I am still testing these new functionalities and today I was testing to exclude some urls, but I got some errors. So, my question is what is the correct format for the excluded URLs? It is complaining about regex on line 110 in AppScanSteps.java.
113143 [ZAP-ProxyThread-108] WARN org.zaproxy.zap.extension.api.API - handleApiRequest error: <?xml version="1.0" encoding="UTF-8" standalone="no"?>Bad Format (bad_format) : regex
Bad Format (bad_format) : regex
at org.zaproxy.zap.extension.spider.SpiderAPI.handleApiAction(Unknown Source)
at org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
[java] org.zaproxy.clientapi.core.ClientApiException: Bad Format (bad_format) : regex
[java] at org.zaproxy.clientapi.core.ApiResponseFactory.getResponse(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApi.callApi(Unknown Source)
[java] at org.zaproxy.clientapi.gen.Spider.excludeFromScan(Unknown Source)
[java] at net.continuumsecurity.proxy.ZAProxyScanner.excludeFromSpider(ZAProxyScanner.java:303)
[java] at net.continuumsecurity.steps.AppScanningSteps.setExcludedRegex(AppScanningSteps.java:110)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.jbehave.core.steps.StepCreator$ParameterisedStep.perform(StepCreator.java:569)
[java] at org.jbehave.core.embedder.StoryRunner$FineSoFar.run(StoryRunner.java:533)
[java] at org.jbehave.core.embedder.StoryRunner.runStepsWhileKeepingState(StoryRunner.java:513)
[java] at org.jbehave.core.embedder.StoryRunner.runScenarioSteps(StoryRunner.java:477)
[java] at org.jbehave.core.embedder.StoryRunner.runCancellable(StoryRunner.java:308)
[java] at org.jbehave.core.embedder.StoryRunner.run(StoryRunner.java:220)
[java] at org.jbehave.core.embedder.StoryRunner.runGivenStories(StoryRunner.java:393)
[java] at org.jbehave.core.embedder.StoryRunner.runCancellable(StoryRunner.java:272)
[java] at org.jbehave.core.embedder.StoryRunner.run(StoryRunner.java:220)
[java] And the URL regular expressions listed in the file:
[java] |tables/exclude_urls.table|
[java] are excluded from the spider (FAILED)
@continuumsecurity
I am still testing these new functionalities and today I was testing to exclude some urls, but I got some errors. So, my question is what is the correct format for the excluded URLs? It is complaining about regex on line 110 in AppScanSteps.java.
113143 [ZAP-ProxyThread-108] WARN org.zaproxy.zap.extension.api.API - handleApiRequest error: <?xml version="1.0" encoding="UTF-8" standalone="no"?>Bad Format (bad_format) : regex
Bad Format (bad_format) : regex
at org.zaproxy.zap.extension.spider.SpiderAPI.handleApiAction(Unknown Source)
at org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
[java] org.zaproxy.clientapi.core.ClientApiException: Bad Format (bad_format) : regex
[java] at org.zaproxy.clientapi.core.ApiResponseFactory.getResponse(Unknown Source)
[java] at org.zaproxy.clientapi.core.ClientApi.callApi(Unknown Source)
[java] at org.zaproxy.clientapi.gen.Spider.excludeFromScan(Unknown Source)
[java] at net.continuumsecurity.proxy.ZAProxyScanner.excludeFromSpider(ZAProxyScanner.java:303)
[java] at net.continuumsecurity.steps.AppScanningSteps.setExcludedRegex(AppScanningSteps.java:110)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.jbehave.core.steps.StepCreator$ParameterisedStep.perform(StepCreator.java:569)
[java] at org.jbehave.core.embedder.StoryRunner$FineSoFar.run(StoryRunner.java:533)
[java] at org.jbehave.core.embedder.StoryRunner.runStepsWhileKeepingState(StoryRunner.java:513)
[java] at org.jbehave.core.embedder.StoryRunner.runScenarioSteps(StoryRunner.java:477)
[java] at org.jbehave.core.embedder.StoryRunner.runCancellable(StoryRunner.java:308)
[java] at org.jbehave.core.embedder.StoryRunner.run(StoryRunner.java:220)
[java] at org.jbehave.core.embedder.StoryRunner.runGivenStories(StoryRunner.java:393)
[java] at org.jbehave.core.embedder.StoryRunner.runCancellable(StoryRunner.java:272)
[java] at org.jbehave.core.embedder.StoryRunner.run(StoryRunner.java:220)
[java] And the URL regular expressions listed in the file:
[java] |tables/exclude_urls.table|
[java] are excluded from the spider (FAILED)