Jython add-on installation failing.
73 views
Skip to first unread message
nagender singh
Jan 4, 2023, 8:59:23 AM1/4/23
to OWASP ZAP User Group
Hi
I am trying to run automation framework with below command:
docker run --user=0 --net zaptestnet --rm -v $WORKSPACE:/zap/wrk/:rw -t owasp/zap2docker-stable zap.sh -addonupdate -addoninstall jython -cmd -autorun /zap/wrk/test_fullscan.yaml
In the test_fullscan.yaml:
authentication:
method: "script"
parameters:
script: "/zap/wrk/authScript_6.py"
scriptEngine: "jython"
Extra_POST_data: ""
method: "script"
parameters:
script: "/zap/wrk/authScript_6.py"
scriptEngine: "jython"
Extra_POST_data: ""
Logs:
Found Java version 11.0.16
Available memory: 13869 MB
Using JVM args: -Xmx3467m
1168 [main] INFO org.parosproxy.paros.Constant - Copying default configuration to /root/.ZAP/config.xml
1399 [main] INFO org.parosproxy.paros.Constant - Creating directory /root/.ZAP/session
1400 [main] INFO org.parosproxy.paros.Constant - Creating directory /root/.ZAP/dirbuster
1400 [main] INFO org.parosproxy.paros.Constant - Creating directory /root/.ZAP/fuzzers
1400 [main] INFO org.parosproxy.paros.Constant - Creating directory /root/.ZAP/plugin
Jan 04, 2023 1:42:37 PM java.util.prefs.FileSystemPreferences$1 run
INFO: Created user preferences directory.
Check for updates call failed
Check for updates call failed
Unexpected error accessing file /zap/wrk/test_fullscan.yaml : No such engine: jython - see log for details
null
Am I missing something here?
Thanks!
thc...@gmail.com
Jan 4, 2023, 11:55:51 AM1/4/23
to zaprox...@googlegroups.com
Hi.
The error "Check for updates call failed" indicates that ZAP was not
able to install the jython add-on.
Is ZAP able to access the internet from the Docker container?
Best regards.
On 04/01/2023 13:59, nagender singh wrote:
> Hi
>
> I am trying to run automation framework with below command:
>
> docker run --user=0 --net zaptestnet --rm -v $WORKSPACE:/zap/wrk/:rw -t
> owasp/zap2docker-stable zap.sh *-addonupdate -addoninstall jython* -cmd
> -autorun /zap/wrk/test_fullscan.yaml
>
> *In the test_fullscan.yaml:*
> Extra_POST_data: ""
> *Logs:*
>
> *Unexpected error accessing file /zap/wrk/test_fullscan.yaml : No such
> engine: jython - see log for details null*
The error "Check for updates call failed" indicates that ZAP was not
able to install the jython add-on.
Is ZAP able to access the internet from the Docker container?
Best regards.
On 04/01/2023 13:59, nagender singh wrote:
> Hi
>
> I am trying to run automation framework with below command:
>
> docker run --user=0 --net zaptestnet --rm -v $WORKSPACE:/zap/wrk/:rw -t
> -autorun /zap/wrk/test_fullscan.yaml
>
> *In the test_fullscan.yaml:*
> authentication:
> method: "script"
> parameters:
> script: "/zap/wrk/authScript_6.py"
> * scriptEngine: "jython"*
> method: "script"
> parameters:
> script: "/zap/wrk/authScript_6.py"
> Extra_POST_data: ""
> *Logs:*
> Found Java version 11.0.16
> Available memory: 13869 MB
> Using JVM args: -Xmx3467m
> 1168 [main] INFO org.parosproxy.paros.Constant - Copying default
> configuration to /root/.ZAP/config.xml
> 1399 [main] INFO org.parosproxy.paros.Constant - Creating directory
> /root/.ZAP/session 1400 [main] INFO org.parosproxy.paros.Constant -
> Creating directory /root/.ZAP/dirbuster
> 1400 [main] INFO org.parosproxy.paros.Constant - Creating directory
> /root/.ZAP/fuzzers 1400 [main] INFO org.parosproxy.paros.Constant -
> Creating directory /root/.ZAP/plugin Jan 04, 2023 1:42:37 PM
> java.util.prefs.FileSystemPreferences$1 run INFO: Created user preferences
> directory.
> *Check for updates call failed Check for updates call failed*
> Available memory: 13869 MB
> Using JVM args: -Xmx3467m
> 1168 [main] INFO org.parosproxy.paros.Constant - Copying default
> configuration to /root/.ZAP/config.xml
> 1399 [main] INFO org.parosproxy.paros.Constant - Creating directory
> /root/.ZAP/session 1400 [main] INFO org.parosproxy.paros.Constant -
> Creating directory /root/.ZAP/dirbuster
> 1400 [main] INFO org.parosproxy.paros.Constant - Creating directory
> /root/.ZAP/fuzzers 1400 [main] INFO org.parosproxy.paros.Constant -
> Creating directory /root/.ZAP/plugin Jan 04, 2023 1:42:37 PM
> java.util.prefs.FileSystemPreferences$1 run INFO: Created user preferences
> directory.
>
> *Unexpected error accessing file /zap/wrk/test_fullscan.yaml : No such
> engine: jython - see log for details null*
nagender singh
Jan 4, 2023, 12:00:18 PM1/4/23
to OWASP ZAP User Group
Hi
Thank you for the response!
Yes, the host on which the docker container is running has internet access and the docker container also has the internet access
thc...@gmail.com
Jan 4, 2023, 12:02:23 PM1/4/23
to zaprox...@googlegroups.com
Can you confirm that you are able to access github.com ? i.e.:
https://github.com/zaproxy/zap-admin/blob/master/ZapVersions-2.12.xml
You should also check the zap.log to see what the precise error is.
Best regards.
https://github.com/zaproxy/zap-admin/blob/master/ZapVersions-2.12.xml
You should also check the zap.log to see what the precise error is.
Best regards.
nagender singh
Jan 4, 2023, 12:12:05 PM1/4/23
to OWASP ZAP User Group
Hi
I executed below container command
docker container run -v {WORKSPACE:/zap/wrk/:rw -t owasp/zap2docker-stable bash -c 'wget https://github.com/zaproxy/zap-admin/blob/master/ZapVersions-2.12.xml'
Output:
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ���ZapVersions-2.12.xml���
Length: unspecified [text/html]
Saving to: ���ZapVersions-2.12.xml���
So it was able to connect from the container.
Do you happen to know the log location on the container, otherwise I will check in the documentation and let you know.
Thanks!
thc...@gmail.com
Jan 4, 2023, 12:16:21 PM1/4/23
to zaprox...@googlegroups.com
https://www.zaproxy.org/faq/what-is-the-default-directory-that-zap-uses/
File zap.log.
Best regards.
File zap.log.
Best regards.
nagender singh
Jan 4, 2023, 12:17:04 PM1/4/23
to OWASP ZAP User Group
Thanks!
Collecting the logs now.
nagender singh
Jan 4, 2023, 12:47:54 PM1/4/23
to OWASP ZAP User Group
Hi
As I am running the zap in container, I tried collecting logs using the method mentioned in https://www.zaproxy.org/docs/docker/diagnosing-problems/#automation-framework
Somehow the log file is not getting created in the my CWD.
Command used:
sh "docker run --user=0 --net zaptestnet --rm -v $WORKSPACE:/zap/wrk/:rw -t owasp/zap2docker-stable zap.sh -cmd -autorun /zap/wrk/test_fullscan.yaml"
test_fullscan.yaml attached.
I wonder if something is misplaced in the yaml.
nagender singh
Jan 5, 2023, 4:44:33 AM1/5/23
to OWASP ZAP User Group
Hi
When I tested this on another server, it downloaded and installed the jython plugin:
INFO: Created user preferences directory.
Add-on update check complete
Found Java version 11.0.16
Available memory: 7868 MB
Using JVM args: -Xmx1967m
Downloading add-on from: https://github.com/zaproxy/zap-extensions/releases/download/jython-v12/jython-beta-12.zap
Any pointers on how I can get this working on the actual server?
Found Java version 11.0.16
Available memory: 7868 MB
Using JVM args: -Xmx1967m
Downloading add-on from: https://github.com/zaproxy/zap-extensions/releases/download/jython-v12/jython-beta-12.zap
Any pointers on how I can get this working on the actual server?
Thanks!
Reply all
Reply to author
Forward
0 new messages