JSONDecodeError ZAP API Python

[Samruddhi B]

Hi!

I am getting JSONDecodeError error while calling ZAP APIs with python implementation

(zapv2). The API calls seem to be failing due to change in zap base value with recent changes in kubernetes pod setup. ZAP API calls with http request are working fine. If we try to change zap base value to different one it fails due to the condition here . 

Traceback (most recent call last):

File "/usr/local/lib/python3.8/site-packages/requests/models.py", line 971, in json

return complexjson.loads(self.text, **kwargs)

File "/usr/lib64/python3.8/json/__init__.py", line 357, in loads

return _default_decoder.decode(s)

File "/usr/lib64/python3.8/json/decoder.py", line 337, in decode

obj, end = self.raw_decode(s, idx=_w(s, 0).end())

File "/usr/lib64/python3.8/json/decoder.py", line 355, in raw_decode

raise JSONDecodeError("Expecting value", s, err.value) from None

json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File "./scanner/ZAP_scan.py", line 1117, in <module>

main()

File "./scanner/ZAP_scan.py", line 1102, in main

zap_scan.scan()

File "./scanner/ZAP_scan.py", line 769, in scan

session_file = self.loadSessions(local_session_file)

File "./scanner/ZAP_scan.py", line 739, in loadSessions

returnresult = self.zap._request(self.zap.base + 'context/view/context/', {'contextName': contextname})

File "/usr/local/lib/python3.8/site-packages/zapv2/__init__.py", line 203, in _request

return data.json()

File "/usr/local/lib/python3.8/site-packages/requests/models.py", line 975, in json

raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)

requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

[Simon Bennetts]

Can you dump out the actual response?

If its as a result of a change to your environment then we'll struggle to reproduce it.

Cheers,

Simon

[sb99...@gmail.com]

The response for _request_api method is blank with 502 bad gateway status code. Also if we try to make http request to  http://zap/JSON/context/view/context/ endpoint, it fails with Failed to establish a new connection: [Errno -2] Name or service not known error.  We aren't able to figure out what kubernetes change caused it, to be able to reproduce on local. 

Thanks!

[Simon Bennetts]

Weird.

Check the zap.log file: https://www.zaproxy.org/faq/somethings-not-working-what-should-i-do/#check-the-log-file

If theres nothing relevant in there then I suspect the request isnt making it to ZAP.

Cheers,

Simon

[sb99...@gmail.com]

Yes, that's the conclusion so far, the request isn't making it to ZAP. Can we edit ZAP base value and try to make it work? Editing zap base value fails here - https://github.com/zaproxy/zap-api-python/blob/eed75004dcca46cf569d9f49037bd5d26502a336/src/zapv2/__init__.py#L167

Thanks!

[Simon Bennetts]

No need to edit any code, just use a tool like curl to make direct requests to ZAP.

You can then try as many variations as you like.

Cheers,

Simon

[sb99...@gmail.com]

Yup, we kept the curl as a option to resolve this issue. Just wanted to check if there is quicker way to resolve. We have a setup for ZAP API python which uses zap base to make API calls.

Thanks!

[Simon Bennetts]

I would have thought the quickest option would be to try to see if you can get curl to work.

If you can then we can work out how to make the equivalent changes to the ZAP python API.

You dont need to switch to using curl all of the time, just use it for debugging.

Cheers,

Simon

[sb99...@gmail.com]

Yes, tried the curl option already and it works fine. So for example, this one works - http://<hostname>:8080/JSON/context/view/context/?apikey=<apikey>

Thanks!

[sb99...@gmail.com]

Hi Simon!

I was able to change our code to use curl calls instead of ZAP python API.  The scans completed but throwing significant I/O errors. Any insight on these? 

[ZAP-IO-Server-1-19666] ERROR org.zaproxy.zap.extension.ascan.ActiveScan - java.sql.SQLNonTransientConnectionException: connection exception: closed

org.parosproxy.paros.db.DatabaseException: java.sql.SQLNonTransientConnectionException: connection exception: closed

Thanks