ZAP server remote host. ZAP PATH IS MISSING, PROVIDED [ null ]
1,493 views
Skip to first unread message
sudhar99
Dec 15, 2016, 6:53:14 PM12/15/16
to ZAP Jenkins Plugin
Here is my configuration:
- Java version - jdk1.8.0_92
- Jenkins version - ver. 2.7.4
- ZAP version - D-2016-12-05
- ZAP Jenkins Plugin version -1.0.5
Here is my jenkins job console log:
HOST = [ 10.1.1.1 ] PORT = [ 8080 ] ZAP SETTINGS DIRECTORY = [ C:\ZAP\ZAP_D-2016-12-05 ] SESSION FILENAME = [ ] INTERNAL SITES = [ ] CONTEXT NAME = [ DemoApp ] INCLUDE IN CONTEXT = [ http://demo-dev/demo-app.* ]
EXCLUDE FROM CONTEXT = [ http://demo-dev/demo-app/lib-css.* ]
STARTING POINT (URL) = [ http://demo-dev/demo-app/ ]
REPORT FILENAME = [ JENKINS_ZAP_VULNERABILITY_REPORT_2 ] REPORT TITLE = [ JENKINS_ZAP_VULNERABILITY_REPORT_2 ] COMMAND LINE = OPTION : [ -installdir ] VALUE : [ %ZAPROXY_HOME% ] [ZAP Jenkins Plugin] END PRE-BUILD ENVIRONMENT VARIABLE REPLACEMENT [ZAP Jenkins Plugin] CLEAR LOGS IN SETTINGS... SETTINGS DIR [ C:\ZAP\ZAP_D-2016-12-05 ] WORKSPACE [ /apps/devtools/jenkins_home/workspace/DemoApp ]
CLEARING SETTINGS/LOGS [ZAP Jenkins Plugin] START BUILD STEP [ZAP Jenkins Plugin] PLUGIN VALIDATION (PLG), VARIABLE VALIDATION AND ENVIRONMENT INJECTOR EXPANSION (EXP) ERROR: java.lang.IllegalArgumentException: ZAP PATH IS MISSING, PROVIDED [ null ] at org.jenkinsci.plugins.zap.ZAPDriver.checkParams(ZAPDriver.java:488)
at org.jenkinsci.plugins.zap.ZAPDriver.startZAP(ZAPDriver.java:592)
at org.jenkinsci.plugins.zap.ZAPBuilder.perform(ZAPBuilder.java:281)
JordanGS
Dec 16, 2016, 12:03:41 PM12/16/16
to ZAP Jenkins Plugin
Seems like a simple problem actually, it is trying to run ZAP on the Master (linux server) rather than on the Slave (windows machine), you can tell because of the location where it has specified the workspace, which should be on the Slave rather than the Master. My first question would be, have you restricted the build to only run on the Windows Machine where ZAP is installed?
Please keep in mind that the video was meant as quick run on a master-master configuration. For guide/tutorial, please see the written how to guide.
Let me know if that works for you.
Please keep in mind that the video was meant as quick run on a master-master configuration. For guide/tutorial, please see the written how to guide.
Let me know if that works for you.
JordanGS
Dec 16, 2016, 10:40:15 PM12/16/16
to ZAP Jenkins Plugin
Also your
ZAP SETTINGS DIRECTORY = [ C:\ZAP\ZAP_D-2016-12-05 ]
is wrong,
that's the installation directory. What we're asking for is the settings directory which by default would be C:\Users\userid\OWASP ZAP_D
sudhar99
Dec 19, 2016, 5:56:44 PM12/19/16
to ZAP Jenkins Plugin
Thanks and I have firewall issues with Slave connection thru Jenkins. Once resolved, I will try and let you know if any issues. Thanks for the help.
sudhar99
Dec 27, 2016, 7:37:09 PM12/27/16
to ZAP Jenkins Plugin
Finally I was able to make progress and configured slave and triggered the job. But it ran for 60+ min but failed without any report or reason to look at it. Here is the Jenkins console log...
For the final error
For the final error
ERROR: Directory 'C:\Jenkins\workspace\ZAP-CEC\reports' exists but failed copying to '/apps/devtools/jenkins_home/jobs/ZAP-CEC/htmlreports/Last_Vulnerability_Report'.
I assume that there is nothing to be copied from slave as the /report directory was empty???
[EnvInject] - Loading node environment variables.
Building remotely on ZAP Server (ZAP) in workspace C:\Jenkins\workspace\ZAP-CEC
[ZAP Jenkins Plugin] START PRE-BUILD ENVIRONMENT VARIABLE REPLACEMENT
HOST = [ 10.xx.xx.xxx ]
PORT = [ 8080 ]
ZAP SETTINGS DIRECTORY = [ C:\Users\Public\OWASP_ZAP_D ]
SESSION FILENAME = [ ]
INTERNAL SITES = [ ]
CONTEXT NAME = [ CEC6 ]
INCLUDE IN CONTEXT = [ http://sample-dev/sample-app.* ]
EXCLUDE FROM CONTEXT = [ http://sample-dev/sample-app/lib-css.* ]
STARTING POINT (URL) = [ http://sample-dev/sample-app/ ]
REPORT FILENAME = [ JENKINS_ZAP_VULNERABILITY_REPORT_6 ]
REPORT TITLE = [ JENKINS_ZAP_VULNERABILITY_REPORT_6 ]
COMMAND LINE =
OPTION : [ -installdir ]
VALUE : [ %ZAPROXY_HOME% ]
[ZAP Jenkins Plugin] END PRE-BUILD ENVIRONMENT VARIABLE REPLACEMENT
[ZAP Jenkins Plugin] CLEAR LOGS IN SETTINGS...
SETTINGS DIR [ C:\Users\Public\OWASP_ZAP_D ]
WORKSPACE [ C:\Jenkins\workspace\ZAP-CEC ]
CLEARING SETTINGS/LOGS
[ZAP Jenkins Plugin] START BUILD STEP
[ZAP Jenkins Plugin] PLUGIN VALIDATION (PLG), VARIABLE VALIDATION AND ENVIRONMENT INJECTOR EXPANSION (EXP)
ZAP PATH = [ C:\ZAP\ZAP_D-2016-12-05 ]
(EXP) HOST = [ 10.xx.xx.xxx ]
(EXP) PORT = [ 8080 ]
(EXP) LOAD SESSION = [ C:\Jenkins\workspace\ZAP-CEC\Session.session ]
(EXP) ZAP SETTINGS DIRECTORY = [ C:\Users\Public\OWASP_ZAP_D ]
(EXP) CONTEXT NAME = [ CEC6 ]
(EXP) INCLUDE IN CONTEXT = [ http://sample-dev/sample-app.* ]
(EXP) EXCLUDE FROM CONTEXT = [ http://sample-dev/sample-app/lib-css.* ]
(EXP) STARTING POINT (URL) = [ http://sample-dev/sample-app/ ]
(EXP) REPORT FILENAME = [ JENKINS_ZAP_VULNERABILITY_REPORT_6 ]
(EXP) REPORT TITLE = [ JENKINS_ZAP_VULNERABILITY_REPORT_6 ]
[ZAP Jenkins Plugin] CONFIGURE RUN COMMANDS for [ C:\ZAP\ZAP_D-2016-12-05\zap.bat ]
[ZAP Jenkins Plugin] EXECUTE LAUNCH COMMAND
[ZAP_D-2016-12-05] $ C:\ZAP\ZAP_D-2016-12-05\zap.bat -daemon -host 10.xx.xx.xxx -port 8080 -config api.key=ZAPROXY-PLUGIN -dir C:\Users\Public\OWASP_ZAP_D -installdir %ZAPROXY_HOME%
[ZAP Jenkins Plugin] INITIALIZATION [ START ]
C:\ZAP\ZAP_D-2016-12-05>if exist "\Users\xxx\OWASP ZAP\.ZAP_JVM.properties" (set /p jvmopts= 0<"\Users\xxx\OWASP ZAP\.ZAP_JVM.properties" ) else (set jvmopts=-Xmx512m )
C:\ZAP\ZAP_D-2016-12-05>java -Xmx512m -jar C:\ZAP\ZAP_D-2016-12-05\zap-D-2016-12-05.jar -daemon -host 10.xx.xx.xxx -port 8080 -config api.key=ZAPROXY-PLUGIN -dir C:\Users\Public\OWASP_ZAP_D -installdir C:\ZAP\ZAP_D-2016-12-05
146 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP D-2016-12-05 started 27/12/16 15:11:44
176 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.key = ZAPROXY-PLUGIN was null
180 [main] INFO org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols...
180 [main] INFO org.parosproxy.paros.network.SSLConnector - Using a SSLEngine...
516 [main] INFO org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
526 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled.
843 [main] INFO hsqldb.db..ENGINE - open start - state not modified
943 [main] INFO hsqldb.db..ENGINE - dataFileCache open start
950 [main] INFO hsqldb.db..ENGINE - dataFileCache open end
1003 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions
2233 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded
2463 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Change user agent to other browsers.
2463 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect insecure or potentially malicious content in HTTP responses.
2463 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Detect and alert 'Set-cookie' attempt in HTTP response for modification.
2463 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Avoid browser cache (strip off IfModifiedSince)
2463 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log cookies sent by browser.
2463 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique GET queries into file:filter\get.xls
2463 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log unique POST queries into file: filter\post.xls
2464 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Log request and response into file: filter\message.txt
2464 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request body using defined pattern.
2464 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP request header using defined pattern.
2464 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response body using defined pattern.
2464 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Replace HTTP response header using defined pattern.
2464 [ZAP-daemon] INFO org.parosproxy.paros.extension.filter.FilterFactory - loaded filter Send ZAP session request ID
2564 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates
2569 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionViewOption
2569 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionEdit
2569 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionFilter
2569 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP
2611 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionState
2611 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionReport
2611 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHistory
2612 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields
2613 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions
2614 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encode/Decode/Hash...
2614 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses
2616 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner
2689 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
2690 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
2690 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
2690 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set
2690 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
2690 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
2690 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
2691 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
2691 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Web Browser XSS Protection Not Enabled
2691 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
2691 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Password Autocomplete in Browser
2691 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
2691 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
2691 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
2692 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header Scanner
2692 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
2692 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
2692 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
2692 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
2692 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Informations in URL
2692 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
2693 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
2693 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
2693 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
2693 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override
2693 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate Scanner
2694 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: WSDL File Passive Scanner
2706 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts
2706 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added
2711 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSequence
2711 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site
2716 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks
2716 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool
2717 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple but effective port scanner
2717 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionManualRequest
2717 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences
2718 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters
2718 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens
2720 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthentication
2736 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication]
2737 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser
2738 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only
2738 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionUserManagement
2740 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies
2740 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration
2752 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages
2753 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionForcedUser
2753 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions
2754 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools
2980 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff
2980 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionRequestPostTableView
2981 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple browser configuration
2981 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSessionManagement
2983 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management]
2984 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestFormTableView
2984 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints.
2989 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
2989 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI related functionality.
2990 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAuthorization
2990 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax
2991 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Add-on that adds a set of tools for testing access control in web applications.
2991 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs
2992 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree
2992 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.
2992 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User Guide
2992 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts
2992 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelComponentonentAll
2992 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelHexView
2993 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelImageView
2993 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeRequestView
2993 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelLargeResponseView
2993 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelRequestQueryCookieTableView
2993 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHttpPanelSyntaxHighlightTextView
2993 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active and passive rule configuration
2995 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics
2995 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats
2997 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Context alert rules filter
2999 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules
2999 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - beta
2999 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Translations of the core language files
3000 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
3001 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages.
3001 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide
3002 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links
3002 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules
3002 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - beta
3002 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start panel
3002 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveRawHttpMessage
3003 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
3003 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks
3003 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz WebSocket messages.
3188 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - Creating new root CA certificate
3848 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - New root CA certificate created
3863 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on 10.xx.xx.xxx:8080
[ZAP Jenkins Plugin] INITIALIZATION [ SUCCESSFUL ]
REQUIRED PLUGIN(S) ARE MISSING
[ZAP Jenkins Plugin] SHUTDOWN [ START ]
ERROR: Timeout after 60 minutes
[ZAP Jenkins Plugin] SHUTDOWN [ SUCCESSFUL ]
[ZAP Jenkins Plugin] LOG SEARCH...
SETTINGS DIR [ C:\Users\Public\OWASP_ZAP_D ]
WORKSPACE [ C:\Jenkins\workspace\ZAP-CEC ]
CLEARING WORKSPACE/LOGS
[ /apps/devtools/jenkins/C:/Users/Public/OWASP_ZAP_D/zap.log ] LOG HAS BEEN FOUND
COPY [zap.log] TO [C:\Jenkins\workspace\ZAP-CEC\logs\zap.log]
Build step 'Execute ZAP' marked build as failure
Archiving artifacts
[htmlpublisher] Archiving HTML reports...
[htmlpublisher] Archiving at PROJECT level C:\Jenkins\workspace\ZAP-CEC\reports to /apps/devtools/jenkins_home/jobs/ZAP-CEC/htmlreports/Last_Vulnerability_Report
ERROR: Directory 'C:\Jenkins\workspace\ZAP-CEC\reports' exists but failed copying to '/apps/devtools/jenkins_home/jobs/ZAP-CEC/htmlreports/Last_Vulnerability_Report'.
Finished: FAILURE
JordanGS
Dec 27, 2016, 11:52:05 PM12/27/16
to ZAP Jenkins Plugin
1) Looks to me like the slave went down or the master terminated it's connection.
2) Your run isn't doing anything
2) Your run isn't doing anything
- You're not running any kind of scan (spider, ajax or active scan)
- You're not creating any reports from the session
- It's even telling you that you're missing the required plugins, any other steps will NOT run until you fix the dependency issues. Follow the previously linked guides and look at them step by step. There are instructions on how to install export report plugin if you want to use it.
You're trying to archive reports but what's there to archive when you didn't create anything in the first place.
Good luck, leaving for the holidays tomorrow. Returning on the 10th of January.
sudhar99
Dec 29, 2016, 4:38:46 PM12/29/16
to ZAP Jenkins Plugin
I have followed all the instructions as per https://www.youtube.com/embed/mmHZLSffCUg and installed ZAP as a slave on a windows host with Jenkins Master (linux) and getting the attached error in the console. Don't know how to proceed with the following in the log?
[ZAP Jenkins Plugin] INITIALIZATION [ SUCCESSFUL ]
REQUIRED PLUGIN(S) ARE MISSING
[ZAP Jenkins Plugin] SHUTDOWN [ START ]
Installed all required plugins and is not scanning !!! Don't know what is missing ?
Here is the ZAP log: https://pastebin.mozilla.org/8957121
Jenkins console log: https://pastebin.mozilla.org/8957122
Java - jdk1.8.0_92
Jenkins - ver. 2.7.4
ZAP - Weekly release. Version D-2016-12-05
Official OWASP ZAP Jenkins Plugin
The Official OWASP ZAP Jenkins Plugin extends the functionality of the ZAP security tool into a CI Environment.
1.0.5
Installed additional Jenkins plugins:
HTML Publisher plugin
This plugin publishes HTML reports.
1.11
Environment Injector Plugin
This plugin makes it possible to set an environment for the builds.
1.93.1
Summary Display Plugin
This plugin show ACI reports.
1.15
sudhar99
Dec 29, 2016, 7:26:50 PM12/29/16
to ZAP Jenkins Plugin
Ok finally figured out with another thread on "REQUIRED PLUGIN(S) ARE MISSING". Looked at the actual code implementation in github and found out that I need to install "custom report" plugin on the ZAP server. After installing all is fine.
Deepu Bn
Jan 16, 2017, 12:43:37 PM1/16/17
to ZAP Jenkins Plugin
Hi Jordan,
I am also getting the same error and the ZAP path is also correct but still getting the error.
I am also getting the same error and the ZAP path is also correct but still getting the error.
[ZAP Jenkins Plugin] PLUGIN VALIDATION (PLG), VARIABLE VALIDATION AND ENVIRONMENT INJECTOR EXPANSION (EXP) ERROR: java.lang.IllegalArgumentException: ZAP PATH IS MISSING, PROVIDED [ null ] at org.jenkinsci.plugins.zap.ZAPDriver.checkParams(ZAPDriver.java:488) at org.jenkinsci.plugins.zap.ZAPDriver.startZAP(ZAPDriver.java:592) at org.jenkinsci.plugins.zap.ZAPBuilder.perform(ZAPBuilder.java:281) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:779) at hudson.model.Build$BuildExecution.build(Build.java:205) at hudson.model.Build$BuildExecution.doRun(Build.java:162) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534) at hudson.model.Run.execute(Run.java:1729) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:404)
Ajay Gauravelly
Jan 17, 2017, 9:27:33 AM1/17/17
to ZAP Jenkins Plugin
Hi Deepu
Let me know if you find a solution a.Iam finding the same issue too
JordanGS
Jan 17, 2017, 1:44:47 PM1/17/17
to ZAP Jenkins Plugin
These issues are not related, please open a new thread and include the required information to be able to help troubleshoot your issue. Thanks
JordanGS
Jan 17, 2017, 1:47:47 PM1/17/17
to ZAP Jenkins Plugin
There is no custom report plugin that ZAP Requires, only the export report plugin. ZAP Plugin and how to install them can be found here.
See the Finalize Run section and the Heading Export Report. The note saying: Required: A plugin called Export Report which can be found in ZAP > Manage Add-ons > Marketplace.
Cheers, Glad you got it working.
See the Finalize Run section and the Heading Export Report. The note saying: Required: A plugin called Export Report which can be found in ZAP > Manage Add-ons > Marketplace.
Cheers, Glad you got it working.
Reply all
Reply to author
Forward
0 new messages