zap ful scan in docker : Setting the zap timeout to 60 seconds, but got 20 seconds in the zap.log

287 views
Skip to first unread message

reda benfilali

unread,
Sep 13, 2023, 12:17:38 PM9/13/23
to ZAP User Group

Dear Simon,

==> In a pipeline, I run docker container for zap

+ docker run -v pwd_path:/zap/wrk/:rw -w /zap/wrk --userns=keep-id --user=1011:1011 --name zap-container --add-host=proxy.domain.org:xxx.xxx.xxx.xxx -p 8080:8080 --env NO_PROXY=google.com --env http_proxy=http_proxy:8080 --env https_proxy=https_proxy:8080 -t -d owasp/zap2docker-stable

==> I run zap-full-scan.py setting the timeout to 60 seconds

+ docker exec -i zap-container zap-full-scan.py -z '-config network.connection.timeoutInSecs=60 -config network.connection.httpProxy.enabled=true -config network.connection.httpProxy.host=http_proxy -config network.connection.httpProxy.port=8080' -t https_proxy_app_url -r report.html

==> The timeout and proxy has been considerd in the zap.out file :

Found Java version 11.0.20
Available memory: 7762 MB
Using JVM args: -Xmx1940m
720 [main] INFO  org.zaproxy.zap.DaemonBootstrap - OWASP ZAP 2.13.0 started 13/09/2023, 07:32:15 with home /zap/wrk/.ZAP/
754 [main] INFO  org.parosproxy.paros.common.AbstractParam - Setting config database.recoverylog = false was false
754 [main] INFO  org.parosproxy.paros.common.AbstractParam - Setting config api.disablekey = true was true
754 [main] INFO  org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.name = .* was .*
754 [main] INFO  org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.regex = true was true
755 [main] INFO  org.parosproxy.paros.common.AbstractParam - Setting config spider.maxDuration = 0 was 0
755 [main] INFO  org.parosproxy.paros.common.AbstractParam - Setting config network.connection.timeoutInSecs = 60 was 60
755 [main] INFO  org.parosproxy.paros.common.AbstractParam - Setting config network.connection.httpProxy.enabled = true was true
755 [main] INFO  org.parosproxy.paros.common.AbstractParam - Setting config network.connection.httpProxy.host = httpProxy_url was httpProxy_url
755 [main] INFO  org.parosproxy.paros.common.AbstractParam - Setting config network.connection.httpProxy.port = 8080 was 8080

==> The timeout and proxy are set on the config.xml file too:

        <connection version="3">
            <defaultUserAgent>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36</defaultUserAgent>
            <timeoutInSecs>60</timeoutInSecs>
            <httpProxy>
                <enabled>true</enabled>
                <host>httpProxy_url</host>
                <port>8080</port>
            </httpProxy>
        </connection>

==>  But in the zap.log I got 20 seconds as timeout :

2023-08-22 09:17:22,667 [ZAP-IO-Server-1-1] WARN  HttpSenderHandler - Failed to read http_app_url within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.

==>  Question 1: why is the timeout set to 60 is not considered on the zap.log ? is it override somewhere ?

Regards,
Reply all
Reply to author
Forward
0 new messages