feat: add ZAP package

[noahfraiture]

This is a remake of #390, I though it was ok but wrong branch and unsigned, it was thus easier to remake a new branch. Sorry for the wait, I didn't notice the requirement for the sign on the commit

Description

This PR add Zed Attack Proxy as requested in this #381 .

---

This is my first PR here and I did not succeed to test. When trying to exegol install local I got stuck at [*] Step 14/24 : RUN ./entrypoint.sh package_base
It should work since the PR is very small but if someone can confirm before a merge, it would be great

[qu35t-code]

Hi @noahfraiture,

Thanks for taking the time to suggest this addition !

[qu35t-code]

Last modifications and all should be good !

[qu35t-code]

Also, can you clean the /tmp dir ? rm -rf /tmp/ZAP_${zap_version} and rm /tmp/zap.tar.gz

[noahfraiture]

Yep done

[qu35t-code]

Last changes ! :)

[noahfraiture]

I'm not sure to understand the situation, there's a lot of adding and removing tag. What is missing ?

[qu35t-code]

Yes sorry @noahfraiture,

You need to fix shellcheck : https://github.com/ThePorgs/Exegol-images/actions/runs/11748831843/job/32733856505

[qu35t-code]

Thx @gbe ❤️

[gbe]

I think this PR should be reworked a bit. It does not make sense to parse with a regexep the zaproxy website and then download a file from github.

The regexep may fail over time if the website changes.

Instead, I suggest that the version number be obtained directly from Github:

curl --silent https://api.github.com/repos/zaproxy/zaproxy/releases/latest | jq --raw-output '.tag_name'
v2.15.0

Same thing for getting the name or the url, just parse the json:

$ curl --silent https://api.github.com/repos/zaproxy/zaproxy/releases/latest | jq --raw-output '.assets[].name'
bom.json
ZAP_2.15.0.dmg
ZAP_2.15.0_aarch64.dmg
ZAP_2.15.0_Core.zip
ZAP_2.15.0_Crossplatform.zip
ZAP_2.15.0_Linux.tar.gz
ZAP_2_15_0_unix.sh
ZAP_2_15_0_windows-x32.exe
ZAP_2_15_0_windows.exe
                                                                                                                                                                                              
$ curl --silent https://api.github.com/repos/zaproxy/zaproxy/releases/latest | jq --raw-output '.assets[].browser_download_url'    
https://github.com/zaproxy/zaproxy/releases/download/v2.15.0/bom.json
https://github.com/zaproxy/zaproxy/releases/download/v2.15.0/ZAP_2.15.0.dmg
https://github.com/zaproxy/zaproxy/releases/download/v2.15.0/ZAP_2.15.0_aarch64.dmg
https://github.com/zaproxy/zaproxy/releases/download/v2.15.0/ZAP_2.15.0_Core.zip
https://github.com/zaproxy/zaproxy/releases/download/v2.15.0/ZAP_2.15.0_Crossplatform.zip
https://github.com/zaproxy/zaproxy/releases/download/v2.15.0/ZAP_2.15.0_Linux.tar.gz
https://github.com/zaproxy/zaproxy/releases/download/v2.15.0/ZAP_2_15_0_unix.sh
https://github.com/zaproxy/zaproxy/releases/download/v2.15.0/ZAP_2_15_0_windows-x32.exe
https://github.com/zaproxy/zaproxy/releases/download/v2.15.0/ZAP_2_15_0_windows.exe

As you only want the Linux version, filter with jq.

I advise you do something similar to the installation of Bloodhound-CE while keeping in mind that it's better to find out about an issue when building the image than at the runtime. Therefore you should add more checks on your outputs.

[qu35t-code]

Sorry for the number of changes @noahfraiture, we do our best and gbe's remark makes more sense, indeed.

[noahfraiture]

I made the requested changes. I take the name of the version from the url with a regex to avoid multiple curl call.

[noahfraiture]

Hello, what's the problem blocking the merge ?

[ShutdownRepo]

Hello, what's the problem blocking the merge ?

probably nothing, I've simply been swamped lately 😅
I've seen another similar PR, #417, what do you think we should do in your opinion?

[noahfraiture]

Hello, what's the problem blocking the merge ?

probably nothing, I've simply been swamped lately 😅 I've seen another similar PR, #417, what do you think we should do in your opinion?

Well if this PR is finally good after the dozens of changes requested, I don't why it shouldn't be merged. But actually as long as the feature is merged, there's no problem.
If the other PR is better because the code is better, let's merge it, if it's because there's less discussion, I don't think it's a valid point.
Also because of the context in which I made this PR, it would be good for me to have a least a PR done, but it can be another one the future, much cleaner I hope. I'm sorry for the very bad quality of this PR in the beginning.