JobUtils - Automation Framework failed to find method setUser on org.parosproxy.paros.core.scanner.ScannerParamwhat does this error mean?
So, we can scan REST using ZAP Automation Framework. Can we do that using the full scan or any other way available in the automation framework? Ror OpenAPI it's asking for OpenAPI Definition or something. But I don't have the flexibility to use the ZAP GUI app and will only use the cmd line to invoke the automation framework.
The rest application which I want to scan is just a URL..
[main ] INFO CommandLine - Job activeScan finished
2023-03-29 12:49:02,791 [main ] INFO CommandLine - Job report started
2023-03-29 12:49:03,549 [main ] INFO CommandLine - Job report generated report /opt/SP/devops/DevOpsShare/ZaProxy/zap/Test/reports/zapsoap.html
2023-03-29 12:49:03,549 [main ] INFO CommandLine - Job report finished
2023-03-29 12:49:03,550 [main ] INFO CommandLine - Automation plan succeeded!
2023-03-29 12:49:05,642 [ZAP-DomXssReaper] INFO DomXssScanRule - Reaper thread exiting 0
2023-03-29 12:49:20,690 [ZAP-IO-EventExecutor-3-3] WARN MainServerHandler - Failed to write/forward the HTTP response to the client: java.util.concurrent.RejectedExecutionException: event executor terminated
2023-03-29 12:49:20,691 [ZAP-IO-EventExecutor-3-3] WARN AbstractChannelHandlerContext - Failed to submit an exceptionCaught() event.
java.util.concurrent.RejectedExecutionException: event executor terminated
2023-03-29 12:50:40,633 [ZAP-IO-EventExecutor-3-2] WARN AbstractEventExecutor - A task raised an exception. Task: io.netty.channel.DefaultChannelPipeline$4@66b065b1
java.util.concurrent.RejectedExecutionException: event executor terminated
2023-03-29 12:50:42,771 [main ] INFO CommandLineBootstrap - OWASP ZAP 2.12.0 terminated.
I only pasted some of the errors. As most of them were repeating for a long time. This occurred while I was using the full-scan automation framework.
Thanks & Regards
Sai Theja
2023-04-05 08:26:45,789 [main ] ERROR ExtensionAutomation - java.nio.charset.MalformedInputException: Input length = 1
org.yaml.snakeyaml.error.YAMLException: java.nio.charset.MalformedInputException: Input length = 1
at org.yaml.snakeyaml.reader.StreamReader.update(StreamReader.java:218) ~[?:?]
at org.yaml.snakeyaml.reader.StreamReader.ensureEnoughData(StreamReader.java:176) ~[?:?]
at org.yaml.snakeyaml.reader.StreamReader.ensureEnoughData(StreamReader.java:171) ~[?:?]
at org.yaml.snakeyaml.reader.StreamReader.peek(StreamReader.java:126) ~[?:?]
at org.yaml.snakeyaml.scanner.ScannerImpl.scanToNextToken(ScannerImpl.java:1198) ~[?:?]
at org.yaml.snakeyaml.scanner.ScannerImpl.fetchMoreTokens(ScannerImpl.java:308) ~[?:?]
at org.yaml.snakeyaml.scanner.ScannerImpl.checkToken(ScannerImpl.java:248) ~[?:?]
at org.yaml.snakeyaml.parser.ParserImpl$ParseImplicitDocumentStart.produce(ParserImpl.java:213) ~[?:?]
at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:165) ~[?:?]
at org.yaml.snakeyaml.parser.ParserImpl.checkEvent(ParserImpl.java:155) ~[?:?]
at org.yaml.snakeyaml.composer.Composer.getSingleNode(Composer.java:140) ~[?:?]
at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:151) ~[?:?]
at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:490) ~[?:?]
at org.yaml.snakeyaml.Yaml.load(Yaml.java:429) ~[?:?]
at org.zaproxy.addon.automation.AutomationPlan.<init>(AutomationPlan.java:71) ~[?:?]
at org.zaproxy.addon.automation.ExtensionAutomation.runAutomationFile(ExtensionAutomation.java:433) ~[?:?]
at org.zaproxy.addon.automation.ExtensionAutomation.execute(ExtensionAutomation.java:549) ~[?:?]
at org.parosproxy.paros.extension.ExtensionLoader.runCommandLine(ExtensionLoader.java:535) ~[zap-2.12.0.jar:2.12.0]
at org.parosproxy.paros.control.Control.runCommandLine(Control.java:442) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.zap.CommandLineBootstrap.start(CommandLineBootstrap.java:91) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.zap.ZAP.main(ZAP.java:94) ~[zap-2.12.0.jar:2.12.0]
Caused by: java.nio.charset.MalformedInputException: Input length = 1
at java.nio.charset.CoderResult.throwException(CoderResult.java:274) ~[?:?]
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:339) ~[?:?]
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178) ~[?:?]
at java.io.InputStreamReader.read(InputStreamReader.java:181) ~[?:?]
at org.yaml.snakeyaml.reader.UnicodeReader.read(UnicodeReader.java:125) ~[?:?]
at org.yaml.snakeyaml.reader.StreamReader.update(StreamReader.java:183) ~[?:?]
... 20 more
2023-04-05 08:26:45,794 [main ] ERROR CommandLine - Unexpected error accessing file /opt/SP/devops/DevOpsShare/ZaProxy/zap/Test/YamlConfig/restconfig.yaml : java.nio.charset.MalformedInputException: Input length = 1 - see log for details
2023-04-05 08:26:45,795 [main ] ERROR CommandLineBootstrap - null
java.lang.NullPointerException: null
at org.zaproxy.addon.automation.ExtensionAutomation.execute(ExtensionAutomation.java:551) ~[?:?]
at org.parosproxy.paros.extension.ExtensionLoader.runCommandLine(ExtensionLoader.java:535) ~[zap-2.12.0.jar:2.12.0]
at org.parosproxy.paros.control.Control.runCommandLine(Control.java:442) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.zap.CommandLineBootstrap.start(CommandLineBootstrap.java:91) ~[zap-2.12.0.jar:2.12.0]
at org.zaproxy.zap.ZAP.main(ZAP.java:94) ~[zap-2.12.0.jar:2.12.0]
env:
contexts:
- name: "Default Context"
URLs:
- name: "www.ndajad.com/service/1.0" includePaths: []
excludePaths: []
authentication:
parameters: {}
verification:
method: "response"
pollFrequency: 60
pollUnits: "requests"
sessionManagement:
method: "cookie"
parameters: {}
parameters:
failOnError: true
failOnWarning: false
progressToStdout: true
vars: {}
jobs:
- parameters:
scanOnlyInScope: true
enableTags: false
rules: []
name: "passiveScan-config"
type: "passiveScan-config"
- parameters:
apiFile: "/devops/DevOpsShare/ZaProxy/zap/Test/restdescriptor/Descriptor.json"
apiUrl: ""
targetUrl: "www.ndajad.com/service/1.0/sreiveadrees"
name: "openapi"
type: "openapi"
- parameters:
maxDuration: 5000
name: "passiveScan-wait"
type: "passiveScan-wait"
- parameters:
context: "Default Context"
user: ""
policy: ""
maxRuleDurationInMins: 0
maxScanDurationInMins: 0
policyDefinition:
defaultStrength: "medium"
defaultThreshold: "medium"
rules: []
name: "activeScan"
type: "activeScan"
- parameters:
template: "traditional-html-plus"
theme: "light"
reportDir: "/devops/DevOpsShare/ZaProxy/zap/Test/reports"
reportFile: "zaprest"
reportTitle: "ZAP Scanning Report"
reportDescription: ""
displayReport: false
risks:
- "info"
- "low"
- "medium"
- "high"
confidences:
- "falsepositive"
- "low"
- "medium"
- "high"
- "confirmed"
sections:
- "passingrules"
- "instancecount"
- "alertdetails"
- "alertcount"
- "params"
- "chart"
- "statistics"
name: "report"
type: "report"