net.continuumsecurity.proxy.ProxyException: org.zaproxy.clientapi.core.ClientApiException: N''existe pas (does_not_exist) : Default Context

[wassilaahamila]

Hello, i changed the baseUrl to access to my application http://localhost://Forum/ and then tried to run basic ZAP scanning: with the command below ./runstory.sh app_scan but an error is shown in the jBehave report :

Scenario: Navigate and spider the application and find vulnerabilities through passive scanning Meta: @pre navigate Given a new browser or client instance And a new scanning session And the passive scanner is enabled And the page flow described in the method: navigate is run through the proxy And the URL regular expressions listed in the file: tables/exclude_urls.table are excluded from the spider And the spider is configured for a maximum depth of 10 And the spider is configured for 1000 maximum children And the spider is configured for 10 concurrent threads And the following URLs are spidered: url baseUrl (FAILED) net.continuumsecurity.proxy.ProxyException: org.zaproxy.clientapi.core.ClientApiException: N''existe pas (does_not_exist) : Default Context And the spider status reaches 100% complete (NOT PERFORMED) And the following false positives are removed: tables/zap.false_positives.table (NOT PERFORMED) And the XML report is written to the file passive.xml (NOT PERFORMED) Then no Medium or higher risk vulnerabilities should be present (NOT PERFORMED)

net.continuumsecurity.proxy.ProxyException: org.zaproxy.clientapi.core.ClientApiException: N''existe pas (does_not_exist) : Default Context at net.continuumsecurity.proxy.ZAProxyScanner.spider(ZAProxyScanner.java:322) at net.continuumsecurity.steps.AppScanningSteps.spider(AppScanningSteps.java:145) at net.continuumsecurity.steps.AppScanningSteps.spiderUrls(AppScanningSteps.java:117) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jbehave.core.steps.StepCreator$ParameterisedStep.perform(StepCreator.java:569) at org.jbehave.core.embedder.StoryRunner$FineSoFar.run(StoryRunner.java:533) at org.jbehave.core.embedder.StoryRunner.runStepsWhileKeepingState(StoryRunner.java:513) at org.jbehave.core.embedder.StoryRunner.runScenarioSteps(StoryRunner.java:477) at org.jbehave.core.embedder.StoryRunner.runCancellable(StoryRunner.java:308) at org.jbehave.core.embedder.StoryRunner.run(StoryRunner.java:220) at org.jbehave.core.embedder.StoryRunner.runGivenStories(StoryRunner.java:393) at org.jbehave.core.embedder.StoryRunner.runCancellable(StoryRunner.java:272) at org.jbehave.core.embedder.StoryRunner.run(StoryRunner.java:220) at org.jbehave.core.embedder.StoryRunner.run(StoryRunner.java:181) at org.jbehave.core.embedder.StoryManager$EnqueuedStory.call(StoryManager.java:235) at org.jbehave.core.embedder.StoryManager$EnqueuedStory.call(StoryManager.java:207) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: org.zaproxy.clientapi.core.ClientApiException: N''existe pas (does_not_exist) : Default Context at org.zaproxy.clientapi.core.ApiResponseFactory.getResponse(Unknown Source) at org.zaproxy.clientapi.core.ClientApi.callApi(Unknown Source) at org.zaproxy.clientapi.gen.Spider.scan(Unknown Source) at net.continuumsecurity.proxy.ZAProxyScanner.spider(ZAProxyScanner.java:319) ... 22 more

[iriusrisk]

You will need to modify the RopeyTasksApplication.java class so that it can login and navigate your application. Have a look at the section on "DEEPER APP TESTING WITH SELENIUM AND ZAP" in the getting started guide for some information on how to do this: http://www.continuumsecurity.net/bdd-getstarted.html

[wassilaahamila]

well i did with another application , and it works correctly but this error is still shown !!

[iriusrisk]

Are you using the ZAP that is bundled with the BDD-Security framework? Can you send me a copy of your config.xml, the Java class you're using to do the selenium steps and the navigate_app and app_scan stories to my email address: stephen at continuumsecurity.net