Open pragadeeshraju opened 3 years ago
Looks like the real error is the one before it and that it can't access the target URL. Is this an intranet site? is this running a non-microsoft hosted agent? Is it accessible from the agent?
I/O error(5): ZAP failed to access: http://172.17.0.1:8080
The file doesn't exist because the scan never ran.
okay, that was fixed and now bumped into|
2020-08-28T09:01:59.8208528Z ==============================================================================
2020-08-28T09:01:59.8208830Z Task : Publish Test Results
2020-08-28T09:01:59.8209089Z Description : Publish test results to Azure Pipelines
2020-08-28T09:01:59.8209313Z Version : 2.171.0
2020-08-28T09:01:59.8209526Z Author : Microsoft Corporation
2020-08-28T09:01:59.8209830Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/test/publish-test-results
2020-08-28T09:01:59.8210205Z ==============================================================================
2020-08-28T09:01:59.9692246Z [command]/usr/bin/dotnet --version
2020-08-28T09:02:00.3321909Z 3.1.401
2020-08-28T09:02:01.0726910Z ##[warning]Failed to read /home/vsts/work/r1/a/owaspzap/test-results.xml. Error : There are multiple root elements. Line 49, position 2..
2020-08-28T09:02:01.0740737Z ##[warning]Failed to publish test results: Object reference not set to an instance of an object.
2020-08-28T09:02:01.0857511Z ##[section]Async Command Start: Publish test results
2020-08-28T09:02:01.0982697Z ##[section]Async Command End: Publish test results
2020-08-28T09:02:01.0984007Z ##[section]Finishing: Publish Test Results owaspzap/test-results.xml
2020-08-28T09:02:01.0726910Z ##[warning]Failed to read /home/vsts/work/r1/a/owaspzap/test-results.xml. Error : There are multiple root elements. Line 49, position 2.. 2020-08-28T09:02:01.0740737Z ##[warning]Failed to publish test results: Object reference not set to an instance of an object.
I started getting this yesterday when I changed the target website. Looking at the file, it includes both the HTTP and HTTPS runs.
I looked at the settings and the site requires HTTPS so it is redirecting the call from HTTP to HTTPS and OWASP thinks it is two different websites. In the report parser that I wrote, I passed in the target site so it would only report on that one site. I think we need to do this here or just use HTTPS when doing the testing. The weird thing is if I change it to HTTPS, I don't get any warnings even though I did before and the JSON report shows port 80. Seems like a different issue.
I looked back at the settings and there is a port setting. It must default to port 80. I wish it would use the default HTTP port of the URL. I set this explicitly like below and now everything works properly.
now bumped into another issue, scanner just frozes after, in azure pipeline
2020-09-01T12:55:26.2276439Z 424fa8727c16: Pull complete
2020-09-01T12:55:26.2300003Z Digest: sha256:3563ecc53448ad224262ccea185cff8360c999c52d9c4b78630d9344dc1c3fd6
2020-09-01T12:55:26.2322177Z Status: Downloaded newer image for owasp/zap2docker-stable:latest
2020-09-01T12:55:30.2205741Z 2020-09-01 12:55:30,219 Params: ['zap-x.sh', '-daemon', '-port', '42957', '-host', '0.0.0.0', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=0', '-addonupdate', '-addoninstall', 'pscanrulesBeta', '-addoninstall', 'ascanrulesBeta']
2020-09-01T12:55:32.8942493Z Sep 01, 2020 12:55:32 PM java.util.prefs.FileSystemPreferences$1 run
2020-09-01T12:55:32.8943475Z INFO: Created user preferences directory.
but works fine on the seperate run
Hi @IvanKirianov, the initial issue was solved (my app was running on the specified URL(2020-08-25T11:02:42.2410929Z ERROR ZAP failed to access: http://172.17.0.1:8080) - I corrected that)
not sure what issue are you facing now
but now it just hung after
2020-09-01T12:55:26.2322177Z Status: Downloaded newer image for owasp/zap2docker-stable:latest
2020-09-01T12:55:30.2205741Z 2020-09-01 12:55:30,219 Params: ['zap-x.sh', '-daemon', '-port', '42957', '-host', '0.0.0.0', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'spider.maxDuration=0', '-addonupdate', '-addoninstall', 'pscanrulesBeta', '-addoninstall', 'ascanrulesBeta']
2020-09-01T12:55:32.8942493Z Sep 01, 2020 12:55:32 PM java.util.prefs.FileSystemPreferences$1 run
2020-09-01T12:55:32.8943475Z INFO: Created user preferences directory.
i even tried in other servers as well.
These issues do not necessarily pertain to the Azure DevOps ZAP plugin created by this team.
What's not immediately clear from the plugin is that it mostly relies on the ZAP Docker container. The plugin merely takes a few settings from you and applies them to ZAP running in Docker. One such example is the port number that @mikedouglasdev referred to.
If your issues continue to exist, please provide an update @pragadeeshraju. Otherwise, please consider closing this issue.
I nedd help please
@polatengin @DariuszPorowski @TsuyoshiUshio @
in my case, i had the SSL port specified correctly for an HTTPS only web app. but, it was failing when using a pipeline variable. the error went away once putting the URL directly in Root URL to begin crawling
field. ymmv 🍻
@pragadeeshraju
How did you fix initial issue? I am also getting the same issue in yml based pipeline. But in classic mode.
pipeline:-
Error:- Automation plan failures: Job spider failed to access URL http://172.17.0.1:8080/ : Connection refused (Connection refused)
Did you find a solution for the rror ? I have this one
Hi All,
While executing the OWASP ZAP scan in the azure pipeline for the "targeted scan" type, getting below error, Any solution for this issue.
Earliest response is much appreciated , Since because of this we have blocked with few releases.
I was trying the use ZAP from Azure market place and getting bumped into the error.
any help would be appreciated. let me know if more information are needed