Zap Docker API Scan: URL Not Found in the Scan Tree
See original GitHub issueDescribe the bug I’m trying to run Zap Docker in my Gitlab CI/CD pipeline and the API scan throws several errors when I try to use the host override, meaning I want to specify a URL different to the one in my OpenAPI file.
2020-10-06 21:10:41,984 http://localhost:48271 "GET http://zap/JSON/ascan/view/status/?scanId=**URL+Not+Found+in+the+Scan+Tree** HTTP/1.1" 400 52
**ValueError: invalid literal for int() with base 10: 'Does Not Exist'** because the scan ID is invalid.
To Reproduce Steps to reproduce the behavior:
- Use the owasp/zap2docker-stable image.
- Run this command:
/zap/zap-api-scan.py -t $DAST_API_SPECIFICATION -f openapi -O $DAST_API_HOST_OVERRIDE -r $DAST_HTML_REPORT -d debug
Expected behavior I expect the active scan to generate an HTML report on my API.
StackTrace
2020-10-06 21:10:36,948 Starting new HTTP connection (1): localhost:48271
2020-10-06 21:10:36,953 http://localhost:48271 "GET http://zap/JSON/core/view/urls/ HTTP/1.1" 200 334
2020-10-06 21:10:36,954 Using host override, new target: REDACTED
2020-10-06 21:10:36,954 Number of Imported URLs: 5
2020-10-06 21:10:36,954 Import warnings: []
2020-10-06 21:10:36,954 Normalised target from REDACTED to REDACTED
2020-10-06 21:10:36,955 Trigger hook: zap_active_scan, args: 3
2020-10-06 21:10:36,955 Active Scan REDACTED / with policy API-Minimal
2020-10-06 21:10:36,957 Starting new HTTP connection (1): localhost:48271
2020-10-06 21:10:36,971 http://localhost:48271 "GET http://zap/JSON/ascan/action/scan/?url=REDACTED&apikey=&recurse=True&scanPolicyName=API-Minimal HTTP/1.1" 400 67
2020-10-06 21:10:41,980 Starting new HTTP connection (1): localhost:48271
2020-10-06 21:10:41,984 http://localhost:48271 "GET http://zap/JSON/ascan/view/status/?scanId=URL+Not+Found+in+the+Scan+Tree HTTP/1.1" 400 52
2020-10-06 21:10:41,986 Unexpected error: <type 'exceptions.ValueError'>
Traceback (most recent call last):
File "/zap/zap-api-scan.py", line 425, in main
zap_active_scan(zap, target, scan_policy)
File "/zap/zap_common.py", line 84, in _wrap
return_data = func(*args_list, **kwargs)
File "/zap/zap_common.py", line 400, in zap_active_scan
while(int(zap.ascan.status(ascan_scan_id)) < 100):
ValueError: invalid literal for int() with base 10: 'Does Not Exist'
ERROR <type 'exceptions.ValueError'>
2020-10-06 21:10:41,987 Failed to find zap_log /zap/zap.out
2020-10-06 21:10:41,987 Trigger hook: pre_exit, args: 3
Software versions
- ZAP: owasp/zap2docker-stable
Errors from the zap.log file
2020-10-06 21:10:41,987 **Failed to find zap_log /zap/zap.out**
2020-10-06 21:10:41,987 Trigger hook: pre_exit, args: 3
I would love to include the zap.out file to help with debugging but it says that it doesn’t exist.
Additional context The integration with Gitlab isn’t the issue here. I have done some debugging with their version of Zap and they are having similar issues.
Would you like to help fix this issue? If I can, I would be happy to contribute code but I’m not familiar with the internals of the active scan for APIs.
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
It’s not necessary to override the host, simply importing an API that points to other host is enough.
That’s a known issue #5510.