search

zaproxy / zaproxy

The ZAP core project
https://www.zaproxy.org
Apache License 2.0
12.5k stars 2.23k forks source link

[docker] Better error message than 'Failed to start ZAP' when /zap/wrk is not owned by user 'zap' #8593

Open RothAndrew opened 1 month ago

RothAndrew commented 1 month ago

Is your feature request related to a problem? Please describe.

If you do something like

docker run -it --rm \
          --network="host" \
          -v $PWD/zap/wrk:/zap/wrk:rw \
          -w /zap/wrk \
          ghcr.io/zaproxy/zaproxy:stable bash

but $PWD/zap/wrk doesn't already exist

and try to run one of the python scripts like zap-api-scan.py

Then inside the container /zap/wrk will be owned by root and zap-api-scan.py will throw a very generic and unhelpful error of "Failed to start ZAP"

Describe the solution you'd like

I'd like it to throw a more helpful error message like "permission denied, the /zap/wrk folder is owned by root" (or something like that)

Describe alternatives you've considered

n/a

Screenshots

No response

Additional context

No response

Would you like to help fix this issue?

RothAndrew commented 1 month ago

Something else I discovered is that on my Macbook the error didn't happen. There's something different with how docker run behaves between Mac and Linux when it comes to mounting volumes and file/directory permissions.

psiinon commented 1 month ago

Yeah, it works fine on my Macbook. I dont have a linux system handy to check that..

RothAndrew commented 1 month ago

The first place it happened for me was in a GitHub Actions run, then confirmed on my local Rocky9 box after about 2 hours of troubleshooting 🙃