Unrecognised activescan rule for Automation framework
132 views
Skip to first unread message
Kenneth Kiang
Jun 14, 2023, 2:44:53 PM6/14/23
to OWASP ZAP User Group
Hi. I am trying to use ZAP API scan with the automation framework inside a docker container. I am building on the zap2docker-bare image, and
I am running the scan using the set of rules found in https://github.com/zaproxy/zaproxy/blob/main/docker/policies/API-Minimal.policy to replicate an API scan.
I have also installed the relevant addons to run the API scan (ascanrulesAlpha, ascanrulesBeta, pscanrulesAlpha and pscanrulesBeta) inside the container with the -addonupdate and -addoninstall options.
However, most of the rules triggered the warning:
"Unrecognised active scan rule id for job activeScan: <rule-id>"
except for rules 50000, 90026 and 90029. So only 3 rules are actually being used for the scan and I can't find a solution for this.
Thank you in advance
I am running the scan using the set of rules found in https://github.com/zaproxy/zaproxy/blob/main/docker/policies/API-Minimal.policy to replicate an API scan.
I have also installed the relevant addons to run the API scan (ascanrulesAlpha, ascanrulesBeta, pscanrulesAlpha and pscanrulesBeta) inside the container with the -addonupdate and -addoninstall options.
However, most of the rules triggered the warning:
"Unrecognised active scan rule id for job activeScan: <rule-id>"
except for rules 50000, 90026 and 90029. So only 3 rules are actually being used for the scan and I can't find a solution for this.
Thank you in advance
psiinon
Jun 15, 2023, 4:47:56 AM6/15/23
to zaprox...@googlegroups.com
Can you share the command you are using to run ZAP and the AF plan (replacing any sensitive information of course).
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/80ce7a37-f37f-4802-83ad-a910f3be6e97n%40googlegroups.com.
--
OWASP ZAP Project leader
Kenneth Kiang
Jun 15, 2023, 5:48:41 AM6/15/23
to OWASP ZAP User Group
Hi Simon,
Thanks for the reply, I managed to solve it already. Turns out the issue was because i attempted to install the addons and run the automation framework in the same line (-addoninstall and -autorun), which resulted in this weird behavior. I solved it by splitting the two options into separate lines, eg.
/zap/zap.sh -cmd -addonupdate -addoninstall...
/zap/zap.sh -cmd -autorun zap.yaml
which resolved the issue.
Best regards,
Kenneth
Thanks for the reply, I managed to solve it already. Turns out the issue was because i attempted to install the addons and run the automation framework in the same line (-addoninstall and -autorun), which resulted in this weird behavior. I solved it by splitting the two options into separate lines, eg.
/zap/zap.sh -cmd -addonupdate -addoninstall...
/zap/zap.sh -cmd -autorun zap.yaml
which resolved the issue.
Best regards,
Kenneth
psiinon
Jun 15, 2023, 5:54:47 AM6/15/23
to zaprox...@googlegroups.com
Thanks for letting us know!
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/37a505b1-1e27-4af4-9a4d-9352aa8644aen%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages