ZAP Automation Framework not alerting on pscanrulesBeta
39 views
Skip to first unread message
Saurabh Dwivedi
Jun 21, 2024, 8:30:01 AM (12 days ago) Jun 21
to ZAP User Group
Hi Team,
I’m using the Automation Framework to scan endpoints. However, I’ve noticed that the pscanrulesBeta rules aren’t being applied to URLs despite adding them. When I perform packaged scans, I see additional alerts (mostly from the pscanrulesBeta list). Notably, I’m missing alerts related to CORS misconfiguration and proxy disclosure.
below Yaml used for ZAP AF run :
Below command used to execute ZAP AF run:
I’m using the Automation Framework to scan endpoints. However, I’ve noticed that the pscanrulesBeta rules aren’t being applied to URLs despite adding them. When I perform packaged scans, I see additional alerts (mostly from the pscanrulesBeta list). Notably, I’m missing alerts related to CORS misconfiguration and proxy disclosure.
below Yaml used for ZAP AF run :
---
env:
contexts:
- name: "FullScan"
urls: []
parameters:
failOnError: false
jobs:
- parameters:
enableTags: false
disableAllRules: false
type: "passiveScan-config"
- parameters:
url: ""
type: "spider"
- parameters:
maxDuration: 5
url: ""
type: "spiderAjax"
tests:
- parameters:
maxDuration: 0
type: "passiveScan-wait"
- parameters:
context: ""
user: ""
policy: "Default Policy"
maxRuleDurationInMins: 1
maxScanDurationInMins: 5
maxAlertsPerRule: 15
type: "activeScan"
- parameters:
format: Short
summaryFile: /home/zap/zap_out.json
rules: []
type: outputSummary
- parameters:
template: "traditional-html"
reportDir: "/zap/wrk/scan_report"
reportFile: default_name
reportTitle: "ZAP Scanning Report"
reportDescription: ""
type: "report"
- parameters:
template: "traditional-json"
reportDir: "/zap/wrk/scan_report"
reportFile: default_name
reportTitle: "ZAP Scanning Report"
reportDescription: ""
type: "report"
Below command used to execute ZAP AF run:
$custom_traceparent = "-config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config replacer.full_list(0).description=markHeader -config replacer.full_list(0).enabled=true -config replacer.full_list(0).matchtype=REQ_HEADER -config replacer.full_list(0).matchstr=traceparent -config replacer.full_list(0).regex=false -config replacer.full_list(0).replacement=$traceparent -config replacer.full_list(1).description=markHeader1 -config replacer.full_list(1).enabled=true -config replacer.full_list(1).matchtype=REQ_HEADER -config replacer.full_list(1).matchstr=tracestate -config replacer.full_list(1).regex=false -config replacer.full_list(1).replacement=$tracestate"
docker run -v ${outputFilePath}:/zap/wrk/:rw -t zaproxy/zap-stable zap.sh -cmd -autorun /zap/wrk/$cmd -dir /zap/wrk/ $custom_traceparent -addonupdate -addoninstall pscanrulesBeta
Simon Bennetts
Jun 27, 2024, 11:59:39 AM (5 days ago) Jun 27
to ZAP User Group
Try removing "policy: "Default Policy"" - I dont know if that will affect anything, but you dont need it.
I also would not try to configure the replacer via the cmdline - it is fully supported in the AF: https://www.zaproxy.org/docs/desktop/addons/replacer/automation/
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages