Standalone script using requests ConnectionError: ('Connection aborted.', BadStatusLine("''",))
266 views
Skip to first unread message
Snizi
Nov 3, 2023, 5:40:52 PM11/3/23
to ZAP User Group
Hello! I have a standalone script that uploads a file to defectdojo endpoint through a post request, but I receive: requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine("''",))
If I try to execute the same script outside zap, it works fine.
import requests
from datetime import datetime
api_url = "ip"
headers = {
"Authorization": "Token key"
}
current_date = datetime.now().strftime("%Y-%m-%d")
engagement_data = {
"name": "test" + current_date,
"product": "1",
"target_start": current_date,
"target_end": current_date
}
response1 = requests.post(api_url + "/engagements/", headers=headers, data=engagement_data)
print("Response from the first POST request:")
print(response1.text)
import_scan_data = {
"minimum_severity": "Info",
"active": "true",
"verified": "true",
"scan_type": "ZAP Scan",
"close_old_findings": "false",
"push_to_jira": "false",
"product_name": "test",
"scan_date": current_date,
"engagement_name": "test "+ current_date
}
files = {'file': open('report.xml', 'rb')}
response2 = requests.post(api_url + "/import-scan/", headers=headers, data=import_scan_data, files=files)
print("Response from the second POST request:")
print(response2.text)
from datetime import datetime
api_url = "ip"
headers = {
"Authorization": "Token key"
}
current_date = datetime.now().strftime("%Y-%m-%d")
engagement_data = {
"name": "test" + current_date,
"product": "1",
"target_start": current_date,
"target_end": current_date
}
response1 = requests.post(api_url + "/engagements/", headers=headers, data=engagement_data)
print("Response from the first POST request:")
print(response1.text)
import_scan_data = {
"minimum_severity": "Info",
"active": "true",
"verified": "true",
"scan_type": "ZAP Scan",
"close_old_findings": "false",
"push_to_jira": "false",
"product_name": "test",
"scan_date": current_date,
"engagement_name": "test "+ current_date
}
files = {'file': open('report.xml', 'rb')}
response2 = requests.post(api_url + "/import-scan/", headers=headers, data=import_scan_data, files=files)
print("Response from the second POST request:")
print(response2.text)
Simon Bennetts
Nov 6, 2023, 4:32:34 AM11/6/23
to ZAP User Group
Why are you trying to access the ZAPI API from a ZAP stand alone script?
The ZAP API is an ideal way to access ZAP from another process.
However any script that runs inside ZAP is running in the same process, so doesnt need to access the ZAP API, it can call ZAP methods internally.
Cheers,
Simon
Snizi
Nov 6, 2023, 5:14:35 AM11/6/23
to zaprox...@googlegroups.com
Hello! This is not the zap api, I'm trying to access defectdojo that is running in another host
--
You received this message because you are subscribed to a topic in the Google Groups "ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/SgNqW5CVmz4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/af9eb32c-1ded-40fa-8be0-8ba248cc9914n%40googlegroups.com.
Snizi
Nov 6, 2023, 8:35:50 AM11/6/23
to ZAP User Group
So, I think the main issue is related to python 2.7, is there a way I can execute python 3? Because the main goal is to upload this report to a external host and since the file is too large, this error is happening.
thc...@gmail.com
Nov 6, 2023, 8:40:32 AM11/6/23
to zaprox...@googlegroups.com
Python 3 is not currently available from within ZAP. You can call that
script from ZAP though (e.g. Process class and assuming the host has
Python 3).
Best regards.
>>> <https://groups.google.com/d/msgid/zaproxy-users/af9eb32c-1ded-40fa-8be0-8ba248cc9914n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>
script from ZAP though (e.g. Process class and assuming the host has
Python 3).
Best regards.
>>> .
>>>
>>
>
Snizi
Nov 6, 2023, 8:57:35 AM11/6/23
to ZAP User Group
Could you help me setup and example script for that? Or any existing one that achieve this feature?
Simon Bennetts
Nov 6, 2023, 9:11:56 AM11/6/23
to ZAP User Group
FYI we used Jython for ZAP python scripting.
Their roadmap for v3 support is https://www.jython.org/jython-3-roadmap
Cheers,
Simon
Snizi
Nov 6, 2023, 12:27:47 PM11/6/23
to ZAP User Group
So, after some testing, the issue isn't related to jython or python version itself, for some reason when using the post method to upload the .xml report directly from ZAP to DefectDojo (the same error occurred when trying to upload an image to a website using a standalone script), ZAP raises the following error:
requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine("''",))
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine("''",))
I think this is happening when the files are too big!?
Any idea on this topic?
Snizi
Nov 6, 2023, 12:39:07 PM11/6/23
to ZAP User Group
The same issue occur if I try to use urllib2 for example, but now the error comes differently:
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 154, in urlopen
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 429, in open
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 446, in _open
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 407, in _call_chain
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 1228, in http_open
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 1201, in do_open
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 1201, in do_open
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/httplib.py", line 1121, in getresponse
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/httplib.py", line 438, in begin
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/httplib.py", line 402, in _read_status
httplib.BadStatusLine: ''
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 429, in open
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 446, in _open
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 407, in _call_chain
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 1228, in http_open
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 1201, in do_open
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/urllib2.py", line 1201, in do_open
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/httplib.py", line 1121, in getresponse
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/httplib.py", line 438, in begin
File "/home/snizi/.ZAP/plugin/jython-beta-13.zap/Lib/httplib.py", line 402, in _read_status
httplib.BadStatusLine: ''
But if I execute this outside zap using the jython binary, it works fine.
Reply all
Reply to author
Forward
0 new messages