zap-api-python
zap-api-python copied to clipboard
First push of new independent Python API for ZAP
Done with my comments - cant comment on the python code but looks better than the stuff I hacked together ;)
Hi @psiinon! What's about pull requests?
Ah, I was assuming we would need to sort out the proxying problem before the new code could be merged. Am I wrong? I've submitted #3 for updating the code in the 'old' way, but v happy for that to be ditched once the new code is working fine...
What's the proxying problem? I don't know if I understand what you mean :)
Just going to write my thoughts about this PR. First things first, I don't even know if this works with Python3. I see that you have imported the API accessor (from .acsrf import acsrf
) but you fail to include them in the project. At the moment, the API accessors (spider, ascrf, ascan ...) do not support Python3 (as they use {}.iteritems() which is removed in Python3).
Next you do this (in _request_other
):
get=None if get=None: get={}
Why?
You also do this: "%s?%s" % (url, urlencode(get))
which makes no sense as you are using requests (where you can just do params=get
).
Furthermore you do this: return json.loads
when again, requests has it's own builtin function (.json()) which you can't use because you prematurely append .text
in your request.
In status_code() you open up a new requests.get
instead of self.urlopen
, meaning that there are now two requests you need to take care of. This is evident as you use proxies=self.__proxies
twice.
You also have the same class twice (base.py
and zap_24/__init__.py
). This just over complicates the project, for literally no reason.
Also I think that we should be moving away from using project numbers in class names. Not only do they provide no advantage, but make maintaining harder.