url_not_in_context even with correct context url

[Rakesh Partapsing]

Hi,

I used to have it working and now I get an error url_not_in_context, even with a correct context url <incregexes>http://grafana.grafana.svc.cluster.local/.*</incregexes> (so including the .*)
I am using owasp/zap2docker-weekly:latest. Did the script change? (I get the same with zap-baseline.py)
Best regards,
Rakesh
```

+ python zap-full-scan.py -t http://grafana.grafana.svc.cluster.local:80 -r 2022-01-07-zap-test-cp-grafana-testreport.html -n /zap/wrk/zap-test-cp-grafana.context

2022-01-07 17:49:36,893 Could not find custom hooks file at /home/zap/.zap_hooks.py

Traceback (most recent call last):

File "zap-full-scan.py", line 348, in main

zap_spider(zap, target)

File "/zap/zap_common.py", line 104, in _wrap

return_data = func(*args_list, **kwargs)

File "/zap/zap_common.py", line 420, in zap_spider

raise_scan_not_started()

File "/zap/zap_common.py", line 407, in raise_scan_not_started

raise ScanNotStartedException('Failed to start the scan, check the log/output for more details.')

zap_common.ScanNotStartedException: Failed to start the scan, check the log/output for more details.

Found Java version 11.0.13

Available memory: 15550 MB

Using JVM args: -Xmx3887m

594 [main] INFO org.parosproxy.paros.Constant - Copying default configuration to /home/zap/.ZAP_D/config.xml

753 [main] INFO org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/session

753 [main] INFO org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/dirbuster

755 [main] INFO org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/fuzzers

756 [main] INFO org.parosproxy.paros.Constant - Creating directory /home/zap/.ZAP_D/plugin

828 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP D-2021-12-20 started 07/01/2022, 17:49:37 with home /home/zap/.ZAP_D/

856 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config database.recoverylog = false was null

856 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.disablekey = true was null

856 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.name = .* was null

856 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.regex = true was null

857 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config spider.maxDuration = 0 was null

862 [main] INFO org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols...

862 [main] INFO org.parosproxy.paros.network.SSLConnector - Using a SSLEngine...

926 [main] INFO org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3]

929 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled.

1239 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start

1245 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start

1247 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit end

1247 [main] INFO hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open end

2494 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=accessControl, version=8.0.0], [id=alertFilters, version=14.0.0], [id=ascanrules, version=44.0.0], [id=ascanrulesBeta, version=40.0.0], [id=automation, version=0.11.0], [id=bruteforce, version=12.0.0], [id=callhome, version=0.1.0], [id=commonlib, version=1.7.0], [id=coreLang, version=15.0.0], [id=diff, version=12.0.0], [id=directorylistv1, version=6.0.0], [id=domxss, version=13.0.0], [id=encoder, version=0.7.0], [id=formhandler, version=5.0.0], [id=fuzz, version=13.6.0], [id=gettingStarted, version=14.0.0], [id=graaljs, version=0.3.0], [id=graphql, version=0.8.0], [id=help, version=15.0.0], [id=hud, version=0.14.0], [id=invoke, version=12.0.0], [id=network, version=0.1.0], [id=oast, version=0.8.0], [id=onlineMenu, version=10.0.0], [id=openapi, version=25.0.0], [id=plugnhack, version=13.0.0], [id=portscan, version=10.0.0], [id=pscanrules, version=38.0.0], [id=pscanrulesBeta, version=29.0.0], [id=quickstart, version=34.0.0], [id=replacer, version=10.0.0], [id=reports, version=0.11.0], [id=retest, version=0.3.0], [id=retire, version=0.10.0], [id=reveal, version=5.0.0], [id=scripts, version=30.0.0], [id=selenium, version=15.7.0], [id=sequence, version=7.0.0], [id=soap, version=13.0.0], [id=spiderAjax, version=23.8.0], [id=tips, version=10.0.0], [id=webdriverlinux, version=35.0.0], [id=webdrivermacos, version=35.0.0], [id=webdriverwindows, version=35.0.0], [id=websocket, version=25.0.0], [id=zest, version=36.0.0]]

2495 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions

3135 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded

3425 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates

3427 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension

3427 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension

3427 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP

3434 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session State Extension

3435 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension

3436 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields

3436 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions

3437 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses

3438 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner

3483 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules

3483 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule

3483 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Anti-clickjacking Header

3483 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure

3484 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control Header Set

3484 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch

3484 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP

3484 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing

3484 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag

3484 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie

3484 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie without SameSite Attribute

3485 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag

3485 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration

3485 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion

3485 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens

3485 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure

3485 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite

3485 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages

3485 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL

3485 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header

3486 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments

3486 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method

3486 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState

3486 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content

3486 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure

3486 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found

3486 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate

3486 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header

3486 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing

3487 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak

3487 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

3487 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)

3487 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set

3487 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Directory Browsing

3487 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure

3487 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)

3488 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post

3488 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post

3488 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing

3488 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Modern Web Application

3488 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: PII Disclosure

3488 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache

3488 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header

3488 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override

3488 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header

3489 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset

3489 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning

3489 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)

3489 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS)

3489 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Open Redirect

3489 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak

3490 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak

3490 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library

3490 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: WSDL File Detection

3505 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts

3507 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added

3514 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSequence

3514 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site

3519 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks

3519 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool

3520 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple but effective port scanner

3520 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Manual Request Editor Extension

3521 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences

3521 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters

3521 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens

3524 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authentication Extension

3536 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]

3538 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only

3538 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Users Extension

3540 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies

3541 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration

3543 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages

3638 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced User Extension

3638 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions

3640 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools

3757 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff

3757 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Post Table View Extension

3757 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for scriptable encoders to ZAP.

3757 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple browser configuration

3757 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session Management Extension

3761 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]

3762 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Form Table View Extension

3762 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints.

3774 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.

3775 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI related functionality.

3775 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authorization Extension

3775 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax

3776 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.

3780 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Manages the local proxy configurations

3781 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Add-on that adds a set of tools for testing access control in web applications.

3781 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs

3781 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree

3781 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User Guide

3781 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts

3781 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Combined HTTP Panels Extension

3782 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Hex View Extension

3782 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Image View Extension

3782 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Large Request View Extension

3782 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Large Response View Extension

3782 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Query Table View Extension

3782 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension

3782 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus.

3782 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active and passive rule configuration

3783 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics

3784 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats

3785 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Custom Pages Definition

3785 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Context alert rules filter

3786 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Alert Filters Automation Framework Integration

3787 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules

3787 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - beta

3787 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Automation Framework

3788 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles all of the calls to ZAP services

3788 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Translations of the core language files

3788 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing DOM XSS Active Scan Rule

3835 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing This extension allows a user to change the default values used by ZAP Spiders.

3836 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.

3837 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages.

3837 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide

3837 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the GraalVM JavaScript engine for ZAP scripting.

3999 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to inspect and attack GraphQL endpoints.

4001 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Automation Framework Integration

4002 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Heads Up Display

4033 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUDlaunch

4034 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides core networking capabilities.

4035 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionOast

4038 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds OAST scripts.

4038 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links

4038 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to spider and import OpenAPI (Swagger) definitions

4040 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Automation Framework Integration

4041 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules

4041 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - beta

4041 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds the Quick Start panel for scanning and exploring applications

4042 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Add the option to use the Ajax Spider in the Quick Start scan

4042 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP

4043 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP

4044 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Easy way to replace strings in requests and responses

4046 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generation

4047 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generation Automation Integration

4049 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Retest add-on allows to verify the presence/absence of certain alerts.

4049 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Automation Framework Integration

4051 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Ajax Spider Automation Framework Integration

4052 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks

4052 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz WebSocket messages.

4080 [ZAP-daemon] INFO org.zaproxy.addon.oast.services.callback.CallbackService - Started callback service on 0.0.0.0:38963

4081 [ZAP-daemon] INFO org.zaproxy.addon.network.ExtensionNetwork - Creating new root CA certificate.

4894 [ZAP-daemon] INFO org.zaproxy.addon.network.ExtensionNetwork - New root CA certificate created.

5916 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine - Add-on update check complete

5918 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine - Add-on already installed: /zap/./plugin/pscanrulesBeta-beta-29.zap

5918 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine - Add-on already installed: /zap/./plugin/ascanrulesBeta-beta-40.zap

5920 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on 0.0.0.0:42872

9396 [ZAP-ProxyThread-8] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/JSON/spider/action/scan/] from [127.0.0.1]:

org.zaproxy.zap.extension.api.ApiException: url_not_in_context

at org.zaproxy.zap.extension.spider.SpiderAPI.scanURL(SpiderAPI.java:496) ~[zap-D-2021-12-20.jar:D-2021-12-20]

at org.zaproxy.zap.extension.spider.SpiderAPI.handleApiAction(SpiderAPI.java:244) ~[zap-D-2021-12-20.jar:D-2021-12-20]

at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:513) [zap-D-2021-12-20.jar:D-2021-12-20]

at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:498) [zap-D-2021-12-20.jar:D-2021-12-20]

at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:334) [zap-D-2021-12-20.jar:D-2021-12-20]

at java.lang.Thread.run(Thread.java:829) [?:?] My context file: ``` <?xml version="1.0" encoding="UTF-8" standalone="no"?> <configuration> <context> <name>Grafana Context</name> <desc/> <inscope>true</inscope> <incregexes>http://grafana.grafana.svc.cluster.local/.*</incregexes> <tech> <include>Db</include> <include>Db.CouchDB</include> <include>Db.Firebird</include> <include>Db.HypersonicSQL</include> <include>Db.IBM DB2</include> <include>Db.Microsoft Access</include> <include>Db.Microsoft SQL Server</include> <include>Db.MongoDB</include> <include>Db.MySQL</include> <include>Db.Oracle</include> <include>Db.PostgreSQL</include> <include>Db.SAP MaxDB</include> <include>Db.SQLite</include> <include>Db.Sybase</include> <include>Language</include> <include>Language.ASP</include> <include>Language.C</include> <include>Language.JSP/Servlet</include> <include>Language.Java</include> <include>Language.Java.Spring</include> <include>Language.JavaScript</include> <include>Language.PHP</include> <include>Language.Python</include> <include>Language.Ruby</include> <include>Language.XML</include> <include>OS</include> <include>OS.Linux</include> <include>OS.MacOS</include> <include>OS.Windows</include> <include>SCM</include> <include>SCM.Git</include> <include>SCM.SVN</include> <include>WS</include> <include>WS.Apache</include> <include>WS.IIS</include> <include>WS.Tomcat</include> </tech> <urlparser> <class>org.zaproxy.zap.model.StandardParameterParser</class> <config>{"kvps":"&amp;","kvs":"=","struct":[]}</config> </urlparser> <postparser> <class>org.zaproxy.zap.model.StandardParameterParser</class> <config>{"kvps":"&amp;","kvs":"=","struct":[]}</config> </postparser> <authentication> <type>2</type> <strategy>EACH_RESP</strategy> <pollurl/> <polldata/> <pollheaders/> <pollfreq>60</pollfreq> <pollunits>REQUESTS</pollunits> <loggedin>\QLogged in\E</loggedin> <form> <loginurl>http://grafana.grafana.svc.cluster.local/login</loginurl> <loginbody>user={%username%}&amp;password={%password%}</loginbody> <loginpageurl>http://grafana.grafana.svc.cluster.local/login</loginpageurl> </form> </authentication> <users> <user>279;true;YWRtaW4=;2;YWRtaW5AbG9jYWxob3N0~RmI3MjNIb3JhZGdURERtakduM0Q4eTFLSnFvZHY0~</user> </users> <forceduser>279</forceduser> <session> <type>0</type> </session> <authorization> <type>0</type> <basic> <header/> <body/> <logic>AND</logic> <code>-1</code> </basic> </authorization> </context> </configuration> ``` ```

[thc...@gmail.com]

Hi.

Did you try remove the port from the target URL? (Should not be
necessary, that's the default for the scheme.)

Best regards.

[Rakesh Partapsing]

Hi,

I now tried our kibana, where the port is of importance.
python zap-baseline.py -t http://es7-kibana-kibana.monitoring.svc.cluster.local:5601 -r 2022-01-07-zap-test-cp-kibana-testreport.html -n /zap/wrk/zap-test-cp-kibana.context
and

<incregexes>http://es7-kibana-kibana.monitoring.svc.cluster.local:5601/.*</incregexes>

Same issue.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/7796744e-8195-b8fd-36c9-9395ef9484b0%40gmail.com.

[thc...@gmail.com]

In that case the included regex is requiring the slash but your target
does not have it.

Best regards.

[Rakesh Partapsing]

Indeed, that did the trick. 
I think it changed though? It didn't use to give me an error before.
also:

+ python zap-baseline.py -t http://es7-kibana-kibana.monitoring.svc.cluster.local:5601 -r 2022-01-07-zap-test-cp-kibana-testreport.html -n /zap/zap-test-cp-kibana.context

2022-01-07 19:21:25,779 Could not find custom hooks file at /home/zap/.zap_hooks.py

2022-01-07 19:21:32,822 Failed to load context file /zap/wrk/zap-test-cp-kibana.context : does_not_exist

Seems new that the context file needs to be in the volume mount (even when pointing to the exact path)

Anyway thanks for the help!

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/24585875-ab5e-2b95-89d2-e4c4a487d414%40gmail.com.

[Simon Bennetts]

I'm not aware that anything has changed in that area, but I could be wrong.

You will always have had to include the context file in the mounted directory - if you dont do that then the file will just not be accessible in docker.

Cheers,

Simon