search

ashenchowthee / zaproxy

Automatically exported from code.google.com/p/zaproxy
0 stars 0 forks source link

Can't update passive scan rules via command line #1608

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I'm trying to integrate ZAP 2.4.0 into our build pipeline. As part of this 
process, I'm trying to start ZAP via the command line using a custom passive 
scan setting that is geared towards how we want our passive scans to run.

The default entry in ZAP's config.xml for the passive application error scanner 
is

<pscanrules>
    <ApplicationErrorScanner>
        <enabled>true</enabled>
        <level>MEDIUM</level>
    </ApplicationErrorScanner>
    <!-- Other passive rules configuration. -->
</pscanrules>

I would like this scanner to be OFF during our scans. Hence I use the following 
command.

zap.bat -config pscanrules.ApplicationErrorScanner.enabled=true -config 
pscanrules.ApplicationErrorScanner.level=OFF

However, this does not seem to have any effect when ZAP starts up. I do not see 
the entry being changed in config.xml, but I do see a *new* pscanrules element 
at the end of the file with the ApplicationErrorScanner element set to an OFF 
level.

Am I doing this right?

Original issue reported on code.google.com by diveshpr...@gmail.com on 21 Apr 2015 at 3:05

GoogleCodeExporter commented 9 years ago 
It's missing some nodes, it should be:
-config 
pscans.org.zaproxy.zap.extension.pscanrules.ApplicationErrorScanner.enabled=true
-config 
pscans.org.zaproxy.zap.extension.pscanrules.ApplicationErrorScanner.level=OFF

(split into two lines to improve readability)

Can you confirm that the above works for you?

Note that you can also configure the scanners using the ZAP API [1], which is 
more flexible.

[1] https://code.google.com/p/zaproxy/wiki/ApiDetails

Original comment by THC...@gmail.com on 21 Apr 2015 at 3:26

GoogleCodeExporter commented 9 years ago 
Hello THC,

Thanks very much for the prompt response. I can confirm that the solution you 
suggested works for me.

I'm curious about why do we need to add the "pscans.org.zaproxy.zap.extension" 
nodes before the pscan rules. I'm able to configure, for example, the proxy 
port by simply using "-config proxy.port=9999".

Regards,
Divesh

Original comment by diveshpr...@gmail.com on 22 Apr 2015 at 12:02

GoogleCodeExporter commented 9 years ago 
Please ignore my comment above. My xml was not well formatted and I failed to 
notice the parent nodes. Thanks very much again!

- Divesh

Original comment by diveshpr...@gmail.com on 22 Apr 2015 at 12:29

GoogleCodeExporter commented 9 years ago 
Glad it's working!

No problem!

Original comment by THC...@gmail.com on 22 Apr 2015 at 10:56