boman-cli 2.4.1__tar.gz → 2.4.2__tar.gz

{boman-cli-2.4.1 → boman-cli-2.4.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: boman-cli
-Version: 2.4.1
+Version: 2.4.2
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
@@ -88,11 +88,6 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
-
-### V2.4.1
-- **New:** New CLI arguments for ZAP custom arguments.
-
-
 ### V2.3.0
 - **New:** The pipeline configuration has been relocated from `boman.yaml` to the SaaS platform. Navigate to **Apps -> App menu -> Configure pipeline** to set it up. The current `boman.yaml` configuration will remain functional until it is officially deprecated.
 

{boman-cli-2.4.1 → boman-cli-2.4.2}/README.md

@@ -73,11 +73,6 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
-
-### V2.4.1
-- **New:** New CLI arguments for ZAP custom arguments.
-
-
 ### V2.3.0
 - **New:** The pipeline configuration has been relocated from `boman.yaml` to the SaaS platform. Navigate to **Apps -> App menu -> Configure pipeline** to set it up. The current `boman.yaml` configuration will remain functional until it is officially deprecated.
 

{boman-cli-2.4.1 → boman-cli-2.4.2}/boman_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: boman-cli
-Version: 2.4.1
+Version: 2.4.2
 Summary: CLI tool of boman.ai
 Home-page: https://boman.ai
 Author: Sumeru Software Solutions Pvt. Ltd.
@@ -88,11 +88,6 @@ Example: boman-cli -a run -zap_session_script ./session.js
 
 ### Release Note:
 
-
-### V2.4.1
-- **New:** New CLI arguments for ZAP custom arguments.
-
-
 ### V2.3.0
 - **New:** The pipeline configuration has been relocated from `boman.yaml` to the SaaS platform. Navigate to **Apps -> App menu -> Configure pipeline** to set it up. The current `boman.yaml` configuration will remain functional until it is officially deprecated.
 

{boman-cli-2.4.1 → boman-cli-2.4.2}/bomancli/Config.py

@@ -81,7 +81,7 @@ class Config:
     # custom_zap_auth_method = False
     # zap_custom_auth_method = 'form'
     zap_plan_config = None
-    # custom_zap_plan_present = False
+    custom_zap_plan_present = False
     zap_script_config = None
     custom_zap_script_present = False
     zap_plan_config_file_name = 'boman_zap_auth_plan' ## .yaml will be added by the function  runtime
@@ -120,7 +120,7 @@ class Config:
 
     log_level = "INFO"
 
-    version = 'v2.4.1'
+    version = 'v2.4.2'
 
     boman_config_file = 'boman.yaml'
     
@@ -189,6 +189,4 @@ class Config:
     iac_scan_configuration = None
 
 
-    zap_custom_arg_present = False
-    zap_custom_arg = None
-    
+    dast_adv_auth_enabled = None

{boman-cli-2.4.1 → boman-cli-2.4.2}/bomancli/auth.py

@@ -31,7 +31,12 @@ def new_authorize():
             try:
                 json_response = json.loads(res.content)
                 logging.info("New Authorization: Success!!! Message: Successfully Authorized")
-                # logging.info(json_response)
+                if json_response['advanced_zap_auth']:
+                    Config.dast_adv_auth_enabled = True  
+                else:
+                    Config.dast_adv_auth_enabled = False
+                logging.info(json_response)
+                
             except:
                 logging.info('New Authorization: Failed!!! exit code: 2 (AUTH ERROR) Message: Authorization Failed unable to load json response')
                 exit(2) ##auth error
@@ -133,7 +138,7 @@ def authorize():
         logging.info("Authorization: Communicating with SaaS for Authorization")
         res = requests.post(url, json=data, headers=headers)
         #print('req:', json.dumps(data))
-        #print('res:',json.loads(res.content))
+        logging.info('res: %s',json.loads(res.content))
     except requests.ConnectionError:
        logging.error("Authorization: Failed!!! Message: Can't connect to the Server while authorizing, Please check your Internet connection.")
        exit(1) #server/saas error
@@ -142,6 +147,10 @@ def authorize():
             try:
                 json_response = json.loads(res.content)
                 logging.info("Authorization: Success!!! Message: Successfully Authorized")
+                if json_response['data']['advanced_zap_auth']:
+                    Config.dast_adv_auth_enabled = True  
+                else:
+                    Config.dast_adv_auth_enabled = False
                 # logging.info(json_response)
             except:
                 logging.info("Authorization: Failed!!!  exit code: 1 (Server ERROR) Message: Problem occured while authorizing the scan, Please contact boman.ai team")

{boman-cli-2.4.1 → boman-cli-2.4.2}/bomancli/main.py

@@ -196,18 +196,16 @@ def runImage(data=None,type=None):
 
         Utils.checkImageAlreadyExsist(docker_image)
         logging.info('DAST Docker: Running %s on %s ',tool_name, Config.dast_target)
-
-        if Config.zap_custom_arg_present:
-            logging.info('DAST Docker: Custom arugument configured for ZAP [ command: %s ] ',Config.zap_custom_arg) 
-
-
         logging.info('DAST Docker: Checking if Authenticated scan is configured...')
 
-
+        is_dast_auth_available = 0
+    
         if Config.dast_auth_present == True:
             logging.info('DAST Docker: Authenticated scan is configured')
             logging.info('DAST Docker: Fetching Authenticated scan config from SaaS')
-            Utils.fetchDASTConfigFromSaas()
+            is_dast_auth_available = Utils.fetchDASTConfigFromSaas()
+
+
             if Config.zap_plan_config is None:
                 logging.warning('DAST Docker: Failed !!!. Message: Failed to fetch Authenticated scan config from SaaS')
                 logging.warning('DAST Docker: Proceeding with DAST Baseline Scan') 
@@ -246,7 +244,13 @@ def runImage(data=None,type=None):
         else: 
             logging.info('DAST Docker: DAST Auth is not configured')       
 
-            
+        ## adding adv auth function here - MM
+        if Config.dast_adv_auth_enabled == True: 
+            ## Calling the advance auth fucntion to fetch required files
+            ## logic to get files from saas and run the scan here by assigning all the required files to config
+            logging.info('DAST Docker: Zap Advanced Authentication is configured')
+            logging.info('DAST Docker: Fetching Zap config files from saas')
+            Utils.fetch_zap_advance_config()
 
         #command_line = '-h '+Config.dast_target+' -maxtime 10 -o tmp/'+output_file
         #print(command_line_nikto)
@@ -255,9 +259,6 @@ def runImage(data=None,type=None):
         if Config.sast_build_dir == None:
             Config.sast_build_dir = os.getcwd()+'/'
 
-
-
-
         if data['dynamic_comment'] == 1:
             
             target_url = Config.dast_target
@@ -266,11 +267,13 @@ def runImage(data=None,type=None):
                 api_type = Config.dast_api_type
                 command_line = "% s" % command_line.format(target_url = target_url, api_type=api_type)
             elif Config.dast_auth_present == True:
-                # if Config.custom_zap_plan_present:
-                #     Config.zap_plan_config_file_name = Config.zap_plan_config_file_name
-                # else:
-                #     Config.zap_plan_config_file_name = Config.zap_plan_config_file_name+'.yaml'
-                command_line = "% s" % command_line.format(zap_plan_file = 'boman_zap_auth_plan.yaml')     
+                if Config.custom_zap_plan_present:
+                    Config.zap_plan_config_file_name = Config.zap_plan_config_file_name
+                else:
+                    Config.zap_plan_config_file_name = Config.zap_plan_config_file_name+'.yaml'
+                command_line = "% s" % command_line.format(zap_plan_file = Config.zap_plan_config_file_name) 
+            elif Config.dast_adv_auth_enabled == True:
+                command_line = "% s" % command_line.format(zap_plan_file = Config.zap_plan_config_file_name)       
             else:
                 command_line = "% s" % command_line.format(target_url = target_url)
 
@@ -290,20 +293,6 @@ def runImage(data=None,type=None):
         ## part where running dast based on the given env i.e jenkins or non jenkins
 
 
-        ### adding custom argument for zap auth
-
-
-        if Config.zap_custom_arg_present:
-            command_line = command_line + " " +  Config.zap_custom_arg
-
-
-        logging.info('DAST Docker: custom argumented added with exisitng command %s', command_line)
-        #exit(1)   
-
-
-
-
-
 
         if Config.jenkins == 'yes':
 
@@ -338,6 +327,7 @@ def runImage(data=None,type=None):
 
             try:
                 Config.build_dir = Config.sast_build_dir
+                logging.info('DAST Docker: Command for running the scan %s',command_line)
                 container= docker.containers.run(docker_image, command_line, volumes={Config.sast_build_dir: {
                    'bind': data['bind'], 'mode': 'rw'}},user=userid,detach=detach)
 
@@ -981,10 +971,9 @@ def default():
     parser.add_argument('-config','--config',default='boman.yaml',help="Pass the file name if you have any custom file name for the boman config. eg:boman-prod.yaml")
     # parser.add_argument('-custom_dast_auth_config','--custom_dast_auth_config',default=False,help="Pass True in the case of custom zap auth scan, this requires , -zap_auth_method , -zap_plan and -zap_session_script (incase of json auth method)")
     # parser.add_argument('-zap_auth_method','--zap_auth_method',default='form',help="Pass the auth method of DAST(zap) scan, supported method [form, json]. default value is form based")
-    # parser.add_argument('-zap_plan','--zap_custom_plan',default='boman_zap_auth_plan.yaml',help="Pass the file name if you have any custom zap context plan. eg:custom-zap-plan.yaml")
+    parser.add_argument('-zap_plan','--zap_custom_plan',default='boman_zap_auth_plan.yaml',help="Pass the file name if you have any custom zap context plan. eg:custom-zap-plan.yaml")
     parser.add_argument('-zap_session_script','--zap_custom_session_script',default='session_management.js',help="Pass the file name if you have any custom zap session script file name. eg:custom-script.js")
     # parser.add_argument('-uid','--user_id',default='1000:1000',help="[internal] Pass the custom userid:groupid incase the lingu detec function is failed")
-    parser.add_argument('-zap_arg','--zap_custom_arg',default=None,help="Pass the custom arguments for zap scanner")
     args = parser.parse_args()
 
     # if len(sys.args) == 1:
@@ -1037,14 +1026,14 @@ def default():
 
 
 ## custom script for zap auth scan automation
-    # if args.zap_custom_plan == 'boman_zap_auth_plan.yaml':
-    #     Config.zap_plan_config_file_name = 'boman_zap_auth_plan.yaml'
-    #     #exit(1)
-    # else:
-    #     #logging.info('custom zap contct plan option is choosen')
-    #     #Config.custom_zap_plan_present = True
-    #     Config.zap_plan_config_file_name = args.zap_custom_plan
-    #     #exit(1)
+    if args.zap_custom_plan == 'boman_zap_auth_plan.yaml':
+        Config.zap_plan_config_file_name = 'boman_zap_auth_plan.yaml'
+        #exit(1)
+    else:
+        logging.info('custom zap contct plan option is choosen')
+        Config.custom_zap_plan_present = True
+        Config.zap_plan_config_file_name = args.zap_custom_plan
+        #exit(1)
 
     ## custom script for zap auth scan automation
     if args.zap_custom_session_script == 'session_management.js':
@@ -1070,19 +1059,6 @@ def default():
     else:
         logging.error(f"Authorization Config: Failed !!!, Exit Code: 4 (Misconfiguration/Validation). The {Config.boman_config_file} file is not found and tokens were not found in cli arguments as well")
         exit(4) #validation error
-
-
-    #Zap custom arguments
-    if args.zap_custom_arg is not None:
-        Config.zap_custom_arg_present = True
-        Config.zap_custom_arg = args.zap_custom_arg
-        logging.info(f"Zap custom config: CLI has custom arguments: {Config.zap_custom_arg}")
-    else:
-        Config.zap_custom_arg_present = False
-
-
-
-
 ## auth method args validation
 
     # if args.custom_dast_auth_config == True:
@@ -1095,13 +1071,13 @@ def default():
     #             exit(4)    
 
 
-    #     if Config.zap_custom_auth_method == 'form':
-    #         if Config.custom_zap_plan_present :
-    #             Config.dast_auth_present == True
-    #             Config.custom_zap_plan_present = True
-    #         else:
-    #             logging.error('Zap auth method "form" needs plan file')
-    #             exit(4)
+        if Config.zap_custom_auth_method == 'form':
+            if Config.custom_zap_plan_present :
+                Config.dast_auth_present == True
+                Config.custom_zap_plan_present = True
+            else:
+                logging.error('Zap auth method "form" needs plan file')
+                exit(4)
     
 
 

{boman-cli-2.4.1 → boman-cli-2.4.2}/bomancli/templates/template_plan.yaml

@@ -1,139 +1,139 @@
----
-env:
-  contexts:
-    - name: "Boman Authenticated Scan"
-      urls:
-        - "https://demo.testfire.net/"
-      authentication:
-        method: "form"
-        parameters: # May include any required for scripts. All of the parameters support vars except for the port
-          loginPageUrl: "https://demo.testfire.net/login.jsp"
-          loginRequestUrl: "https://demo.testfire.net/doLogin"
-          loginRequestBody: "uid={%username%}&passw={%password%}&btnSubmit=Login"
-        verification:
-          method: "both" # String, one of 'response', 'request', 'both', 'poll'
-          loggedOutRegex: ".*Sign In.*" # String, regex pattern for determining if logged
-      sessionManagement:
-        method: ""
-        parameters:
-          script: ""
-          scriptEngine: ""
-      users: # List of one or more users available to use for authentication
-        - name: "demoadmin" # String, the name to be used by the jobs
-          credentials: # List of user credentials - may include any required for scripts
-            username: "admin" # String, the username to use when authenticating, vars supported
-            password: "admin"
-      includePaths: []
-      excludePaths: []
-      technology:
-        exclude:
-          - "C"
-          - "ASP"
-          - "IBM DB2"
-          - "PHP"
-          - "CouchDB"
-          - "XML"
-          - "Microsoft SQL Server"
-          - "JSP/Servlet"
-          - "Firebird"
-          - "MongoDB"
-          - "HypersonicSQL"
-          - "SAP MaxDB"
-          - "Ruby"
-          - "SCM"
-          - "WS"
-          - "Microsoft Access"
-          - "Sybase"
-          - "Python"
-  parameters:
-    failOnError: true
-    failOnWarning: false
-    progressToStdout: true
-  vars: {}
-jobs:
-  - parameters:
-      scanOnlyInScope: true
-      enableTags: false
-      disableAllRules: false
-    rules: []
-    name: "passiveScan-config"
-    type: "passiveScan-config"
-  - parameters:
-      context: "Demo testfire"
-      user: "demoadmin"
-      url: "https://demo.testfire.net"
-      maxDuration: 1
-      maxDepth: 2
-      maxChildren: 0
-    name: "spider"
-    type: "spider"
-    tests:
-      - onFail: "INFO"
-        statistic: "automation.spider.urls.added"
-        site: ""
-        operator: ">="
-        value: 100
-        name: "At least 100 URLs found"
-        type: "stats"
-      - name: "spider logged in" # Name of the test, optional
-        type: stats # Specifies that the test is of type 'stats'
-        statistic: "stats.auth.success" # Name of an integer / long statistic
-        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
-        value: 2 # Value to compare statistic against
-        onFail: "info"
-      - name: "spider failed" # Name of the test, optional
-        type: stats # Specifies that the test is of type 'stats'
-        statistic: "stats.auth.failure" # Name of an integer / long statisti
-        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
-        value: 2 # Value to compare statistic against
-        onFail: "info"
-  - parameters: {}
-    name: "passiveScan-wait"
-    type: "passiveScan-wait"
-  - parameters:
-      context: "Demo testfire"
-      user: "demoadmin"
-      policy: ""
-      maxRuleDurationInMins: 0
-      maxScanDurationInMins: 5
-      maxAlertsPerRule: 0
-    policyDefinition:
-      defaultStrength: "medium"
-      defaultThreshold: "medium"
-      rules: []
-    tests:
-      - name: "spider logged in" # Name of the test, optional
-        type: stats # Specifies that the test is of type 'stats'
-        statistic: "stats.auth.success" # Name of an integer / long statistic
-        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
-        value: 2 # Value to compare statistic against
-        onFail: "info"
-      - name: "spider failed" # Name of the test, optional
-        type: stats # Specifies that the test is of type 'stats'
-        statistic: "stats.auth.failure" # Name of an integer / long statisti
-        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
-        value: 2 # Value to compare statistic against
-        onFail: "info"
-    name: "activeScan"
-    type: "activeScan"
-  - parameters:
-      template: "traditional-json"
-      reportDir: ""
-      reportFile: ""
-      reportTitle: "Boman_Scanning_Report"
-      reportDescription: ""
-      displayReport: false
-    risks:
-      - "info"
-      - "low"
-      - "medium"
-      - "high"
-    confidences:
-      - "falsepositive"
-      - "low"
-      - "medium"
-      - "high"
-      - "confirmed"
-    sites: []
-    name: "report"
-    type: "report"
+---
+env:
+  contexts:
+    - name: "Boman Authenticated Scan"
+      urls:
+        - "https://demo.testfire.net/"
+      authentication:
+        method: "form"
+        parameters: # May include any required for scripts. All of the parameters support vars except for the port
+          loginPageUrl: "https://demo.testfire.net/login.jsp"
+          loginRequestUrl: "https://demo.testfire.net/doLogin"
+          loginRequestBody: "uid={%username%}&passw={%password%}&btnSubmit=Login"
+        verification:
+          method: "both" # String, one of 'response', 'request', 'both', 'poll'
+          loggedOutRegex: ".*Sign In.*" # String, regex pattern for determining if logged
+      sessionManagement:
+        method: ""
+        parameters:
+          script: ""
+          scriptEngine: ""
+      users: # List of one or more users available to use for authentication
+        - name: "demoadmin" # String, the name to be used by the jobs
+          credentials: # List of user credentials - may include any required for scripts
+            username: "admin" # String, the username to use when authenticating, vars supported
+            password: "admin"
+      includePaths: []
+      excludePaths: []
+      technology:
+        exclude:
+          - "C"
+          - "ASP"
+          - "IBM DB2"
+          - "PHP"
+          - "CouchDB"
+          - "XML"
+          - "Microsoft SQL Server"
+          - "JSP/Servlet"
+          - "Firebird"
+          - "MongoDB"
+          - "HypersonicSQL"
+          - "SAP MaxDB"
+          - "Ruby"
+          - "SCM"
+          - "WS"
+          - "Microsoft Access"
+          - "Sybase"
+          - "Python"
+  parameters:
+    failOnError: true
+    failOnWarning: false
+    progressToStdout: true
+  vars: {}
+jobs:
+  - parameters:
+      scanOnlyInScope: true
+      enableTags: false
+      disableAllRules: false
+    rules: []
+    name: "passiveScan-config"
+    type: "passiveScan-config"
+  - parameters:
+      context: "Demo testfire"
+      user: "demoadmin"
+      url: "https://demo.testfire.net"
+      maxDuration: 1
+      maxDepth: 2
+      maxChildren: 0
+    name: "spider"
+    type: "spider"
+    tests:
+      - onFail: "INFO"
+        statistic: "automation.spider.urls.added"
+        site: ""
+        operator: ">="
+        value: 100
+        name: "At least 100 URLs found"
+        type: "stats"
+      - name: "spider logged in" # Name of the test, optional
+        type: stats # Specifies that the test is of type 'stats'
+        statistic: "stats.auth.success" # Name of an integer / long statistic
+        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
+        value: 2 # Value to compare statistic against
+        onFail: "info"
+      - name: "spider failed" # Name of the test, optional
+        type: stats # Specifies that the test is of type 'stats'
+        statistic: "stats.auth.failure" # Name of an integer / long statisti
+        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
+        value: 2 # Value to compare statistic against
+        onFail: "info"
+  - parameters: {}
+    name: "passiveScan-wait"
+    type: "passiveScan-wait"
+  - parameters:
+      context: "Demo testfire"
+      user: "demoadmin"
+      policy: ""
+      maxRuleDurationInMins: 0
+      maxScanDurationInMins: 5
+      maxAlertsPerRule: 0
+    policyDefinition:
+      defaultStrength: "medium"
+      defaultThreshold: "medium"
+      rules: []
+    tests:
+      - name: "spider logged in" # Name of the test, optional
+        type: stats # Specifies that the test is of type 'stats'
+        statistic: "stats.auth.success" # Name of an integer / long statistic
+        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
+        value: 2 # Value to compare statistic against
+        onFail: "info"
+      - name: "spider failed" # Name of the test, optional
+        type: stats # Specifies that the test is of type 'stats'
+        statistic: "stats.auth.failure" # Name of an integer / long statisti
+        operator: ">=" # One of '==', '!=', '>=', '>', '<', '<='
+        value: 2 # Value to compare statistic against
+        onFail: "info"
+    name: "activeScan"
+    type: "activeScan"
+  - parameters:
+      template: "traditional-json"
+      reportDir: ""
+      reportFile: ""
+      reportTitle: "Boman_Scanning_Report"
+      reportDescription: ""
+      displayReport: false
+    risks:
+      - "info"
+      - "low"
+      - "medium"
+      - "high"
+    confidences:
+      - "falsepositive"
+      - "low"
+      - "medium"
+      - "high"
+      - "confirmed"
+    sites: []
+    name: "report"
+    type: "report"

{boman-cli-2.4.1 → boman-cli-2.4.2}/bomancli/utils.py

@@ -44,6 +44,7 @@ def checkImageAlreadyExsist(imagename):
     
     logging.info('Image is not present in the local machine')
     logging.info('Pulling the required image [%s]',imagename)
+    return 1
 
     try:
         pulled = docker.images.pull(imagename)
@@ -529,6 +530,8 @@ def fetchDASTConfigFromSaas():
 
         else:
             logging.info('No DAST Auth Config found on SaaS')
+            Config.zap_plan_config = None
+            return 0
 
 
     except requests.ConnectionError as e:
@@ -848,8 +851,99 @@ def getGitDetails():
         return {'repo':'None','branch':'None','commit_message':'None'}
 
 
+#### create a zap plan and script with advanced scan
+def download_file(url, save_path):
+    """
+    Downloads a file from the given URL and saves it to the specified path.
+
+    :param url: The URL of the file to download.
+    :param save_path: The path where the file will be saved.
+    :return: None
+    """
+    try:
+        url = url
+        response = requests.get(url, stream=True)
+        response.raise_for_status()  # Raise an error for HTTP errors
+
+        with open(save_path, 'wb') as file:
+            for chunk in response.iter_content(chunk_size=8192):
+                file.write(chunk)
+    
+        logging.info(f"File downloaded successfully and saved to {save_path}")
+        return 1
+    except requests.exceptions.RequestException as e:
+        logging.error(f"Failed to download file: {e}")
+
+
+
+### fetch zap advance auth config
+def fetch_zap_advance_config():
+    logging.info('Initiating connection with SaaS')
+    #scan_token = Config.scan_token
+    app_token = Config.app_token
+    customer_token =  Config.customer_token
+
+    url = Config.boman_url+"/api/app/advanced_zap_authentication"
+    values = {'app_token':app_token, 'customer_token':customer_token}
+    try:
+        x = requests.post(url,json=values)  
+
+
+        response = x.json()
+
+        
+
+        if response['status'] == True:
+            logging.info('Zap Advacne config: Analyzing DAST Auth config')
+        
+            ## fetching the urls
+
+            config_files = response['zap_config']['files']
+            logging.info('Config from SaaS: %s',config_files)
+            files_count = len(config_files)
+            logging.info('Zap Advance Config: Total %s file(s) uploaded in saas' )
+            logging.info('Zap Advance Config: Downloading files one by one' )
+
+            plan_file_present_in_adv_zap_config = False
+            for file in config_files:
+                logging.info('Zap Advacne Config: Fetching from %s filename %s',file['file_path'], file['file_name'])
+                download_file(file['file_path'], file['file_name'])
+                
+                
+                if file['is_plan_file']:
+                    Config.zap_plan_config_file_name = file['file_name']
+                   #Config.dast_auth_present = True
+                    Config.custom_zap_plan_present = True
+                    # with open(Config.zap_plan_config_file_name , 'r') as file:
+                    #     Config.zap_plan_config = yaml.safe_load(file)  
+                    #     print(Config.zap_plan_config)
+                    #     exit(1)  
+                    #     logging.info('Validation: SUCCESS!!! Message: Config yaml file found and parsed') 
+                        
+                    plan_file_present_in_adv_zap_config = True
+                    logging.info('Zap Advacne Config: Plan file found %s',Config.zap_plan_config_file_name)
+
+
+                
+            logging.info('Zap Advance Config: files are downloaded')
+            if plan_file_present_in_adv_zap_config == False:
+                logging.info('Zap Advance Config: Plan.yaml file not found in the server, will be unable to continue the zap advance scan')
+                logging.info('Main: Terminating the scan')
+                exit(4)
+
+
+            return 1
+
+        else:
+            logging.info('No DAST Auth Config found on SaaS')
 
 
+    except requests.ConnectionError as e:
+        
+        logging.error("Can't connect to the Server, Please check your Internet connection.")
+        logging.error(e)
+        exit(1) #server/saas error    
+
 
 def uploadLogs():
     

{boman-cli-2.4.1 → boman-cli-2.4.2}/bomancli/validation.py

@@ -354,8 +354,10 @@ def tool_configuration_validation():
                 logging.info("Tool Config: Failed!!!  exit code: 1 (Server ERROR) Message: Problem occured while authorizing the scan, Please contact boman.ai team")
                 exit(1) #server error
             try:
-                # logging.info( json_response['data'])
+                logging.info( json_response['data'])
+               
                 Config.dast_response = json_response['data']['dast']
+                logging.info(Config.dast_response)
                 Config.sast_response = json_response['data']['sast']
                 Config.sca_response = json_response['data']['sca']
                 Config.secret_scan_response = json_response['data']['secret_scan']
@@ -363,7 +365,14 @@ def tool_configuration_validation():
                 Config.scan_name = json_response['data']['scan_name']
                 Config.con_scan_response = json_response['data']['cs']
                 Config.sbom_response = json_response['data']['sbom']
-                Config.iac_scan_response = json_response['data']['iac']      
+                Config.iac_scan_response = json_response['data']['iac']  
+
+
+                # if Config.json_response['data']['advanced_zap_auth']:
+                #     Config.dast_adv_auth_enabled = True  
+                # else:
+                #     Config.dast_adv_auth_enabled = False
+
             except:
                 logging.info("Tool Config: Failed!!!  exit code: 1 (Server ERROR) Message: Problem occured while authorizing the scan, Please contact boman.ai team")
                 exit(1) ## server error  

{boman-cli-2.4.1 → boman-cli-2.4.2}/setup.cfg

@@ -1,9 +1,8 @@
 [metadata]
 environment = prod
-version = 2.4.1
+version = 2.4.2
 name = boman-cli
-saas_base_url = 
-https = //dashboard.boman.ai/
+saas_base_url = https://dashboard.boman.ai/
 
 [egg_info]
 tag_build =