Importing context using zap-cli
1,726 views
Skip to first unread message
wishiwasnull
Apr 1, 2019, 5:07:38 AM4/1/19
to OWASP ZAP User Group
Hi all,
However, when i check the imported context using zap-cli context list, i don't see anything.
Trying to import the same context again would result in an error.
I have also ensured that i have already added the Authentication script used by the context.
Any help is much appreciated.
I am trying to integrate zap into my jenkins pipline using the zap2docker container.
I created a context and an Authentication zest script using the owasp zap ui. The context has been set to use the Authentication script I created.
When i am running the command to import the context, it shows me a success message as per below.
zap@d7d3582714cb:/zap$ zap-cli context import demo.context[INFO] Imported context from demo.contextHowever, when i check the imported context using zap-cli context list, i don't see anything.
zap@d7d3582714cb:/zap$ zap-cli context list[INFO] Available contexts: []zap@d7d3582714cb:/zap$ zap-cli context import demo.context[ERROR] Importing context from file failed: The external data provided is not valid.I have also ensured that i have already added the Authentication script used by the context.
zap@d7d3582714cb:/zap$ zap-cli scripts list+-----------------+----------------+----------------+-----------+| Name | Type | Engine | Enabled |+=================+================+================+===========+| http_sender | httpsender | Oracle Nashorn | true |+-----------------+----------------+----------------+-----------+| Login | authentication | Mozilla Zest | N/A |+-----------------+----------------+----------------+-----------+Any help is much appreciated.
Thank you!
Andre Guerra
Apr 1, 2019, 6:35:03 AM4/1/19
to OWASP ZAP User Group
Have you checked that your context file is within the file system of your container? My understanding is that the relative path provided is relative to zap’s install folder (if memory doesn’t fail me, it’s expected to be in the contexts directory). I suppose for container usage you’d have to add a step to your Jenkins setup that would copy the context to that directory in your zap2docker container. Let us know how it goes. My alternative solution would be to use the API to setup a full context (without the import).
wishiwasnull
Apr 1, 2019, 6:47:28 AM4/1/19
to OWASP ZAP User Group
Yep, the context file is in the docker container file system. I built a new image using owasp/zap2docker-stable as the base image and included all the files that I need (context and scripts) into /zap directory.
I created the context file on my local Windows machine using the zap UI before using the same context file for the container.
thc...@gmail.com
Apr 1, 2019, 6:58:36 AM4/1/19
to zaprox...@googlegroups.com
Hi.
Worth checking ZAP's log/output to know why the context was not imported
(assuming an error occurred).
Best regards.
Worth checking ZAP's log/output to know why the context was not imported
(assuming an error occurred).
Best regards.
wishiwasnull
Apr 1, 2019, 10:27:46 PM4/1/19
to OWASP ZAP User Group
Hi,
I was not able to find a zap.log in either /zap nor /home/zap. So, I am not very sure where they are located at.
wishiwasnull
Apr 2, 2019, 12:04:28 AM4/2/19
to OWASP ZAP User Group
Hi,
I found the log location but could not spot any error.
I tried importing the default context from Owasp zap UI and got the same behavior. Please refer to the below:
zap@512534f7d3e6:/zap$ zap-cli context import "Default Context.context"[INFO] Imported context from Default Context.contextzap@512534f7d3e6:/zap$ zap-cli context list
[INFO] Available contexts: []zap@512534f7d3e6:/zap$ zap-cli context import "Default Context.context"[ERROR] Importing context from file failed: The external data provided is not valid.
For the external data error, the stack trace is just that the context already existed.
2019-04-02 03:58:22,733 [ZAP-ProxyThread-140] WARN API - Bad request to API endpoint [/JSON/context/action/importContext/] from [127.0.0.1]:The external data provided is not valid. (bad_external_data)at org.zaproxy.zap.extension.api.ContextAPI.handleApiAction(ContextAPI.java:168)at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:431)at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:456)at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:317)at java.lang.Thread.run(Thread.java:748)Caused by: org.zaproxy.zap.model.IllegalContextNameException: A context with the given name [Default Context] already exists.at org.parosproxy.paros.model.Session.validateContextName(Session.java:1232)at org.parosproxy.paros.model.Session.importContext(Session.java:1383)at org.zaproxy.zap.extension.api.ContextAPI.handleApiAction(ContextAPI.java:166)... 4 more
Am I misunderstanding how zap-cli context list should work? Is the context actually imported successfully?
Thomas _____
May 10, 2022, 2:41:22 PM5/10/22
to OWASP ZAP User Group
Hi wishiwasnull ,
Try to add another context :
zap-cli context new test
zap-cli context list
you will see your context "Default Context.context" but will not see "test" context.
I found this today and I guess the last context added is not visible (maybe an error code in a loop...)
Regards
Reply all
Reply to author
Forward
0 new messages