search

ICTU / zap2docker-auth-weekly

Zap baseline scanner in Docker with authentication
Apache License 2.0
104 stars 70 forks source link

Error when using the auth_hook #12

Closed sboo closed 5 years ago

sboo commented 5 years ago

Whenever I try to login to the site, I get a Java error and the script gets stuck:

command: zap-full-scan.py -t https://mywebiste.com -r zap_report.html --hook=/zap/auth_hook.py -z "auth.loginurl=https://mywebiste.com/login auth.username=test@example.com auth.password=secret auth.username_field=email auth.password_field=password auth.submit_field=submit"

output:

2019-06-26 13:13:29,396 load_from_extra_zap_params port 52587
2019-06-26 13:13:29,396 load_from_extra_zap_params auth_auto False
2019-06-26 13:13:29,397 load_from_extra_zap_params auth_display False
2019-06-26 13:13:29,397 load_from_extra_zap_params auth_loginUrl https://mywebiste.com/login 
2019-06-26 13:13:29,397 load_from_extra_zap_params auth_username test@example.com
2019-06-26 13:13:29,397 load_from_extra_zap_params auth_password secret
2019-06-26 13:13:29,397 load_from_extra_zap_params auth_username_field_name email
2019-06-26 13:13:29,397 load_from_extra_zap_params auth_password_field_name password
2019-06-26 13:13:29,398 load_from_extra_zap_params auth_submit_field_name submit
2019-06-26 13:13:29,398 load_from_extra_zap_params auth_first_submit_field_name
2019-06-26 13:13:29,398 load_from_extra_zap_params auth_excludeUrls
2019-06-26 13:13:29,398 Params: ['zap-x.sh', '-daemon', '-port', '52587', '-host', '0.0.0.0', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=0', '-addonupdate', '-addoninstall', 'pscanrulesBeta', 'auth.loginurl=https://mywebiste.com/login ', 'auth.username=test@example.com', 'auth.password=secret', 'auth.username_field=email', 'auth.password_field=password', 'auth.submit_field=submit']
Jun 26, 2019 1:14:23 PM java.util.prefs.FileSystemPreferences syncWorld
WARNING: Couldn't flush user prefs: java.util.prefs.BackingStoreException: Couldn't get file lock.

The last warning repeats a few times and then it stops. Am I doing something wrong?

Cheer, Ramon

sboo commented 5 years ago

This issue seems to only occur when I run it from within the docker interactive bash. When running it as described then I don't have the issue.

So maybe it's a non-issue