[pull] main from zaproxy:main

docker/CHANGELOG.md

@@ -1,6 +1,9 @@
 # Changelog
 All notable changes to the docker containers will be documented in this file.
 
+### 2026-02-09
+- Added support for the delay job in the baseline
+
 ### 2026-02-04
 - Added --plan-only option to the baseline scan.
 - Fixed the directory used for the plan.

docker/tests/fixtures/baseline_plan_param_uc_d.yaml

@@ -0,0 +1,29 @@
+env:
+  contexts:
+  - name: baseline
+    urls:
+    - https://example.com/
+    excludePaths: []
+  parameters:
+    failOnError: true
+    progressToStdout: false
+jobs:
+- type: passiveScan-config
+  parameters:
+    enableTags: false
+    maxAlertsPerRule: 10
+- type: spider
+  parameters:
+    url: https://example.com/
+    maxDuration: 1
+- type: delay
+  parameters:
+    time: "5"
+- type: passiveScan-wait
+  parameters:
+    maxDuration: 0
+- type: outputSummary
+  parameters:
+    format: Long
+    summaryFile: {SUMMARY_FILE}
+  rules: []

docker/tests/test_zap_baseline_plan.py

@@ -141,13 +141,17 @@ def test_param_T(self):
         args = ["--plan-only", "-t", self.target, "-T", "10"]
         self.assert_plan_matches_fixture(args, "baseline_plan_param_uc_t.yaml")
 
+    def test_param_D(self):
+        args = ["--plan-only", "-t", self.target, "-D", "5"]
+        self.assert_plan_matches_fixture(args, "baseline_plan_param_uc_d.yaml")
+
     def test_param_z(self):
         args = ["--plan-only", "-t", self.target, "-z", "-config aaa=bbb"]
         self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_z.yaml")
 
     def test_plan_only_unsupported_option(self):
         zap_baseline = self.load_module()
-        args = ["--plan-only", "-t", self.target, "-D", "5"]
+        args = ["--plan-only", "-t", self.target, "-n", "context.context"]
 
         with tempfile.TemporaryDirectory() as home_dir:
             plan_path = os.path.join(home_dir, "zap.yaml")
@@ -165,7 +169,7 @@ def test_plan_only_unsupported_option(self):
             finally:
                 os.chdir(original_cwd)
 
-            self.assertTrue(any("-D" in message for message in log_capture.output))
+            self.assertTrue(any("-n" in message for message in log_capture.output))
             self.assertFalse(os.path.exists(plan_path))
 
     def test_plan_only_requires_mounted_workdir_in_docker(self):

docker/zap-baseline.py

@@ -123,6 +123,7 @@ def usage():
     -a
     -d
     -P
+    -D secs
     -I
     -j
     -s
@@ -140,8 +141,6 @@ def usage():
     Currently none.
 
     If any of the next set of parameters are used then the existing code will be used instead:
-
-    -D secs           need new delay/sleep job
     -i                need to support config files
     -l level          ditto
     -n context file   will need full context support in the AF
@@ -154,7 +153,7 @@ def usage():
 
     '''
 
-def generate_af_plan(yaml_file, summary_file, target, out_of_scope_dict, debug, mins, ajax, timeout,
+def generate_af_plan(yaml_file, summary_file, target, out_of_scope_dict, debug, mins, ajax, timeout, delay,
                      detailed_output, config_dict, config_msg, report_html, report_md, report_xml,
                      report_json, base_dir):
     with open(yaml_file, 'w') as yf:
@@ -188,6 +187,9 @@ def generate_af_plan(yaml_file, summary_file, target, out_of_scope_dict, debug,
         if ajax:
             jobs.append(get_af_spiderAjax(target, mins))
 
+        if delay:
+            jobs.append(get_af_delay(delay))
+
         jobs.append(get_af_pscan_wait(timeout))
         jobs.append(get_af_output_summary(('Short', 'Long')[detailed_output], summary_file, config_dict, config_msg))
 
@@ -297,7 +299,6 @@ def main(argv):
             port = int(arg)
         elif opt == '-D':
             delay = int(arg)
-            af_supported, no_af_reason = add_af_unsupported(af_supported, no_af_reason, af_unsupported_opts, '-D', 'delay')
         elif opt == '-n':
             context_file = arg
             af_supported, no_af_reason = add_af_unsupported(af_supported, no_af_reason, af_unsupported_opts, '-n', 'context')
@@ -433,7 +434,7 @@ def main(argv):
 
         print('Generating the Automation Framework plan only: zap.yaml')
 
-        generate_af_plan(yaml_file, summary_file, target, out_of_scope_dict, debug, mins, ajax, timeout,
+        generate_af_plan(yaml_file, summary_file, target, out_of_scope_dict, debug, mins, ajax, timeout, delay,
                          detailed_output, config_dict, config_msg, report_html, report_md, report_xml,
                          report_json, base_dir)
 
@@ -447,7 +448,7 @@ def main(argv):
             home_dir = str(Path.home())
             yaml_file = os.path.join(base_dir, 'zap.yaml')
             summary_file = os.path.join(home_dir, 'zap_out.json')
-            generate_af_plan(yaml_file, summary_file, target, out_of_scope_dict, debug, mins, ajax, timeout,
+            generate_af_plan(yaml_file, summary_file, target, out_of_scope_dict, debug, mins, ajax, timeout, delay,
                              detailed_output, config_dict, config_msg, report_html, report_md, report_xml,
                              report_json, base_dir)
 

docker/zap_common.py

@@ -633,6 +633,13 @@ def get_af_pscan_wait(mins):
             'maxDuration': mins}
         }
 
+def get_af_delay(time_value):
+    return {
+        'type': 'delay',
+        'parameters': {
+            'time': str(time_value)}
+        }
+
 def get_af_spider(target, mins):
     return {
         'type': 'spider',