search

ICTU / zap2docker-auth-weekly

Zap baseline scanner in Docker with authentication
Apache License 2.0
104 stars 72 forks source link

Authentication with a local openapi json target #60

Closed spursbob closed 1 year ago

spursbob commented 1 year ago

When using a local openapi json file the cmd fails with error "Bad request to API endpoint [/JSON/replacer/action/addRule/] from [127.0.0.1]". I printed the target in auth_hook.py which returns the json file.

I manually defined the target in auth_hook.py to get past the error as a test. I believe -O flag for zap-api-test.py can override the target and perhaps the same logic can be added to auth_hook.py unless there's something I am missing already?

Additionally, how do I know that auth.bearer_token value is being applied successfully to the zap tests? From my limited testing, I get the same results whether it is set or not or set with a correct value or not. Is there something I can do to verify the authentication is actually being applied successfully? Is there a way for Zap to print out the headers sent to each URL?

Thanks for any help you can provide, this project to handle authentications is great.

dicksnel commented 1 year ago

Hi @spursbob what is your full command?