variables in zap.yaml

[Richard DAmelio]

Has anyone used variables for there The top level url in their yaml file or any other value then executed it using -autorun commandline option?

I'm running the following command,

docker container run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-live bash -c "zap.sh -cmd -addonupdate -addoninstall jython; zap.sh -cmd -autorun /zap/wrk/zap.yaml"

But now i want to parameterize some of the values in the zap.yaml so it will be more robust.

Is there an example on how to do this and then how to execute it?

[Simon Bennetts]

Heres an example YAML file: https://github.com/zaproxy/zaproxy/blob/main/docker/integration_tests/configs/plans/jigsaw-basic-user.yaml

Note the lines:

     users:
     - name: "guest"
       username: "${JIGSAW_USER}"

       password: "${JIGSAW_PWORD}"

And here's the script which calls it: https://github.com/zaproxy/zaproxy/blob/main/docker/integration_tests/af_plan_tests.sh

Note the lines:

export JIGSAW_USER="guest"

export JIGSAW_PWORD="guest"

Does that help?

Cheers,

Simon

[Richard DAmelio]

Yes exactly like that, thank you.

Will this work for the env section too, or just the parameters section?

env:
  contexts:                                     
  - name: "Default Context"                      
    urls:
    - "https://#.###.###.###"  // Can i make this a parameter?

[Simon Bennetts]

Yes, URLs are one of the key places we expect variables to be used.

If you find anywhere where you need variables to work and they dont then let us know - we want these things to be useful ;)

Cheers,

Simon