ZAP CLI --cmd Questions
130 views
Skip to first unread message
joao reigota
Sep 21, 2022, 4:50:27 AM9/21/22
to OWASP ZAP User Group
Hi everyone,
I have some questions on running the ZAP CLI with the --cmd option that hopefully, someone can help me with
1. When running a scan, the results are only generated at the end of the scan, is it possible to have partial results in the eventuality the scan fails? For example, let's say I am running a scan that fails halfway through, is there a way where I can get the results that were found until that moment?
2. I believe the last version of the reports plugin made the json-plus report stop working, I have sent the configuration file as an attachment, it is good to notice it was working before and suddenly it stopped, I think it has to do with the latest release of the reports that made it break. Can someone please check to see if you have the same issue or if I am doing something wrong?
3. While running the ZAP we got some descriptions that were a little bit strange, for example for the policy "Timestamp Disclosure - Unix" we got the description "0000000017, which evaluates to: 1970-01-01 00:00:1", this description is not clear on what is the problem, and also we found that some policies do not have any description at all.
Thank you,
João Reigota
I have some questions on running the ZAP CLI with the --cmd option that hopefully, someone can help me with
1. When running a scan, the results are only generated at the end of the scan, is it possible to have partial results in the eventuality the scan fails? For example, let's say I am running a scan that fails halfway through, is there a way where I can get the results that were found until that moment?
2. I believe the last version of the reports plugin made the json-plus report stop working, I have sent the configuration file as an attachment, it is good to notice it was working before and suddenly it stopped, I think it has to do with the latest release of the reports that made it break. Can someone please check to see if you have the same issue or if I am doing something wrong?
3. While running the ZAP we got some descriptions that were a little bit strange, for example for the policy "Timestamp Disclosure - Unix" we got the description "0000000017, which evaluates to: 1970-01-01 00:00:1", this description is not clear on what is the problem, and also we found that some policies do not have any description at all.
Thank you,
João Reigota
joao reigota
Sep 21, 2022, 5:08:00 AM9/21/22
to OWASP ZAP User Group
To specify point 1, what causes the failure is a fatal error in the QA stage/product env website causing it to crash, ZAP then fails to contact the website producing a failure
Simon Bennetts
Sep 21, 2022, 5:46:07 AM9/21/22
to OWASP ZAP User Group
Hiya João,
The ZAP CLI is a third party product and not supported by the ZAP Core Team.
The options we support are: https://www.zaproxy.org/docs/automate/
Re the problem with the report - are there any errors in the zap.log file?
Re the alerts - please give us all of the details of any alerts that you think do not make sense and we can look into them.
Cheers,
Simon
joao reigota
Sep 21, 2022, 10:58:38 AM9/21/22
to OWASP ZAP User Group
Hi Simon,
Yes, this is the error we got in the log file
for some reason the `traditional-json-plus` is not being recognized
2022-09-21 15:57:13,814 [main ] INFO CommandLine - Job report set template = traditional-json-plus
2022-09-21 15:57:13,913 [main ] ERROR CommandLine - Job report invalid template: traditional-json-plus
2022-09-21 15:57:13,923 [main ] INFO CommandLine - Automation plan failures:
2022-09-21 15:57:13,923 [main ] INFO CommandLine - Job report invalid template: traditional-json-plus
2022-09-21 15:57:13,923 [main ] INFO Control - Automation Framework setting exit status to due to plan errors
Yes, this is the error we got in the log file
for some reason the `traditional-json-plus` is not being recognized
2022-09-21 15:57:13,814 [main ] INFO CommandLine - Job report set template = traditional-json-plus
2022-09-21 15:57:13,913 [main ] ERROR CommandLine - Job report invalid template: traditional-json-plus
2022-09-21 15:57:13,923 [main ] INFO CommandLine - Automation plan failures:
2022-09-21 15:57:13,923 [main ] INFO CommandLine - Job report invalid template: traditional-json-plus
2022-09-21 15:57:13,923 [main ] INFO Control - Automation Framework setting exit status to due to plan errors
kingthorin+owaspzap
Sep 21, 2022, 11:11:58 AM9/21/22
to OWASP ZAP User Group
Reply all
Reply to author
Forward
0 new messages