Alert Filter in ZAP Automation
212 views
Skip to first unread message
Hyder Ahmed
Oct 25, 2023, 8:51:46 AM10/25/23
to ZAP User Group
Hi
I am trying to apply an alert filter in an automation solution using Python.
I using the below method And the parameters as shown below
zap.alertFilter.add_alert_filter(contextid='9',
ruleid= 10003,
newlevel='-1', # marking as False Positive
url='http://localhost:75/sampleweb',
parameter= '',
attack= '',
evidence='',
enabled='1',
ruleid= 10003,
newlevel='-1', # marking as False Positive
url='http://localhost:75/sampleweb',
parameter= '',
attack= '',
evidence='',
enabled='1',
apikey=api,
urlisregex=False,
urlisregex=False,
parameterisregex=False,
attackisregex=False,
evidenceisregex=False)
evidenceisregex=False)
When I run the above method I get 'ok' as a result.
Then when I run the below two methods I get an 'internal_error' and the context alert filters are not applied in ZAP tool
zap.alertFilter.test_context(apikey=api) -->
internal_error
zap.alertFilter.apply_context(apikey=api) --> internal_error
zap.alertFilter.apply_context(apikey=api) --> internal_error
can you please me with this ?
thc...@gmail.com
Oct 25, 2023, 9:09:10 AM10/25/23
to zaprox...@googlegroups.com
Hi,
Could you check the zap.log file?
Would be in the ZAP home dir:
https://www.zaproxy.org/faq/what-is-the-default-directory-that-zap-uses/
Best regards.
Could you check the zap.log file?
Would be in the ZAP home dir:
https://www.zaproxy.org/faq/what-is-the-default-directory-that-zap-uses/
Best regards.
Message has been deleted
Message has been deleted
thc...@gmail.com
Oct 26, 2023, 5:00:58 AM10/26/23
to zaprox...@googlegroups.com
Thank you. Are you able to reproduce this issue in 2.14? We are not able
to support older ZAP versions, just the latest.
Best regards.
to support older ZAP versions, just the latest.
Best regards.
Hyder Ahmed
Oct 26, 2023, 6:09:00 AM10/26/23
to ZAP User Group
Yes, I am able to reproduce in 2.14 version also
thc...@gmail.com
Oct 26, 2023, 6:10:35 AM10/26/23
to zaprox...@googlegroups.com
Could you provide the exact steps to reproduce the issue?
Best regards.
Best regards.
Hyder Ahmed
Oct 26, 2023, 6:26:32 AM10/26/23
to ZAP User Group
I will not be able to share the whole code.
But I can share the idea.
We are setting up the context through Python ZAP api using the below method
zap.context.import_context(contextfile=context_Path, apikey=api)
Then in the same context before starting the scan, we try to add the alert filter using the below method(the parameters are the same except for the URL & api key)
zap.alertFilter.add_alert_filter(contextid='9',
ruleid= 10003,
newlevel='-1', # marking as False Positive
url='http://localhost:75/sampleweb',
parameter= '',
attack= '',
evidence='',
enabled='1',
ruleid= 10003,
newlevel='-1', # marking as False Positive
url='http://localhost:75/sampleweb',
parameter= '',
attack= '',
evidence='',
enabled='1',
apikey=zap_generated_api_key,
urlisregex=False,
urlisregex=False,
parameterisregex=False,
attackisregex=False,
evidenceisregex=False)
evidenceisregex=False)
This method return ok as result
Then I am trying to call the below two methods
zap.alertFilter.test_context(apikey=api) --> internal_error
zap.alertFilter.apply_context(apikey=api) --> internal_error
zap.alertFilter.apply_context(apikey=api) --> internal_error
I am expecting that an alert should be added as a false positive in Alert Tab once I call zap.alertFilter.apply_context
thc...@gmail.com
Oct 26, 2023, 7:30:16 AM10/26/23
to zaprox...@googlegroups.com
I'm not able to reproduce with the steps provided. After importing the
context I'm able to add the alert filter and apply/test.
Could you provide the zap.log with the 2.14?
Regarding the Python client usage, you should specify the API key when
creating the client instead of specifying it in each function call. That
will be deprecated and will no longer work.
> I am expecting that an alert should be added as a false positive in Alert
> Tab once I call zap.alertFilter.apply_context
Just to clarify, the alert filters don't add alerts they change existing
alerts.
Best regards.
context I'm able to add the alert filter and apply/test.
Could you provide the zap.log with the 2.14?
Regarding the Python client usage, you should specify the API key when
creating the client instead of specifying it in each function call. That
will be deprecated and will no longer work.
> I am expecting that an alert should be added as a false positive in Alert
> Tab once I call zap.alertFilter.apply_context
alerts.
Best regards.
Message has been deleted
Hyder Ahmed
Oct 26, 2023, 8:09:18 AM10/26/23
to ZAP User Group
is see this error
2023-10-26 08:40:12,736 [ZAP-IO-Server-1-10] ERROR AlertFilter - An error occured while decoding alertFilter from: true;40015;-1;aHR0cDovL3d3dy5oYWNrYXpvbi5jb20vYXBpL2NhdGVnb3J5Kg==;true;cGFnZQ==;
java.lang.ArrayIndexOutOfBoundsException: Index 7 out of bounds for length 7
is it because i have added api key in function call ?
On Thursday, 26 October 2023 at 17:09:10 UTC+5:30 Hyder Ahmed wrote:
Logs from ZAP 2.14
thc...@gmail.com
Oct 26, 2023, 9:55:31 AM10/26/23
to zaprox...@googlegroups.com
Thanks, that helps address the issue.
Regarding that specific error, how did you create that alert filter in
the context? Was that manually? Did you do changes to it?
Best regards.
Regarding that specific error, how did you create that alert filter in
the context? Was that manually? Did you do changes to it?
Best regards.
Hyder Ahmed
Oct 29, 2023, 9:30:59 AM10/29/23
to ZAP User Group
Sorry, I didn't understand the question.
Can you elaborate on this part(
Was that manually? Did you do changes to it ?)
Hyder Ahmed
Oct 30, 2023, 5:49:23 AM10/30/23
to ZAP User Group
I am able to change the level of alert now after running the scan.
but still getting the error as shown below.
zap.alertFilter.test_context(apikey=api) --> internal_error
zap.alertFilter.apply_context(apikey=api) --> internal_error
zap.alertFilter.apply_context(apikey=api) --> internal_error
Reply all
Reply to author
Forward
0 new messages