How do I generate a JSON report with the automation framework?
332 views
Skip to first unread message
Sean
Apr 17, 2023, 12:46:34 PM4/17/23
to OWASP ZAP User Group
I am running the docker with a baseline.yaml file I've created. However, if I mount the docker to my filesystem and then try to get the JSON file and I'm not getting it.
I also want to save the session, but I can't find out how to do that anywhere obvious. Maybe I'm missing something in the docs?
Docker command:
docker run -d -p 8080:8080 -v /opt/ZAP_TEST/:/zap/wrk/:rw --name zap-container owasp/zap2docker-stable zap.sh -daemon -port 8090 -host 0.0.0.0 -config api.disablekey=true -autorun /zap/wrk/baseline.yaml
I also want to save the session, but I can't find out how to do that anywhere obvious. Maybe I'm missing something in the docs?
Docker command:
docker run -d -p 8080:8080 -v /opt/ZAP_TEST/:/zap/wrk/:rw --name zap-container owasp/zap2docker-stable zap.sh -daemon -port 8090 -host 0.0.0.0 -config api.disablekey=true -autorun /zap/wrk/baseline.yaml
baseline.yaml file:
env:
contexts:
- excludePaths: []
name: baseline
urls:
- https://[website_redacted]/
parameters:
failOnError: true
progressToStdout: true
jobs:
- parameters:
enableTags: false
maxAlertsPerRule: 10
type: passiveScan-config
- parameters:
maxDuration: 15
url: https://[website_redacted]/
type: spider
- parameters:
maxDuration: 15
url: https://[website_redacted]/
type: spiderAjax
- parameters:
maxDuration: 0
type: passiveScan-wait
- parameters:
format: Short
summaryFile: /zap/wrk/zap_out.json
rules: []
type: outputSummary
- parameters:
reportDescription: ''
reportDir: /zap/wrk/
reportFile: report.json
reportTitle: ZAP Scanning Report
template: traditional-json
type: report
Can anyone point me in the right direction? I need to save the zap session and also save the json report with this config.
Any help is much appreciated!
PS: I'm basically looking for a quick scan to spider the site, drop the json report and zap session and then I'll create a new config for the full scan and feed it the already existing zap session.
env:
contexts:
- excludePaths: []
name: baseline
urls:
- https://[website_redacted]/
parameters:
failOnError: true
progressToStdout: true
jobs:
- parameters:
enableTags: false
maxAlertsPerRule: 10
type: passiveScan-config
- parameters:
maxDuration: 15
url: https://[website_redacted]/
type: spider
- parameters:
maxDuration: 15
url: https://[website_redacted]/
type: spiderAjax
- parameters:
maxDuration: 0
type: passiveScan-wait
- parameters:
format: Short
summaryFile: /zap/wrk/zap_out.json
rules: []
type: outputSummary
- parameters:
reportDescription: ''
reportDir: /zap/wrk/
reportFile: report.json
reportTitle: ZAP Scanning Report
template: traditional-json
type: report
Can anyone point me in the right direction? I need to save the zap session and also save the json report with this config.
Any help is much appreciated!
PS: I'm basically looking for a quick scan to spider the site, drop the json report and zap session and then I'll create a new config for the full scan and feed it the already existing zap session.
Sean
Apr 17, 2023, 1:28:47 PM4/17/23
to OWASP ZAP User Group
And, I have consulted the docs for troubleshooting. The pwd has the correct permissions for files to write to, I've also added the LogMessages.js file a moment ago and added that
to the current YAML template as per https://www.zaproxy.org/docs/docker/diagnosing-problems/ Hopefully that gives me some more insight into the issue.
to the current YAML template as per https://www.zaproxy.org/docs/docker/diagnosing-problems/ Hopefully that gives me some more insight into the issue.
Simon Bennetts
Apr 17, 2023, 2:05:38 PM4/17/23
to OWASP ZAP User Group
Strange, it looks like you are doing the right things.
Have a look at the zap.log file to see if any errors are logged: https://www.zaproxy.org/docs/docker/diagnosing-problems/#zap-fails-for-another-reason
Cheers,
Simon
Message has been deleted
Sean
Apr 17, 2023, 2:48:29 PM4/17/23
to OWASP ZAP User Group
EDIT: redacted website, sorry.
I wrote a reply and somehow it went poof. I got a little further in the logs and something was going on with the spider. However, my current yaml:
env:
contexts:
- excludePaths: []
name: baseline
urls:
- https://[website redacted]
parameters:
failOnError: true
progressToStdout: true
jobs:
- parameters:
enableTags: false
maxAlertsPerRule: 10
type: passiveScan-config
- parameters:
maxDuration: 5
url: [website redacted]
type: spider
- parameters:
maxDuration: 0
type: passiveScan-wait
- parameters:
format: Short
summaryFile: /zap/wrk/zap_out.json
rules: []
type: outputSummary
- parameters:
reportDescription: ''
reportDir: /zap/wrk/
reportFile: report.json
reportTitle: ZAP Scanning Report
template: traditional-json
type: report
- parameters:
action: "add"
type: "httpsender"
engine: "Oracle Nashorn"
name: "LogMessages.js"
file: "/zap/wrk/LogMessages.js"
name: "script"
type: "script"
- type: script
parameters:
action: run
name: "SaveSession"
type: standalone
engine: "Python 3"
file: "/zap/wrk/export_session.py"
https://github.com/zaproxy/community-scripts/blob/main/scan-hooks/export_session.py is that file.
I wrote a reply and somehow it went poof. I got a little further in the logs and something was going on with the spider. However, my current yaml:
env:
contexts:
- excludePaths: []
name: baseline
urls:
parameters:
failOnError: true
progressToStdout: true
jobs:
- parameters:
enableTags: false
maxAlertsPerRule: 10
type: passiveScan-config
- parameters:
url: [website redacted]
type: spider
- parameters:
maxDuration: 0
type: passiveScan-wait
- parameters:
format: Short
summaryFile: /zap/wrk/zap_out.json
rules: []
type: outputSummary
- parameters:
reportDescription: ''
reportDir: /zap/wrk/
reportFile: report.json
reportTitle: ZAP Scanning Report
template: traditional-json
type: report
action: "add"
type: "httpsender"
engine: "Oracle Nashorn"
name: "LogMessages.js"
file: "/zap/wrk/LogMessages.js"
name: "script"
type: "script"
- type: script
parameters:
action: run
name: "SaveSession"
type: standalone
engine: "Python 3"
file: "/zap/wrk/export_session.py"
https://github.com/zaproxy/community-scripts/blob/main/scan-hooks/export_session.py is that file.
I know this file line item is wrong but I'm struggling to figure out how to do this. 188765 [ZAP-daemon] INFO org.parosproxy.paros.CommandLine - Job: SaveSession File specified but not needed so will be ignored
I just want to save the session to /zap/wrk which is mounted to my pwd. As a follow up, I also need direction on how to load the session in a different config. I tried with the API and no dice so far.
I appreciate your help. :)
Sean
Apr 17, 2023, 3:27:28 PM4/17/23
to OWASP ZAP User Group
Forgot to add it and use jython. :/ However, even after fixing these two things, I am not getting the session saved to my mount.
Simon Bennetts
Apr 18, 2023, 3:19:50 AM4/18/23
to OWASP ZAP User Group
Now I'm confused :)
Are you having problems generating the JSON report, saving your session or loading it?
Its really hard to debug multiple problems at the same time - lets focus on one at a time.
If you still cant generate the JSON report then thats a good one to start with, and as per my previous reply the place to start is looking in the zap.log file for errors.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages