OWASP ZAP YAML variables are always strings

[Gabriel Pichiu]

Hello,

I have a BASH script as a control panel where I set variables, scripts, etc. for each APP. Once I have that ready, I run a docker command to start the scanning process. I use a YAML file for the config, and I pass those variable to drive it. The problem I encountered is when I want to set maxDurationit fails saying that:

Invalid value for job passiveScan-wait parameter maxDuration - ${MAX_DURATION} should be an integer

The parameter is exported and set as a INT. It seems that there isn't a way to make this work in OWASP ZAP world. Is there a working alternative to my problem? I reckon this is valid for all INT parameters we'd like to control via env variables.

Thanks in advance!

[Simon Bennetts]

I think thats a very valid usecase, so raise a bug / enhancement request.

It would help if you mention all of the fields you are aware of, but we'll try to check all cases.

We do have code for this sort of thing but I'm not sure how painful it will be.

Oh, and ZAP left OWASP nearly 3 years ago :P

Cheers,

Simon