preetkaran20
commented
2 years ago Hi @sonawanesarvesh ,
Thanks for reporting the issue, I will look at it.
thanks, Karan
Closed sonawanesarvesh closed 2 years ago
preetkaran20
commented
2 years ago Hi @sonawanesarvesh ,
Thanks for reporting the issue, I will look at it.
thanks, Karan
preetkaran20
commented
2 years ago Hi @sonawanesarvesh, what version of the Fileupload add-on are you using?
sonawanesarvesh
commented
2 years ago Hi @preetkaran20
The latest version - its v1.1.0
preetkaran20
commented
2 years ago Hi @sonawanesarvesh ,
I tried to replicate the scenario in my MAC with ZAP 2.11.1 version and Addon version 1.1.0 and I am not finding the same issue.
Logs:
2022-02-19 23:41:02,193 [Thread-178] INFO HostProcess - completed host http://192.168.0.104:3000 in 11.475s with 0 alert(s) raised.
2022-02-19 23:41:02,194 [Thread-177] INFO Scanner - scanner completed in 11.479s
2022-02-19 23:42:38,037 [AWT-EventQueue-0] INFO SSLConnector - ClientCert disabled
2022-02-19 23:42:46,732 [AWT-EventQueue-0] INFO Scanner - scanner started
2022-02-19 23:42:46,735 [Thread-187] INFO HostProcess - Scanning 1 node(s) from http://192.168.0.104:3000
2022-02-19 23:42:46,743 [Thread-187] INFO HostProcess - start host http://192.168.0.104:3000 | FileUploadScanRule strength INSANE threshold LOW
2022-02-19 23:42:46,745 [Thread-187] INFO HostProcess - skipped plugin [Configuration for the add-on is not present hence skipping the scan rule.] http://192.168.0.104:3000 | FileUploadScanRule in 0.01s with 0 message(s) sent and 0 alert(s) raised.
2022-02-19 23:42:46,745 [Thread-187] INFO HostProcess - completed host http://192.168.0.104:3000 in 0.011s with 0 alert(s) raised.
2022-02-19 23:42:46,745 [Thread-186] INFO Scanner - scanner completed in 0.013s
2022-02-19 23:42:59,871 [AWT-EventQueue-0] INFO Scanner - scanner started
2022-02-19 23:42:59,892 [Thread-190] INFO HostProcess - Scanning 1 node(s) from http://192.168.0.104:3000
2022-02-19 23:42:59,914 [Thread-190] INFO HostProcess - start host http://192.168.0.104:3000 | FileUploadScanRule strength INSANE threshold LOW
2022-02-19 23:42:59,916 [Thread-190] INFO HostProcess - skipped plugin [Configuration for the add-on is not present hence skipping the scan rule.] http://192.168.0.104:3000 | FileUploadScanRule in 0.023s with 0 message(s) sent and 0 alert(s) raised.
2022-02-19 23:42:59,916 [Thread-190] INFO HostProcess - completed host http://192.168.0.104:3000 in 0.042s with 0 alert(s) raised.
2022-02-19 23:42:59,917 [Thread-189] INFO Scanner - scanner completed in 0.046sWhich OS are you using? also, are you running as part of docker or directly on the machine as an installer? can you try again and let me know if you face the issue and we can have a debugging session over a call.
@kingthorin @thc202 FYI.
thanks, Karan
thc202
commented
2 years ago This was mentioned in the user group: https://groups.google.com/g/zaproxy-users/c/gR44LbX88Vc/m/bFQ0E1LzAgAJ
It would be great if the whole log was provided. (Most likely other scan rule that was still running.)
preetkaran20
commented
2 years ago Thanks @thc202.
@sonawanesarvesh can you please provide the entire log?
thanks, Karan
sonawanesarvesh
commented
2 years ago I will try to reproduce logs for you.. But basically i am trying ZAP in Docker (running on Ubuntu image Bionic)
preetkaran20
commented
2 years ago This was fixed in last release hence closing this issue. please reopen it if still you face the issue.
I have added FileUpload addon to ZAP v2.11.1 - but not supplying any configuration at this moment - but in zap logs I saw - this process took approx. 10 minutes to skip
skipped plugin [Configuration for the add-on is not present hence skipping the scan rule.] | FileUploadScanRule in 600.026s with 0 message(s) sent and 0 alert(s) raised.
cant we kill this time?