search

zaproxy / zaproxy

The ZAP core project
https://www.zaproxy.org
Apache License 2.0
12.21k stars 2.21k forks source link

GraalVM JavaScript engine not loading with Java 22 #8477

Open SamDubYah opened 1 month ago

SamDubYah commented 1 month ago

Describe the bug

Zaproxy is failing to load the graaljs extension limiting the capability of using any js scripts or the OAST functionality.

I have tried re-installed zaproxy using the ARCH pacman ( blackarch repo ) and the homepage package. I have also re-installed the graaljs addon.

Steps to reproduce the behavior

  1. Launch Zaproxy
  2. Add Scripting tab
  3. Attempt to add new script
  4. Select scripting engine
  5. See graaljs is missing from scripting engine
  6. view the 'zap.log' for error
  7. see the following error

    5988 [ZAP-BootstrapGUI] ERROR org.parosproxy.paros.extension.ExtensionLoader - Failed to initialise extension org.zaproxy.zap.extension.graaljs.ExtensionGraalJs (from add-on [id=graaljs, version=0.7.0]), cause: NoSuchMethodError: 'void sun.misc.Unsafe.ensureClassInitialized(java.lang.Class)

Expected behavior

Expect graaljs to load, and access to the graaljs scripting engine to be available.

Software versions

ZAP Version: 2.14.0

Installed Add-ons: [[id=alertFilters, version=20.0.0], [id=ascanrules, version=65.0.0], [id=authhelper, version=0.12.0], [id=automation, version=0.39.0], [id=bruteforce, version=15.0.0], [id=callhome, version=0.11.0], [id=commonlib, version=1.24.0], [id=database, version=0.3.0], [id=diff, version=14.0.0], [id=directorylistv1, version=7.0.0], [id=domxss, version=18.0.0], [id=encoder, version=1.4.0], [id=exim, version=0.8.0], [id=formhandler, version=6.5.0], [id=fuzz, version=13.12.0], [id=gettingStarted, version=16.0.0], [id=graaljs, version=0.6.0], [id=graphql, version=0.23.0], [id=help, version=17.0.0], [id=hud, version=0.18.0], [id=invoke, version=14.0.0], [id=network, version=0.15.0], [id=oast, version=0.17.0], [id=onlineMenu, version=12.0.0], [id=openapi, version=39.0.0], [id=postman, version=0.3.0], [id=pscanrules, version=57.0.0], [id=quickstart, version=46.0.0], [id=replacer, version=16.0.0], [id=reports, version=0.31.0], [id=requester, version=7.5.0], [id=retest, version=0.8.0], [id=retire, version=0.34.0], [id=reveal, version=7.0.0], [id=scripts, version=45.2.0], [id=selenium, version=15.22.0], [id=soap, version=22.0.0], [id=spider, version=0.10.0], [id=spiderAjax, version=23.18.0], [id=tips, version=12.0.0], [id=webdriverlinux, version=81.0.0], [id=websocket, version=30.0.0], [id=zest, version=44.0.0]]

Operating System: Linux Architecture: amd64 Java Version: N/A 22 System's Locale: en_US Display Locale: en_GB Format Locale: en_US Default Charset: UTF-8 ZAP Home Directory: /home/dubs/.ZAP/ ZAP Installation Directory: /usr/share/zaproxy/./ Look and Feel: FlatLaf Light (com.formdev.flatlaf.FlatLightLaf)

Screenshots

No response

Errors from the zap.log file

zap.log

Additional context

No response

Would you like to help fix this issue?

kingthorin commented 1 month ago

It doesn't limit OAST functionality. It means you can't use JS scripts, a few of which OAST is packaged with but they're bonuses not requirements.

I'd suggest starting ZAP with a clean home directory using the -dir switch https://www.zaproxy.org/docs/desktop/cmdline/#options

kingthorin commented 1 month ago

Might also be a Java 22 issue, not sure we're compatible yet.

thc202 commented 1 month ago

Yes, that's because of the Java version:

Failed to initialise extension org.zaproxy.zap.extension.graaljs.ExtensionGraalJs (from add-on [id=graaljs, version=0.6.0]), cause: NoSuchMethodError: 'void sun.misc.Unsafe.ensureClassInitialized(java.lang.Class)'
java.lang.NoSuchMethodError: 'void sun.misc.Unsafe.ensureClassInitialized(java.lang.Class)'
SamDubYah commented 1 month ago

You're correct, downgrading to java 21 fixes the issue. Thank you

thc202 commented 3 weeks ago

For the record, the update of GraalVM JavaScript engine to latest version (which should address this) requires bumping ZAP's minimum Java version to 17.