ZAP Local Run Failing

[Rakesh Eluri]

Hi All,

Hope someone can help me with  below issue i'm facing while running ZAP tests locally. It appears i'm missing something obvious and would like to know if someone had this before and if yes what was done to resolve.

Thanks in-advance.

Issue: 

This page isn’t working

Localhost didn’t send any data.

ERR_EMPTY_RESPONSE

As per instructions on DAST configuration manager:

1. Started services using service manager
2. Exported following env variables
   • export ZAP_FORWARD_ENABLE="true"
   • export ZAP_FORWARD_PORTS=$(sm -s | grep -E 'PASS|BOOT' | awk '{ print $12}' | tr "\n" " “)
3. Started ZAP container by running ‘make local-zap-running’ but however got below error before the script exits.

• make[1]: *** [stop] Error 13
• make: *** [local-zap-running] Error 2

Ran Acceptance tests by passing following parametres to sbt but this is where the service front page is failing to open.

sbt -Dhttp.proxyHost=localhost -Dhttp.proxyPort=11000 -Denvironment="$environment" -Dbrowser="$browser" -Dcucumber.options="--tags '$tags'" clean "testOnly uk.gov.hmrc.test.ui.cucumber.runner.ZapRunner"

Thanks,

Rakesh Eluri

[Simon Bennetts]

Hi Rakesh,

What container are you using?

I dont recognize the command ‘make local-zap-running’ :/

Cheers,

Simon

[Rakesh Eluri]

Hi Simon,

Thanks for your prompt response. Its the Docker..

 

The instructions i'm followed are here:

https://confluence.tools.tax.service.gov.uk/display/DTRG/ZAP+User+Guide

Automating ZAP Security Tests - https://github.com/hmrc/dast-config-manager#running-zap-locally

Thanks,

Rakesh

[Rakesh Eluri]

on another note the same acceptance scripts run without any issues if I don't run through ZAP.

[Simon Bennetts]

Those do not appear to be public resources.

It looks like someone at HMRC has set up a service which performs ZAP scans.

Thats great, but we know nothing about this service or how it works, and so cannot support it.

I suggest you talk to whoever supports this service in HRMC :)

Cheers,

Simon