running Ajax spider inside docker container
210 views
Skip to first unread message
ACHRAF
Jul 5, 2023, 9:57:11 AM7/5/23
to OWASP ZAP User Group
hi
i found problem running ajax spider inside docker container
here is the error in my pipeline
i found problem running ajax spider inside docker container
here is the error in my pipeline
i use this dockerfile to build my image
# syntax=docker/dockerfile:1
# This dockerfile builds the zap bare release
FROM --platform=linux/amd64 debian:bullseye-slim AS builder
RUN apt-get update && apt-get install -q -y --fix-missing --option=Dpkg::Options::=--force-confdef \
wget \
curl \
openjdk-11-jdk \
xmlstarlet \
unzip && \
rm -rf /var/lib/apt/lists/*
WORKDIR /zap
# Download and expand the latest weekly release
RUN curl -L -o "ZAP_WEEKLY_D-2023-06-19.zip" "https://objects.githubusercontent.com/github-production-release-asset-2e65be/36817565/ec376eb5-3150-4b65-9921-e487df8c6bb9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230623%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230623T091438Z&X-Amz-Expires=300&X-Amz-Signature=70038c5cb8dbce612d0dc746ee50332133ca5904a04f8e66a93918f0f0794116&X-Amz-SignedHeaders=host&actor_id=78373576&key_id=0&repo_id=36817565&response-content-disposition=attachment%3B%20filename%3DZAP_WEEKLY_D-2023-06-19.zip&response-content-type=application%2Foctet-stream" && \
unzip *.zip && \
rm *.zip && \
mv ZAP*/* . && \
rm -R ZAP*
# Update add-ons
RUN ./zap.sh -cmd -silent -addonupdate
# Copy them to installation directory
RUN cp /root/.ZAP_D/plugin/*.zap plugin/ || :
FROM eclipse-temurin:11-jre-jammy AS final
RUN apt-get update && apt-get install -q -y --fix-missing \
wget \
gnupg \
curl && \
rm -rf /var/lib/apt/lists/*
RUN curl -fsSL https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /usr/share/keyrings/google-archive-keyring.gpg && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-archive-keyring.gpg] https://dl.google.com/linux/chrome/deb/ stable main" | tee > /etc/apt/sources.list.d/google-chrome.list && \
apt-get update && apt-get install -y --fix-missing google-chrome-stable && \
rm -rf /var/lib/apt/lists/*
USER root
RUN /usr/sbin/adduser --uid 1000 --home /home/zap --shell /bin/bash --disabled-password --gecos "" zap
WORKDIR /zap
COPY --from=builder --chown=1000:1000 /zap .
COPY --chown=1000:1000 policies /home/zap/.ZAP_D/policies/
RUN echo "zap2docker-bare" > /zap/container
#Change to the zap user so things get done as the right person (apart from copy)
USER zap
ENV PATH $JAVA_HOME/bin:/zap/:$PATH
ENV ZAP_PATH /zap/zap.sh
ENV HOME /home/zap/
ENV ZAP_PORT 8080
HEALTHCHECK CMD curl --silent --output /dev/null --fail http://localhost:$ZAP_PORT/ || exit 1
my automation plan is like
- parameters:
context: "https://example.com"
user: ""
url: "https://example.com"
maxDuration: 1
maxCrawlDepth: 10
numberOfBrowsers: 1
browserId: "chrome-headless"
maxCrawlStates: 0
eventWait: 1000
reloadWait: 1000
clickDefaultElems: false
clickElemsOnce: true
randomInputs: true
inScopeOnly: false
runOnlyIfModern: false
elements:
- "a"
- "button"
- "td"
- "span"
- "div"
- "tr"
- "ol"
- "li"
- "radio"
- "form"
- "select"
- "input"
- "option"
- "img"
- "p"
- "abbr"
- "address"
- "area"
- "article"
- "aside"
- "audio"
- "canvas"
- "details"
- "footer"
- "header"
- "label"
- "nav"
- "section"
- "summary"
- "table"
- "textarea"
- "th"
- "ul"
- "video"
name: "spiderAjax"
type: "spiderAjax"
# syntax=docker/dockerfile:1
# This dockerfile builds the zap bare release
FROM --platform=linux/amd64 debian:bullseye-slim AS builder
RUN apt-get update && apt-get install -q -y --fix-missing --option=Dpkg::Options::=--force-confdef \
wget \
curl \
openjdk-11-jdk \
xmlstarlet \
unzip && \
rm -rf /var/lib/apt/lists/*
WORKDIR /zap
# Download and expand the latest weekly release
RUN curl -L -o "ZAP_WEEKLY_D-2023-06-19.zip" "https://objects.githubusercontent.com/github-production-release-asset-2e65be/36817565/ec376eb5-3150-4b65-9921-e487df8c6bb9?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230623%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230623T091438Z&X-Amz-Expires=300&X-Amz-Signature=70038c5cb8dbce612d0dc746ee50332133ca5904a04f8e66a93918f0f0794116&X-Amz-SignedHeaders=host&actor_id=78373576&key_id=0&repo_id=36817565&response-content-disposition=attachment%3B%20filename%3DZAP_WEEKLY_D-2023-06-19.zip&response-content-type=application%2Foctet-stream" && \
unzip *.zip && \
rm *.zip && \
mv ZAP*/* . && \
rm -R ZAP*
# Update add-ons
RUN ./zap.sh -cmd -silent -addonupdate
# Copy them to installation directory
RUN cp /root/.ZAP_D/plugin/*.zap plugin/ || :
FROM eclipse-temurin:11-jre-jammy AS final
RUN apt-get update && apt-get install -q -y --fix-missing \
wget \
gnupg \
curl && \
rm -rf /var/lib/apt/lists/*
RUN curl -fsSL https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /usr/share/keyrings/google-archive-keyring.gpg && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-archive-keyring.gpg] https://dl.google.com/linux/chrome/deb/ stable main" | tee > /etc/apt/sources.list.d/google-chrome.list && \
apt-get update && apt-get install -y --fix-missing google-chrome-stable && \
rm -rf /var/lib/apt/lists/*
USER root
RUN /usr/sbin/adduser --uid 1000 --home /home/zap --shell /bin/bash --disabled-password --gecos "" zap
WORKDIR /zap
COPY --from=builder --chown=1000:1000 /zap .
COPY --chown=1000:1000 policies /home/zap/.ZAP_D/policies/
RUN echo "zap2docker-bare" > /zap/container
#Change to the zap user so things get done as the right person (apart from copy)
USER zap
ENV PATH $JAVA_HOME/bin:/zap/:$PATH
ENV ZAP_PATH /zap/zap.sh
ENV HOME /home/zap/
ENV ZAP_PORT 8080
HEALTHCHECK CMD curl --silent --output /dev/null --fail http://localhost:$ZAP_PORT/ || exit 1
my automation plan is like
- parameters:
context: "https://example.com"
user: ""
url: "https://example.com"
maxDuration: 1
maxCrawlDepth: 10
numberOfBrowsers: 1
browserId: "chrome-headless"
maxCrawlStates: 0
eventWait: 1000
reloadWait: 1000
clickDefaultElems: false
clickElemsOnce: true
randomInputs: true
inScopeOnly: false
runOnlyIfModern: false
elements:
- "a"
- "button"
- "td"
- "span"
- "div"
- "tr"
- "ol"
- "li"
- "radio"
- "form"
- "select"
- "input"
- "option"
- "img"
- "p"
- "abbr"
- "address"
- "area"
- "article"
- "aside"
- "audio"
- "canvas"
- "details"
- "footer"
- "header"
- "label"
- "nav"
- "section"
- "summary"
- "table"
- "textarea"
- "th"
- "ul"
- "video"
name: "spiderAjax"
type: "spiderAjax"
psiinon
Jul 5, 2023, 10:23:41 AM7/5/23
to zaprox...@googlegroups.com
Does the AJAX Spider find as many URLs as you expect?
The error messages look like they are coming from Chrome, in which case you can ignore them (unless you are aware of any other problems).
The most recent version of the ZAP Selenium add-on no longer shows browser error messages in the output.
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/57563971-5ac5-46d3-bc98-730aadbc99b3n%40googlegroups.com.
--
OWASP ZAP Project leader
Reply all
Reply to author
Forward
0 new messages