Automation Framework Container exits with code 2
69 views
Skip to first unread message
Maximilian Dorner
Sep 13, 2023, 5:14:12 AM9/13/23
to ZAP User Group
Hi,
I am using ZAP with the Automation Framework and notice that my container exits with error code 2 due to a warning even though failOnWarning is set to false.
The exit code 2 should be exit with a warning, correct?
At least I found info about it here: According to this: https://www.zaproxy.org/docs/desktop/addons/automation-framework/
At least I found info about it here: According to this: https://www.zaproxy.org/docs/desktop/addons/automation-framework/
I want this warning to not cause an issue right now.
Kubernetes Pod Info
Containers:
zap-automation-scan:
Container ID: containerd://3d561cc8cbb76a23ec953a18b04ab5ddd7e505c6a1fd0a6f39f2378a4e255dc9
Image: owasp/zap2docker-stable:2.12.0
Image ID: docker.io/owasp/zap2docker-stable@sha256:844ec3ed0c5381a0ca7bc25690ec3e9cc8d2119fe34b6333ac5ba3d3e1aeb54a
Port: <none>
Host Port: <none>
Command:
zap.sh
-cmd
-autorun
/home/1-automation.yaml
State: Terminated
Reason: Error
Exit Code: 2
Started: Wed, 13 Sep 2023 11:05:09 +0200
Finished: Wed, 13 Sep 2023 11:06:14 +0200
Ready: False
Restart Count: 0
zap-automation-scan:
Container ID: containerd://3d561cc8cbb76a23ec953a18b04ab5ddd7e505c6a1fd0a6f39f2378a4e255dc9
Image: owasp/zap2docker-stable:2.12.0
Image ID: docker.io/owasp/zap2docker-stable@sha256:844ec3ed0c5381a0ca7bc25690ec3e9cc8d2119fe34b6333ac5ba3d3e1aeb54a
Port: <none>
Host Port: <none>
Command:
zap.sh
-cmd
-autorun
/home/1-automation.yaml
State: Terminated
Reason: Error
Exit Code: 2
Started: Wed, 13 Sep 2023 11:05:09 +0200
Finished: Wed, 13 Sep 2023 11:06:14 +0200
Ready: False
Restart Count: 0
Container Log
Job spiderAjax found 26 URLs
Job spiderAjax finished, time taken: 00:00:49
Job passiveScan-wait started
Job passiveScan-wait finished, time taken: 00:00:00
Job report started
Job report generated report /home/REDACTED/zap-results.xml
Job report finished, time taken: 00:00:01
Automation plan warnings:
Job spider error accessing URL https://REDACTED/ status code returned : 403 expected 200
Job spiderAjax finished, time taken: 00:00:49
Job passiveScan-wait started
Job passiveScan-wait finished, time taken: 00:00:00
Job report started
Job report generated report /home/REDACTED/zap-results.xml
Job report finished, time taken: 00:00:01
Automation plan warnings:
Job spider error accessing URL https://REDACTED/ status code returned : 403 expected 200
Configuration YAML
1-automation.yaml: |
env:
contexts:
- name: scan-config
urls: [
"https://REDACTED/"
]
excludePaths: [
"(.*[A-Z]{2}[A-Z0-9]{9}[0-9]{1}.*)$"
]
parameters:
failOnError: true
failOnWarning: false
progressToStdout: true
jobs:
- type: passiveScan-config
parameters:
maxAlertsPerRule: 10
scanOnlyInScope: true
- type: spider
parameters:
context: scan-config
maxDuration: 2
- type: spiderAjax
parameters:
context: scan-config
maxDuration: 2
- type: passiveScan-wait
parameters:
maxDuration: 10
- type: report
parameters:
template: traditional-xml
reportDir: /home/securecodebox/
reportFile: zap-results
risks:
- high
- medium
- low
env:
contexts:
- name: scan-config
urls: [
"https://REDACTED/"
]
excludePaths: [
"(.*[A-Z]{2}[A-Z0-9]{9}[0-9]{1}.*)$"
]
parameters:
failOnError: true
failOnWarning: false
progressToStdout: true
jobs:
- type: passiveScan-config
parameters:
maxAlertsPerRule: 10
scanOnlyInScope: true
- type: spider
parameters:
context: scan-config
maxDuration: 2
- type: spiderAjax
parameters:
context: scan-config
maxDuration: 2
- type: passiveScan-wait
parameters:
maxDuration: 10
- type: report
parameters:
template: traditional-xml
reportDir: /home/securecodebox/
reportFile: zap-results
risks:
- high
- medium
- low
Cheers,
Max
Max
Simon Bennetts
Sep 13, 2023, 5:45:10 AM9/13/23
to ZAP User Group
Hi Max,
ZAP is not exiting on the warning (ie it is not stopping the plan early) .. so its working as designed :)
However we have had people report this problem before, so maybe the design is not right...
Would the AF exiting with a zero if there are warnings but failOnWarning is set to false cause problems for anyone?
Cheers,
Simon
Simon Bennetts
Sep 13, 2023, 6:21:51 AM9/13/23
to ZAP User Group
Heres a one liner which seems to do the trick:
- bash -c "./zap.sh -cmd -autorun /path/to/your/af-plan.yaml" || [ $? -ne 1 ]
Obviously you can change the ZAP command to match what you need.
Will that work for you?
Cheers,
Simon
Maximilian Dorner
Sep 13, 2023, 8:26:02 AM9/13/23
to ZAP User Group
Hello Simon,
thanks for your quick reply.
Is the reason for the exit code 2 the warning logged (the 403) at the end?
In my opinion a 403 does not necessarily mean something is wrong since there can be findings without authentication which would (depending on the workflow) get lost.
However I get that a 403 needs to be handled somehow.
Then I need to figure out how to handle these results until I am able to implement authentication for these hosts.
Since I am using ZAP through SecureCodeBox it won't be trivial to change the ZAP command itself.
Since I am using ZAP through SecureCodeBox it won't be trivial to change the ZAP command itself.
Cheers,
Max
Reply all
Reply to author
Forward
0 new messages