search

kasunkv / owasp-zap-vsts-task

Visual Studio Team Services build/release task for running OWASP ZAP automated security tests
MIT License
30 stars 11 forks source link

TFS Reporting: Task execution section of task definition for is either missing or not valid #9

Open AshleyPoole opened 6 years ago

AshleyPoole commented 6 years ago

Hi,

After installing the task, and adding the task to a release definition in TFS (version 15) and setting it to run on server, the following error is observed from TFS.

Task execution section of task definition for Id : {ID HAS BEEN REMOVED} is either missing or not valid.

When configuring the task though, all required fields have been configured, including the API Url, Key and target Url.

How can I debug what is wrong with the task definition for the OWASP ZAP Scan task? Any idea what might be wrong @kasunkv ?

AshleyPoole commented 6 years ago

I've tried setting the OWASP ZAP task to run on an release agent instead of the server, but then also get the following error:

2017-12-05T12:28:01.5554923Z Set workingFolder to default: E:\TFSAgent\tasks\OwaspZapScan\2.0.3
2017-12-05T12:28:02.8659007Z ##[debug]agent.TempDirectory=undefined
2017-12-05T12:28:02.8659007Z ##[debug]agent.workFolder=E:\TFSAgent\_work
2017-12-05T12:28:02.8659007Z ##[debug]loading inputs and endpoints
2017-12-05T12:28:02.8659007Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
2017-12-05T12:28:02.8815008Z ##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
2017-12-05T12:28:02.8815008Z ##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_ENABLEVERIFICATIONS
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_EXECUTEACTIVESCAN
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_EXECUTESPIDERSCAN
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_INSCOPEONLY
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_RECURSE
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_RECURSESPIDER
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_REPORTFILEDESTINATION
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_REPORTFILENAME
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_REPORTTYPE
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_SUBTREEONLY
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_TARGETURL
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_ZAPAPIKEY
2017-12-05T12:28:02.8815008Z ##[debug]loading INPUT_ZAPAPIURL
2017-12-05T12:28:02.8815008Z ##[debug]loaded 16
2017-12-05T12:28:02.8815008Z ##[debug]Agent.ProxyUrl=undefined
2017-12-05T12:28:02.8815008Z ##[debug]Agent.CAInfo=undefined
2017-12-05T12:28:02.8815008Z ##[debug]Agent.ClientCert=undefined
2017-12-05T12:28:03.2559032Z ##[debug]task result: Failed
2017-12-05T12:28:03.2559032Z ##[error]Unhandled: Unexpected token =

Does that indicate that ProxyUrl, CAInfo and ClientCert are required parameters?

AshleyPoole commented 6 years ago

Update @kasunkv I've found the issue is localised to a Windows release agent. If you run it on a Linux release agent, it works.

BalakumarChockalingam commented 6 years ago

@AshleyPoole : Did you get this to work on a windows agent? If so, what changes did you make? I'm facing the same issue.