Re: How to pass location of local openapi file to zap

[psiinon]

Is the file openapi.json in your cwd when you run the docker command?

Re post requests, you can use scan hooks to do anything you like, including proxying requests through ZAP.

Or you can have a look at the new Authentication Framework which allows you to easily make any arbitrary requests via ZAP: https://www.zaproxy.org/docs/automate/automation-framework/

Cheers,

Simon

On Thursday, 26 August 2021 at 12:54:50 UTC+2 adis...@gmail.com wrote:

Hi,

I want to pass a swagger file to OWASP ZAP scan. The command am using to run is "docker run -v /home/zap:/zap/wrk/:rw -t owasp/zap2docker-stable zap-api-scan.py -t openapi.json -f openapi -a -w stage_out"

Where should the openapi.json file be located?

I am getting error

"docker run -v "$(pwd):/zap/wrk/:rw" -t owasp/zap2docker-stable zap-api-scan.py -t openapi.json -f openapi -a -w stage_out

2021-08-26 10:52:00,096 Could not find custom hooks file at /home/zap/.zap_hooks.py 

2021-08-26 10:52:00,096 Target must either start with 'http://' or 'https://' or be a local file

2021-08-26 10:52:00,096 File does not exist: /zap/wrk/openapi.json"

This is the swagger file. Anything I am missing?

Also is there any other way to pass POST requests to ZAP using CLI?

Thanks

[Harish Nair]

I have seen issues when using shared directories in virtualbox. As long as it is in local file system with right permissions the command should work.

On Thursday, August 26, 2021 at 5:37:58 PM UTC+5:30 adis...@gmail.com wrote:

Yes. The file is in cwd only. Could you share a clear process of how to get this running?