ZAP Docker + Tekton
254 views
Skip to first unread message
Ari Bianco
May 30, 2021, 4:45:56 PM5/30/21
to OWASP ZAP User Group
Hello Everyone,
First of all thanks for all the great documentation, I am taking a Tekton Approach to ZAP using the docker file. My task looks something like this
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: zap-task
namespace: zap
spec:
workspaces:
- name: ws
description: |
The folder where the output of the script run is saved
mountPath: /zap/wrk
params:
- name: site
type: string
description: Site we are targeting
default: "site url"
- name: strength
type: string
description: Attack strength, default is MEDIUM, it can be Low, Medium, High or Insane
default: "-config scanner.strength=MEDIUM -config scanner.threshold=MEDIUM"
- name: path
type: string
description: Path of the pvc
default: "/zap/wrk/"
steps:
- name: zap-test
image: owasp/zap2docker-weekly
script: |
zap-full-scan.py -t $(params.site) -r $(params.path)testreport.html -d -z "$(params.strength)"
I am encountering the following issues:
- The active scan will only go to 56%: 2021-05-29 21:32:44,718 Active Scan progress %: 56
- After this I'll get the following GFX1 errors:
[[GFX1-]: glxtest: lGiFbXp1c-i] :m igslsxitnegs
[GFX1-]: glxtest: tli:b ElGiLb pmciis smiinsgs
[GFX1-]: glxtest: libiEnGgL
[GFX1-]: glxtest: libEGL missin gm
[GFX1-]: glxtest: ilsisbiEnGgL
- And a lot of these:
[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt
- Suddenly the scan will end with no output
Can someone point me in the right direction? Maybe I'm missing something here.
Thanks,
Ariel Bianco
thc...@gmail.com
May 31, 2021, 4:09:21 AM5/31/21
to zaprox...@googlegroups.com
Hi.
Those errors are most likely given by the DOM XSS scan rule which uses
Firefox.
What's in the zap log when the hang happens?
Best regards.
> - The active scan will only go to 56%: 2021-05-29 21:32:44,718 Active
> Scan progress %: 56
> - After this I'll get the following GFX1 errors:
Those errors are most likely given by the DOM XSS scan rule which uses
Firefox.
What's in the zap log when the hang happens?
Best regards.
> Scan progress %: 56
> - After this I'll get the following GFX1 errors:
>
> [[GFX1-]: glxtest: lGiFbXp1c-i] :m igslsxitnegs
> [GFX1-]: glxtest: tli:b ElGiLb pmciis smiinsgs
> [GFX1-]: glxtest: libiEnGgL
> [GFX1-]: glxtest: libEGL missin gm
> [GFX1-]: glxtest: ilsisbiEnGgL
>
>
> - And a lot of these:
> [[GFX1-]: glxtest: lGiFbXp1c-i] :m igslsxitnegs
> [GFX1-]: glxtest: tli:b ElGiLb pmciis smiinsgs
> [GFX1-]: glxtest: libiEnGgL
> [GFX1-]: glxtest: libEGL missin gm
> [GFX1-]: glxtest: ilsisbiEnGgL
>
>
>
> [GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt
>
> - Suddenly the scan will end with no output
> [GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt
>
Ari Bianco
May 31, 2021, 9:20:36 AM5/31/21
to OWASP ZAP User Group
Hi,
and if I check the zap.out
Sure, the las messages I see are:
│ [GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt │
and if I check the zap.out
136214 [ZAP-ProxyThread-157] WARN org.parosproxy.paros.core.proxy.ProxyThread - Failed to write/forward the HTTP response to the client: java.net.SocketException: Broken pipe (Write failed)
Let me know if you need anything else.
Thanks!
Reply all
Reply to author
Forward
0 new messages