Automation Framework Failed to Generate Report
931 views
Skip to first unread message
Charles Williams
Apr 5, 2022, 1:22:19 PM4/5/22
to OWASP ZAP User Group
Hi ZAP Team,
I'm implementing my scanning via the Automation Framework for an authenticated scan against one of my apps. One of the steps in my AF plan is to generate a report:
- parameters:
template: "traditional-html"
reportDir: "/zap/wrk/owasp_zap_required_files/Reports"
reportFile: "HealthCareUniverseReport.html"
reportTitle: "ZAP Scanning Report Traditional HTML"
reportDescription: ""
displayReport: false
risks:
- "info"
- "low"
- "medium"
- "high"
confidences:
- "falsepositive"
- "low"
- "medium"
- "high"
- "confirmed"
sections:
- "instancecount"
- "alertdetails"
- "alertcount"
name: "report"
type: "report"
template: "traditional-html"
reportDir: "/zap/wrk/owasp_zap_required_files/Reports"
reportFile: "HealthCareUniverseReport.html"
reportTitle: "ZAP Scanning Report Traditional HTML"
reportDescription: ""
displayReport: false
risks:
- "info"
- "low"
- "medium"
- "high"
confidences:
- "falsepositive"
- "low"
- "medium"
- "high"
- "confirmed"
sections:
- "instancecount"
- "alertdetails"
- "alertcount"
name: "report"
type: "report"
However, when my scan finishes, I'm getting an error:
Job activeScan finished
Job report started
Job report failed to generate report: /zap/wrk/owasp_zap_required_files/Reports/HealthCareUniverseReport.html
Job report finished
Automation plan failures:
Job report failed to generate report: /zap/wrk/owasp_zap_required_files/Reports/HealthCareUniverseReport.html
Job report started
Job report failed to generate report: /zap/wrk/owasp_zap_required_files/Reports/HealthCareUniverseReport.html
Job report finished
Automation plan failures:
Job report failed to generate report: /zap/wrk/owasp_zap_required_files/Reports/HealthCareUniverseReport.html
I've attached my zap log from this, and there appears to be a broken pipe error, but I'm not sure what is causing it - is there anything I can change in ZAP that would help fix this?
Thank you!
Charles Williams
Apr 5, 2022, 1:28:47 PM4/5/22
to OWASP ZAP User Group
Based on log it appears that the scan broke during the DomXssScanRule (looks someone else found out about this before and just disabled it: https://groups.google.com/g/zaproxy-users/c/pYJP-3RyPZ0/m/23XOlUMvAgAJ) but are there any other approaches that could be taken here?
Charles Williams
Apr 5, 2022, 4:26:49 PM4/5/22
to OWASP ZAP User Group
Sorry, looks like the log was cut off at the bottom, it looks like performance continues after the DomXssScanRule, but the report is still failing to generate:
2022-04-05 20:22:56,275 [ZAP-ProxyThread-263] WARN ProxyThread - Failed to write/forward the HTTP response to the client: java.net.SocketException: Broken pipe (Write failed)
2022-04-05 20:23:56,434 [Thread-6] INFO HostProcess - completed host/plugin http://hcp1:8000 | DomXssScanRule in 215.762s with 220 message(s) sent and 0 alert(s) raised.
2022-04-05 20:23:57,240 [Thread-6] INFO HostProcess - start host http://hcp1:8000 | SOAPActionSpoofingActiveScanRule strength MEDIUM threshold MEDIUM
2022-04-05 20:23:57,770 [Thread-6] INFO HostProcess - completed host/plugin http://hcp1:8000 | SOAPActionSpoofingActiveScanRule in 0.531s with 0 message(s)sent and 0 alert(s) raised.
2022-04-05 20:23:57,770 [Thread-6] INFO HostProcess - start host http://hcp1:8000 | SOAPXMLInjectionActiveScanRule strength MEDIUM threshold MEDIUM
2022-04-05 20:23:59,834 [ZAP-DomXssReaper] INFO DomXssScanRule - Reaper thread exiting 0
2022-04-05 20:23:59,979 [Thread-6] INFO HostProcess - completed host/plugin http://hcp1:8000 | SOAPXMLInjectionActiveScanRule in 2.209s with 0 message(s) sent and 0 alert(s) raised.
2022-04-05 20:23:59,979 [Thread-6] INFO HostProcess - completed host http://hcp1:8000 in 267.101s with 0 alert(s) raised.
2022-04-05 20:23:59,979 [Thread-5] INFO Scanner - scanner completed in 267.113s
2022-04-05 20:24:00,080 [main ] INFO CommandLine - Job activeScan finished
2022-04-05 20:24:00,080 [main ] INFO CommandLine - Job report started
2022-04-05 20:24:00,103 [main ] ERROR CommandLine - Job report failed to generate report: /zap/wrk/owasp_zap_required_files/Reports/HealthCareUniverseReport.html
2022-04-05 20:24:00,103 [main ] INFO CommandLine - Job report finished
2022-04-05 20:24:00,103 [main ] INFO CommandLine - Automation plan failures:
2022-04-05 20:24:00,103 [main ] INFO CommandLine - Job report failed to generate report: /zap/wrk/owasp_zap_required_files/Reports/HealthCareUniverseReport.html
2022-04-05 20:24:00,103 [main ] INFO Control - Automation Framework setting exit status to due to plan errors
2022-04-05 20:23:56,434 [Thread-6] INFO HostProcess - completed host/plugin http://hcp1:8000 | DomXssScanRule in 215.762s with 220 message(s) sent and 0 alert(s) raised.
2022-04-05 20:23:57,240 [Thread-6] INFO HostProcess - start host http://hcp1:8000 | SOAPActionSpoofingActiveScanRule strength MEDIUM threshold MEDIUM
2022-04-05 20:23:57,770 [Thread-6] INFO HostProcess - completed host/plugin http://hcp1:8000 | SOAPActionSpoofingActiveScanRule in 0.531s with 0 message(s)sent and 0 alert(s) raised.
2022-04-05 20:23:57,770 [Thread-6] INFO HostProcess - start host http://hcp1:8000 | SOAPXMLInjectionActiveScanRule strength MEDIUM threshold MEDIUM
2022-04-05 20:23:59,834 [ZAP-DomXssReaper] INFO DomXssScanRule - Reaper thread exiting 0
2022-04-05 20:23:59,979 [Thread-6] INFO HostProcess - completed host/plugin http://hcp1:8000 | SOAPXMLInjectionActiveScanRule in 2.209s with 0 message(s) sent and 0 alert(s) raised.
2022-04-05 20:23:59,979 [Thread-6] INFO HostProcess - completed host http://hcp1:8000 in 267.101s with 0 alert(s) raised.
2022-04-05 20:23:59,979 [Thread-5] INFO Scanner - scanner completed in 267.113s
2022-04-05 20:24:00,080 [main ] INFO CommandLine - Job activeScan finished
2022-04-05 20:24:00,080 [main ] INFO CommandLine - Job report started
2022-04-05 20:24:00,103 [main ] ERROR CommandLine - Job report failed to generate report: /zap/wrk/owasp_zap_required_files/Reports/HealthCareUniverseReport.html
2022-04-05 20:24:00,103 [main ] INFO CommandLine - Job report finished
2022-04-05 20:24:00,103 [main ] INFO CommandLine - Automation plan failures:
2022-04-05 20:24:00,103 [main ] INFO CommandLine - Job report failed to generate report: /zap/wrk/owasp_zap_required_files/Reports/HealthCareUniverseReport.html
2022-04-05 20:24:00,103 [main ] INFO Control - Automation Framework setting exit status to due to plan errors
If the broken pipe errors aren't a sign that something in ZAP went wrong, what else may cause the report generation to fail?
Simon Bennetts
Apr 6, 2022, 4:37:53 AM4/6/22
to OWASP ZAP User Group
I'm guessing you are running ZAP in one of the ZAP Docker images.
Have a look at this guide: https://www.zaproxy.org/docs/docker/diagnosing-problems/
More specifically:
How are you starting that Docker image?
Are you mapping a loal drive to /zap/wrk ?
Does the equivalent local drive to /zap/wrk/owasp_zap_required_files/Reports/ exist?
Cheers,
Simon
Charles Williams
Apr 6, 2022, 10:42:11 AM4/6/22
to OWASP ZAP User Group
Thanks Simon, fixing the mounted volumes did the trick! One last question, I'm getting a lot of the below error during my active scan run in Jenkins - is this harmless, or a sign that something is going wrong in the scan? The report seems fine, but I just wanted to confirm.
10:40:28 1649256028798 Marionette WARN TimedPromise timed out after 500 ms: stacktrace:
10:40:28 TimedPromise/<@chrome://remote/content/marionette/sync.js:235:19
10:40:28 TimedPromise@chrome://remote/content/marionette/sync.js:220:10
10:40:28 interaction.flushEventLoop@chrome://remote/content/marionette/interaction.js:431:10
Thank you!
kingthorin+owaspzap
Apr 6, 2022, 1:06:10 PM4/6/22
to OWASP ZAP User Group
They're just WARNings you can ignore them.
Reply all
Reply to author
Forward
0 new messages