Scan via API never progress beyond status 0

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Performed a spider and scan against http://marketplace.allizom.org via the 
API using the Python client.

What is the expected output? What do you see instead?
Scan status should progress from 0 to 100, instead it appears to be stuck at 0. 
Several warnings are present in the log file, and some exceptions (log is 
attached)

What version of the product are you using? On what operating system?
D-2013-04-08 on Mac OS X

Please provide any additional information below.
The following appear often in the log file (attached)

WARN  TestPathTraversal - 
...
ERROR TestPathTraversal - Error scanning parameters for Path Traversal: Read 
timed out
java.net.SocketTimeoutException: Read timed out
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.read(SocketInputStream.java:150)
    at java.net.SocketInputStream.read(SocketInputStream.java:121)
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
    at sun.security.ssl.InputRecord.read(InputRecord.java:480)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
    at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:884)
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
    at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
    at java.io.BufferedInputStream.read(BufferedInputStream.java:254)
    at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
    at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
    at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1413)
    at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1973)
    at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1735)
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1098)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
    at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:215)
    at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:377)
    at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:346)
    at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:291)
    at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(AbstractPlugin.java:203)
    at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(AbstractPlugin.java:161)
    at org.parosproxy.paros.core.scanner.AbstractPlugin.sendAndReceive(AbstractPlugin.java:157)
    at org.zaproxy.zap.extension.ascanrules.TestPathTraversal.scan(Unknown Source)
    at org.parosproxy.paros.core.scanner.AbstractAppParamPlugin.scanVariant(AbstractAppParamPlugin.java:75)
    at org.parosproxy.paros.core.scanner.AbstractAppParamPlugin.scan(AbstractAppParamPlugin.java:65)
    at org.parosproxy.paros.core.scanner.AbstractPlugin.run(AbstractPlugin.java:241)
    at java.lang.Thread.run(Thread.java:722)

Original issue reported on code.google.com by dave.h...@gmail.com on 16 Apr 2013 at 11:09

Attachments:

• zap.log

[GoogleCodeExporter]

Just tried this and it worked ok for me.

Was this before you fixed the problem with stdout not going to a file?

Original comment by psii...@gmail.com on 25 Apr 2013 at 12:52

[GoogleCodeExporter]

That was fixed on 12th April and this was raised on the 16th, so I doubt it was 
the cause here. I will try to replicate this with the latest weekly release and 
provide an update. Do you get similar entries in the log file?

Original comment by dave.h...@gmail.com on 25 Apr 2013 at 1:28

[GoogleCodeExporter]

No I dont.
"Read timed out" type messages are usually just that - a timeout while trying a 
access the URL.
If connectivity was lost between ZAP and http://marketplace.allizom.org/ then 
this is what you'd see.
Thats not to say that it couldnt still be a ZAP issue ;)

Original comment by psii...@gmail.com on 25 Apr 2013 at 2:04

[GoogleCodeExporter]

Okay, it would appear that this is just going very slowly for me. After three 
hours the scan did get to 23%.

Original comment by dave.h...@gmail.com on 26 Apr 2013 at 10:19

[GoogleCodeExporter]

Yeah, it took me 13 hours !
So closing this as 'invalid' but we may well raise other issues related to 
performance or more fine grain controls...

Original comment by psii...@gmail.com on 26 Apr 2013 at 10:36

• Changed state: Invalid