zaproxy
zaproxy copied to clipboard
zaproxy
Update docker docs to explain how file params should be used
Describe the bug
We are using the Docker Image together with Tekton Pipelines. When running these commands, I expect a report to be generated in the specified folders. This works for zap-api-scan.py but not for the other commands.
For zap-baseline.py a file called zap_out.json is written to the wrk directory.
Steps to reproduce the behavior
Run the commands:
/zap/zap-full-scan.py -t http://melee-island-melee-island-dev-1.my.apps -d -J /zap/wrk/report.json
/zap/zap-baseline.py -t http://melee-island-melee-island-dev-1.my.apps -d -J /zap/wrk/report.json
Expected behavior
A file called report.json should be generated.
Software versions
docker.io/owasp/zap2docker-stable:2.13.0
Screenshots
No response
Errors from the zap.log file
No response
Additional context
No response
Would you like to help fix this issue?
- [ ] Yes
Running docker run -v $(pwd):/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py -t https://www.example.com -J /zap/wrk/report.json
I get an error of Job report failed to generate report: /zap/wrk/zap/wrk/report.json
While running docker run -v $(pwd):/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py -t https://www.example.com -J report.json works and generated the file.
Try removing /zap/wrk/ from the start of the report file names?
I didn't see this Error Message. But without the path it works. Maybe an enhancement for the documentation, that it's not possible to enter a path there?
Thanks for reporting this because this was driving me crazy yesterday. I tried for 5 hours to get the report to output. Scan runs fine without error but just no report file.
I redacted info is in {}. Command: docker run -v C:\user\{username}\Desktop\Work:/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py -t https://www.{website}.com/ -j {website}_Full_report.json -g gen.conf -quickprogress -v
I run this on windows 10 admin powershell. Again, it runs fine just no console output till it finished and no report file is written. The base scan works fine with the same settings. I'm really at a loss on this.
@chaoscode have you seen this page? https://www.zaproxy.org/docs/docker/diagnosing-problems/#cannot-access-created-files
Yes, I used touch and got no errors. I'm going to work on it more after the spacex launch. :)
Did it successfully create the file? Can you see the file once the docker container exited?
So this appears to be a docker file mounting issue - have a look at their docs, and let us know how you get on. We'd love to improve our docs, even if its just to point to suitable docker ones..
Hang on, the file wont be in the container one thats exited.
It should be in your C:\user\{username}\Desktop\Work directory - can you check that?
yeah, if the file was where I expected it to be, I wouldn't be here asking the question lol
the whole point is it's not in the expected place. It's not a mount issue and when I check the container it can see and touch files in that folder/mnt without errors.
That's the point of me reaching out. Why isn't it writing the file. I have been all over the documentation. Out of all the scanners I'm using (amass, nucleri, zaproxy, semgrep, grype, synk, etc....) this one just refuses to write the report file to that directory. I just don't know where to go from here. Why does this one have such issues with writing files? I see threads all over the place about this.
I use dockers for all these scans and I mount and tell the bin to write all to the same directory. This is the only one that doesn't work, and I get zero feedback from the console app telling me why. It just say "I'm done, here are the results, bye no errors."
It's very frustrating.