BDD-Cucumber Migration https://github.com/continuumsecurity/bdd-security/tree/cukesecure

[Iain Macdonald]

Hi,

Firstly great work on the Client which is brilliant.

I'm really interested in integrating the ZAP API alongside our current test automation so I'm keen to understand the current status of the project using cucumber.

 https://github.com/continuumsecurity/bdd-security/tree/cukesecure

I appreciate its still a work in progress and there are obviously a few things not working.

Essentially we are just wanting to run the AppScan (app_scan.feature) tests initially then expand from there.

I keep getting an error 

net.continuumsecurity.proxy.ProxyException: org.zaproxy.clientapi.core.ClientApiException: URL Not Found in the Scan Tree

at net.continuumsecurity.proxy.ZAProxyScanner.scan(ZAProxyScanner.java:201)

at stepdefs.security.AppScanningSteps.runScanner(AppScanningSteps.java:272)

at ✽.When the scanner is run(app_scan.feature:18)

We are using the 2.4.3.jar included in the git project and running on a mac if that is relevant.

For now I have a local Tomcat deployed war of the ropeytasks website which is pointing at ropeytask in my config.xml

<baseUrl>http://localhost:8080/ropeytasks-0.1/</baseUrl> 

I keep getting the above error.. when I run the cucumber tests for Navigate App it works fine but I'm guessing its something to do with that using the spider instead i.e. spider(url);

I have looked though the documentation but the API side is lightweight :-) I'm happy to get involved in this to support when we can get things working.

Any advise or extra logs I need to include?

Thanks

Iain 

[Iain Macdonald]

[Stephen de Vries]

Hi Iain,

Yes the cucumber branch is very much a work in progress, but at least the basic scanning functionality with ZAP is working at the moment.  The trick is to run the AppScanTestSuite through JUnit instead of running the app_scan.feature

This is due to some limitations in Cucumber where they don’t support the concept of “GivenStories” ala JBehave, so we need someway to run the app_navigate.feature before running the app_scan.feature… and the only sensible option I could find was using the JUnit test runner.  If you find a more elegant solution please let me know!

There’s now a google group for BDD-Security discussion and collaboration: https://groups.google.com/forum/#!forum/bdd-security

regards,

Stephen

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.