Unsupported option '-config api.addrs.addr.name'. and somethings not clear in Execute ZAP session.
49 views
Skip to first unread message
Tien Dung Tran
Sep 20, 2019, 6:49:44 AM9/20/19
to ZAP Jenkins Plugin
Hi everyone,
Below is my environment:
I want to run a zap scan remotely from Jenkins. So I have one Jenkins server and one ZAP server. As a document. I have to add ZAP server as a Jenkins slave(Let naming it a ZAP-Slave), and run my build job in this slave. So I have some questions:
1. As I run the build job in this ZAP-Slave, in "Override Host", I will input localhost or ip address of the ZAP server? Currently, If I input ip address of ZAP server, i got an error :
2. Is it right to run the build job in ZAP-Slave? if so the Override Host always is "localhost", then is this option really necessary?
request to API URL http://zap/xml/core/action/shutdown/?apikey=ZAPROXY-PLUGIN from 192.168.70.79 not permitted
2. Is it right to run the build job in ZAP-Slave? if so the Override Host always is "localhost", then is this option really necessary?
3. In Run configurations/Add ZAP Command Line Arguments, I add command line option "-config api.addrs.addr.name" and "-config api.addrs.addr.regex", but seen not work, the build log said "Unsupported option '-config api.addrs.addr.name'."
4. In a build log, I got many error below, so I guess I configured something wrong, isn't it?
WARN org.parosproxy.paros.core.scanner.HostProcess - Failed to obtain the HTTP response for href [id=5, type=0, URL=https://mrbs.abc.vn]: Read timed out
Below is my environment:
- Java version in ZAP server: 1.8.0.211
- Jenkins version: 1.176.1
- ZAP version: 2.8.0 in Windows 2012.
- ZAP Jenkins Plugin version: 1.1.0
- Build log: Pls see attachment. Weird that, it not found any warning, alert cause I'm sure that my application must have some vulnerabilities.
I already research and read document about Zap but could not findout the issue.
Thanks for your support.
Regards,
Dung.
Peter Hauschulz
Sep 23, 2019, 4:02:41 AM9/23/19
to ZAP Jenkins Plugin
Hello!
If you build ZAP on a separate server, I would have it listen NOT on localhost, but the server IP.
Your screen shot is too small to actually see, but it looks like you are setting the right options, there is just some wrong syntax.
We want the final result to be:
-config api.addrs.addr.name=192.*
It shouldn't need quotes or anything like that, so i think that's why it's giving you the error, but the jenkins/plugin is a little mysterious with what it expects vs what it outputs, so play around with that a little, you're almost there!
Tran Tien Dung
Sep 24, 2019, 3:41:16 AM9/24/19
to Peter Hauschulz, ZAP Jenkins Plugin
Hi Peter,
I far as I know, the configuration -config api.addrs.addr.name=192.* is allow ZAP listen on server IP. Isn't it
Please see my picture, it would be more clear than above.
There is no quote actually, but I still got the same error message
Thanks.
--
You received this message because you are subscribed to the Google Groups "ZAP Jenkins Plugin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-jenki...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-jenkins/19380837-060a-4d39-a3e5-653cb63afb82%40googlegroups.com.
Peter Hauschulz
Sep 24, 2019, 5:38:14 AM9/24/19
to ZAP Jenkins Plugin
please show the error message for current zap.log after running this configuration
Tran Tien Dung
Sep 24, 2019, 6:00:50 AM9/24/19
to Peter Hauschulz, ZAP Jenkins Plugin
Yes, please attachment
On Tue, Sep 24, 2019 at 4:38 PM Peter Hauschulz <hauschu...@gmail.com> wrote:
please show the error message for current zap.log after running this configuration
--
You received this message because you are subscribed to the Google Groups "ZAP Jenkins Plugin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-jenki...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-jenkins/60cab634-6667-425b-9a67-a594dc590cfa%40googlegroups.com.
thc...@gmail.com
Sep 24, 2019, 6:08:02 AM9/24/19
to zaproxy...@googlegroups.com
The configuration key needs to be in the value, e.g.:
Command Line Option
-config
Command Line Value
api.addrs.addr.name=192.*
Best regards.
>> <https://groups.google.com/d/msgid/zaproxy-jenkins/60cab634-6667-425b-9a67-a594dc590cfa%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
Command Line Option
-config
Command Line Value
api.addrs.addr.name=192.*
Best regards.
>> .
>>
>
Tran Tien Dung
Sep 25, 2019, 4:31:43 AM9/25/19
to thc...@gmail.com, ZAP Jenkins Plugin
That's great, it's work now.
Thanks you.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-jenkins/c6210b5a-c7a0-5a37-faa4-6ab3a09bd0c4%40gmail.com.
Reply all
Reply to author
Forward
0 new messages