Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from
3,084 views
Skip to first unread message
Ed Leonard
Jun 2, 2020, 10:05:10 AM6/2/20
to ZAP Jenkins Plugin
Hi,
ZAP is unable to connect to my windows slave and I can't figure out why. I am connecting from a Jenkins server to a Windows 2008 Server slave, and during the job the ZAP 2.9.0 lauches
a.The ip address of the windows slave is 10.20.91.249b. I didn't configure port 50211 in anything and only set 8500 in the Jenkins configuration for ZAP, So I assume that ZAP is making that assignment
c. I noticed during runs that the session data is not loaded from C:\Program Files\Jenkins_Slave\workspace\MC-Master-nightly-zap\session\zap_session.session
d. Ideas?
The Error:
Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from w2k8-64-zap.verticacorp.com/10.20.91.249:50211this makes sense because the target is "245" not "249".0.java version 1.8Jenkins 2.121.2
ZAP version: 2.9.0Jenkins OWASP ZAP Plugin 1.0.7ZAP Pipeline Plugin 1.9
OWASP ZAP Jenkins Plugin 1.1.0
Firefox 43:ZAP_HOME = %ProgramFiles(x86)%\OWASP\ZedAttackProxyZAPROXY_HOME: C:\ZAPProxyHome where I have a second installation of ZAP which could be bad, but I didn't know what to put here. Is this where the session files should be or should the session files be in the Jenkins job work space?
1. On the windows jenkins slave host the simplified zap.bat is:
java -Xmx512m -jar "C:\Program Files (x86)\OWASP\ZedAttackProxy\zap-2.9.0.jar" -installdir "C:\Program Files (x86)\OWASP\ZedAttackProxy"
2. On the windows jenkins slave host:
C:\Curl\curl-7.70.0-win64-mingw\bin>netstat -an | grep 50211
TCP 10.20.91.249:50211 10.10.10.74:50000 ESTABLISHED
3. On the linux web app host target the port isn't in use:
[root@uiCentos7vm245 ~]# netstat -an | grep 50211
[root@uiCentos7vm245 ~]#
4. The linux web app host target firewall is disabled:
[root@uiCentos7vm245 ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)
5. The linux web app host target has ssh is up and running:
[root@uiCentos7vm245 ~]# sudo systemctl status sshd
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Tue 2019-09-24 15:10:06 EDT; 8 months 8 days ago
Main PID: 784 (sshd)
CGroup: /system.slice/sshd.service
└─784 /usr/sbin/sshd -D
May 26 15:33:40 uiCentos7vm245 sshd[410925]: Accepted password for root from 10.20.91.249 port 58173 ssh2
May 27 05:40:37 uiCentos7vm245 sshd[413120]: Accepted password for root from 10.10.10.74 port 51790 ssh2
May 28 05:41:08 uiCentos7vm245 sshd[427942]: Accepted password for root from 10.10.10.74 port 52246 ssh2
May 28 14:30:39 uiCentos7vm245 sshd[441703]: Accepted password for root from 10.100.243.6 port 65297 ssh2
May 28 14:55:39 uiCentos7vm245 sshd[441764]: Accepted password for root from 10.100.243.6 port 54641 ssh2
May 29 03:03:28 uiCentos7vm245 sshd[443953]: Accepted password for root from 10.100.245.114 port 50488 ssh2
Jun 01 05:40:28 uiCentos7vm245 sshd[449292]: Accepted password for root from 10.10.10.74 port 54042 ssh2
Jun 01 14:26:37 uiCentos7vm245 sshd[463074]: Accepted password for root from 10.100.243.6 port 55392 ssh2
Jun 02 08:22:00 uiCentos7vm245 sshd[464456]: Accepted password for root from 10.100.243.6 port 50478 ssh2
Jun 02 08:26:15 uiCentos7vm245 sshd[464504]: Accepted password for root from 10.10.10.74 port 54510 ssh2
6. Should I install ZAP on the linux host?
[root@uiCentos7vm245 ~]# rpm -qa | grep ZAP
[root@uiCentos7vm245 ~]# rpm -qa | grep zap
[root@uiCentos7vm245 ~]# rpm -qa | grep Z
perl-Compress-Raw-Zlib-2.061-4.el7.x86_64
7. On the windows jenkins slave host the zap_session.session when opened showd "245" and not "249" is:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <session> <sessionId>1586777595343</sessionId> <sessionName>Untitled Session</sessionName> <sessionDesc/> </session>8. have looked all through everything that I could find on the web. If some how I missed something that is obvious please let me know.
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Full jenkins job log below:
Started by user Ed Leonard [EnvInject] - Loading node environment variables. Building remotely on w2k8-64-zap (windows_slave) in workspace C:\Program Files (x86)\Jenkins\workspace\MC-Master-nightly-zap [ZAP Jenkins Plugin] START PRE-BUILD ENVIRONMENT VARIABLE REPLACEMENT HOST = [ 10.20.91.245 ] PORT = [ 8090 ] SESSION FILENAME = [ C:\Program Files\Jenkins_Slave\workspace\MC-Master-nightly-zap\session\zap_session ] INTERNAL SITES = [ ] CONTEXT NAME = [ SecurityTest ] INCLUDE IN CONTEXT = [ https://10.20.91.245:5450/webui/* ] EXCLUDE FROM CONTEXT = [ ] STARTING POINT (URL) = [ https://10.20.91.245:5450/webui/ ] REPORT FILENAME = [ JENKINS_ZAP_VULNERABILITY_REPORT43 ] REPORT TITLE = [ zap_report ] COMMAND LINE = OPTION : [ -installdir ] VALUE : [ %ZAPROXY_HOME% ] [ZAP Jenkins Plugin] END PRE-BUILD ENVIRONMENT VARIABLE REPLACEMENT [ZAP Jenkins Plugin] CLEAR LOGS IN SETTINGS... ZAP HOME DIRECTORY [ C:\Program Files (x86)\OWASP\ZedAttackProxy ] JENKINS WORKSPACE [ C:\Program Files (x86)\Jenkins\workspace\MC-Master-nightly-zap ] CLEARING ZAP HOME DIRECTORY/LOGS [ZAP Jenkins Plugin] START PRE-BUILD STEP [ZAP Jenkins Plugin] PLUGIN VALIDATION (PLG), VARIABLE VALIDATION AND ENVIRONMENT INJECTOR EXPANSION (EXP) ZAP INSTALLATION DIRECTORY = [ C:\Program Files (x86)\OWASP\ZedAttackProxy ] (EXP) HOST = [ 10.20.91.245 ] (EXP) PORT = [ 8090 ] (EXP) SESSION FILENAME = [ C:\Program Files\Jenkins_Slave\workspace\MC-Master-nightly-zap\session\zap_session ] (EXP) CONTEXT NAME = [ SecurityTest ] (EXP) INCLUDE IN CONTEXT = [ https://10.20.91.245:5450/webui/* ] (EXP) EXCLUDE FROM CONTEXT = [ ] (EXP) STARTING POINT (URL) = [ https://10.20.91.245:5450/webui/ ] (EXP) REPORT FILENAME = [ JENKINS_ZAP_VULNERABILITY_REPORT43 ] (EXP) REPORT TITLE = [ zap_report ] [ZAP Jenkins Plugin] CONFIGURE RUN COMMANDS for [ C:\Program Files (x86)\OWASP\ZedAttackProxy\zap.bat ] [ZAP Jenkins Plugin] EXECUTE LAUNCH COMMAND [ZedAttackProxy] $ "C:\Program Files (x86)\OWASP\ZedAttackProxy\zap.bat" -daemon -host 10.20.91.245 -port 8090 -config api.key=ZAPROXY-PLUGIN -dir "C:\Program Files (x86)\OWASP\ZedAttackProxy" -installdir %ZAPROXY_HOME% [ZAP Jenkins Plugin] INITIALIZATION [ START ] C:\Program Files (x86)\OWASP\ZedAttackProxy>REM if exist "\Users\Administrator\OWASP ZAP\.ZAP_JVM.properties" ( C:\Program Files (x86)\OWASP\ZedAttackProxy>REM ZAP_HOME = C:\Program Files (x86)\OWASP\ZedAttackProxy C:\Program Files (x86)\OWASP\ZedAttackProxy>REM ZAPROXY_HOME = C:\ZAPProxyHome C:\Program Files (x86)\OWASP\ZedAttackProxy>if exist "\Users\Administrator\OWASP ZAP\.ZAP_JVM.properties" (set /p jvmopts= 0<"\Users\Administrator\OWASP ZAP\.ZAP_JVM.properties" ) else (set jvmopts=-Xmx512m ) C:\Program Files (x86)\OWASP\ZedAttackProxy>REM java -Xmx512m -jar "C:\Program Files (x86)\OWASP\ZedAttackProxy\zap-2.9.0.jar" -daemon -host 10.20.91.245 -port 8090 -config api.key=ZAPROXY-PLUGIN -dir "C:\Program Files (x86)\OWASP\ZedAttackProxy" -installdir C:\Program Files (x86)\OWASP\ZedAttackProxy C:\Program Files (x86)\OWASP\ZedAttackProxy>REM java -Xmx512m -jar "C:\Program Files (x86)\OWASP\ZedAttackProxy\zap-2.9.0.jar" -installdir "C:\Program Files\OWASP\Zed Attack Proxy" -daemon -host 10.20.91.245 -port 8090 -config api.key=ZAPROXY-PLUGIN -dir "C:\Program Files (x86)\OWASP\ZedAttackProxy" -installdir C:\Program Files (x86)\OWASP\ZedAttackProxy C:\Program Files (x86)\OWASP\ZedAttackProxy>REM java -Xmx512m -jar "C:\Program Files (x86)\OWASP\ZedAttackProxy\zap-2.9.0.jar" -installdir "C:\Program Files\OWASP\Zed Attack Proxy" C:\Program Files (x86)\OWASP\ZedAttackProxy>REM java -Xmx1024m -jar "C:\Program Files (x86)\OWASP\ZedAttackProxy\zap-2.9.0.jar" -installdir "C:\Program Files (x86)\OWASP\ZedAttackProxy" C:\Program Files (x86)\OWASP\ZedAttackProxy>java -Xmx512m -jar "C:\Program Files (x86)\OWASP\ZedAttackProxy\zap-2.9.0.jar" -installdir "C:\Program Files (x86)\OWASP\ZedAttackProxy" 0 [main] INFO org.zaproxy.zap.GuiBootstrap - OWASP ZAP 2.9.0 started 02/06/20 08:10:58 with home C:\Users\Administrator\OWASP ZAP\ 203 [AWT-EventQueue-0] INFO org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols... 203 [AWT-EventQueue-0] INFO org.parosproxy.paros.network.SSLConnector - Using a SSLEngine... 260 [AWT-EventQueue-0] INFO org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2] 276 [AWT-EventQueue-0] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled. 1181 [AWT-EventQueue-0] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start 1197 [AWT-EventQueue-0] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end 1610 [AWT-EventQueue-0] INFO org.parosproxy.paros.view.View - Initialising View 3488 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions 5212 [ZAP-BootstrapGUI] WARN org.zaproxy.zap.control.BaseZapAddOnXmlData - No status specified for context Alert Filters, defaulting to "alpha". Add-ons should declare its status in the manifest. 5448 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=alertFilters, version=10.0.0], [id=ascanrules, version=35.0.0], [id=bruteforce, version=9.0.0], [id=commonlib, version=1.0.0], [id=custompayloads, version=0.9.0], [id=diff, version=10.0.0], [id=directorylistv1, version=4.0.0], [id=exportreport, version=6.0.0], [id=fuzz, version=12.0.0], [id=gettingStarted, version=11.0.0], [id=help, version=10.0.0], [id=hud, version=0.10.0], [id=importurls, version=7.0.0], [id=invoke, version=10.0.0], [id=onlineMenu, version=7.0.0], [id=openapi, version=15.0.0], [id=pscanrules, version=29.0.0], [id=quickstart, version=28.0.0], [id=replacer, version=8.0.0], [id=reveal, version=3.0.0], [id=saverawmessage, version=5.0.0], [id=savexmlmessage, version=0.1.0], [id=scripts, version=26.0.0], [id=selenium, version=15.2.0], [id=spiderAjax, version=23.1.0], [id=tips, version=7.0.0], [id=webdriverwindows, version=18.0.0], [id=websocket, version=21.0.0], [id=zest, version=32.0.0]] 5744 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded 6674 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates 6799 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension 7087 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension 7097 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP 7189 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session State Extension 7191 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Extension 7219 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension 7629 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields 7654 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions 7899 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encode/Decode/Hash... 7929 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses 8024 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner 8107 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules 8108 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule 8108 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure 8108 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens 8109 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set 8109 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch 8110 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP Scanner 8110 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing 8111 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag 8112 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie 8113 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without SameSite Attribute 8113 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag 8114 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration 8115 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion 8116 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages 8117 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL 8118 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header 8119 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments 8120 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method 8121 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState 8122 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content 8123 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure 8124 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite 8125 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure 8126 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found 8127 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate Scanner 8127 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header Scanner 8128 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing 8129 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak 8130 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header Scanner 8131 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) 8187 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts 8332 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added 8531 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site 8663 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks 8683 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool 8753 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Manual Request Editor Extension 8754 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences 8759 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters 8788 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens 8808 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authentication Extension 8833 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication] 8842 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser 8897 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only 8903 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Users Extension 8907 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies 8936 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration 9008 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages 9634 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced User Extension 9647 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions 9691 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language from Mozilla specifically designed to be used in security tools 10104 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff 10115 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Post Table View Extension 10139 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session Management Extension 10157 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management] 10168 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Form Table View Extension 10235 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints. 10635 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to import a file containing URLs which ZAP will access, adding them to the Sites tree 10644 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI related functionality. 10646 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authorization Extension 10650 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax 10765 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser. 10791 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Manages the local proxy configurations 10927 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs 10960 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree 10976 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User Guide 11240 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a URL suitable for calling from target sites 11445 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts 11500 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Combined HTTP Panels Extension 11586 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Hex View Extension 11660 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Image View Extension 11670 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Large Request View Extension 11689 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Large Response View Extension 11704 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Query Table View Extension 11747 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension 11895 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus. 11914 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active and passive rule configuration 11931 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics 11944 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats 11946 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide 11954 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links 11967 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to spider and import OpenAPI (Swagger) definitions 11994 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Easy way to replace strings in requests and responses 12013 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveRawHttpMessage 12024 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveXMLHttpMessage 12032 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks 12036 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz WebSocket messages. 12042 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Context alert rules filter 12059 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules 12063 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Ability to add, edit or remove payloads that are used i.e. by active scanners 12083 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionExportReport 12087 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations. 12098 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages. 12184 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Heads Up Display 12256 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUDlaunch 12261 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules 12264 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides support for custom payloads in scan rules. 12273 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds the Quick Start panel for scanning and exploring applications 12320 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Add the option to use the Ajax Spider in the Quick Start scan 12342 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP 12345 [ZAP-BootstrapGUI] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP 12599 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.callback.ExtensionCallback - Started callback server on 0.0.0.0:60733 12602 [ZAP-BootstrapGUI] INFO org.zaproxy.zap.extension.keyboard.ExtensionKeyboard - Initializing keyboard shortcuts 13262 [AWT-EventQueue-0] INFO org.parosproxy.paros.control.Control - New Session 13290 [AWT-EventQueue-0] INFO org.parosproxy.paros.control.Control - Create and Open Untitled Db 13305 [AWT-EventQueue-0] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start 13307 [AWT-EventQueue-0] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit end 13314 [AWT-EventQueue-0] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - Database closed 13589 [AWT-EventQueue-0] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start 13591 [AWT-EventQueue-0] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end ERROR: java.net.ConnectException: Connection refused: connect at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method) at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) at java.net.AbstractPlainSocketImpl.connect(Unknown Source) at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at org.jenkinsci.plugins.zap.ZAPDriver.waitForSuccessfulConnectionToZap(ZAPDriver.java:746) at org.jenkinsci.plugins.zap.ZAPDriver.access$100(ZAPDriver.java:112) at org.jenkinsci.plugins.zap.ZAPDriver$WaitZAPDriverInitCallable.invoke(ZAPDriver.java:2710) at org.jenkinsci.plugins.zap.ZAPDriver$WaitZAPDriverInitCallable.invoke(ZAPDriver.java:2696) at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913) at hudson.remoting.UserRequest.perform(UserRequest.java:212) at hudson.remoting.UserRequest.perform(UserRequest.java:54) at hudson.remoting.Request$2.run(Request.java:369) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) at java.lang.Thread.run(Unknown Source) ERROR: Unable to connect to ZAP's proxy after 60 seconds. at org.jenkinsci.plugins.zap.ZAPDriver.waitForSuccessfulConnectionToZap(ZAPDriver.java:767) at org.jenkinsci.plugins.zap.ZAPDriver.access$100(ZAPDriver.java:112) at org.jenkinsci.plugins.zap.ZAPDriver$WaitZAPDriverInitCallable.invoke(ZAPDriver.java:2710) at org.jenkinsci.plugins.zap.ZAPDriver$WaitZAPDriverInitCallable.invoke(ZAPDriver.java:2696) at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913) at hudson.remoting.UserRequest.perform(UserRequest.java:212) at hudson.remoting.UserRequest.perform(UserRequest.java:54) at hudson.remoting.Request$2.run(Request.java:369) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) at java.lang.Thread.run(Unknown Source) Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from w2k8-64-zap.verticacorp.com/10.20.91.249:50211 at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1741) at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357) at hudson.remoting.Channel.call(Channel.java:955) at hudson.FilePath.act(FilePath.java:1036) at hudson.FilePath.act(FilePath.java:1025) at org.jenkinsci.plugins.zap.ZAPDriver.startZAP(ZAPDriver.java:659) at org.jenkinsci.plugins.zap.ZAPBuilder.prebuild(ZAPBuilder.java:255) at hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:798) at hudson.model.AbstractBuild$AbstractBuildExecution.preBuild(AbstractBuild.java:793) at hudson.model.Build$BuildExecution.doRun(Build.java:143) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504) at com.tikal.jenkins.plugins.multijob.MultiJobBuild$MultiJobRunnerImpl.run(MultiJobBuild.java:148) at hudson.model.Run.execute(Run.java:1798) at com.tikal.jenkins.plugins.multijob.MultiJobBuild.run(MultiJobBuild.java:76) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:429) Archiving artifacts [htmlpublisher] Archiving HTML reports... [htmlpublisher] Archiving at PROJECT level C:\Program Files (x86)\Jenkins\workspace\MC-Master-nightly-zap\reports to /home/jenkins/.jenkins/jobs/MC-Master-nightly-zap/htmlreports/HTML_20Report ERROR: Specified HTML directory 'C:\Program Files (x86)\Jenkins\workspace\MC-Master-nightly-zap\reports' does not exist. Finished: FAILURE
/////////////////////////////////////////////////////////////////////////////////////
full jenkins job config
<com.tikal.jenkins.plugins.multijob.MultiJobProject plugin="jenkins-mul...@1.31"><actions/><description>10.20.91.245 is the ip address of the jenkins slave (w2k8-64-zap) that runs the job. 8500 is the firefox port on the jenkins slave w2k8-64-zap. slave work space C:\Program Files\Jenkins_Slave\workspace\MC-Master-nightly-zap session file: C:\Program Files\Jenkins_Slave\workspace\MC-Master-nightly-zap\zap_session</description><keepDependencies>false</keepDependencies><properties><hudson.plugins.buildblocker.BuildBlockerProperty plugin="build-bloc...@1.7.3"><useBuildBlocker>false</useBuildBlocker><blockLevel>GLOBAL</blockLevel><scanQueueFor>DISABLED</scanQueueFor><blockingJobs/></hudson.plugins.buildblocker.BuildBlockerProperty><jenkins.model.BuildDiscarderProperty><strategy class="hudson.tasks.LogRotator"><daysToKeep>360</daysToKeep><numToKeep>600</numToKeep><artifactDaysToKeep>-1</artifactDaysToKeep><artifactNumToKeep>-1</artifactNumToKeep></strategy></jenkins.model.BuildDiscarderProperty><com.sonyericsson.rebuild.RebuildSettings plugin="reb...@1.29"><autoRebuild>false</autoRebuild><rebuildDisabled>false</rebuildDisabled></com.sonyericsson.rebuild.RebuildSettings></properties><scm class="hudson.scm.NullSCM"/><assignedNode>w2k8-64-zap</assignedNode><canRoam>false</canRoam><disabled>false</disabled><blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding><blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding><triggers/><concurrentBuild>false</concurrentBuild><builders><hudson.tasks.BatchFile><command>DEL /F /Q /S "C:\Users\Administrator\OWASP ZAP\session\*"</command></hudson.tasks.BatchFile><org.jenkinsci.plugins.zap.ZAPBuilder plugin="z...@1.1.0"><startZAPFirst>true</startZAPFirst><zaproxy><startZAPFirst>true</startZAPFirst><zapHost>10.20.91.245</zapHost><zapPort>8500</zapPort><evaluatedZapPort>0</evaluatedZapPort><cmdLinesZAP><org.jenkinsci.plugins.zap.ZAPCmdLine><cmdLineOption>-installdir</cmdLineOption><cmdLineValue>%ZAPROXY_HOME%</cmdLineValue></org.jenkinsci.plugins.zap.ZAPCmdLine></cmdLinesZAP><jdk>InheritFromJob</jdk><toolUsed>Default</toolUsed><zapHome>ZAPROXY_HOME</zapHome><timeout>60</timeout><autoInstall>false</autoInstall><zapSettingsDir>C:\Program Files (x86)\OWASP\ZedAttackProxy</zapSettingsDir><autoLoadSession>false</autoLoadSession><loadSession/><sessionFilename>C:\Program Files\Jenkins_Slave\workspace\MC-Master-nightly-zap\session\zap_session</sessionFilename><removeExternalSites>false</removeExternalSites><internalSites/><contextName>SecurityTest</contextName><excludedURL/><alertFilters/><authMode>true</authMode><username>fred</username><password>fredfred</password><loggedInIndicator>\\Q<a href="j_spring_security_logout" id="logout">Log out</a>\\E</loggedInIndicator><loggedOutIndicator>\\Q<input id="username">\\E</loggedOutIndicator><authMethod>FORM_BASED</authMethod><usernameParameter>username</usernameParameter><passwordParameter>password</passwordParameter><extraPostData/><authScript/><authScriptParams/><spiderScanURL>true</spiderScanURL><spiderScanRecurse>true</spiderScanRecurse><spiderScanSubtreeOnly>false</spiderScanSubtreeOnly><spiderScanMaxChildrenToCrawl>0</spiderScanMaxChildrenToCrawl><ajaxSpiderURL>false</ajaxSpiderURL><ajaxSpiderInScopeOnly>true</ajaxSpiderInScopeOnly><activeScanURL>false</activeScanURL><activeScanRecurse>true</activeScanRecurse><activeScanPolicy/><generateReports>true</generateReports><deleteReports>false</deleteReports><reportFilename>JENKINS_ZAP_VULNERABILITY_REPORT${BUILD_ID}</reportFilename><selectedReportMethod>EXPORT_REPORT</selectedReportMethod><selectedReportFormats><string>html</string></selectedReportFormats><selectedExportFormats><string>xhtml</string></selectedExportFormats><exportreportTitle>zap_report</exportreportTitle><exportreportBy>MC QA</exportreportBy><exportreportFor>Vertica</exportreportFor><exportreportScanDate>`date +'%y.%m.%d %H:%M:%S'`</exportreportScanDate><exportreportReportDate>`date +'%y.%m.%d %H:%M:%S'`</exportreportReportDate><exportreportScanVersion>1.0</exportreportScanVersion><exportreportReportVersion>1.0</exportreportReportVersion><exportreportReportDescription>Zap tool security testing report C:\Program Files (x86)\Jenkins\jobs\zap\htmlreports\ZAP_Security_Report</exportreportReportDescription><exportreportAlertHigh>true</exportreportAlertHigh><exportreportAlertMedium>true</exportreportAlertMedium><exportreportAlertLow>true</exportreportAlertLow><exportreportAlertInformational>true</exportreportAlertInformational><exportreportCWEID>true</exportreportCWEID><exportreportWASCID>true</exportreportWASCID><exportreportDescription>true</exportreportDescription><exportreportOtherInfo>true</exportreportOtherInfo><exportreportSolution>true</exportreportSolution><exportreportReference>true</exportreportReference><exportreportRequestHeader>true</exportreportRequestHeader><exportreportResponseHeader>true</exportreportResponseHeader><exportreportRequestBody>true</exportreportRequestBody><exportreportResponseBody>true</exportreportResponseBody><jiraCreate>false</jiraCreate><jiraBaseURL/><jiraUsername/><jiraPassword/><jiraProjectKey/><jiraAssignee/><jiraAlertHigh>false</jiraAlertHigh><jiraAlertMedium>false</jiraAlertMedium><jiraAlertLow>false</jiraAlertLow><jiraFilterIssuesByResourceType>false</jiraFilterIssuesByResourceType></zaproxy><zapHost>10.20.91.245</zapHost><zapPort>8500</zapPort></org.jenkinsci.plugins.zap.ZAPBuilder><hudson.tasks.Shell><command>echo "ZAPROXY_HOME" echo $ZAPROXY_HOME</command></hudson.tasks.Shell></builders><publishers><hudson.tasks.ArtifactArchiver><artifacts>logs/*, reports/*</artifacts><allowEmptyArchive>false</allowEmptyArchive><onlyIfSuccessful>false</onlyIfSuccessful><fingerprint>false</fingerprint><defaultExcludes>true</defaultExcludes><caseSensitive>true</caseSensitive></hudson.tasks.ArtifactArchiver><htmlpublisher.HtmlPublisher plugin="htmlpu...@1.17"><reportTargets><htmlpublisher.HtmlPublisherTarget><reportName>HTML Report</reportName><reportDir>reports/</reportDir><reportFiles>JENKINS_ZAP_VULNERABILITY_REPORT${BUILD_ID}.xhtml</reportFiles><alwaysLinkToLastBuild>false</alwaysLinkToLastBuild><reportTitles>Jenkins ZAP Report</reportTitles><keepAll>false</keepAll><allowMissing>false</allowMissing><includes>**/*</includes><escapeUnderscores>true</escapeUnderscores></htmlpublisher.HtmlPublisherTarget></reportTargets></htmlpublisher.HtmlPublisher></publishers><buildWrappers><hudson.plugins.build__timeout.BuildTimeoutWrapper plugin="build-...@1.19"><strategy class="hudson.plugins.build_timeout.impl.AbsoluteTimeOutStrategy"><timeoutMinutes>30</timeoutMinutes></strategy><operationList/></hudson.plugins.build__timeout.BuildTimeoutWrapper></buildWrappers><pollSubjobs>false</pollSubjobs></com.tikal.jenkins.plugins.multijob.MultiJobProject>
Reply all
Reply to author
Forward
0 new messages