Global Variable Zest Script

[pp]

Hello! I am new to zap and I am trying to do an active scan for a Rest API. The authentication the API uses includes JWT token so  so far I have created a Zest authentication script that extracts the token from the authentication request response and puts it in a variable name called userToken. Next I am trying to set userToken as a global variable (as I need to use it for requests in a ZEST sequence script) using Zest Action 'Global Variable - Set' so I enter 'Global Variable' as globalToken and 'Value' as {{userToken}} but when I am trying to print something like 'here is {{globalToken}}' nothing is being printed so I believe that the global variable is not set. Is there something I am doing wrong??Many thanks in advance for your help.

[Simon Bennetts]

Hiya,

It is only Zest variables that use the {{var}} format.

In order to access a global variable from Zest you need to assign it to a Zest variable using the "Assign variable to Global Variable" Assignment statment.

You will then be able to access its value by the name you gave the Zest variable.

FYI I am finally going to record some tutorials on Zest, so keep an eye out on these groups for those :)

Cheers,

Simon

[polly petrelli]

Hi Simon,

Thanks so much for your help and for planning to record tutorials for Zest script, that would be really helpful. I tried to use "Assign variable to Global Variable"  statement and I set it up like below, where userToken is the extracted from my response token value.But when I am using the print statement 

But when I am using the print statement to check the value of the globalToken

I just get globalToken printed. Not sure what I am missing

Thanks,

Polly

--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/9V2SsssHo7M/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/8c6b9182-12a1-46c9-b90d-6a2c8f3bad13n%40googlegroups.com.

[Simon Bennetts]

"globalToken" is just a string, which is why it is printed out like that.

You want to print out the Zest variable that you've assigned the global variable to, so {{userToken}}

Does that make sense?

[polly petrelli]

Hi Simon,

Yes that makes sense. Is there any way I can print/check what value globalToken has for debugging purposes?

Thanks,

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/bc8d0e40-2f80-4591-b599-abe320d86e6en%40googlegroups.com.

[Simon Bennetts]

In Zest only once you have assigned it to a Zest variable, you can then just print that out using a Print action.

Global variables are essentially outside of Zest - they are a way of exchanging values between Zest and the tool in which it is running, eg ZAP.

You can of course print it out in another non Zest script of course - that will work too :)

[PP]

Thanks!That was really helpful!I managed to solve my issue.