AjaxSpider Warning

[Александр Богомолов]

Hi again=)

When did authorized scan finally work (https://groups.google.com/g/zaproxy-jenkins/c/O1YukZ0ICck), I foung next trouble: 

WARNING: An illegal reflective access operation has occurred

WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$2 (file:/zap/./plugin/spiderAjax-release-23.4.0.zap) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)

WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$2

WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations

WARNING: All illegal access operations will be denied in a future release

1623854569699 geckodriver INFO Listening on 127.0.0.1:10248

1623854569895 mozrunner::runner INFO Running command: "/usr/lib/firefox/firefox" "--marionette" "-headless" "-foreground" "-no-remote" "-profile" "/tmp/rust_mozprofilefq2ERR"

*** You are running in headless mode.

[GFX1-]: glxtest: libpci missing

[GFX1-]: glxtest: libEGL missing

[GFX1-]: glxtest: libEGL missing

1623854570516 Marionette INFO Marionette enabled

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

console.warn: SearchSettings: "get: No settings file exists, new profile?" (new NotFoundError("Could not open the file at /tmp/rust_mozprofilefq2ERR/search.json.mozlz4", (void 0)))

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

console.error: Region.jsm: "Error fetching region" (new TypeError("NetworkError when attempting to fetch resource.", ""))

console.error: Region.jsm: "Failed to fetch region" (new Error("NO_RESULT", "resource://gre/modules/Region.jsm", 419))

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

1623854572523 Marionette INFO Listening on port 43625

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

1623854572635 Marionette WARN TLS certificate errors will be ignored for this session

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

<...>

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

1623854603051 Marionette INFO Stopped listening on port 43625

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

Total of 12 URLs

PASS: Vulnerable JS Library [10003]

PASS: Cookie No HttpOnly Flag [10010]

PASS: Cookie Without Secure Flag [10011]

PASS: Cross-Domain JavaScript Source File Inclusion [10017]

PASS: Content-Type Header Missing [10019]

<lalala>

FAIL-NEW: 0 FAIL-INPROG: 0 WARN-NEW: 4 WARN-INPROG: 0 INFO: 0 IGNORE: 0 PASS: 49

It looks partially ok, but Warnings and "[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt" expressions bother me

I found this: https://groups.google.com/g/zaproxy-users/c/IKeOz2CKUpM/m/h5KmRFhwAAAJ, but there are no answer - is it normal, or I missing something again? 

Thank you all for help!

[Александр Богомолов]

And when I start zap-full-scan.py, I had seen this:

1623856475272 Marionette INFO Stopped listening on port 46067

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost

[Fatal Error] :1:3: The markup in the document preceding the root element must be well-formed.

[Fatal Error] :1:3: The markup in the document preceding the root element must be well-formed.

1623856519187 geckodriver INFO Listening on 127.0.0.1:9113

1623856519189 geckodriver INFO Listening on 127.0.0.1:16087

1623856519201 mozrunner::runner INFO Running command: "/usr/lib/firefox/firefox" "--marionette" "-headless" "-foreground" "-no-remote" "-profile" "/tmp/rust_mozprofileO2UDcv"

1623856519201 mozrunner::runner INFO Running command: "/usr/lib/firefox/firefox" "--marionette" "-headless" "-foreground" "-no-remote" "-profile" "/tmp/rust_mozprofileQxxNzs"

*** You are running in headless mode.

*** You are running in headless mode.

[GFX1-]: glxtest: libpci missing

[GFX1-]: glxtest: libEGL missing

[GFX1-]: glxtest: libEGL missing

[GFX1-]: glxtest: libpci missing

[GFX1-]: glxtest: libEGL missing

[GFX1-]: glxtest: libEGL missing

1623856519548 Marionette INFO Marionette enabled

1623856519551 Marionette INFO Marionette enabled

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

console.warn: SearchSettings: "get: No settings file exists, new profile?" (new NotFoundError("Could not open the file at /tmp/rust_mozprofileQxxNzs/search.json.mozlz4", (void 0)))

console.error: Region.jsm: "Error fetching region" (new TypeError("NetworkError when attempting to fetch resource.", ""))

console.error: Region.jsm: "Failed to fetch region" (new Error("NO_RESULT", "resource://gre/modules/Region.jsm", 419))

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

console.warn: SearchSettings: "get: No settings file exists, new profile?" (new NotFoundError("Could not open the file at /tmp/rust_mozprofileO2UDcv/search.json.mozlz4", (void 0)))

console.error: Region.jsm: "Error fetching region" (new TypeError("NetworkError when attempting to fetch resource.", ""))

console.error: Region.jsm: "Failed to fetch region" (new Error("NO_RESULT", "resource://gre/modules/Region.jsm", 419))

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

1623856521516 Marionette INFO Listening on port 41875

1623856521518 Marionette INFO Listening on port 46735

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

1623856521559 Marionette WARN TLS certificate errors will be ignored for this session

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

1623856521634 Marionette WARN TLS certificate errors will be ignored for this session

[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt

среда, 16 июня 2021 г. в 18:00:03 UTC+3, Александр Богомолов:

[thc...@gmail.com]

Those errors are "normal" they will not cause any problem though. Most
of them are printed by Firefox, e.g.:
https://bugzilla.mozilla.org/show_bug.cgi?id=1716303

The full scan also uses Firefox (DOM XSS scan rule).

Best regards.

[Александр Богомолов]

Ok. Thanks.

среда, 16 июня 2021 г. в 18:35:52 UTC+3, thc202: