zap new session creation issue - ZAP, selenium, maven - Automation

[aad...@gmail.com]

While running the startZap goal using maven in eclipse there comes the exception for creation of new session, 

there also exists a open issue for this  - https://github.com/zaproxy/zaproxy/issues/771  

Please let me know any fix or alternate solution is available for this issue. 

This is the eclipse console output:

[INFO] --- zap-maven-plugin:1.2.1-0:seleniumAnalyze (default-cli) @ Demo ---

[INFO] Starting ZAP analysis at target: http://testapp:4444/

[ERROR] Error creating a new ZAP session.

br.com.softplan.security.zap.zaproxy.clientapi.core.ClientApiException: java.net.SocketException: Unexpected end of file from server

at br.com.softplan.security.zap.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:289)

at br.com.softplan.security.zap.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:271)

at br.com.softplan.security.zap.zaproxy.clientapi.gen.Core.newSession(Core.java:261)

at br.com.softplan.security.zap.api.SessionManager.createNewSession(SessionManager.java:32)

at br.com.softplan.security.zap.api.SessionManager.createNewSession(SessionManager.java:25)

at br.com.softplan.security.zap.api.ZapClient.analyze(ZapClient.java:55)

at br.com.softplan.security.zap.maven.SeleniumAnalyzeMojo.doExecute(SeleniumAnalyzeMojo.java:39)

at br.com.softplan.security.zap.maven.ZapMojo.execute(ZapMojo.java:290)

at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)

at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)

at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)

at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)

at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)

at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)

at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)

at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)

at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)

at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)

at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)

at org.apache.maven.cli.MavenCli.execute(MavenCli.java:862)

at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:286)

at org.apache.maven.cli.MavenCli.main(MavenCli.java:197)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)

at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)

at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)

at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)

Caused by: java.net.SocketException: Unexpected end of file from server

at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:778)

at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)

at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:775)

at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1324)

at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)

at br.com.softplan.security.zap.zaproxy.clientapi.core.ClientApi.getConnectionInputStream(ClientApi.java:296)

at br.com.softplan.security.zap.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:287)

... 29 more

[INFO] ------------------------------------------------------------------------

[INFO] BUILD FAILURE

[INFO] ------------------------------------------------------------------------

[INFO] Total time: 22.841 s

[INFO] Finished at: 2017-11-08T13:12:03+05:30

[INFO] Final Memory: 16M/243M

[INFO] ------------------------------------------------------------------------

[ERROR] Failed to execute goal br.com.softplan.security.zap:zap-maven-plugin:1.2.1-0:seleniumAnalyze (default-cli) on project Demo: Execution default-cli of goal br.com.softplan.security.zap:zap-maven-plugin:1.2.1-0:seleniumAnalyze failed: br.com.softplan.security.zap.zaproxy.clientapi.core.ClientApiException: java.net.SocketException: Unexpected end of file from server -> [Help 1]

[ERROR] 

[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.

[ERROR] Re-run Maven using the -X switch to enable full debug logging.

[ERROR] 

[ERROR] For more information about the errors and possible solutions, please read the following articles:

[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException

Configuration parameters used in pom.xml:

<configuration>

<zapHost>localhost</zapHost>

<apiKey>e7svrpp0dq9g9d8lmbkgoeoif0</apiKey>

<zapPort>8090</zapPort>

<targetUrl>http://testapp:4444/</targetUrl>

<zapPath>C:\Program Files\OWASP\Zed Attack Proxy</zapPath>

<activeScanStartingPointUrl>http://testapp:4444/</activeScanStartingPointUrl>

<newSession>true</newSession> 

<zapSleep>5000</zapSleep>

<daemon>false</daemon>

<spiderURL>true</spiderURL>

<reportsFilenameNoExtension>true</reportsFilenameNoExtension>

</configuration>

[thc...@gmail.com]

Hi.

The error shown in the log is most likely caused by wrong API key or not
an allowed source address.

Regarding the session issue, does it work correctly if you manually
delete the older session files? (assuming they are not being used)

Anyway, ZAP should not fail to create the session, we should fix that
for next release.

Best regards.

On 08/11/17 08:33, aad...@gmail.com wrote:
> While running the startZap goal using maven in eclipse there comes the
> exception for creation of new session,
> there also exists a open issue for this
> - https://github.com/zaproxy/zaproxy/issues/771
>
>
> Please let me know any fix or alternate solution is available for this
> issue.
>
>
>
>

> *This is the eclipse console output:*

> *Configuration parameters used in pom.xml:*

[aad s]

Hi, 

Removing the old sessions and re-running does not resolve the issue and am using right api key and target url. 

I have a doubt related to the API key setting on ZAP > Tools > Options > API > "Disable the API key"  

On ZAP UI I unchecked the "Disable the API key" to make sure API key is enabled. When I close the UI and restart the ZAP I saw the setting is re-enabled. 

Is this the way ZAP UI supposed to behave. 

Because while maven is running in daemon mode how to I know that setting "Disable the API key" is disabled or not?

Also, I have used  <daemon>false</daemon>  in POM.xml to disable the daemon mode. 

But when I run the maven build the console out shows that it started in daemon mode. 

Is there any specific config I should use to force disable daemon mode? So that I can see the zap flow in UI. 

Thanks,

Aadi

--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-develop/XHHP6tAHip8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-develop+unsubscribe@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/zaproxy-develop/6745885e-a43f-f22b-29a8-131489886695%40gmail.com.

For more options, visit https://groups.google.com/d/optout.

[Sravanthi Buchammagari]

Hi AAdi,

did you managed to fix this issue?

To unsubscribe from this group and all its topics, send an email to zaproxy-devel...@googlegroups.com.