Merge pull request #7079 from psiinon/selenium/custom_browsers

Author: kingthorin

addOns/domxss/src/test/java/org/zaproxy/zap/extension/domxss/DomXssScanRuleUnitTest.java

@@ -33,22 +33,19 @@
 import io.github.bonigarcia.wdm.WebDriverManager;
 import java.io.IOException;
 import java.util.List;
-import java.util.Locale;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.stream.Stream;
 import org.hamcrest.Matchers;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.mockito.ArgumentMatchers;
 import org.mockito.quality.Strictness;
-import org.parosproxy.paros.Constant;
 import org.parosproxy.paros.control.Control;
 import org.parosproxy.paros.core.scanner.Alert;
 import org.parosproxy.paros.core.scanner.Plugin.AttackStrength;
@@ -63,11 +60,11 @@
 import org.zaproxy.addon.network.ExtensionNetwork;
 import org.zaproxy.zap.extension.ascan.VariantFactory;
 import org.zaproxy.zap.extension.selenium.Browser;
+import org.zaproxy.zap.extension.selenium.ExtensionSelenium;
 import org.zaproxy.zap.extension.selenium.SeleniumOptions;
 import org.zaproxy.zap.model.Context;
 import org.zaproxy.zap.testutils.ActiveScannerTestUtils;
 import org.zaproxy.zap.testutils.NanoServerHandler;
-import org.zaproxy.zap.utils.I18N;
 import org.zaproxy.zap.utils.ZapXmlConfiguration;
 
 class DomXssScanRuleUnitTest extends ActiveScannerTestUtils<DomXssScanRule> {
@@ -79,30 +76,10 @@ class DomXssScanRuleUnitTest extends ActiveScannerTestUtils<DomXssScanRule> {
 
     @BeforeAll
     static void setupAll() {
-        Constant.messages = new I18N(Locale.ROOT);
         WebDriverManager.firefoxdriver().setup();
         WebDriverManager.chromedriver().setup();
     }
 
-    @BeforeEach
-    void setupEach() {
-        model = mock(Model.class, withSettings().strictness(Strictness.LENIENT));
-        Model.setSingletonForTesting(model);
-        given(model.getVariantFactory()).willReturn(new VariantFactory());
-        given(model.getOptionsParam()).willReturn(new OptionsParam());
-        extensionNetwork = new ExtensionNetwork();
-        extensionNetwork.initModel(model);
-        Control.initSingletonForTesting(model, mock(ExtensionLoader.class));
-        extensionNetwork.init();
-        extensionNetwork.hook(new ExtensionHook(model, null));
-
-        model.getOptionsParam().load(new ZapXmlConfiguration());
-        model.getOptionsParam().addParamSet(new SeleniumOptions());
-
-        session = new Session(model);
-        given(model.getSession()).willReturn(session);
-    }
-
     @AfterEach
     void tearDown() {
         rule.setTimeFinished();
@@ -122,6 +99,32 @@ static void tidyUp() {
 
     @Override
     protected DomXssScanRule createScanner() {
+        // Setup here so that the commonScanRuleTests get initialised correctly as well
+
+        mockMessages(new ExtensionDomXSS(), new ExtensionSelenium());
+        model = mock(Model.class, withSettings().strictness(Strictness.LENIENT));
+        Model.setSingletonForTesting(model);
+        given(model.getVariantFactory()).willReturn(new VariantFactory());
+        given(model.getOptionsParam()).willReturn(new OptionsParam());
+        extensionNetwork = new ExtensionNetwork();
+        extensionNetwork.initModel(model);
+        ExtensionLoader extensionLoader =
+                mock(ExtensionLoader.class, withSettings().strictness(Strictness.LENIENT));
+        Control.initSingletonForTesting(model, extensionLoader);
+
+        ExtensionSelenium extensionSelenium = new ExtensionSelenium();
+        given(extensionLoader.getExtension(ExtensionSelenium.class)).willReturn(extensionSelenium);
+        extensionSelenium.init();
+
+        extensionNetwork.init();
+        extensionNetwork.hook(new ExtensionHook(model, null));
+
+        model.getOptionsParam().load(new ZapXmlConfiguration());
+        model.getOptionsParam().addParamSet(new SeleniumOptions());
+
+        session = new Session(model);
+        given(model.getSession()).willReturn(session);
+
         DomXssScanRule.extensionNetwork = extensionNetwork;
         return new DomXssScanRule();
     }

addOns/selenium/CHANGELOG.md

@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## Unreleased
 ### Changed
 - Update Selenium to version 4.40.0.
+### Removed
+- Support for IE and disabled Safari.
 
 ## [15.43.0] - 2025-12-15
 ### Changed

addOns/selenium/src/main/java/org/zaproxy/zap/extension/selenium/CustomBrowser.java

@@ -0,0 +1,40 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2026 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.zap.extension.selenium;
+
+import java.util.List;
+import lombok.Builder;
+import lombok.Getter;
+
+@Getter
+@Builder
+/**
+ * A browser added by a user or another ZAP add-on.
+ *
+ * @since 15.44.0
+ */
+public class CustomBrowser {
+
+    private final String name;
+    private final String driverPath;
+    private final String binaryPath;
+    private final List<String> arguments;
+    private final String browserType;
+}

addOns/selenium/src/main/java/org/zaproxy/zap/extension/selenium/DriverConfiguration.java

@@ -0,0 +1,57 @@
+/*
+ * Zed Attack Proxy (ZAP) and its related class files.
+ *
+ * ZAP is an HTTP/HTTPS proxy for assessing web application security.
+ *
+ * Copyright 2026 The ZAP Development Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.zaproxy.zap.extension.selenium;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.function.Consumer;
+import lombok.Builder;
+import lombok.Getter;
+import org.openqa.selenium.MutableCapabilities;
+
+/**
+ * Configuration for obtaining a WebDriver.
+ *
+ * <p>Allows specifying requester, proxy, browser extensions, and optional capability customisation.
+ */
+@Builder
+@Getter
+public class DriverConfiguration {
+
+    /** Underlying browser/driver type for driver creation. */
+    public enum DriverType {
+        CHROMIUM,
+        EDGE,
+        FIREFOX,
+        HTML_UNIT,
+        SAFARI
+    }
+
+    private final int requester;
+    private final String proxyAddress;
+    private final int proxyPort;
+    private final boolean enableExtensions;
+    private final Consumer<MutableCapabilities> consumer;
+    private final DriverType type;
+    @Builder.Default private final boolean headless = false;
+    @Builder.Default private final String binaryPath = null;
+    @Builder.Default private final String driverPath = "";
+    @Builder.Default private final List<String> arguments = Collections.emptyList();
+}