-daemon", "-config", "api.disablekey=true", "-silent", "-port", "11000")).run() | |
| // download zap release | |
| // $ scala-cli GetZap.scala | |
| // build into an assembly (fat jar) | |
| // $ scala-cli --power package -o RunZap --assembly RunZap.scala --force | |
| // start zap | |
| // $ ./RunZap | |
| // assembly created is about 100mb - most of that is the zap zip | |
| // wait for it to startup | |
| // make some requests through the proxy | |
| // $ curl --proxy http://localhost:11000 --insecure https://www.tax.service.gov.uk/contact/report-technical-problem/ | |
| // while it's still running, check out the report in your browser | |
| // $ open "http://localhost:11000/OTHER/core/other/htmlreport/" | |
| // if you want to keep the report, then save it from your browser |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
this would be the kind of thing that you could also probably have in an sbt plugin so that services could just do something like