Fatal Error when creating report
147 views
Skip to first unread message
William Aldrich
Mar 5, 2015, 10:34:20 AM3/5/15
to zaprox...@googlegroups.com
First, I'm working on a Linux box that has no GUI so everything is command line :-)
I'm setting up the box as the proxy for our test traffic to pass through.
This is the command line I'm using to start the ZAP proxy on the Linux box:
sh /../home/qa-selenium/ZAProxy/zap_m1/zap.sh -daemon -port 8080 -dir /home/qa-selenium/ZAP -newsession /home/qa-selenium/ZAP/session/test3_5
A new session is started, and I begin to send tests through the proxy.
At the end of a testing session, I stop the ZAP session with a ctl-C and attempt to generate a report with the following command:
sh /../home/qa-selenium/ZAProxy/zap_m1/zap.sh -last_scan_report /home/qa-selenium/ZAProxy/Reports/Scan3-5-2015.html -session /home/qa-selenium/ZAP/session/test3_5 -cmd
This is what I see on the console after starting with the line above:
Found Java version 1.7.0_25
Available memory: 7999 MB
Setting jvm heap size: -Xmx512m
[Fatal Error] :3837:1170609: The element type "p" must be terminated by the matching end-tag "</p>".
Last Scan Report generated at /home/qa-selenium/ZAProxy/Reports/Scan3-5-2015.html
ZAP lies, :-) the report is never generated.
Am I doing something wrong by using ctl-C to end the session?
I'm really an old windows user being transitioned to a Linux environment so maybe I have a bad habit in the Linux world.
I don't have a prompt back so I was not sure if I should use ctl-C or ctl-Z to exit.
If the report is complaining that a page was missing a tag, I could see that being a problem as I've seen many a missing tag of different types but still pages display so developers think it is OK.
I would hope the report not being generated is not dependent on the pages that were passed meeting a standard of having all close tags.
This looks to be a very promising tool for pen testing!
Any help is appreciated,
Thanks,
-Bill
William Aldrich
Mar 5, 2015, 10:37:25 AM3/5/15
to zaprox...@googlegroups.com
I should also point out, I'm sending both normal and secure traffic through the proxy with success.
kingthorin+owaspzap
Mar 5, 2015, 10:57:25 AM3/5/15
to zaprox...@googlegroups.com
I've never played with this functionality, however, what happens if you run the second command without having terminated (ctrl-c) the first one?
kingthorin+owaspzap
Mar 5, 2015, 11:00:11 AM3/5/15
to zaprox...@googlegroups.com
William Aldrich
Mar 5, 2015, 11:03:13 AM3/5/15
to zaprox...@googlegroups.com
You get a different error:
Failed to open session: /home/qa-selenium/ZAP/session/test3_5.1.session
java.sql.SQLException: invalid database address: jdbc:hsqldb:file:/home/qa-selenium/ZAP/session/test3_5.1.session
Figured out if I terminate before trying to create the report, that error is not thrown.
William Aldrich
Mar 5, 2015, 11:04:56 AM3/5/15
to zaprox...@googlegroups.com
Thanks, that is the page I've been using to get started.
We really want to use the Linux box as we believe it will scale better in our environment.
Thanks for the help,
-Bill
On Thursday, March 5, 2015 at 11:00:11 AM UTC-5, kingthorin+owaspzap wrote:
On Thursday, March 5, 2015 at 11:00:11 AM UTC-5, kingthorin+owaspzap wrote:
thc...@gmail.com
Mar 5, 2015, 11:29:19 AM3/5/15
to zaprox...@googlegroups.com
Hi.
Would you mind checking the log file to see if there's any error around
the time you generated the report?
(file zap.log located in ZAP's default directory or the directory
manually specified [1]).
ZAP should be able to generate the report independently of the contents
of the pages.
The safest way to stop ZAP in daemon mode is by using the ZAP REST API
[2], with core 'shutdown' [3] API call.
Not doing so might lead to corruption of the session (database).
Also the ZAP API allows to get the report more easily and do a lot more
things ;)
[1] https://code.google.com/p/zaproxy/wiki/FAQconfig
[2] https://code.google.com/p/zaproxy/wiki/ApiDetails
[3] https://code.google.com/p/zaproxy/wiki/ApiGen_core
Best regards.
On 05/03/15 15:34, William Aldrich wrote:
> First, I'm working on a Linux box that has no GUI so everything is
> command line :-)
> I'm setting up the box as the proxy for our test traffic to pass through.
> This is the command line I'm using to start the ZAP proxy on the Linux box:
> * sh /../home/qa-selenium/ZAProxy/zap_m1/zap.sh -daemon -port 8080
> -dir /home/qa-selenium/ZAP -newsession
> /home/qa-selenium/ZAP/session/test3_5*
> /home/qa-selenium/ZAProxy/Reports/Scan3-5-2015.html -session
> /home/qa-selenium/ZAP/session/test3_5 -cmd*
> * Available memory: 7999 MB*
> * Setting jvm heap size: -Xmx512m*
> * [Fatal Error] :3837:1170609: The element type "p" must be terminated
> by the matching end-tag "</p>".*
> * Last Scan Report generated at
> /home/qa-selenium/ZAProxy/Reports/Scan3-5-2015.html*
> *
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Would you mind checking the log file to see if there's any error around
the time you generated the report?
(file zap.log located in ZAP's default directory or the directory
manually specified [1]).
ZAP should be able to generate the report independently of the contents
of the pages.
The safest way to stop ZAP in daemon mode is by using the ZAP REST API
[2], with core 'shutdown' [3] API call.
Not doing so might lead to corruption of the session (database).
Also the ZAP API allows to get the report more easily and do a lot more
things ;)
[1] https://code.google.com/p/zaproxy/wiki/FAQconfig
[2] https://code.google.com/p/zaproxy/wiki/ApiDetails
[3] https://code.google.com/p/zaproxy/wiki/ApiGen_core
Best regards.
On 05/03/15 15:34, William Aldrich wrote:
> First, I'm working on a Linux box that has no GUI so everything is
> command line :-)
> I'm setting up the box as the proxy for our test traffic to pass through.
> This is the command line I'm using to start the ZAP proxy on the Linux box:
> -dir /home/qa-selenium/ZAP -newsession
> /home/qa-selenium/ZAP/session/test3_5*
> A new session is started, and I begin to send tests through the proxy.
> At the end of a testing session, I stop the ZAP session with a ctl-C and
> attempt to generate a report with the following command:
> * sh /../home/qa-selenium/ZAProxy/zap_m1/zap.sh -last_scan_report
> At the end of a testing session, I stop the ZAP session with a ctl-C and
> attempt to generate a report with the following command:
> /home/qa-selenium/ZAProxy/Reports/Scan3-5-2015.html -session
> /home/qa-selenium/ZAP/session/test3_5 -cmd*
> This is what I see on the console after starting with the line above:
> *Found Java version 1.7.0_25*
> * Available memory: 7999 MB*
> * Setting jvm heap size: -Xmx512m*
> * [Fatal Error] :3837:1170609: The element type "p" must be terminated
> by the matching end-tag "</p>".*
> * Last Scan Report generated at
> /home/qa-selenium/ZAProxy/Reports/Scan3-5-2015.html*
> ZAP lies, :-) the report is never generated.
> Am I doing something wrong by using ctl-C to end the session?
> I'm really an old windows user being transitioned to a Linux environment
> so maybe I have a bad habit in the Linux world.
> I don't have a prompt back so I was not sure if I should use ctl-C or
> ctl-Z to exit.
> If the report is complaining that a page was missing a tag, I could see
> that being a problem as I've seen many a missing tag of different types
> but still pages display so developers think it is OK.
> I would hope the report not being generated is not dependent on the
> pages that were passed meeting a standard of having all close tags.
> This looks to be a very promising tool for pen testing!
> Any help is appreciated,
> Thanks,
> -Bill
> *
> Am I doing something wrong by using ctl-C to end the session?
> I'm really an old windows user being transitioned to a Linux environment
> so maybe I have a bad habit in the Linux world.
> I don't have a prompt back so I was not sure if I should use ctl-C or
> ctl-Z to exit.
> If the report is complaining that a page was missing a tag, I could see
> that being a problem as I've seen many a missing tag of different types
> but still pages display so developers think it is OK.
> I would hope the report not being generated is not dependent on the
> pages that were passed meeting a standard of having all close tags.
> This looks to be a very promising tool for pen testing!
> Any help is appreciated,
> Thanks,
> -Bill
> *
>
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
William Aldrich
Mar 5, 2015, 1:11:02 PM3/5/15
to zaprox...@googlegroups.com
Thanks,
I started a new session and ran a few tests, then I used the API to close the session.
I then realized I needed the session still running to use the API to generate a reports so I restarted my last session.
Using the htmlreport API page (http://zap/UI/core/other/htmlreport/), I clicked the button and waited, and waited...
Going back to the console, I noticed the following error:
[Fatal Error] :3140:1170609: The element type "p" must be terminated by the matching end-tag "</p>".
43465 [ZAP-ProxyThread-2] ERROR org.parosproxy.paros.extension.report.ReportGenerator - The element type "p" must be terminated by the matching end-tag "</p>".
org.xml.sax.SAXParseException; lineNumber: 3140; columnNumber: 1170609; The element type "p" must be terminated by the matching end-tag "</p>".
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:251)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:300)
at org.parosproxy.paros.extension.report.ReportGenerator.stringToHtml(ReportGenerator.java:136)
at org.zaproxy.zap.extension.api.CoreAPI.writeReportLastScanTo(CoreAPI.java:870)
at org.zaproxy.zap.extension.api.CoreAPI.handleApiOther(CoreAPI.java:738)
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:350)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:320)
at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:235)
at java.lang.Thread.run(Thread.java:724)
Never got a report and, unfortunately when I copied it, I used ctl-c and killed the session.
There was a log that I copied and attached.
Again, thanks for all the help,
-Bill
On Thursday, March 5, 2015 at 10:34:20 AM UTC-5, William Aldrich wrote:
William Aldrich
Mar 5, 2015, 1:21:48 PM3/5/15
to zaprox...@googlegroups.com
When I say "unfortunately when I copied it," above, I mean when I copied the error message from the console.
I realized it was not clear after I posted it.
Thanks,
-Bill
thc...@gmail.com
Mar 6, 2015, 12:18:44 AM3/6/15
to zaprox...@googlegroups.com
Issue raised [1].
[1] https://code.google.com/p/zaproxy/issues/detail?id=1555
Thanks!
Best regards.
On 05/03/15 18:21, William Aldrich wrote:
> When I say "unfortunately when I copied it," above, I mean when I copied
> the error message from the console.
> I realized it was not clear after I posted it.
> Thanks,
> -Bill
>
> On Thursday, March 5, 2015 at 1:11:02 PM UTC-5, William Aldrich wrote:
>
> Thanks,
> I started a new session and ran a few tests, then I used the API to
> close the session.
> I then realized I needed the session still running to use the API to
> generate a reports so I restarted my last session.
> Using the htmlreport API page (http://zap/UI/core/other/htmlreport/
> <http://zap/UI/core/other/htmlreport/>), I clicked the button and
> terminated by the matching end-tag "</p>".*
> *43465 [ZAP-ProxyThread-2] ERROR
> org.parosproxy.paros.extension.report.ReportGenerator - The element
> type "p" must be terminated by the matching end-tag "</p>".*
> *org.xml.sax.SAXParseException; lineNumber: 3140; columnNumber:
> * at
> com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:251)*
> * at
> com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:300)*
> * at
> org.parosproxy.paros.extension.report.ReportGenerator.stringToHtml(ReportGenerator.java:136)*
> * at
> org.zaproxy.zap.extension.api.CoreAPI.writeReportLastScanTo(CoreAPI.java:870)*
> * at
> org.zaproxy.zap.extension.api.CoreAPI.handleApiOther(CoreAPI.java:738)*
> * at
> org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:350)*
> * at
> org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:320)*
> * at
> org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:235)*
> * at java.lang.Thread.run(Thread.java:724)*
> 8080 -dir /home/qa-selenium/ZAP -newsession
> /home/qa-selenium/ZAP/session/test3_5*
> -last_scan_report
> /home/qa-selenium/ZAProxy/Reports/Scan3-5-2015.html -session
> /home/qa-selenium/ZAP/session/test3_5 -cmd*
> terminated by the matching end-tag "</p>".*
> * Last Scan Report generated at
> /home/qa-selenium/ZAProxy/Reports/Scan3-5-2015.html*
[1] https://code.google.com/p/zaproxy/issues/detail?id=1555
Thanks!
Best regards.
On 05/03/15 18:21, William Aldrich wrote:
> When I say "unfortunately when I copied it," above, I mean when I copied
> the error message from the console.
> I realized it was not clear after I posted it.
> Thanks,
> -Bill
>
> On Thursday, March 5, 2015 at 1:11:02 PM UTC-5, William Aldrich wrote:
>
> Thanks,
> I started a new session and ran a few tests, then I used the API to
> close the session.
> I then realized I needed the session still running to use the API to
> generate a reports so I restarted my last session.
> Using the htmlreport API page (http://zap/UI/core/other/htmlreport/
> waited, and waited...
> Going back to the console, I noticed the following error:
> *[Fatal Error] :3140:1170609: The element type "p" must be
> Going back to the console, I noticed the following error:
> terminated by the matching end-tag "</p>".*
> *43465 [ZAP-ProxyThread-2] ERROR
> org.parosproxy.paros.extension.report.ReportGenerator - The element
> type "p" must be terminated by the matching end-tag "</p>".*
> *org.xml.sax.SAXParseException; lineNumber: 3140; columnNumber:
> 1170609; The element type "p" must be terminated by the matching
> end-tag "</p>".*
> * at
> com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:251)*
> * at
> com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:300)*
> * at
> org.parosproxy.paros.extension.report.ReportGenerator.stringToHtml(ReportGenerator.java:136)*
> * at
> org.zaproxy.zap.extension.api.CoreAPI.writeReportLastScanTo(CoreAPI.java:870)*
> * at
> org.zaproxy.zap.extension.api.CoreAPI.handleApiOther(CoreAPI.java:738)*
> * at
> org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:350)*
> * at
> org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:320)*
> * at
> org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:235)*
> * at java.lang.Thread.run(Thread.java:724)*
> Never got a report and, unfortunately when I copied it, I used ctl-c
> and killed the session.
> There was a log that I copied and attached.
>
> Again, thanks for all the help,
> -Bill
>
>
> On Thursday, March 5, 2015 at 10:34:20 AM UTC-5, William Aldrich wrote:
>
> First, I'm working on a Linux box that has no GUI so everything
> is command line :-)
> I'm setting up the box as the proxy for our test traffic to pass
> through.
> This is the command line I'm using to start the ZAP proxy on the
> Linux box:
> * sh /../home/qa-selenium/ZAProxy/zap_m1/zap.sh -daemon -port
> and killed the session.
> There was a log that I copied and attached.
>
> Again, thanks for all the help,
> -Bill
>
>
> On Thursday, March 5, 2015 at 10:34:20 AM UTC-5, William Aldrich wrote:
>
> First, I'm working on a Linux box that has no GUI so everything
> is command line :-)
> I'm setting up the box as the proxy for our test traffic to pass
> through.
> This is the command line I'm using to start the ZAP proxy on the
> Linux box:
> 8080 -dir /home/qa-selenium/ZAP -newsession
> /home/qa-selenium/ZAP/session/test3_5*
> A new session is started, and I begin to send tests through the
> proxy.
> At the end of a testing session, I stop the ZAP session with a
> ctl-C and attempt to generate a report with the following command:
> * sh /../home/qa-selenium/ZAProxy/zap_m1/zap.sh
> proxy.
> At the end of a testing session, I stop the ZAP session with a
> ctl-C and attempt to generate a report with the following command:
> -last_scan_report
> /home/qa-selenium/ZAProxy/Reports/Scan3-5-2015.html -session
> /home/qa-selenium/ZAP/session/test3_5 -cmd*
> This is what I see on the console after starting with the line
> above:
> above:
> *Found Java version 1.7.0_25*
> * Available memory: 7999 MB*
> * Setting jvm heap size: -Xmx512m*
> * [Fatal Error] :3837:1170609: The element type "p" must be
> * Available memory: 7999 MB*
> * Setting jvm heap size: -Xmx512m*
> terminated by the matching end-tag "</p>".*
> * Last Scan Report generated at
> /home/qa-selenium/ZAProxy/Reports/Scan3-5-2015.html*
> ZAP lies, :-) the report is never generated.
> Am I doing something wrong by using ctl-C to end the session?
> I'm really an old windows user being transitioned to a Linux
> environment so maybe I have a bad habit in the Linux world.
> I don't have a prompt back so I was not sure if I should use
> ctl-C or ctl-Z to exit.
> If the report is complaining that a page was missing a tag, I
> could see that being a problem as I've seen many a missing tag
> of different types but still pages display so developers think
> it is OK.
> I would hope the report not being generated is not dependent on
> the pages that were passed meeting a standard of having all
> close tags.
> This looks to be a very promising tool for pen testing!
> Any help is appreciated,
> Thanks,
> -Bill
> Am I doing something wrong by using ctl-C to end the session?
> I'm really an old windows user being transitioned to a Linux
> environment so maybe I have a bad habit in the Linux world.
> I don't have a prompt back so I was not sure if I should use
> ctl-C or ctl-Z to exit.
> If the report is complaining that a page was missing a tag, I
> could see that being a problem as I've seen many a missing tag
> of different types but still pages display so developers think
> it is OK.
> I would hope the report not being generated is not dependent on
> the pages that were passed meeting a standard of having all
> close tags.
> This looks to be a very promising tool for pen testing!
> Any help is appreciated,
> Thanks,
> -Bill
kingthorin+owaspzap
Mar 6, 2015, 7:37:33 AM3/6/15
to zaprox...@googlegroups.com
I'm wondering if this is actually related to truncated or incomplete data in the DB, if you look at the user provided log there is a non-trivial seeming amount of SQL errors and warnings.
Simon Bennetts
Mar 6, 2015, 7:43:48 AM3/6/15
to zaprox...@googlegroups.com
Its actually due to the code explicitly allowing <ul> and </ul> - I've updated the issue to give some more details: https://code.google.com/p/zaproxy/issues/detail?id=1555
Reply all
Reply to author
Forward
0 new messages