ZAP Daemon mode Ascan via API trigger is exiting docker

[Rohit Sehgal]

Hey Team, 

I am running ZAP in docker in daemon mode and I am using this image Zap2Docker-stable. 

With this command : docker run --rm --name zap -u zap -p 8080:8080 -i owasp/zap2docker-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.\* -config api.addrs.addr.regex=true -addoninstall communityScripts -addoninstall pscanrulesAlpha -addoninstall pscanrulesBeta -addoninstall pscanrules -addoninstall ascanrules -addoninstall ascanrulesAlpha -addoninstall ascanrulesBeta -addoninstall jwt -addoninstall sqliplugin

While starting the scan via API I was able to see that Zap Scan was failing because one of the module in headless mode was throwing some error. My initial triaging says the module name is : `DomXssScanRule`.

Full error trace is : 

96131 [Thread-17] INFO  org.parosproxy.paros.core.scanner.HostProcess - start host http://example.com | DomXssScanRule strength MEDIUM threshold MEDIUM
1647841355763        geckodriver        INFO        Listening on 127.0.0.1:15544
1647841355744        geckodriver        INFO        Listening on 127.0.0.1:21889
1647841356680        mozrunner:16:4r7u8n4n1e3r5        6I6N8F0O                mRouznrnuinnnge rc:o:mrmuannnde:r         "I/NuFsOr        /Rluinbn/ifnigr ecfoomxm/afnidr:efox" "--marionette" "-headless" "-no-remote" "-profile" "/tmp/rust_mozprofileJ6GfEO"
 "/usr/lib/firefox/firefox" "--marionette" "-headless" "-no-remote" "-profile" "/tmp/rust_mozprofileOvPKuC"
*** You are running in headless mode.
*** You are running in headless mode.
[GFX1-]: glxtest: libpci missing
[GFX1-]: glxtest: Unable to open a connection to the X server
[GFX1-]: glxtest: libEGL missing
[GFX1-]: No GPUs detected via PCI
[GFX1-]: glxtest: libpci missing
[GFX1-]: glxtest: Unable to open a connection to the X server
[GFX1-]: glxtest: libEGL missing
[GFX1-]: No GPUs detected via PCI
16478411647841360704        Marionette        INFO        Marionette enab3l6e0d7
05        Marionette        INFO        Marionette enabled
[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt
[GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt
console.warn: SearchSettings: "get: No settings file exists, new profile?" (new NotFoundError("Could not open the file at /tmp/rust_mozprofileOvPKuC/search.json.mozlz4", (void 0)))
console.warn: SearchSettings: "get: No settings file exists, new profile?" (new NotFoundError("Could not open the file at /tmp/rust_mozprofileJ6GfEO/search.json.mozlz4", (void 0)))
console.error: Region.jsm: "Error fetching region" (new Error("TIMEOUT", "resource://gre/modules/Region.jsm", 772))
console.error: Region.jsm: "Failed to fetch region" (new Error("TIMEOUT", "resource://gre/modules/Region.jsm", 419))
console.error: Region.jsm: "Error fetching region" (new Error("TIMEOUT", "resource://gre/modules/Region.jsm", 772))
console.error: Region.jsm: "Failed to fetch region" (new Error("TIMEOUT", "resource://gre/modules/Region.jsm", 419))
console.warn: TopSitesFeed: Failed to fetch data from Contile server: NetworkError when attempting to fetch resource.
console.warn: TopSitesFeed: Failed to fetch data from Contile server: NetworkError when attempting to fetch resource.

What is best suggested in this case ? should I remove this module ? If yes how can this be done ? 

Thanks,

Rohit

[Simon Bennetts]

Hi Rohit,

Are you sure docker is exiting?

Those "errors" are from Firefox and can usually be safely ignored.

Cheers,

Simon

[Rohit Sehgal]

Yes Simon, the docker is getting exited. Do you feel the M1 can be of problem ? 

[Rohit Sehgal]

Yes, M1 was the problem. ASA I moved the docker from M1 to Linux the API was working perfectly fine. Thanks

[Simon Bennetts]

Hi Rohit,

Thanks for letting us know.

FYI work is ongoing to add M1 docker support - eg see https://github.com/zaproxy/zap-extensions/pull/3673

Cheers,

Simon