zaproxy / action-baseline

A GitHub Action for running the ZAP Baseline scan
Apache License 2.0
314 stars 58 forks source link

Can't run with Ajax spider #80

Closed daniel-ac-martin closed 2 years ago

daniel-ac-martin commented 2 years ago

Hello,

I'm providing cmd_options: "-j" to the GitHub action, but this does not seem to result in the Ajax spider being used as I still get "Modern Web Application [10109]" raised.

Is this a bug in the action or in ZAP? Is it related to the automation framework?

kingthorin commented 2 years ago

10109 has nothing to do with the Ajax Spider.

Is this a big in the action or in ZAP?

A what?

kingthorin commented 2 years ago

Please don't ask questions as issues - the ZAP User Group is a much better place for questions.

If you’re asking about a third party components such as the Jenkins plugin or VSTS plugin please look for their preferred support mechanism as these were not created by and are not supported by the core team.

daniel-ac-martin commented 2 years ago

Hi @kingthorin.

Thanks for the response. Apologies for posting here. The user group said I didn't have permissions to post, I was also wondering if this might be a bug of some sort.

Is this a big in the action or in ZAP?

A what?

Sorry, that should have said 'bug' not 'big'.

10109 has nothing to do with the Ajax Spider.

Oh, the description in the ZAP report says the following:

The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.

I interpreted this to mean that you will get the notice when you are not running the Ajax spider. If that's not the case, I'm at a loss for what to do to appease Zap with regards to 10109. Perhaps the message could be updated to be more clear?

kingthorin commented 2 years ago

If that's not the case, I'm at a loss for what to do to appease Zap with regards to 10109.

It's an informational message. " If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one."