ApiException while handling API request: URL Not Found in the Scan Tree (url_not_found)

[Prakhash Sivakumar]

Hi all,

I have generated reports in jenkins using zaproxy, In the configure -> setup -> authenticated scan when I pick the options Spider URL as User and Ajax Spider URL As User it worked perfectly and I have generated the reports, but when I include the Scan URL As User I'm getting the following error.

53363 [ZAP-ProxyThread-71] WARN org.zaproxy.zap.extension.api.API  - ApiException while handling API request:
URL Not Found in the Scan Tree (url_not_found)
	at org.zaproxy.zap.extension.ascan.ActiveScanAPI.scanURL(Unknown Source)
	at org.zaproxy.zap.extension.ascan.ActiveScanAPI.handleApiAction(Unknown Source)
	at org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source)
	at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
	at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
ERROR: org.zaproxy.clientapi.core.ClientApiException: URL Not Found in the Scan Tree
	at org.zaproxy.clientapi.core.ApiResponseFactory.getResponse(Unknown Source)
	at org.zaproxy.clientapi.core.ClientApi.callApi(Unknown Source)
	at org.zaproxy.clientapi.gen.Ascan.scanAsUser(Unknown Source)
	at fr.novia.zaproxyplugin.ZAProxy.scanURLAsUser(ZAProxy.java:1705)
	at fr.novia.zaproxyplugin.ZAProxy.executeZAP(ZAProxy.java:1176)
	at fr.novia.zaproxyplugin.ZAProxyBuilder$ZAProxyCallable.invoke(ZAProxyBuilder.java:395)
	at fr.novia.zaproxyplugin.ZAProxyBuilder$ZAProxyCallable.invoke(ZAProxyBuilder.java:381)
	at hudson.FilePath.act(FilePath.java:1018)
	at hudson.FilePath.act(FilePath.java:996)
	at fr.novia.zaproxyplugin.ZAProxyBuilder.perform(ZAProxyBuilder.java:200)
	at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:779)
	at hudson.model.Build$BuildExecution.build(Build.java:205)
	at hudson.model.Build$BuildExecution.doRun(Build.java:162)
	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534)
	at hudson.model.Run.execute(Run.java:1741)
	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
	at hudson.model.ResourceController.execute(ResourceController.java:98)
	at hudson.model.Executor.run(Executor.java:410)

I'm using the zaproxy version 1.21 and zap version 2.42

what is the reason for this issue ?

Thanks

[thc...@gmail.com]

Hi.

That error means that the "Target URL" that you are trying to active
scan was not found in ZAP.

You are running the spider(s) before active scanning, right?

> and zap version 2.42

Is ZAP version 2.4.2?

Best regards.

On 19/05/16 10:42, 'Prakhash Sivakumar' via OWASP ZAP User Group wrote:
> Hi all,

> I have generated reports in jenkins using zaproxy, In the *configure ->
> setup -> authenticated scan* when I pick the options *Spider URL as User
> *and *Ajax Spider URL As User* it worked perfectly and I have generated
> the reports, but when I include the *Scan URL As User* I'm getting the

> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.

[Prakhash Sivakumar]

Yes it is 2.4.2 version, I have attached the configuration included for this scan, where I should mention it as an active scan to avoid this issue, I have done the scanning by unticking the option "Scan URL as user" before, it worked without any error. it is throwing this error only when I include this option

> <mailto:zaproxy-users+unsub...@googlegroups.com>.

[thc...@gmail.com]

I was able to reproduce that error only if the target host was down, in
all other test cases it worked as expected.

Could you append the following lines to log4j.properties file?
log4j.logger.org.zaproxy.zap.extension.api.API=DEBUG
log4j.logger.org.parosproxy.paros.model.SiteMap=DEBUG

(The file is located in ZAP's home directory, might be easier to set a
new dir in "ZAProxy default directory" than change the existing one).

It shows in the output console the entries added to Sites tree and the
API calls.

It should allow to check why the API call is failing (from the error, I
guess the URL is not being added to Sites tree).

Best regards.

On 20/05/16 06:07, 'Prakhash Sivakumar' via OWASP ZAP User Group wrote:
> Yes it is 2.4.2 version, I have attached the configuration included for
> this scan, where I should mention it as an active scan to avoid this
> issue, I have done the scanning by unticking the option "Scan URL as
> user" before, it worked without any error. it is throwing this error
> only when I include this option
>
>

> <https://lh3.googleusercontent.com/-rR3RnVcKi0k/Vz6auoPYw1I/AAAAAAAAAsk/gHJV5upE3Xktlxym4NUIaJrRwagPm5xrgCLcB/s1600/Screenshot%2Bfrom%2B2016-05-20%2B10%253A30%253A45.png>

> > <mailto:zaproxy-user...@googlegroups.com>.

> > For more options, visit https://groups.google.com/d/optout

> <https://groups.google.com/d/optout>.

>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com

> <mailto:zaproxy-user...@googlegroups.com>.

[Prakhash Sivakumar]

Thanks thc202 I have figured out the issue, Ya I have started the server as a child process but Zap starts its execution during the time delay of the servers instantiation. now I have solved it

Thanks 

>     > <mailto:zaproxy-users+unsub...@googlegroups.com>.

>     > For more options, visit https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com

> <mailto:zaproxy-users+unsub...@googlegroups.com>.

[thc...@gmail.com]

Great, thanks for letting us known!

Best regards.

> > > <mailto:zaproxy-user...@googlegroups.com>.

> > > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com

> > <mailto:zaproxy-user...@googlegroups.com>.

> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com

> <mailto:zaproxy-user...@googlegroups.com>.

[c.dematt...@xsite.de]

Hi Prakhash Sivakumar,
I have the same error and i didn't understand how you solved the problem. Cann you send me more detaiels?
thanks a lot
Cynthia

>     >     > <mailto:zaproxy-users+unsub...@googlegroups.com>.

>     >     > For more options, visit https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>
>     >     <https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>>.
>     >
>     > --
>     > You received this message because you are subscribed to the Google
>     > Groups "OWASP ZAP User Group" group.
>     > To unsubscribe from this group and stop receiving emails from it,
>     send
>     > an email to zaproxy-user...@googlegroups.com

>     > <mailto:zaproxy-users+unsub...@googlegroups.com>.

>     > For more options, visit https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com

> <mailto:zaproxy-users+unsub...@googlegroups.com>.

[thc...@gmail.com]

Hi.

Are you accessing (i.e. proxying through ZAP, spider, manual
requests...) the scan target before starting the scan?

That error happens if the scan target was not found in ZAP (thus ZAP
does not have anything to scan).

Best regards.

> > > > <mailto:zaproxy-user...@googlegroups.com>.

> > > > For more options, visit
> https://groups.google.com/d/optout <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>
> > > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>>.
> > >
> > > --
> > > You received this message because you are subscribed to the
> Google
> > > Groups "OWASP ZAP User Group" group.
> > > To unsubscribe from this group and stop receiving emails
> from it,
> > send
> > > an email to zaproxy-user...@googlegroups.com

> > > <mailto:zaproxy-user...@googlegroups.com>.

> > > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>
> > <https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>>.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "OWASP ZAP User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send
> > an email to zaproxy-user...@googlegroups.com

> > <mailto:zaproxy-user...@googlegroups.com>.

> > For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com

> <mailto:zaproxy-user...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/zaproxy-users/2376f3f2-dbbf-4bcc-99a5-4f70a92bf82f%40googlegroups.com
> <https://groups.google.com/d/msgid/zaproxy-users/2376f3f2-dbbf-4bcc-99a5-4f70a92bf82f%40googlegroups.com?utm_medium=email&utm_source=footer>.

[Prakhash Sivakumar]

Hi c.dematt...@xsite.de,

Sorry for the late reply. I have missed this question

btw there is a possibility for this error as thc202 suggested, but for my case it was different. ZAP doesn't check whether the server(if that is the case) you have started working properly

or it is actually started. In that case, it won't be able to find the URLs and will report the exception. So always have some delays if you are starting the application on top of a server

 to avoid this kind of issues

Thanks

>     >     >     > <mailto:zaproxy-users+unsub...@googlegroups.com>.

>     >     >     > For more options, visit
>     https://groups.google.com/d/optout <https://groups.google.com/d/optout>
>     >     <https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>>
>     >     >     <https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>
>     >     <https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>>>.
>     >     >
>     >     > --
>     >     > You received this message because you are subscribed to the
>     Google
>     >     > Groups "OWASP ZAP User Group" group.
>     >     > To unsubscribe from this group and stop receiving emails
>     from it,
>     >     send
>     >     > an email to zaproxy-user...@googlegroups.com

>     >     > <mailto:zaproxy-users+unsub...@googlegroups.com>.

>     >     > For more options, visit https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>
>     >     <https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>>.
>     >
>     > --
>     > You received this message because you are subscribed to the Google
>     > Groups "OWASP ZAP User Group" group.
>     > To unsubscribe from this group and stop receiving emails from it,
>     send
>     > an email to zaproxy-user...@googlegroups.com

>     > <mailto:zaproxy-users+unsub...@googlegroups.com>.

>     > For more options, visit https://groups.google.com/d/optout
>     <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com

> <mailto:zaproxy-users+unsub...@googlegroups.com>.