2022-05-17T06:52:48.8189939Z Found online and idle self-hosted runner in the current repository's organization account that matches the required labels: 'self-hosted' 2022-05-17T06:52:48.9136870Z Waiting for the runner to pick up this job... 2022-05-17T06:52:49.2813179Z Job is about to start running on the runner: runner-deployment-bjd9z-xr4d5 (organization) 2022-05-17T06:52:53.2849322Z Current runner version: '2.291.1' 2022-05-17T06:52:53.2857691Z Runner name: 'runner-deployment-bjd9z-xr4d5' 2022-05-17T06:52:53.2858368Z Runner group name: 'Default' 2022-05-17T06:52:53.2859397Z Machine name: 'runner-deployment-bjd9z-xr4d5' 2022-05-17T06:52:53.2862484Z ##[group]GITHUB_TOKEN Permissions 2022-05-17T06:52:53.2863431Z Actions: write 2022-05-17T06:52:53.2864006Z Checks: write 2022-05-17T06:52:53.2864352Z Contents: write 2022-05-17T06:52:53.2864753Z Deployments: write 2022-05-17T06:52:53.2865164Z Discussions: write 2022-05-17T06:52:53.2865480Z Issues: write 2022-05-17T06:52:53.2865869Z Metadata: read 2022-05-17T06:52:53.2866194Z Packages: write 2022-05-17T06:52:53.2866565Z Pages: write 2022-05-17T06:52:53.2867062Z PullRequests: write 2022-05-17T06:52:53.2867607Z RepositoryProjects: write 2022-05-17T06:52:53.2868101Z SecurityEvents: write 2022-05-17T06:52:53.2868498Z Statuses: write 2022-05-17T06:52:53.2868838Z ##[endgroup] 2022-05-17T06:52:53.2873689Z Prepare workflow directory 2022-05-17T06:52:53.3844261Z Prepare all required actions 2022-05-17T06:52:53.4058061Z Getting action download info 2022-05-17T06:52:54.6428690Z Download action repository 'actions/checkout@v2' (SHA:7884fcad6b5d53d10323aee724dc68d8b9096a2e) 2022-05-17T06:52:55.0626162Z Download action repository 'zaproxy/action-full-scan@v0.3.0' (SHA:1f35897c4c11af6b1203c36b67a5ba99c3c5b5f4) 2022-05-17T06:52:55.7029139Z ##[group]Run actions/checkout@v2 2022-05-17T06:52:55.7029395Z with: 2022-05-17T06:52:55.7029653Z repository: App-MMM-PetstorePOC/PetstoreApp-Pipeline 2022-05-17T06:52:55.7030149Z token: *** 2022-05-17T06:52:55.7030346Z ssh-strict: true 2022-05-17T06:52:55.7030633Z persist-credentials: true 2022-05-17T06:52:55.7030966Z clean: true 2022-05-17T06:52:55.7031229Z fetch-depth: 1 2022-05-17T06:52:55.7031412Z lfs: false 2022-05-17T06:52:55.7031600Z submodules: false 2022-05-17T06:52:55.7031802Z set-safe-directory: true 2022-05-17T06:52:55.7032002Z env: 2022-05-17T06:52:55.7032220Z REGISTRY_NAME: mmmazurepetstorecr 2022-05-17T06:52:55.7032475Z CLUSTER_NAME: mmm-petstore-aks 2022-05-17T06:52:55.7032703Z CLUSTER_RESOURCE_GROUP: dnd-petstore-rg 2022-05-17T06:52:55.7032936Z NAMESPACE: dev-petstore 2022-05-17T06:52:55.7033169Z SECRET: petstore-aks-secret 2022-05-17T06:52:55.7033375Z ##[endgroup] 2022-05-17T06:52:55.9148596Z Syncing repository: App-MMM-PetstorePOC/PetstoreApp-Pipeline 2022-05-17T06:52:55.9151844Z ##[group]Getting Git version info 2022-05-17T06:52:55.9152968Z Working directory is '/runner/_work/PetstoreApp-Pipeline/PetstoreApp-Pipeline' 2022-05-17T06:52:55.9154106Z [command]/usr/bin/git version 2022-05-17T06:52:55.9154626Z git version 2.36.1 2022-05-17T06:52:55.9178438Z ##[endgroup] 2022-05-17T06:52:55.9205616Z Temporarily overriding HOME='/runner/_work/_temp/cd8c282a-bf3f-407a-9d90-3b1e7a3db110' before making global git config changes 2022-05-17T06:52:55.9206293Z Adding repository directory to the temporary git global config as a safe directory 2022-05-17T06:52:55.9207107Z [command]/usr/bin/git config --global --add safe.directory /runner/_work/PetstoreApp-Pipeline/PetstoreApp-Pipeline 2022-05-17T06:52:55.9268089Z Deleting the contents of '/runner/_work/PetstoreApp-Pipeline/PetstoreApp-Pipeline' 2022-05-17T06:52:55.9274019Z ##[group]Initializing the repository 2022-05-17T06:52:55.9280361Z [command]/usr/bin/git init /runner/_work/PetstoreApp-Pipeline/PetstoreApp-Pipeline 2022-05-17T06:52:55.9330832Z hint: Using 'master' as the name for the initial branch. This default branch name 2022-05-17T06:52:55.9332515Z hint: is subject to change. To configure the initial branch name to use in all 2022-05-17T06:52:55.9333818Z hint: of your new repositories, which will suppress this warning, call: 2022-05-17T06:52:55.9334644Z hint: 2022-05-17T06:52:55.9335407Z hint: git config --global init.defaultBranch 2022-05-17T06:52:55.9335983Z hint: 2022-05-17T06:52:55.9336911Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and 2022-05-17T06:52:55.9337910Z hint: 'development'. The just-created branch can be renamed via this command: 2022-05-17T06:52:55.9338837Z hint: 2022-05-17T06:52:55.9339337Z hint: git branch -m 2022-05-17T06:52:55.9348490Z Initialized empty Git repository in /runner/_work/PetstoreApp-Pipeline/PetstoreApp-Pipeline/.git/ 2022-05-17T06:52:55.9359953Z [command]/usr/bin/git remote add origin https://github.kyndryl.net/App-MMM-PetstorePOC/PetstoreApp-Pipeline 2022-05-17T06:52:55.9416070Z ##[endgroup] 2022-05-17T06:52:55.9417468Z ##[group]Disabling automatic garbage collection 2022-05-17T06:52:55.9422667Z [command]/usr/bin/git config --local gc.auto 0 2022-05-17T06:52:55.9467328Z ##[endgroup] 2022-05-17T06:52:55.9468947Z ##[group]Setting up auth 2022-05-17T06:52:55.9537006Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2022-05-17T06:52:55.9581374Z [command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || : 2022-05-17T06:52:55.9844780Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.kyndryl\.net\/\.extraheader 2022-05-17T06:52:55.9900763Z [command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/github\.kyndryl\.net\/\.extraheader' && git config --local --unset-all 'http.https://github.kyndryl.net/.extraheader' || : 2022-05-17T06:52:56.0168787Z [command]/usr/bin/git config --local http.https://github.kyndryl.net/.extraheader AUTHORIZATION: basic *** 2022-05-17T06:52:56.0226617Z ##[endgroup] 2022-05-17T06:52:56.0228201Z ##[group]Fetching the repository 2022-05-17T06:52:56.0239186Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +bc378c158da4ff59102a2640b92a65c1fcfd9392:refs/remotes/origin/pentesting 2022-05-17T06:52:56.3539638Z remote: Enumerating objects: 75, done. 2022-05-17T06:52:56.3694459Z remote: Counting objects: 1% (1/75) 2022-05-17T06:52:56.3695100Z remote: Counting objects: 2% (2/75) 2022-05-17T06:52:56.3695699Z remote: Counting objects: 4% (3/75) 2022-05-17T06:52:56.3696244Z remote: Counting objects: 5% (4/75) 2022-05-17T06:52:56.3696803Z remote: Counting objects: 6% (5/75) 2022-05-17T06:52:56.3697319Z remote: Counting objects: 8% (6/75) 2022-05-17T06:52:56.3697811Z remote: Counting objects: 9% (7/75) 2022-05-17T06:52:56.3698275Z remote: Counting objects: 10% (8/75) 2022-05-17T06:52:56.3698802Z remote: Counting objects: 12% (9/75) 2022-05-17T06:52:56.3699333Z remote: Counting objects: 13% (10/75) 2022-05-17T06:52:56.3700084Z remote: Counting objects: 14% (11/75) 2022-05-17T06:52:56.3700522Z remote: Counting objects: 16% (12/75) 2022-05-17T06:52:56.3701106Z remote: Counting objects: 17% (13/75) 2022-05-17T06:52:56.3701522Z remote: Counting objects: 18% (14/75) 2022-05-17T06:52:56.3701935Z remote: Counting objects: 20% (15/75) 2022-05-17T06:52:56.3702625Z remote: Counting objects: 21% (16/75) 2022-05-17T06:52:56.3703105Z remote: Counting objects: 22% (17/75) 2022-05-17T06:52:56.3703555Z remote: Counting objects: 24% (18/75) 2022-05-17T06:52:56.3704039Z remote: Counting objects: 25% (19/75) 2022-05-17T06:52:56.3704511Z remote: Counting objects: 26% (20/75) 2022-05-17T06:52:56.3704976Z remote: Counting objects: 28% (21/75) 2022-05-17T06:52:56.3705637Z remote: Counting objects: 29% (22/75) 2022-05-17T06:52:56.3706159Z remote: Counting objects: 30% (23/75) 2022-05-17T06:52:56.3706686Z remote: Counting objects: 32% (24/75) 2022-05-17T06:52:56.3707201Z remote: Counting objects: 33% (25/75) 2022-05-17T06:52:56.3707715Z remote: Counting objects: 34% (26/75) 2022-05-17T06:52:56.3708229Z remote: Counting objects: 36% (27/75) 2022-05-17T06:52:56.3708759Z remote: Counting objects: 37% (28/75) 2022-05-17T06:52:56.3709315Z remote: Counting objects: 38% (29/75) 2022-05-17T06:52:56.3710138Z remote: Counting objects: 40% (30/75) 2022-05-17T06:52:56.3710675Z remote: Counting objects: 41% (31/75) 2022-05-17T06:52:56.3711155Z remote: Counting objects: 42% (32/75) 2022-05-17T06:52:56.3711663Z remote: Counting objects: 44% (33/75) 2022-05-17T06:52:56.3712190Z remote: Counting objects: 45% (34/75) 2022-05-17T06:52:56.3712707Z remote: Counting objects: 46% (35/75) 2022-05-17T06:52:56.3713326Z remote: Counting objects: 48% (36/75) 2022-05-17T06:52:56.3713800Z remote: Counting objects: 49% (37/75) 2022-05-17T06:52:56.3714273Z remote: Counting objects: 50% (38/75) 2022-05-17T06:52:56.3714741Z remote: Counting objects: 52% (39/75) 2022-05-17T06:52:56.3715225Z remote: Counting objects: 53% (40/75) 2022-05-17T06:52:56.3715699Z remote: Counting objects: 54% (41/75) 2022-05-17T06:52:56.3716188Z remote: Counting objects: 56% (42/75) 2022-05-17T06:52:56.3716681Z remote: Counting objects: 57% (43/75) 2022-05-17T06:52:56.3717155Z remote: Counting objects: 58% (44/75) 2022-05-17T06:52:56.3717636Z remote: Counting objects: 60% (45/75) 2022-05-17T06:52:56.3718107Z remote: Counting objects: 61% (46/75) 2022-05-17T06:52:56.3718811Z remote: Counting objects: 62% (47/75) 2022-05-17T06:52:56.3719303Z remote: Counting objects: 64% (48/75) 2022-05-17T06:52:56.3719780Z remote: Counting objects: 65% (49/75) 2022-05-17T06:52:56.3720253Z remote: Counting objects: 66% (50/75) 2022-05-17T06:52:56.3720743Z remote: Counting objects: 68% (51/75) 2022-05-17T06:52:56.3721199Z remote: Counting objects: 69% (52/75) 2022-05-17T06:52:56.3721664Z remote: Counting objects: 70% (53/75) 2022-05-17T06:52:56.3722144Z remote: Counting objects: 72% (54/75) 2022-05-17T06:52:56.3722621Z remote: Counting objects: 73% (55/75) 2022-05-17T06:52:56.3723100Z remote: Counting objects: 74% (56/75) 2022-05-17T06:52:56.3723600Z remote: Counting objects: 76% (57/75) 2022-05-17T06:52:56.3724200Z remote: Counting objects: 77% (58/75) 2022-05-17T06:52:56.3724690Z remote: Counting objects: 78% (59/75) 2022-05-17T06:52:56.3725137Z remote: Counting objects: 80% (60/75) 2022-05-17T06:52:56.3725642Z remote: Counting objects: 81% (61/75) 2022-05-17T06:52:56.3726133Z remote: Counting objects: 82% (62/75) 2022-05-17T06:52:56.3726646Z remote: Counting objects: 84% (63/75) 2022-05-17T06:52:56.3727146Z remote: Counting objects: 85% (64/75) 2022-05-17T06:52:56.3727628Z remote: Counting objects: 86% (65/75) 2022-05-17T06:52:56.3728103Z remote: Counting objects: 88% (66/75) 2022-05-17T06:52:56.3728560Z remote: Counting objects: 89% (67/75) 2022-05-17T06:52:56.3729031Z remote: Counting objects: 90% (68/75) 2022-05-17T06:52:56.3729536Z remote: Counting objects: 92% (69/75) 2022-05-17T06:52:56.3730046Z remote: Counting objects: 93% (70/75) 2022-05-17T06:52:56.3730519Z remote: Counting objects: 94% (71/75) 2022-05-17T06:52:56.3730995Z remote: Counting objects: 96% (72/75) 2022-05-17T06:52:56.3772024Z remote: Counting objects: 97% (73/75) 2022-05-17T06:52:56.3772811Z remote: Counting objects: 98% (74/75) 2022-05-17T06:52:56.3773407Z remote: Counting objects: 100% (75/75) 2022-05-17T06:52:56.3774020Z remote: Counting objects: 100% (75/75), done. 2022-05-17T06:52:56.3774634Z remote: Compressing objects: 1% (1/55) 2022-05-17T06:52:56.3775240Z remote: Compressing objects: 3% (2/55) 2022-05-17T06:52:56.3775841Z remote: Compressing objects: 5% (3/55) 2022-05-17T06:52:56.3776453Z remote: Compressing objects: 7% (4/55) 2022-05-17T06:52:56.3777103Z remote: Compressing objects: 9% (5/55) 2022-05-17T06:52:56.3777751Z remote: Compressing objects: 10% (6/55) 2022-05-17T06:52:56.3778632Z remote: Compressing objects: 12% (7/55) 2022-05-17T06:52:56.3779233Z remote: Compressing objects: 14% (8/55) 2022-05-17T06:52:56.3779835Z remote: Compressing objects: 16% (9/55) 2022-05-17T06:52:56.3780490Z remote: Compressing objects: 18% (10/55) 2022-05-17T06:52:56.3781149Z remote: Compressing objects: 20% (11/55) 2022-05-17T06:52:56.3781795Z remote: Compressing objects: 21% (12/55) 2022-05-17T06:52:56.3782423Z remote: Compressing objects: 23% (13/55) 2022-05-17T06:52:56.3783043Z remote: Compressing objects: 25% (14/55) 2022-05-17T06:52:56.3783640Z remote: Compressing objects: 27% (15/55) 2022-05-17T06:52:56.3784283Z remote: Compressing objects: 29% (16/55) 2022-05-17T06:52:56.3784907Z remote: Compressing objects: 30% (17/55) 2022-05-17T06:52:56.3785540Z remote: Compressing objects: 32% (18/55) 2022-05-17T06:52:56.3786189Z remote: Compressing objects: 34% (19/55) 2022-05-17T06:52:56.3786809Z remote: Compressing objects: 36% (20/55) 2022-05-17T06:52:56.3787413Z remote: Compressing objects: 38% (21/55) 2022-05-17T06:52:56.3788047Z remote: Compressing objects: 40% (22/55) 2022-05-17T06:52:56.3788693Z remote: Compressing objects: 41% (23/55) 2022-05-17T06:52:56.3789543Z remote: Compressing objects: 43% (24/55) 2022-05-17T06:52:56.3790177Z remote: Compressing objects: 45% (25/55) 2022-05-17T06:52:56.3790824Z remote: Compressing objects: 47% (26/55) 2022-05-17T06:52:56.3791449Z remote: Compressing objects: 49% (27/55) 2022-05-17T06:52:56.3792086Z remote: Compressing objects: 50% (28/55) 2022-05-17T06:52:56.3792806Z remote: Compressing objects: 52% (29/55) 2022-05-17T06:52:56.3793373Z remote: Compressing objects: 54% (30/55) 2022-05-17T06:52:56.3793917Z remote: Compressing objects: 56% (31/55) 2022-05-17T06:52:56.3794519Z remote: Compressing objects: 58% (32/55) 2022-05-17T06:52:56.3795109Z remote: Compressing objects: 60% (33/55) 2022-05-17T06:52:56.3795706Z remote: Compressing objects: 61% (34/55) 2022-05-17T06:52:56.3796296Z remote: Compressing objects: 63% (35/55) 2022-05-17T06:52:56.3796911Z remote: Compressing objects: 65% (36/55) 2022-05-17T06:52:56.3797512Z remote: Compressing objects: 67% (37/55) 2022-05-17T06:52:56.3798096Z remote: Compressing objects: 69% (38/55) 2022-05-17T06:52:56.3852273Z remote: Compressing objects: 70% (39/55) 2022-05-17T06:52:56.3853087Z remote: Compressing objects: 72% (40/55) 2022-05-17T06:52:56.3853701Z remote: Compressing objects: 74% (41/55) 2022-05-17T06:52:56.3854288Z remote: Compressing objects: 76% (42/55) 2022-05-17T06:52:56.3854870Z remote: Compressing objects: 78% (43/55) 2022-05-17T06:52:56.3855440Z remote: Compressing objects: 80% (44/55) 2022-05-17T06:52:56.3856013Z remote: Compressing objects: 81% (45/55) 2022-05-17T06:52:56.3856618Z remote: Compressing objects: 83% (46/55) 2022-05-17T06:52:56.3857157Z remote: Compressing objects: 85% (47/55) 2022-05-17T06:52:56.3857711Z remote: Compressing objects: 87% (48/55) 2022-05-17T06:52:56.3858279Z remote: Compressing objects: 89% (49/55) 2022-05-17T06:52:56.3858873Z remote: Compressing objects: 90% (50/55) 2022-05-17T06:52:56.3859469Z remote: Compressing objects: 92% (51/55) 2022-05-17T06:52:56.3860056Z remote: Compressing objects: 94% (52/55) 2022-05-17T06:52:56.3860820Z remote: Compressing objects: 96% (53/55) 2022-05-17T06:52:56.3861429Z remote: Compressing objects: 98% (54/55) 2022-05-17T06:52:56.3862048Z remote: Compressing objects: 100% (55/55) 2022-05-17T06:52:56.3862927Z remote: Compressing objects: 100% (55/55), done. 2022-05-17T06:52:56.3865964Z remote: Total 75 (delta 32), reused 43 (delta 14), pack-reused 0 2022-05-17T06:52:56.4196452Z From https://github.kyndryl.net/App-MMM-PetstorePOC/PetstoreApp-Pipeline 2022-05-17T06:52:56.4197962Z * [new ref] bc378c158da4ff59102a2640b92a65c1fcfd9392 -> origin/pentesting 2022-05-17T06:52:56.4247855Z ##[endgroup] 2022-05-17T06:52:56.4248802Z ##[group]Determining the checkout info 2022-05-17T06:52:56.4249528Z ##[endgroup] 2022-05-17T06:52:56.4250225Z ##[group]Checking out the ref 2022-05-17T06:52:56.4251413Z [command]/usr/bin/git checkout --progress --force -B pentesting refs/remotes/origin/pentesting 2022-05-17T06:52:56.4414890Z Switched to a new branch 'pentesting' 2022-05-17T06:52:56.4424227Z branch 'pentesting' set up to track 'origin/pentesting'. 2022-05-17T06:52:56.4464628Z ##[endgroup] 2022-05-17T06:52:56.4544946Z [command]/usr/bin/git log -1 --format='%H' 2022-05-17T06:52:56.4588453Z 'bc378c158da4ff59102a2640b92a65c1fcfd9392' 2022-05-17T06:52:56.5182337Z ##[group]Run zaproxy/action-full-scan@v0.3.0 2022-05-17T06:52:56.5182816Z with: 2022-05-17T06:52:56.5183568Z token: *** 2022-05-17T06:52:56.5183991Z docker_name: owasp/zap2docker-stable 2022-05-17T06:52:56.5184535Z target: https://mmmazurepetstore.azurewebsites.net/ 2022-05-17T06:52:56.5185082Z cmd_options: -d 2022-05-17T06:52:56.5185422Z issue_title: ZAP Full Scan Report 2022-05-17T06:52:56.5185721Z fail_action: false 2022-05-17T06:52:56.5185952Z allow_issue_writing: true 2022-05-17T06:52:56.5186219Z env: 2022-05-17T06:52:56.5186468Z REGISTRY_NAME: mmmazurepetstorecr 2022-05-17T06:52:56.5186738Z CLUSTER_NAME: mmm-petstore-aks 2022-05-17T06:52:56.5187199Z CLUSTER_RESOURCE_GROUP: dnd-petstore-rg 2022-05-17T06:52:56.5187498Z NAMESPACE: dev-petstore 2022-05-17T06:52:56.5187956Z SECRET: petstore-aks-secret 2022-05-17T06:52:56.5188264Z ##[endgroup] 2022-05-17T06:52:56.6534627Z [@octokit/rest] `const Octokit = require("@octokit/rest")` is deprecated. Use `const { Octokit } = require("@octokit/rest")` instead 2022-05-17T06:52:56.7084513Z starting the program 2022-05-17T06:52:56.7130857Z github run id :657831 2022-05-17T06:52:56.7132253Z [command]/usr/local/bin/docker pull owasp/zap2docker-stable -q 2022-05-17T06:53:49.8111734Z docker.io/owasp/zap2docker-stable:latest 2022-05-17T06:53:49.8159734Z [command]/usr/local/bin/docker run --user root -v /runner/_work/PetstoreApp-Pipeline/PetstoreApp-Pipeline:/zap/wrk/:rw --network=host -t owasp/zap2docker-stable zap-full-scan.py -t https://mmmazurepetstore.azurewebsites.net/ -J report_json.json -w report_md.md -r report_html.html -d 2022-05-17T06:53:50.5095248Z 2022-05-17 06:53:50,499 Could not find custom hooks file at /home/zap/.zap_hooks.py 2022-05-17T06:53:50.5096071Z 2022-05-17 06:53:50,499 Trigger hook: cli_opts, args: 1 2022-05-17T06:53:50.5098313Z 2022-05-17 06:53:50,500 Using port: 56760 2022-05-17T06:53:50.5099025Z 2022-05-17 06:53:50,500 Trigger hook: start_zap, args: 2 2022-05-17T06:53:50.5099430Z 2022-05-17 06:53:50,500 Starting ZAP 2022-05-17T06:53:50.5100700Z 2022-05-17 06:53:50,501 Params: ['zap-x.sh', '-daemon', '-port', '56760', '-host', '0.0.0.0', '-config', 'database.recoverylog=false', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=0', '-addonupdate', '-addoninstall', 'pscanrulesBeta', '-addoninstall', 'ascanrulesBeta'] 2022-05-17T06:53:50.5198123Z 2022-05-17 06:53:50,517 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:53:51.5307652Z 2022-05-17 06:53:51,526 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:53:52.5333139Z 2022-05-17 06:53:52,530 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:53:53.5454992Z 2022-05-17 06:53:53,534 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:53:54.5454866Z 2022-05-17 06:53:54,539 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:53:55.6511106Z 2022-05-17 06:53:55,640 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:53:56.6493335Z 2022-05-17 06:53:56,645 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:53:57.6532786Z 2022-05-17 06:53:57,649 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:53:58.6619227Z 2022-05-17 06:53:58,657 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:53:59.6664532Z 2022-05-17 06:53:59,662 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:00.6734731Z 2022-05-17 06:54:00,666 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:01.6750113Z 2022-05-17 06:54:01,670 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:02.6783168Z 2022-05-17 06:54:02,674 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:03.6794668Z 2022-05-17 06:54:03,678 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:04.6851694Z 2022-05-17 06:54:04,682 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:05.6865969Z 2022-05-17 06:54:05,685 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:05.7013381Z 2022-05-17 06:54:05,699 http://localhost:56760 "GET http://zap/JSON/core/view/version/ HTTP/1.1" 200 20 2022-05-17T06:54:05.7031872Z 2022-05-17 06:54:05,700 ZAP Version 2.11.1 2022-05-17T06:54:05.7034705Z 2022-05-17 06:54:05,700 Took 15 seconds 2022-05-17T06:54:05.7035332Z 2022-05-17 06:54:05,700 Trigger hook: zap_started, args: 2 2022-05-17T06:54:05.7035785Z 2022-05-17 06:54:05,700 Tune 2022-05-17T06:54:05.7036232Z 2022-05-17 06:54:05,700 Disable all tags 2022-05-17T06:54:05.7136710Z 2022-05-17 06:54:05,702 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:05.7197762Z 2022-05-17 06:54:05,715 http://localhost:56760 "GET http://zap/JSON/pscan/action/disableAllTags/?apikey= HTTP/1.1" 200 15 2022-05-17T06:54:05.7198711Z 2022-05-17 06:54:05,716 Set max pscan alerts 2022-05-17T06:54:05.7199460Z 2022-05-17 06:54:05,718 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:05.7298941Z 2022-05-17 06:54:05,724 http://localhost:56760 "GET http://zap/JSON/pscan/action/setMaxAlertsPerRule/?maxAlerts=10&apikey= HTTP/1.1" 200 15 2022-05-17T06:54:05.7299657Z 2022-05-17 06:54:05,725 Trigger hook: zap_tuned, args: 1 2022-05-17T06:54:05.7300226Z 2022-05-17 06:54:05,725 Trigger hook: zap_access_target, args: 2 2022-05-17T06:54:05.7300955Z 2022-05-17 06:54:05,727 Starting new HTTPS connection (1): mmmazurepetstore.azurewebsites.net:443 2022-05-17T06:54:06.3034308Z 2022-05-17 06:54:06,298 https://mmmazurepetstore.azurewebsites.net:443 "GET / HTTP/1.1" 401 0 2022-05-17T06:54:08.3259457Z 2022-05-17 06:54:08,302 Trigger hook: zap_spider, args: 2 2022-05-17T06:54:08.3260538Z 2022-05-17 06:54:08,309 Spider https://mmmazurepetstore.azurewebsites.net/ 2022-05-17T06:54:08.3261643Z 2022-05-17 06:54:08,318 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:08.3542842Z 2022-05-17 06:54:08,351 http://localhost:56760 "GET http://zap/JSON/spider/action/scan/?apikey=&url=https%3A%2F%2Fmmmazurepetstore.azurewebsites.net%2F HTTP/1.1" 200 12 2022-05-17T06:54:13.3613976Z 2022-05-17 06:54:13,360 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:13.3647470Z 2022-05-17 06:54:13,363 http://localhost:56760 "GET http://zap/JSON/spider/view/status/?scanId=0 HTTP/1.1" 200 16 2022-05-17T06:54:13.3669334Z 2022-05-17 06:54:13,365 Spider complete 2022-05-17T06:54:13.3670133Z 2022-05-17 06:54:13,365 Trigger hook: zap_spider_wrap, args: 1 2022-05-17T06:54:13.3670905Z 2022-05-17 06:54:13,365 Trigger hook: zap_active_scan, args: 3 2022-05-17T06:54:13.3671999Z 2022-05-17 06:54:13,365 Active Scan https://mmmazurepetstore.azurewebsites.net/ with policy Default Policy 2022-05-17T06:54:13.3682888Z 2022-05-17 06:54:13,367 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:13.3992229Z 2022-05-17 06:54:13,396 http://localhost:56760 "GET http://zap/JSON/ascan/action/scan/?apikey=&url=https%3A%2F%2Fmmmazurepetstore.azurewebsites.net%2F&recurse=True&scanPolicyName=Default+Policy HTTP/1.1" 200 12 2022-05-17T06:54:18.4127204Z 2022-05-17 06:54:18,408 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:18.4321882Z 2022-05-17 06:54:18,425 http://localhost:56760 "GET http://zap/JSON/ascan/view/status/?scanId=0 HTTP/1.1" 200 15 2022-05-17T06:54:18.4325541Z 2022-05-17 06:54:18,429 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:18.4518123Z 2022-05-17 06:54:18,447 http://localhost:56760 "GET http://zap/JSON/ascan/view/status/?scanId=0 HTTP/1.1" 200 15 2022-05-17T06:54:18.4518960Z 2022-05-17 06:54:18,448 Active Scan progress %: 17 2022-05-17T06:54:23.4645146Z 2022-05-17 06:54:23,455 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:23.4646202Z 2022-05-17 06:54:23,458 http://localhost:56760 "GET http://zap/JSON/ascan/view/status/?scanId=0 HTTP/1.1" 200 15 2022-05-17T06:54:23.4647113Z 2022-05-17 06:54:23,461 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:23.4690408Z 2022-05-17 06:54:23,466 http://localhost:56760 "GET http://zap/JSON/ascan/view/status/?scanId=0 HTTP/1.1" 200 15 2022-05-17T06:54:23.4692059Z 2022-05-17 06:54:23,467 Active Scan progress %: 35 2022-05-17T06:54:28.4774388Z 2022-05-17 06:54:28,471 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:28.4775691Z 2022-05-17 06:54:28,475 http://localhost:56760 "GET http://zap/JSON/ascan/view/status/?scanId=0 HTTP/1.1" 200 15 2022-05-17T06:54:28.4827742Z 2022-05-17 06:54:28,479 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:28.4872769Z 2022-05-17 06:54:28,484 http://localhost:56760 "GET http://zap/JSON/ascan/view/status/?scanId=0 HTTP/1.1" 200 15 2022-05-17T06:54:28.4873755Z 2022-05-17 06:54:28,485 Active Scan progress %: 51 2022-05-17T06:54:33.4941703Z 2022-05-17 06:54:33,491 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:33.4972737Z 2022-05-17 06:54:33,495 http://localhost:56760 "GET http://zap/JSON/ascan/view/status/?scanId=0 HTTP/1.1" 200 15 2022-05-17T06:54:33.5042005Z 2022-05-17 06:54:33,500 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:33.5066172Z 2022-05-17 06:54:33,505 http://localhost:56760 "GET http://zap/JSON/ascan/view/status/?scanId=0 HTTP/1.1" 200 15 2022-05-17T06:54:33.5074358Z 2022-05-17 06:54:33,506 Active Scan progress %: 74 2022-05-17T06:54:38.5670093Z 2022-05-17 06:54:38,515 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:38.6139657Z 2022-05-17 06:54:38,609 http://localhost:56760 "GET http://zap/JSON/ascan/view/status/?scanId=0 HTTP/1.1" 200 15 2022-05-17T06:54:38.6237220Z 2022-05-17 06:54:38,618 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:38.6452481Z 2022-05-17 06:54:38,638 http://localhost:56760 "GET http://zap/JSON/ascan/view/status/?scanId=0 HTTP/1.1" 200 15 2022-05-17T06:54:38.6453500Z 2022-05-17 06:54:38,640 Active Scan progress %: 91 2022-05-17T06:54:43.6461152Z 2022-05-17 06:54:43,644 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:43.6491871Z 2022-05-17 06:54:43,647 http://localhost:56760 "GET http://zap/JSON/ascan/view/status/?scanId=0 HTTP/1.1" 200 16 2022-05-17T06:54:43.6500074Z 2022-05-17 06:54:43,648 Active Scan complete 2022-05-17T06:54:43.6518940Z 2022-05-17 06:54:43,651 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:43.6959704Z 2022-05-17 06:54:43,691 http://localhost:56760 "GET http://zap/JSON/ascan/view/scanProgress/?scanId=0 HTTP/1.1" 200 5087 2022-05-17T06:54:43.7021525Z 2022-05-17 06:54:43,692 ['https://mmmazurepetstore.azurewebsites.net', {'HostProcess': [{'Plugin': ['Path Traversal', '6', 'release', 'Complete', '1193', '0', '0']}, {'Plugin': ['Remote File Inclusion', '7', 'release', 'Complete', '484', '0', '0']}, {'Plugin': ['Source Code Disclosure - /WEB-INF folder', '10045', 'release', 'Complete', '188', '2', '0']}, {'Plugin': ['External Redirect', '20019', 'release', 'Complete', '583', '0', '0']}, {'Plugin': ['Server Side Include', '40009', 'release', 'Complete', '595', '0', '0']}, {'Plugin': ['Cross Site Scripting (Reflected)', '40012', 'release', 'Complete', '486', '0', '0']}, {'Plugin': ['Cross Site Scripting (Persistent) - Prime', '40016', 'release', 'Complete', '353', '0', '0']}, {'Plugin': ['Cross Site Scripting (Persistent) - Spider', '40017', 'release', 'Complete', '256', '4', '0']}, {'Plugin': ['Cross Site Scripting (Persistent)', '40014', 'release', 'Complete', '353', '0', '0']}, {'Plugin': ['SQL Injection', '40018', 'release', 'Complete', '362', '0', '0']}, {'Plugin': ['Server Side Code Injection', '90019', 'release', 'Complete', '392', '0', '0']}, {'Plugin': ['Remote OS Command Injection', '90020', 'release', 'Complete', '309', '0', '0']}, {'Plugin': ['Directory Browsing', '0', 'release', 'Complete', '2425', '4', '0']}, {'Plugin': ['Buffer Overflow', '30001', 'release', 'Complete', '383', '0', '0']}, {'Plugin': ['Format String Error', '30002', 'release', 'Complete', '384', '0', '0']}, {'Plugin': ['CRLF Injection', '40003', 'release', 'Complete', '525', '0', '0']}, {'Plugin': ['Parameter Tampering', '40008', 'release', 'Complete', '343', '0', '0']}, {'Plugin': ['ELMAH Information Leak', '40028', 'release', 'Complete', '23', '1', '0']}, {'Plugin': ['.htaccess Information Leak', '40032', 'release', 'Complete', '214', '1', '0']}, {'Plugin': ['Script Active Scan Rules', '50000', 'release', 'Skipped, no scripts enabled.', '11', '0', '0']}, {'Plugin': ['Source Code Disclosure - Git ', '41', 'beta', 'Complete', '35', '0', '0']}, {'Plugin': ['Source Code Disclosure - File Inclusion', '43', 'beta', 'Complete', '299', '0', '0']}, {'Plugin': ['Remote Code Execution - Shell Shock', '10048', 'beta', 'Complete', '394', '0', '0']}, {'Plugin': ['Httpoxy - Proxy Header Misuse', '10107', 'beta', 'Complete', '300', '20', '0']}, {'Plugin': ['Cross-Domain Misconfiguration', '20016', 'beta', 'Complete', '48', '2', '0']}, {'Plugin': ['Heartbleed OpenSSL Vulnerability', '20015', 'beta', 'Complete', '3192', '3', '0']}, {'Plugin': ['Source Code Disclosure - CVE-2012-1823', '20017', 'beta', 'Complete', '3166', '0', '0']}, {'Plugin': ['Remote Code Execution - CVE-2012-1823', '20018', 'beta', 'Complete', '237', '8', '0']}, {'Plugin': ['Session Fixation', '40013', 'beta', 'Complete', '14', '0', '0']}, {'Plugin': ['SQL Injection - MySQL', '40019', 'beta', 'Complete', '317', '0', '0']}, {'Plugin': ['SQL Injection - Hypersonic SQL', '40020', 'beta', 'Complete', '315', '0', '0']}, {'Plugin': ['SQL Injection - Oracle', '40021', 'beta', 'Complete', '308', '0', '0']}, {'Plugin': ['SQL Injection - PostgreSQL', '40022', 'beta', 'Complete', '321', '0', '0']}, {'Plugin': ['SQL Injection - SQLite', '40024', 'beta', 'Complete', '328', '0', '0']}, {'Plugin': ['Cross Site Scripting (DOM Based)', '40026', 'beta', 'Skipped, failed to start or connect to the browser.', '812', '0', '0']}, {'Plugin': ['SQL Injection - MsSQL', '40027', 'beta', 'Complete', '311', '0', '0']}, {'Plugin': ['XPath Injection', '90021', 'beta', 'Complete', '329', '0', '0']}, {'Plugin': ['XML External Entity Attack', '90023', 'beta', 'Complete', '234', '0', '0']}, {'Plugin': ['Generic Padding Oracle', '90024', 'beta', 'Complete', '349', '0', '0']}, {'Plugin': ['Expression Language Injection', '90025', 'beta', 'Complete', '367', '0', '0']}, {'Plugin': ['Cloud Metadata Potentially Exposed', '90034', 'beta', 'Complete', '62', '1', '0']}, {'Plugin': ['Source Code Disclosure - SVN', '42', 'beta', 'Complete', '270', '2', '0']}, {'Plugin': ['Relative Path Confusion', '10051', 'beta', 'Complete', '1018', '2', '0']}, {'Plugin': ['Backup File Disclosure', '10095', 'beta', 'Complete', '435', '60', '0']}, {'Plugin': ['HTTP Only Site', '10106', 'beta', 'Complete', '9', '0', '0']}, {'Plugin': ['Anti-CSRF Tokens Check', '20012', 'beta', 'Complete', '212', '0', '0']}, {'Plugin': ['Integer Overflow Error', '30003', 'beta', 'Complete', '305', '0', '0']}, {'Plugin': ['Proxy Disclosure', '40025', 'beta', 'Complete', '316', '40', '4']}, {'Plugin': ['Trace.axd Information Leak', '40029', 'beta', 'Complete', '213', '1', '0']}, {'Plugin': ['.env Information Leak', '40034', 'beta', 'Complete', '220', '1', '0']}, {'Plugin': ['Hidden File Finder', '40035', 'beta', 'Complete', '383', '39', '0']}, {'Plugin': ['XSLT Injection', '90017', 'beta', 'Complete', '531', '0', '0']}, {'Plugin': ['Insecure HTTP Method', '90028', 'beta', 'Complete', '233', '4', '0']}, {'Plugin': ['HTTPS Content Available via HTTP', '10047', 'beta', 'Complete', '22', '2', '0']}, {'Plugin': ['GET for POST', '10058', 'beta', 'Complete', '215', '0', '0']}, {'Plugin': ['User Agent Fuzzer', '10104', 'beta', 'Complete', '3120', '28', '26']}, {'Plugin': ['HTTP Parameter Pollution', '20014', 'beta', 'Complete', '145', '0', '0']}, {'Plugin': ['Possible Username Enumeration', '40023', 'beta', 'Skipped', '10', '0', '0']}, {'Plugin': ['Cookie Slack Detector', '90027', 'beta', 'Complete', '297', '22', '4']}, {'Plugin': ['SOAP Action Spoofing', '90026', 'alpha', 'Complete', '31', '0', '0']}, {'Plugin': ['SOAP XML Injection', '90029', 'alpha', 'Complete', '367', '0', '0']}]}] 2022-05-17T06:54:43.7029049Z 2022-05-17 06:54:43,693 Trigger hook: zap_active_scan_wrap, args: 1 2022-05-17T06:54:43.7029613Z 2022-05-17 06:54:43,695 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:43.7137758Z 2022-05-17 06:54:43,710 http://localhost:56760 "GET http://zap/JSON/pscan/view/recordsToScan/ HTTP/1.1" 200 21 2022-05-17T06:54:43.7138685Z 2022-05-17 06:54:43,711 Records to scan... 2022-05-17T06:54:43.7139474Z 2022-05-17 06:54:43,712 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:43.7374787Z 2022-05-17 06:54:43,734 http://localhost:56760 "GET http://zap/JSON/pscan/view/recordsToScan/ HTTP/1.1" 200 21 2022-05-17T06:54:43.7377258Z 2022-05-17 06:54:43,735 Passive scanning complete 2022-05-17T06:54:43.7378103Z 2022-05-17 06:54:43,736 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:43.7444443Z 2022-05-17 06:54:43,741 http://localhost:56760 "GET http://zap/JSON/core/view/urls/ HTTP/1.1" 200 214 2022-05-17T06:54:43.7445529Z Total of 4 URLs 2022-05-17T06:54:43.7450831Z 2022-05-17 06:54:43,741 Trigger hook: zap_get_alerts, args: 4 2022-05-17T06:54:43.7452701Z 2022-05-17 06:54:43,743 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:43.8271286Z 2022-05-17 06:54:43,822 http://localhost:56760 "GET http://zap/JSON/core/view/alerts/?baseurl=https%3A%2F%2Fmmmazurepetstore.azurewebsites.net%2F&start=0&count=5000 HTTP/1.1" 200 27927 2022-05-17T06:54:43.8276493Z 2022-05-17 06:54:43,824 Reading 5000 alerts from 0 2022-05-17T06:54:43.8306019Z 2022-05-17 06:54:43,826 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:43.9101439Z 2022-05-17 06:54:43,893 http://localhost:56760 "GET http://zap/JSON/core/view/alerts/?start=5000&count=5000 HTTP/1.1" 200 13 2022-05-17T06:54:43.9102846Z 2022-05-17 06:54:43,894 Total number of alerts: 29 2022-05-17T06:54:43.9103792Z 2022-05-17 06:54:43,894 Trigger hook: zap_get_alerts_wrap, args: 1 2022-05-17T06:54:43.9104861Z 2022-05-17 06:54:43,895 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:43.9835719Z 2022-05-17 06:54:43,977 http://localhost:56760 "GET http://zap/JSON/ascan/view/scanners/?scanPolicyName=Default+Policy HTTP/1.1" 200 14188 2022-05-17T06:54:43.9930320Z 2022-05-17 06:54:43,983 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:44.0090931Z 2022-05-17 06:54:44,002 http://localhost:56760 "GET http://zap/JSON/pscan/view/scanners/ HTTP/1.1" 200 6408 2022-05-17T06:54:44.0091996Z PASS: Directory Browsing [0] 2022-05-17T06:54:44.0092830Z PASS: Vulnerable JS Library [10003] 2022-05-17T06:54:44.0093490Z PASS: Cookie No HttpOnly Flag [10010] 2022-05-17T06:54:44.0094183Z PASS: Cookie Without Secure Flag [10011] 2022-05-17T06:54:44.0095140Z PASS: Re-examine Cache-control Directives [10015] 2022-05-17T06:54:44.0096187Z PASS: Cross-Domain JavaScript Source File Inclusion [10017] 2022-05-17T06:54:44.0097265Z PASS: Content-Type Header Missing [10019] 2022-05-17T06:54:44.0098128Z PASS: Anti-clickjacking Header [10020] 2022-05-17T06:54:44.0099074Z PASS: X-Content-Type-Options Header Missing [10021] 2022-05-17T06:54:44.0100231Z PASS: Information Disclosure - Debug Error Messages [10023] 2022-05-17T06:54:44.0101335Z PASS: Information Disclosure - Sensitive Information in URL [10024] 2022-05-17T06:54:44.0102515Z PASS: Information Disclosure - Sensitive Information in HTTP Referrer Header [10025] 2022-05-17T06:54:44.0103412Z PASS: HTTP Parameter Override [10026] 2022-05-17T06:54:44.0104422Z PASS: Information Disclosure - Suspicious Comments [10027] 2022-05-17T06:54:44.0105539Z PASS: Open Redirect [10028] 2022-05-17T06:54:44.0106218Z PASS: Cookie Poisoning [10029] 2022-05-17T06:54:44.0106929Z PASS: User Controllable Charset [10030] 2022-05-17T06:54:44.0107799Z PASS: User Controllable HTML Element Attribute (Potential XSS) [10031] 2022-05-17T06:54:44.0108634Z PASS: Viewstate [10032] 2022-05-17T06:54:44.0109292Z PASS: Directory Browsing [10033] 2022-05-17T06:54:44.0110122Z PASS: Heartbleed OpenSSL Vulnerability (Indicative) [10034] 2022-05-17T06:54:44.0111188Z PASS: Strict-Transport-Security Header [10035] 2022-05-17T06:54:44.0112040Z PASS: HTTP Server Response Header [10036] 2022-05-17T06:54:44.0113186Z PASS: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037] 2022-05-17T06:54:44.0114348Z PASS: Content Security Policy (CSP) Header Not Set [10038] 2022-05-17T06:54:44.0115293Z PASS: X-Backend-Server Header Information Leak [10039] 2022-05-17T06:54:44.0116152Z PASS: Secure Pages Include Mixed Content [10040] 2022-05-17T06:54:44.0116883Z PASS: HTTP to HTTPS Insecure Transition in Form Post [10041] 2022-05-17T06:54:44.0117618Z PASS: HTTPS to HTTP Insecure Transition in Form Post [10042] 2022-05-17T06:54:44.0118315Z PASS: User Controllable JavaScript Event (XSS) [10043] 2022-05-17T06:54:44.0119159Z PASS: Big Redirect Detected (Potential Sensitive Information Leak) [10044] 2022-05-17T06:54:44.0120176Z PASS: Source Code Disclosure - /WEB-INF folder [10045] 2022-05-17T06:54:44.0120942Z PASS: HTTPS Content Available via HTTP [10047] 2022-05-17T06:54:44.0121834Z PASS: Remote Code Execution - Shell Shock [10048] 2022-05-17T06:54:44.0122575Z PASS: Retrieved from Cache [10050] 2022-05-17T06:54:44.0123199Z PASS: Relative Path Confusion [10051] 2022-05-17T06:54:44.0124150Z PASS: X-ChromeLogger-Data (XCOLD) Header Information Leak [10052] 2022-05-17T06:54:44.0124865Z PASS: CSP [10055] 2022-05-17T06:54:44.0125784Z PASS: X-Debug-Token Information Leak [10056] 2022-05-17T06:54:44.0126397Z PASS: Username Hash Found [10057] 2022-05-17T06:54:44.0127064Z PASS: GET for POST [10058] 2022-05-17T06:54:44.0128009Z PASS: X-AspNet-Version Response Header [10061] 2022-05-17T06:54:44.0128684Z PASS: PII Disclosure [10062] 2022-05-17T06:54:44.0129390Z PASS: Backup File Disclosure [10095] 2022-05-17T06:54:44.0130080Z PASS: Timestamp Disclosure [10096] 2022-05-17T06:54:44.0130722Z PASS: Hash Disclosure [10097] 2022-05-17T06:54:44.0170281Z PASS: Cross-Domain Misconfiguration [10098] 2022-05-17T06:54:44.0171348Z PASS: User Agent Fuzzer [10104] 2022-05-17T06:54:44.0172015Z PASS: Weak Authentication Method [10105] 2022-05-17T06:54:44.0172907Z PASS: HTTP Only Site [10106] 2022-05-17T06:54:44.0202188Z PASS: Httpoxy - Proxy Header Misuse [10107] 2022-05-17T06:54:44.0203050Z PASS: Reverse Tabnabbing [10108] 2022-05-17T06:54:44.0203771Z PASS: Modern Web Application [10109] 2022-05-17T06:54:44.0204703Z PASS: Absence of Anti-CSRF Tokens [10202] 2022-05-17T06:54:44.0205395Z PASS: Private IP Disclosure [2] 2022-05-17T06:54:44.0206293Z PASS: Anti-CSRF Tokens Check [20012] 2022-05-17T06:54:44.0207001Z PASS: HTTP Parameter Pollution [20014] 2022-05-17T06:54:44.0207796Z PASS: Heartbleed OpenSSL Vulnerability [20015] 2022-05-17T06:54:44.0208713Z PASS: Cross-Domain Misconfiguration [20016] 2022-05-17T06:54:44.0209719Z PASS: Source Code Disclosure - CVE-2012-1823 [20017] 2022-05-17T06:54:44.0210675Z PASS: Remote Code Execution - CVE-2012-1823 [20018] 2022-05-17T06:54:44.0211931Z PASS: External Redirect [20019] 2022-05-17T06:54:44.0212619Z PASS: Session ID in URL Rewrite [3] 2022-05-17T06:54:44.0213215Z PASS: Buffer Overflow [30001] 2022-05-17T06:54:44.0213961Z PASS: Format String Error [30002] 2022-05-17T06:54:44.0214735Z PASS: Integer Overflow Error [30003] 2022-05-17T06:54:44.0215421Z PASS: CRLF Injection [40003] 2022-05-17T06:54:44.0216103Z PASS: Parameter Tampering [40008] 2022-05-17T06:54:44.0216856Z PASS: Server Side Include [40009] 2022-05-17T06:54:44.0217591Z PASS: Cross Site Scripting (Reflected) [40012] 2022-05-17T06:54:44.0218305Z PASS: Session Fixation [40013] 2022-05-17T06:54:44.0219331Z PASS: Cross Site Scripting (Persistent) [40014] 2022-05-17T06:54:44.0220529Z PASS: Cross Site Scripting (Persistent) - Prime [40016] 2022-05-17T06:54:44.0221542Z PASS: Cross Site Scripting (Persistent) - Spider [40017] 2022-05-17T06:54:44.0222280Z PASS: SQL Injection [40018] 2022-05-17T06:54:44.0222955Z PASS: SQL Injection - MySQL [40019] 2022-05-17T06:54:44.0223914Z PASS: SQL Injection - Hypersonic SQL [40020] 2022-05-17T06:54:44.0224792Z PASS: SQL Injection - Oracle [40021] 2022-05-17T06:54:44.0225656Z PASS: SQL Injection - PostgreSQL [40022] 2022-05-17T06:54:44.0226427Z PASS: Possible Username Enumeration [40023] 2022-05-17T06:54:44.0227392Z PASS: SQL Injection - SQLite [40024] 2022-05-17T06:54:44.0228217Z PASS: Cross Site Scripting (DOM Based) [40026] 2022-05-17T06:54:44.0229304Z PASS: SQL Injection - MsSQL [40027] 2022-05-17T06:54:44.0230030Z PASS: ELMAH Information Leak [40028] 2022-05-17T06:54:44.0230841Z PASS: Trace.axd Information Leak [40029] 2022-05-17T06:54:44.0231560Z PASS: .htaccess Information Leak [40032] 2022-05-17T06:54:44.0232236Z PASS: .env Information Leak [40034] 2022-05-17T06:54:44.0232836Z PASS: Hidden File Finder [40035] 2022-05-17T06:54:44.0233689Z PASS: Source Code Disclosure - Git [41] 2022-05-17T06:54:44.0234518Z PASS: Source Code Disclosure - SVN [42] 2022-05-17T06:54:44.0235304Z PASS: Source Code Disclosure - File Inclusion [43] 2022-05-17T06:54:44.0271511Z PASS: Script Active Scan Rules [50000] 2022-05-17T06:54:44.0272832Z PASS: Script Passive Scan Rules [50001] 2022-05-17T06:54:44.0273586Z PASS: Path Traversal [6] 2022-05-17T06:54:44.0274309Z PASS: Remote File Inclusion [7] 2022-05-17T06:54:44.0274934Z PASS: Insecure JSF ViewState [90001] 2022-05-17T06:54:44.0275362Z PASS: Charset Mismatch [90011] 2022-05-17T06:54:44.0275857Z PASS: XSLT Injection [90017] 2022-05-17T06:54:44.0276242Z PASS: Server Side Code Injection [90019] 2022-05-17T06:54:44.0276590Z PASS: Remote OS Command Injection [90020] 2022-05-17T06:54:44.0276992Z PASS: XPath Injection [90021] 2022-05-17T06:54:44.0277423Z PASS: Application Error Disclosure [90022] 2022-05-17T06:54:44.0277833Z PASS: XML External Entity Attack [90023] 2022-05-17T06:54:44.0278238Z PASS: Generic Padding Oracle [90024] 2022-05-17T06:54:44.0278643Z PASS: Expression Language Injection [90025] 2022-05-17T06:54:44.0279058Z PASS: SOAP Action Spoofing [90026] 2022-05-17T06:54:44.0279435Z PASS: Cookie Slack Detector [90027] 2022-05-17T06:54:44.0279825Z PASS: Insecure HTTP Method [90028] 2022-05-17T06:54:44.0280201Z PASS: SOAP XML Injection [90029] 2022-05-17T06:54:44.0280593Z PASS: WSDL File Detection [90030] 2022-05-17T06:54:44.0281174Z PASS: Loosely Scoped Cookie [90033] 2022-05-17T06:54:44.0281590Z PASS: Cloud Metadata Potentially Exposed [90034] 2022-05-17T06:54:44.0282307Z 2022-05-17 06:54:44,007 Trigger hook: print_rules_wrap, args: 2 2022-05-17T06:54:44.0283132Z 2022-05-17 06:54:44,007 Trigger hook: print_rules_wrap, args: 2 2022-05-17T06:54:44.0283898Z WARN-NEW: Cookie with SameSite Attribute None [10054] x 3 2022-05-17T06:54:44.0285397Z 2022-05-17 06:54:44,015 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:44.0368894Z 2022-05-17 06:54:44,032 http://localhost:56760 "GET http://zap/JSON/core/view/message/?id=1 HTTP/1.1" 200 1118 2022-05-17T06:54:44.0408930Z https://mmmazurepetstore.azurewebsites.net/ (401 Unauthorized) 2022-05-17T06:54:44.0440514Z 2022-05-17 06:54:44,037 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:44.0531964Z 2022-05-17 06:54:44,049 http://localhost:56760 "GET http://zap/JSON/core/view/message/?id=6 HTTP/1.1" 200 1848 2022-05-17T06:54:44.0533103Z https://mmmazurepetstore.azurewebsites.net/robots.txt (302 Found) 2022-05-17T06:54:44.0574088Z 2022-05-17 06:54:44,054 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:44.0720734Z 2022-05-17 06:54:44,059 http://localhost:56760 "GET http://zap/JSON/core/view/message/?id=8 HTTP/1.1" 200 1714 2022-05-17T06:54:44.0721839Z https://mmmazurepetstore.azurewebsites.net/sitemap.xml (302 Found) 2022-05-17T06:54:44.0723202Z WARN-NEW: Proxy Disclosure [40025] x 3 2022-05-17T06:54:44.0724340Z 2022-05-17 06:54:44,063 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:44.0934921Z 2022-05-17 06:54:44,083 http://localhost:56760 "GET http://zap/JSON/core/view/message/?id=188 HTTP/1.1" 200 1106 2022-05-17T06:54:44.0936103Z https://mmmazurepetstore.azurewebsites.net/ (401 Unauthorized) 2022-05-17T06:54:44.0937428Z 2022-05-17 06:54:44,086 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:44.1473717Z 2022-05-17 06:54:44,111 http://localhost:56760 "GET http://zap/JSON/core/view/message/?id=208 HTTP/1.1" 200 1703 2022-05-17T06:54:44.1534836Z https://mmmazurepetstore.azurewebsites.net/sitemap.xml (302 Found) 2022-05-17T06:54:44.1851808Z 2022-05-17 06:54:44,124 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:44.1853869Z 2022-05-17 06:54:44,127 http://localhost:56760 "GET http://zap/JSON/core/view/message/?id=210 HTTP/1.1" 200 1837 2022-05-17T06:54:44.1855185Z https://mmmazurepetstore.azurewebsites.net/robots.txt (302 Found) 2022-05-17T06:54:44.1856373Z 2022-05-17 06:54:44,128 Trigger hook: print_rules_wrap, args: 2 2022-05-17T06:54:44.1857298Z 2022-05-17 06:54:44,128 Trigger hook: print_rules_wrap, args: 2 2022-05-17T06:54:44.1858377Z 2022-05-17 06:54:44,131 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:45.7655830Z 2022-05-17 06:54:45,757 http://localhost:56760 "GET http://zap/OTHER/core/other/htmlreport/?apikey= HTTP/1.1" 200 39586 2022-05-17T06:54:45.7657255Z 2022-05-17 06:54:45,762 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:46.0335179Z 2022-05-17 06:54:46,026 http://localhost:56760 "GET http://zap/OTHER/core/other/jsonreport/?apikey= HTTP/1.1" 200 13638 2022-05-17T06:54:46.0405342Z 2022-05-17 06:54:46,035 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:46.3079330Z 2022-05-17 06:54:46,296 http://localhost:56760 "GET http://zap/OTHER/core/other/mdreport/?apikey= HTTP/1.1" 200 10977 2022-05-17T06:54:46.3213190Z FAIL-NEW: 0 FAIL-INPROG: 0 WARN-NEW: 2 WARN-INPROG: 0 INFO: 0 IGNORE: 0 PASS: 112 2022-05-17T06:54:46.3214213Z 2022-05-17 06:54:46,305 Trigger hook: zap_pre_shutdown, args: 1 2022-05-17T06:54:46.3251828Z 2022-05-17 06:54:46,307 Starting new HTTP connection (1): localhost:56760 2022-05-17T06:54:46.3624092Z 2022-05-17 06:54:46,349 http://localhost:56760 "GET http://zap/JSON/core/action/shutdown/?apikey= HTTP/1.1" 200 15 2022-05-17T06:54:46.3638710Z 2022-05-17 06:54:46,351 Trigger hook: pre_exit, args: 3 2022-05-17T06:54:46.5697444Z [@octokit/rest] `const Octokit = require("@octokit/rest")` is deprecated. Use `const { Octokit } = require("@octokit/rest")` instead 2022-05-17T06:54:46.5698590Z Scanning process completed, starting to analyze the results! 2022-05-17T06:54:46.6696413Z ##[error]Bad credentials 2022-05-17T06:54:46.7017261Z Post job cleanup. 2022-05-17T06:54:46.8651575Z [command]/usr/bin/git version 2022-05-17T06:54:46.8732584Z git version 2.36.1 2022-05-17T06:54:46.8788547Z Temporarily overriding HOME='/runner/_work/_temp/21602f87-8ef0-4db6-b1f4-f3c2797d817e' before making global git config changes 2022-05-17T06:54:46.8790328Z Adding repository directory to the temporary git global config as a safe directory 2022-05-17T06:54:46.8797597Z [command]/usr/bin/git config --global --add safe.directory /runner/_work/PetstoreApp-Pipeline/PetstoreApp-Pipeline 2022-05-17T06:54:46.8858323Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2022-05-17T06:54:46.8908018Z [command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || : 2022-05-17T06:54:46.9278400Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.kyndryl\.net\/\.extraheader 2022-05-17T06:54:46.9334496Z http.https://github.kyndryl.net/.extraheader 2022-05-17T06:54:46.9346759Z [command]/usr/bin/git config --local --unset-all http.https://github.kyndryl.net/.extraheader 2022-05-17T06:54:46.9457022Z [command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/github\.kyndryl\.net\/\.extraheader' && git config --local --unset-all 'http.https://github.kyndryl.net/.extraheader' || : 2022-05-17T06:54:47.0076019Z Uploading runner diagnostic logs 2022-05-17T06:54:47.0330343Z Completed runner diagnostic log upload 2022-05-17T06:54:47.0330704Z Cleaning up orphan processes