zaproxy icon indicating copy to clipboard operation
zaproxy copied to clipboard
verified publisher icon zaproxy

Active scan rules take too much time to skip/stop/pause

Open thc202 opened this issue 10 years ago • 6 comments

Split from #1618:

What is the expected output? What do you see instead? Only the MSSQL and Advanced SQL checks should be ran, all of the DB types were running. Also when trying to skip from the scan progress screen, the checks continue.

(Emphasis mine on the problem raised by this issue.)

The problem is that the rules are not checking (in some cases more often) if the scan has been stopped (which includes the rule being skipped).

The issue does not require core changes (the rules just need to call AbstractPlugin.isStop() to check if the scan was stopped or the rule skipped).

Related issues: #936, #5855.

thc202 avatar Jul 29 '15 06:07 thc202

Are there still rules for which this is an issue?

kingthorin avatar May 21 '18 01:05 kingthorin

That would require a review (I noticed this the other day, but it might not be possible to improve more).

thc202 avatar May 21 '18 09:05 thc202

Same goes for pausing, which even less rules check for it.

thc202 avatar Apr 01 '24 08:04 thc202

If we can agree on a pause behaviour we want I'm happy to implement it throughout the ascanrules add-ons.

Shall we just check for pause right before all the places we check stop? Wait 2 or 3 sec (looping) and resume as appropriate?

kingthorin avatar Apr 01 '24 12:04 kingthorin

Sounds good to me. Be worth having a common static for the loop time or similar..

psiinon avatar Apr 02 '24 08:04 psiinon

Discussed in IRC. The current vision is for a common method in AbstractPlugin like handlePause which scan rules can call basically after everywhere they already call isStop.

It should be based on a Condition/Lock in Scanner which would propagate through HostProcess to the rules (instead of using a sleep/wait).

kingthorin avatar Apr 08 '24 13:04 kingthorin