Getting the error [Failed to start ZAP :( - exit code 3] after upgrading weekly image.

[Joaquin Alvarez]

Hi everyone, creating this thread because im developing a docker image that wraps the weekly image from zap and I've started to get this message on my github action that uses this wrapper. The only thing I've changed in the wraper image from one release to the other is the zap image used as base, and this wraper image with this new zap image base is working on other CI/CD integrations we have and on docker desktop, the only place isn't working with this new base image is on our Github Action pipe.

To clarify a bit: 
* If  the github action points to our wrapper image that uses  owasp/zap2docker-weekly:w2022-01-31 it works without any issue.

*  If  the github action points to our wrapper image that uses  owasp/zap2docker-weekly:w2022-10-10   it throws the  Failed to start ZAP :( - exit code 3 error.

From the logs, the command that is being run in both versions (the one that works and the one who isn't) is: python3 /zap/zap-baseline.py -t https://brokencrystals.com -d -j --hook /zap/hooks/soos_dast_hook.py -J report.json

Is possible that there's some incompatibility with the Github Actions docker runner and this newer zap weekly image?

There isn't anything helpfull in the logs, only error I got is that exit code 3.

Thanks in advance.

[Simon Bennetts]

Hiya,

Do you have any other error messages?

An obvious change is that the weekly ZAP now requires a minimum of Java 11 - are you still using 8 in your image?

Cheers,

Simon

[Joaquin Alvarez]

Hey, Simon, thanks for the quick response!. I've checked and we are running java 11 indeed, there isn't any other error besides the one I pointed out before.
10/26/2022 01:57:30 PM UTC [INFO] printing java version

400openjdk version "11.0.16" 2022-07-19

401OpenJDK Runtime Environment (build 11.0.16+8-post-Debian-1)

402OpenJDK 64-Bit Server VM (build 11.0.16+8-post-Debian-1, mixed mode, sharing)

If it is of any help attached is the dockerfile of the wrapper, the only change from the working version to the one who isn't is that we were using  owasp/zap2docker-weekly:w2022-01-31 before.

[Simon Bennetts]

Have a look in the zap.log file in the docker image: https://www.zaproxy.org/faq/somethings-not-working-what-should-i-do/#check-the-log-file

Cheers,

Simon

[Joaquin Alvarez]

Thanks again for the response, unfortunately I have tried and see if there was a log being generated with an error but in this case there wasn't any file zap.log generated

I've atacched now the relevant logs from the github action execution where is logged the command used to start zap, and the command with the list of logs found

[Simon Bennetts]

Weird.

Try starting ZAP from the command line in the docker image using the parameters in the log.

Or you could try editing the script to print out the python OSError on https://github.com/zaproxy/zaproxy/blob/main/docker/zap-baseline.py#L428

Cheers,

Simon

[Joaquin Alvarez]

Hi Simon, followed your advice to edit the script and then compile my own image of zap and use that.

Was able to do a workaround but it's really odd and don't really know what's the cause of that yet.

Just want to answer here in case anybody encounter a similar issue.

Here are the steps of my debugging and the results:
1 . Modified https://github.com/zaproxy/zaproxy/blob/main/docker/zap-baseline.py#L428 that block to throw a general Exception and added a logging.warning(error), it produced this exception running inside the github action, clearly it wasnt finding the zap-x.sh shell script

Action logs:

2022-10-27 15:57:08,121 Params: ['zap-x.sh', '-daemon', '-port', '34985', '-host', '0.0.0.0', '-config', 'database.recoverylog=false', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=1', '-addonupdate', '-addoninstall', 'pscanrulesBeta']

2022-10-27 15:57:08,123 Failed to start ZAP :( modified

2022-10-27 15:57:08,123 [Errno 2] No such file or directory: 'zap-x.sh'

2. From here I needed to know if the file zap-x.sh actually exists somewhere or not, so I edited this line https://github.com/zaproxy/zaproxy/blob/main/docker/zap_common.py#L290 and added  os.system('find / -name zap-x.sh'). It produced this ouput which pointed where it was located in the container

Action logs:

2022-10-27 15:57:07,877 Starting ZAP

/zap/zap-x.sh

3. Well, from here since i knew what the actual path was I've modified this line https://github.com/zaproxy/zaproxy/blob/main/docker/zap_common.py#L277 to '/zap/zap-x.sh', mode .

After this change Ran the action again and now I was able to run it successfully.

Seems that there's something happening with this particular setup on the github action where is not able to find the shell script using only zap-x.sh while running the same exact base image as just a docker script it's able to find it successfully even tho the location is still the same for both /zap/zap-x.sh

Thanks again for the help, and if i can find what is really causing this path issue, im going to post another update and do a PR if there's anything to fix.