0

我有 .NET 5 API,我正在运行 ZAP API 扫描。

当我从 Windows 10 运行此命令时,它运行良好并生成报告 - 对于第一个用例,我将 API 托管在 Windows Server 2016 上的 IIS 中:

docker run -v "$(pwd):/zap/wrk/:rw" -t owasp/zap2docker-weekly zap-api-scan.py -t `http://10.XXX.XXX.XXX:8002/account?field4=4488082040118"&"field7=GENERIC01"&"field10=ABC076 -f openapi -r C:\Users\tshumaed\Documents\DEPLOYS\ZAP_Report.htm`

切换到 Linux 时出现错误。我在 k0s 集群上托管了 API(在 Debian 10 Buster 上)并运行命令:

docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -t http://10.XXX.XXX.XXX:32518/account?field4=4488082040118"&"field7=GENERIC01"&"field10=DCF43 -f openapi -r ~/home/golide/Projects/ZAP_REPORT.htm

该命令给出错误:

12575 [ZAP-daemon] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing 

Passive Scan Rules
12575 [ZAP-daemon] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Ajax Spider Automation Framework Integration
12579 [ZAP-daemon] INFO  org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles all of the calls to ZAP services
12801 [ZAP-daemon] INFO  org.zaproxy.addon.oast.services.callback.CallbackService - Started callback service on 0.0.0.0:42279
12811 [ZAP-daemon] INFO  org.zaproxy.addon.network.ExtensionNetwork - Creating new root CA certificate.
14810 [ZAP-daemon] INFO  org.zaproxy.addon.network.ExtensionNetwork - New root CA certificate created.
17862 [ZAP-daemon] INFO  org.parosproxy.paros.CommandLine - Add-on update check complete
17866 [ZAP-daemon] INFO  org.parosproxy.paros.CommandLine - Add-on already installed: /zap/./plugin/pscanrulesBeta-beta-29.zap
17868 [ZAP-daemon] INFO  org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on 0.0.0.0:47455
22574 [ZAP-Import-OpenAPI-1] WARN  org.zaproxy.zap.extension.openapi.ExtensionOpenApi - Failed to parse OpenAPI definition.

org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerException: Failed to parse swagger defn null
22575 [ZAP-Import-OpenAPI-1] WARN  org.zaproxy.zap.extension.openapi.ExtensionOpenApi - Failed to parse swagger defn null
org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerException: Failed to parse swagger defn null
        at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.readOpenAPISpec(SwaggerConverter.java:200) ~[openapi-beta-26.zap:?]
        at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getRequestModels(SwaggerConverter.java:184) ~[openapi-beta-26.zap:?]
        at org.zaproxy.zap.extension.openapi.ExtensionOpenApi$1.run(ExtensionOpenApi.java:365) [openapi-beta-26.zap:?]
22655 [ZAP-ProxyThread-10] INFO  org.parosproxy.paros.core.scanner.Scanner - scanner started
23400 [Thread-6] INFO  org.parosproxy.paros.core.scanner.HostProcess - Scanning 2 node(s) from http://10.XXX.XXX.XXX:32518
23403 [Thread-6] INFO  org.parosproxy.paros.core.scanner.HostProcess - start host http://10.XXX.XXX.XXX:32518 | RemoteFileIncludeScanRule strength MEDIUM threshold MEDIUM
..............
............

我错过了什么?

4

0 回答 0