Reg. ZAP Addons causing issue in Automation framework
257 views
Skip to first unread message
Yogesh
Dec 16, 2021, 6:54:30 AM12/16/21
to OWASP ZAP Developer Group
Hi team,
We are using ZAP Automation framework to check the vulnerabilities in our api's, And we are using some add-ons to scan the api's, It was working till 13th December, 2021.
But post that, the below mentioned addons are not working and when these addons are specified in the plan.yaml file, the active scan job fails to run, The same yaml was working till Monday
ADDONS ARE
- domxss
- automation
- ascanrulesAlpha
- ascanrulesBeta
psiinon
Dec 16, 2021, 7:01:13 AM12/16/21
to OWASP ZAP Developer Group
Hiya,
Are there any errors in the zap.log file?
Cheers,
Simon
Yogesh
Dec 16, 2021, 11:30:22 AM12/16/21
to OWASP ZAP Developer Group
Hi,
No, we haven't enabled the flag updateAddOns and we are following this document to disable the flag, We are able to see that Job addOns started statement and addons getting installed in the cmd line but once the addons get installed, it is getting terminated and the next job is not running, Regarding logs, zap.log file is not generated while we run the zap through cmd line.
Thanks,
Yogesh
Yogesh
Dec 17, 2021, 1:39:40 AM12/17/21
to OWASP ZAP Developer Group
Hi,
We are getting the below error in the cmd line, for the mentioned addons
Failed to find Add-on: domxss
Failed to find Add-on: automation
Failed to find Add-on: ascanrulesAlpha
Failed to find Add-on: ascanrulesBeta
Failed to find Add-on: domxss
Failed to find Add-on: automation
Failed to find Add-on: ascanrulesAlpha
Failed to find Add-on: ascanrulesBeta
Thanks
psiinon
Dec 17, 2021, 4:01:14 AM12/17/21
to OWASP ZAP Developer Group
Thats strange.
Which version of ZAP are you using and how are have you installed it?
Can you share the commands you are using to set up your ZAP environment?
Cheers,
Simon
Yogesh
Dec 17, 2021, 5:20:14 AM12/17/21
to OWASP ZAP Developer Group
Hi,
The issue is happening only with the addon "automation" , If we remove this particular addon, then active scan is getting started or else it will get terminated after the addon installing job itself. The ZAP version that we are using is latest which should be 2.11.1 and we are using the below docker command to get the ZAP installed in CI
docker container run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap.sh -cmd -autorun /zap/wrk/Desktop/plan.yaml -config replacer.full_list\(0\).description=authorization \
-config replacer.full_list\(0\).enabled=true \
-config replacer.full_list\(0\).matchtype=REQ_HEADER \
-config replacer.full_list\(0\).matchstr=" " \
-config replacer.full_list\(0\).regex=false \
-config replacer.full_list\(0\).replacement=" "
docker container run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap.sh -cmd -autorun /zap/wrk/Desktop/plan.yaml -config replacer.full_list\(0\).description=authorization \
-config replacer.full_list\(0\).enabled=true \
-config replacer.full_list\(0\).matchtype=REQ_HEADER \
-config replacer.full_list\(0\).matchstr=" " \
-config replacer.full_list\(0\).regex=false \
-config replacer.full_list\(0\).replacement=" "
We tried with some particular versions also, but it is not working for us
And the error mentioned in the previous message is coming with the lower ZAP version which is 2.10.0 (Sorry for that)
And the error mentioned in the previous message is coming with the lower ZAP version which is 2.10.0 (Sorry for that)
Reply all
Reply to author
Forward
0 new messages