reports: Allow zipping at generation#7456
Conversation
|
Great job! No new security vulnerabilities introduced in this pull requestUse @Checkmarx to interact with Checkmarx PR Assistant. |
There was a problem hiding this comment.
Pull request overview
Adds support to generate reports as a .zip archive (containing the main report file plus any template resources), exposed through the Reports add-on GUI, API, and Automation Framework job configuration.
Changes:
- Add
zip/zipReportoption plumbed through GUI dialog, API action, and automation job parameters intoReportData. - Implement ZIP creation + cleanup of original generated files in
ExtensionReports.generateReport(...), and adjust display behavior accordingly. - Add/extend unit tests and update help + changelog entries.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| addOns/reports/src/test/java/org/zaproxy/addon/reports/ReportApiUnitTest.java | Adds API unit coverage for the zip param and returned generated path. |
| addOns/reports/src/test/java/org/zaproxy/addon/reports/ExtensionReportsUnitTest.java | Adds integration-style tests validating zipped outputs and resource handling/cleanup. |
| addOns/reports/src/test/java/org/zaproxy/addon/reports/automation/ReportJobUnitTest.java | Extends automation job unit tests for zipReport parameter plumbing. |
| addOns/reports/src/main/resources/org/zaproxy/addon/reports/resources/report-max.yaml | Documents zipReport in the max example config. |
| addOns/reports/src/main/resources/org/zaproxy/addon/reports/resources/Messages.properties | Adds UI/API strings for the new zip option. |
| addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/reports.html | Documents the new GUI “Zip Report Output” behavior. |
| addOns/reports/src/main/javahelp/org/zaproxy/addon/reports/resources/help/contents/automation.html | Documents zipReport in automation job help. |
| addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportDialog.java | Adds GUI checkbox and passes value into ReportData. |
| addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportData.java | Adds zipReport flag to the report generation data model. |
| addOns/reports/src/main/java/org/zaproxy/addon/reports/ReportApi.java | Adds zip param and returns the actual generated file path. |
| addOns/reports/src/main/java/org/zaproxy/addon/reports/ExtensionReports.java | Implements zipping of generated output + cleanup and adjusts display behavior. |
| addOns/reports/src/main/java/org/zaproxy/addon/reports/automation/ReportJobDialog.java | Adds automation job dialog checkbox and persists it to parameters. |
| addOns/reports/src/main/java/org/zaproxy/addon/reports/automation/ReportJob.java | Adds zipReport parameter and propagates it into ReportData at runtime. |
| addOns/reports/CHANGELOG.md | Changelog entry for ZIP generation support. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| addDirectoryToZip(zos, resourcesSubDir, resourcesSubDir.getName() + "/"); | ||
| } | ||
| } | ||
| LOGGER.info("Report zipped to: {}", zipFile.getAbsolutePath()); |
There was a problem hiding this comment.
This was resolved without justification, I'm also wondering why we are logging as info.
There was a problem hiding this comment.
It seemed like a fair thing to log, yes a user might generate multiple reports but I wouldn't expect it to actually be "noisey"
There was a problem hiding this comment.
It's not about the noise (for me) but the need to inform the user that the report was generated in the directory they chose to?
| } else { | ||
| Desktop desktop = Desktop.getDesktop(); | ||
| desktop.open(file); | ||
| Desktop.getDesktop().open(file); |
There was a problem hiding this comment.
The options should be mutually exclusive (or simply note the display does not work for the ZIP).
| } | ||
| } | ||
|
|
||
| private void cleanupOriginalFiles(File mainFile, File resourcesSubDir) throws IOException { |
There was a problem hiding this comment.
It should zip directly to the ZIP file.
| private List<String> sections = new ArrayList<>(); | ||
| private String theme; | ||
|
|
||
| @Getter @Setter private boolean zipReport = false; |
| reportTitle: # String: The report title | ||
| reportDescription: # String: The report description | ||
| displayReport: # Boolean: Display the report when generated, default: false | ||
| zipReport: true # Boolean: Zip the report output, default: false |
| alerts. Select this check box if you do want to generate a report with | ||
| no alerts. | ||
|
|
||
| <H3>Zip Report Output</H3> |
There was a problem hiding this comment.
It should be simply "ZIP Report", that the reports have several files does not make it a report output.
| withZipWorkDir( | ||
| workDir -> { | ||
| // Given | ||
| // zipReport enabled; traditional-html-plus template with resources |
There was a problem hiding this comment.
The test case already says it (this applies to other tests).
| assertThat(Files.exists(workDir.resolve(reportFileName)), is(true)); | ||
| } | ||
|
|
||
| private static void assertZipContains(File zipFile, String... expectedEntries) |
There was a problem hiding this comment.
Why not pass the matchers and avoid duplicating?
| } | ||
| } | ||
|
|
||
| private static String reportFilePath(Path workDir, String fileName) { |
| @Test | ||
| void shouldReturnGeneratedReportPath() throws Exception { | ||
| // Given | ||
| String reportDirectory = System.getProperty("java.io.tmpdir"); |
There was a problem hiding this comment.
It should use a JUnit temp dir instead.
| () -> assertThat(response.getValue(), is(not(htmlReportPath)))); | ||
| } | ||
|
|
||
| private ReportData captureReportDataFromGenerate() throws Exception { |
kingthorin
force-pushed
the
reports-zip
branch
3 times, most recently
from
326d960 to
17a8448
Compare
|
Got all those. |
Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
Overview
Add an option in the GUI, API, and AF to allow users to ZIP the output at generation (generated resources are copied to ZIP, then removed).
Related Issues