docker Azure应用服务上的守护程序OWASP ZAP始终返回代码400 -错误请求

q5lcpyga  于 2023-01-20  发布在  Docker
关注(0)|答案(1)|浏览(178)

我正在尝试运行OWASP ZAP的守护进程示例,以在Azure应用服务容器上使用ZAP API。
将映像配置为owasp/zap2docker-stable并指示启动命令

zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.disablekey=true

我可以在应用程序服务中运行以下Docker命令(取自日志)

docker run -d --expose=8080 --name zap-tool_8_4bedc839 -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=false -e WEBSITES_PORT=8080 -e WEBSITE_SITE_NAME=zap-tool -e WEBSITE_AUTH_ENABLED=False -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=zap-*****.azurewebsites.net -e WEBSITE_INSTANCE_ID=b9972c7b5014a11146e04035fe1b8e55b22384befd7977a509e8dc0b******** -e HTTP_LOGGING_ENABLED=1 -e NODE_OPTIONS=--require /agents/node/build/src/Loader.js -e JAVA_TOOL_OPTIONS=-javaagent:/agents/java/applicationinsights-agent-codeless.jar -e StartupBootstrapper=Microsoft.ApplicationInsights.StartupBootstrapper -e DOTNET_SHARED_STORE=/agents/core/store/lin -e DOTNET_ADDITIONAL_DEPS=/agents/core/additionalDeps -e WEBSITE_USE_DIAGNOSTIC_SERVER=False owasp/zap2docker-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.disablekey=true

在日志中加载脚本后,我发现消息称服务器正在侦听,但在第一次调用时(应用服务发出的虚拟调用),我们得到了bad request响应,并且发出了所有后续请求(甚至是GET服务器根)

2023-01-19T09:47:17.840154581Z 105098 [ZAP-daemon] INFO  org.zaproxy.addon.network.ExtensionNetwork - ZAP is now listening on 0.0.0.0:8080
2023-01-19T09:47:19.599466935Z 106791 [ZAP-IO-Server-1-1] WARN  org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/robots933456.txt] from [169.254.130.1]:
2023-01-19T09:47:19.599494735Z org.zaproxy.zap.extension.api.ApiException: bad_format
2023-01-19T09:47:19.599499835Z  at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:438) ~[zap-2.12.0.jar:2.12.0]
2023-01-19T09:47:19.599504035Z  at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:100) ~[?:?]
2023-01-19T09:47:19.599518235Z  at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:74) ~[?:?]
2023-01-19T09:47:19.599529835Z  at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleMessage(ZapApiHandler.java:59) ~[?:?]
2023-01-19T09:47:19.599533235Z  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:147) ~[?:?]
2023-01-19T09:47:19.599536335Z  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:129) ~[?:?]
2023-01-19T09:47:19.599539435Z  at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:66) ~[?:?]
2023-01-19T09:47:19.599542435Z  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:94) ~[?:?]
2023-01-19T09:47:19.599545535Z  at org.zaproxy.addon.network.internal.server.http.MainServerHandler.lambda$channelRead0$0(MainServerHandler.java:82) ~[?:?]
2023-01-19T09:47:19.599548535Z  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
2023-01-19T09:47:19.599551535Z  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
2023-01-19T09:47:19.599554535Z  at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
2023-01-19T09:47:19.599557635Z  at java.lang.Thread.run(Thread.java:829) ~[?:?]
2023-01-19T09:47:19.599560535Z Caused by: java.lang.IllegalArgumentException: No enum constant org.zaproxy.zap.extension.api.API.Format.ROBOTS933456.TXT
2023-01-19T09:47:19.599563635Z  at java.lang.Enum.valueOf(Enum.java:240) ~[?:?]
2023-01-19T09:47:19.599566535Z  at org.zaproxy.zap.extension.api.API$Format.valueOf(API.java:62) ~[zap-2.12.0.jar:2.12.0]
2023-01-19T09:47:19.599569635Z  at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:417) ~[zap-2.12.0.jar:2.12.0]
2023-01-19T09:47:19.599572636Z  ... 12 more

什么会导致此错误?什么会导致错误java.lang.IllegalArgumentException: No enum constant org.zaproxy.zap.extension.api.API.Format.ROBOTS933456.TXT

ilmyapht

ilmyapht1#

这表明您(或者至少是其他人)向ZAPI API发出了无效请求:
对API端点的错误请求[/robots933456.txt]
要么不要提出这样的请求,要么忽略错误:)
仅供参考,使用Automation Framework而不是通过API控制ZAP可能更容易。

相关问题