From 66c6a3cffab0f3495217f10542012a7c73ac59cb Mon Sep 17 00:00:00 2001
From: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
Date: Wed, 17 Aug 2022 09:19:21 +0200
Subject: [PATCH 1/3] Alternative fix for #1289

#1289 changes the behaviour to always create the configmap. This was intentionally changed, to allow users to manage this configmap outside of helm.

Marking this as optional allows scans without it to still work and keep this behaviour.
---
 scanners/zap-advanced/values.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scanners/zap-advanced/values.yaml b/scanners/zap-advanced/values.yaml
index a2d7f7a1dd..8701a113ae 100644
--- a/scanners/zap-advanced/values.yaml
+++ b/scanners/zap-advanced/values.yaml
@@ -69,6 +69,7 @@ scanner:
     - name: zap-advanced-scantype-config
       configMap:
         name: zap-advanced-scantype-config
+        optional: true
     - name: zap-scripts-authentication
       configMap:
         name: zap-scripts-authentication
@@ -100,7 +101,7 @@ scanner:
       drop:
         # scanner.securityContext.capabilities.drop[0] -- This drops all linux privileges from the container.
         - all
-  
+
   # scanner.affinity -- Optional affinity settings that control how the scanner job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)
   affinity: {}
 

From ff46133e6e925594cc0191d35de48c221f18a63f Mon Sep 17 00:00:00 2001
From: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
Date: Wed, 17 Aug 2022 09:19:45 +0200
Subject: [PATCH 2/3] Ensure that result file is properly generated even when
 the config isn't set

---
 scanners/zap-advanced/scanner/zapclient/zap_automation.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scanners/zap-advanced/scanner/zapclient/zap_automation.py b/scanners/zap-advanced/scanner/zapclient/zap_automation.py
index 47141ad356..27ec34b71f 100644
--- a/scanners/zap-advanced/scanner/zapclient/zap_automation.py
+++ b/scanners/zap-advanced/scanner/zapclient/zap_automation.py
@@ -168,7 +168,7 @@ def generate_report_file(self, file_path: str, report_type: str):
             title="ZAP Report",
             template=self.get_report_template_for_file_type(report_type),
             reportdir=file_path,
-            contexts=self.__config.get_active_context_config["name"],
+            contexts=self.__config.get_active_context_config["name"] if self.__config is not None and self.__config.get_active_context_config is not None else None,
             reportfilename=report_file
         )
     

From c4a6b9ab227f5c26e5a65d4e8d20b959d92a65c6 Mon Sep 17 00:00:00 2001
From: J12934 <J12934@users.noreply.github.com>
Date: Wed, 17 Aug 2022 07:20:22 +0000
Subject: [PATCH 3/3] Updating Helm Docs

Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
---
 scanners/zap-advanced/README.md                  | 2 +-
 scanners/zap-advanced/docs/README.ArtifactHub.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/scanners/zap-advanced/README.md b/scanners/zap-advanced/README.md
index c147d3cd3f..2881d89e89 100644
--- a/scanners/zap-advanced/README.md
+++ b/scanners/zap-advanced/README.md
@@ -496,7 +496,7 @@ zapConfiguration:
 | scanner.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) |
 | scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
 | scanner.extraVolumeMounts | list | `[{"mountPath":"/home/securecodebox/configs/1-zap-advanced-scantype.yaml","name":"zap-advanced-scantype-config","readOnly":true,"subPath":"1-zap-advanced-scantype.yaml"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
-| scanner.extraVolumes | list | `[{"configMap":{"name":"zap-advanced-scantype-config"},"name":"zap-advanced-scantype-config"},{"configMap":{"name":"zap-scripts-authentication"},"name":"zap-scripts-authentication"},{"configMap":{"name":"zap-scripts-session"},"name":"zap-scripts-session"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.extraVolumes | list | `[{"configMap":{"name":"zap-advanced-scantype-config","optional":true},"name":"zap-advanced-scantype-config"},{"configMap":{"name":"zap-scripts-authentication"},"name":"zap-scripts-authentication"},{"configMap":{"name":"zap-scripts-session"},"name":"zap-scripts-session"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
 | scanner.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
 | scanner.image.repository | string | `"docker.io/securecodebox/scanner-zap-advanced"` | Container Image to run the scan |
 | scanner.image.tag | string | `nil` | defaults to the charts version |
diff --git a/scanners/zap-advanced/docs/README.ArtifactHub.md b/scanners/zap-advanced/docs/README.ArtifactHub.md
index 1e727b12a6..9dee365bf2 100644
--- a/scanners/zap-advanced/docs/README.ArtifactHub.md
+++ b/scanners/zap-advanced/docs/README.ArtifactHub.md
@@ -501,7 +501,7 @@ zapConfiguration:
 | scanner.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) |
 | scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
 | scanner.extraVolumeMounts | list | `[{"mountPath":"/home/securecodebox/configs/1-zap-advanced-scantype.yaml","name":"zap-advanced-scantype-config","readOnly":true,"subPath":"1-zap-advanced-scantype.yaml"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
-| scanner.extraVolumes | list | `[{"configMap":{"name":"zap-advanced-scantype-config"},"name":"zap-advanced-scantype-config"},{"configMap":{"name":"zap-scripts-authentication"},"name":"zap-scripts-authentication"},{"configMap":{"name":"zap-scripts-session"},"name":"zap-scripts-session"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.extraVolumes | list | `[{"configMap":{"name":"zap-advanced-scantype-config","optional":true},"name":"zap-advanced-scantype-config"},{"configMap":{"name":"zap-scripts-authentication"},"name":"zap-scripts-authentication"},{"configMap":{"name":"zap-scripts-session"},"name":"zap-scripts-session"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
 | scanner.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
 | scanner.image.repository | string | `"docker.io/securecodebox/scanner-zap-advanced"` | Container Image to run the scan |
 | scanner.image.tag | string | `nil` | defaults to the charts version |