Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

zap-automation-scan Runtime Issue and Query about importing custom automation.yaml config from ZAP GUI #2459

Unanswered
Abhinandan-Khurana asked this question in Q&A
`zap-automation-scan` Runtime Issue and Query about importing custom automation.yaml config from ZAP GUI #2459
@Abhinandan-Khurana Abhinandan-Khurana
Apr 19, 2024 · 1 comment
Return to top
Discussion options

Abhinandan-Khurana
Apr 19, 2024

I have been trying to run zap-automation-scan, however I face the below issue even if I run the demo-nginx-automation-scan from secureCodeBox Docs.

kubectl pod logs -

***SNIP***


Apr 19, 2024 6:33:20 AM java.util.prefs.FileSystemPreferences$1 run
INFO: Created user preferences directory.
Unexpected error accessing file /home/securecodebox/scb-automation/2-automation.yaml : /home/securecodebox/scb-automation/2-automation.yaml (Is a directory) - see log for details
null

Usage:
	zap.sh [Options]
Core options:
	-version                 Reports the ZAP version
	-cmd                     Run inline (exits when command line options complete)
	-daemon                  Starts ZAP in daemon mode, i.e. without a UI
	-config <kvpair>         Overrides the specified key=value pair in the configuration file
	-configfile <path>       Overrides the key=value pairs with those in the specified properties file
	-dir <dir>               Uses the specified directory instead of the default one


***SNIP***

kubectl scan describe (to check if the volume is mounted or not) -

***SNIP***

Spec:
  Parameters:
    -autorun
    /home/securecodebox/scb-automation/2-automation.yaml
  Resource Mode:  namespaceLocal
  Resources:
  Scan Type:  zap-automation-scan
  Volume Mounts:
    Mount Path:  /home/securecodebox/scb-automation/2-automation.yaml
    Name:        zap-automation-scan-config
    Sub Path:    2-automation.yaml
  Volumes:
    Config Map:
      Name:  zap-automation-scan-config
    Name:    zap-automation-scan-config

***SNIP***

kubectl decribe pod -

***SNIP***

Events:
  Type     Reason       Age                  From               Message
  ----     ------       ----                 ----               -------
  Normal   Scheduled    3m23s                default-scheduler  Successfully assigned default/scan-zap-automation-scan-juice-shop-2-gftxv-8jrqr to ip-IP-ADDR.pp-south-3.computer.internally
  Warning  FailedMount  80s                  kubelet            Unable to attach or mount volumes: unmounted volumes=[zap-automation-scan-config], unattached volumes=[kube-api-access-c92t9 zap-workdir scan-results zap-automation-scan-config]: timed out waiting for the condition
  Warning  FailedMount  75s (x9 over 3m23s)  kubelet            MountVolume.SetUp failed for volume "zap-automation-scan-config" : configmap "zap-automation-scan-config" not found

***SNIP***

kubectl get configmaps -

NAME                                                     DATA   AGE
api-docs                                                 1      20h
zap-advanced-scan-config                                 1      45h
zap-api-authentication-script                            1      45h
zap-automation-nginx                                     1      20h

I am not sure why is this issue arising...

My main goal is to run an openapi spec scan, and I'll use openapi job in 2-automation.yaml -

- type: openapi                      # OpenAPI definition import
    parameters:
      apiFile:                         # String: Local file containing the OpenAPI definition, default: null, no definition will be imported
      apiUrl:                          # String: URL containing the OpenAPI definition, default: null, no definition will be imported
      context:                         # String: Context to use when importing the OpenAPI definition, default: null, no context will be used
      targetUrl:                       # String: URL which overrides the target defined in the definition, default: null, the target will not be overridden

I am using this 2-automation.yaml -

  2-automation.yaml: |-

    env:                                
      contexts :                           
        - name: test-config                  
          urls: ["https://dev.example.com/oauth/"]                         
          includePaths: 
            - "https://dev.example.com/oauth/.*"                
          excludePaths:
            - ".*socket\\.io.*"
            - ".*\\.png"
            - ".*\\.jpeg"
            - ".*\\.jpg"
            - ".*\\.woff"
            - ".*\\.woff2"
            - ".*\\.ttf"
            - ".*\\.ico"                  
      parameters:
        failOnError: true                 
        failOnWarning: false             
        progressToStdout: true           

    jobs:
      - type: passiveScan-config          
        parameters:
          maxAlertsPerRule: 10             
          scanOnlyInScope: true           
      - type: spider                       
        parameters:
          context: test-config                        
          maxDuration: 1                     
      - type: spiderAjax                  
        parameters:
          context: test-config                       
          maxDuration: 1                     
      - type: passiveScan-wait             
        parameters:
          maxDuration: 10    
      
      - type: openapi
        parameters:
          apiUrl: https://dev.example.com/oauth/v3/api-docs
          context:test-config 
          targetUrl: https://dev.example.com/oauth/

      - type: report                       # Report generation
        parameters:
          template: traditional-xml                        
          reportDir: /home/securecodebox/               
          reportFile: zap-results                     
        risks:                             
          - high
          - medium
          - low

Important

Can I also create ZAP automation yaml directly from OWASP ZAP GUI and import it in place of 2-automation.yaml ??
You must be logged in to vote

Replies: 1 comment

Comment options

J12934
Apr 24, 2024
Maintainer

Hi,
yeah sorry theres a misstake in that config. The config map name needs to match the config map name later refered to in the scan.
In the example the config map is named zap-automation-nginx, but the scan tries to use a config map zap-automation-scan-config. This should be resovled by #2387
You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
🙏
Q&A
Labels
None yet
2 participants
@Abhinandan-Khurana @J12934
Morty Proxy This is a proxified and sanitized view of the page, visit original site.