Zest + Automation framework
242 views
Skip to first unread message
Chait
Mar 31, 2022, 10:37:43 PM3/31/22
to OWASP ZAP User Group
Hello,
Does the AF support Zest authentication scrips via docker? I ran the AF Yaml with --script option and it threw the following error and exited.
The error is as follows: The provided Authentication script (test.zst) does not implement the required interface.
Simon Bennetts
Apr 1, 2022, 4:13:22 AM4/1/22
to OWASP ZAP User Group
Yes it should do.
However there could be a bug somewhere.
Does you Zest authentication script work correctly when use in ZAP outside of the AF?
Cheers,
Simon
Chait
Apr 1, 2022, 4:22:38 AM4/1/22
to OWASP ZAP User Group
Hello Simon,
It does. I recorded zest script, then ran the script and checked the zest results. Its working that way. I then, load it into context and using the same context in AF file. I am using --script flag while running the docker command using stable version.
Someone else had similar issue few days ago: https://groups.google.com/g/zaproxy-users/c/5WXY3gYXw8o/m/J0oS5V-2AQAJ
Simon Bennetts
Apr 1, 2022, 4:28:41 AM4/1/22
to OWASP ZAP User Group
What do you mean by "using the --script flag"?
You should just need to define the authentication script in the environment: https://www.zaproxy.org/docs/desktop/addons/automation-framework/environment/
Can you share the command line you are using and the AF plan, removing any sensitive information of course.
Cheers,
Simon
Chait
Apr 2, 2022, 4:54:33 PM4/2/22
to OWASP ZAP User Group
Hello Simon,
I attached the AF plan and here is the command I ran:
sudo docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap.sh -cmd -autorun /zap/wrk/Example.yaml
Here is the error message:
Unexpected error accessing file /zap/wrk/Example.yaml : The provided Authentication script (Example-Zest.zst) does not implement the required interface. Please take a look at the provided templates for examples. - see log for details.
Unexpected error accessing file /zap/wrk/Example.yaml : The provided Authentication script (Example-Zest.zst) does not implement the required interface. Please take a look at the provided templates for examples. - see log for details.
Note: The Zest script is in the same directory as AF Yaml file and the volume is mounted.
Thanks
psiinon
Apr 21, 2022, 10:16:30 AM4/21/22
to zaprox...@googlegroups.com
Just started looking into this in detail, sorry for the delay.
I've created a context with Zest authentication and it works fine for me, so in principal it works. Practice may be very different of course.
Can you try using this live or weekly docker image?
My current best guess is that the stable image is using an older version of the Automation Framework which does not support authentication scripts.
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/4a2dc14c-8a18-466a-a406-e1dd922ea637n%40googlegroups.com.
--
OWASP ZAP Project leader
Reply all
Reply to author
Forward
0 new messages