-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error when using zap-api-scan.py in docker #5581
Comments
It seems you're passing a string value where the API is expecting a number. (Which is exactly what the error messages are telling you.) Or specifying a scan policy name that doesn't exist. |
Please don't ask questions as issues - the ZAP User Group https://groups.google.com/group/zaproxy-users is a much better place for questions. |
We discussed this further. The problem you're encountering is that the policy didn't exist, however, the script should not continue if the scan didn't start. If you have further questions please take them to the ZAP User Group: https://groups.google.com/group/zaproxy-users This ticket will be left open (for now) to track the script changes. |
For those who run into the issue here and find it as first result in Google (like me): the problem is running inside the Docker Container as root (so the part "-u root" of the docker run command), as it then looks for the policies and scripts in /root/.ZAP(_D) instead of /home/zap/.ZAP(_D) and it does not find them there. |
Any update on this issue? |
Just what was stated last Oct. Either don't run as root or copy the directories to the appropriate location. |
Copy the scan policies for the root user to ensure they are available when starting the active scan. Also, verify that the scan really started to provide early/accurate error message. Fix zaproxy#5581 - Error when using zap-api-scan.py in docker Signed-off-by: thc202 <thc202@gmail.com>
Copy the scan policies for the root user to ensure they are available when starting the active scan. Also, verify that the scan really started to provide early/accurate error message. Fix zaproxy#5581 - Error when using zap-api-scan.py in docker Signed-off-by: thc202 <thc202@gmail.com> Signed-off-by: Dalley, Karl R <karl.r.dalley@accenture.com>
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Hi,
When I use zap-api-scan.py in docker owasp/zap2docker-weekly to scan api with command:
I met this error, and docker log shows:
And url imported from swagger file is not null:
Number of Imported URLs: 14
I notice this:
http://localhost:49579 "GET http://zap/JSON/ascan/view/status/?scanId=Does+Not+Exist HTTP/1.1" 400 52
Seems that it passed wrong parameter to zap, please tell how to fix this?
Errors from the zap.log file
The text was updated successfully, but these errors were encountered: