Comments (7)
thc202
commented on June 8, 2024
2
Actually, the OUTOFSCOPE case is not being handled (yet), just IGNORE. This also applies to the full scan.
from action-baseline.
acodeninja
commented on June 8, 2024
2
This issue looks to be related to the mainline @zaproxy/actions-common-scans repo.
https://github.com/zaproxy/action-baseline/blob/master/index.js#L47 < only adds -c ${rulesFileLocation} if the plugins variable has a length greater than 0.
the plugins variable is set here https://github.com/zaproxy/action-baseline/blob/master/index.js#L40
the processLineByLine method here https://github.com/zaproxy/actions-common/blob/master/packages/scans/src/action-helper.js#L38 only adds to the return value if you have at least one IGNORE directive in your config file.
I'm not sure that the call to common.helper.processLineByLine is really needed here, and I found it strange that this logic was in place. If the file is invalid for whatever reason I'd expect the zap-baseline.py program to return a non-zero exit code.
As a temporary workaround I've added this line to our own repos baseline config:
# We ignore a non-existent rule here as the github action won't pass this file without it
# See https://github.com/zaproxy/action-baseline/issues/44
-1 IGNORE (Fix for https://github.com/zaproxy/action-baseline/issues/44)
from action-baseline.
pgregory118
commented on June 8, 2024
1
Thanks for nothing
from action-baseline.
kingthorin
commented on June 8, 2024
Specific to this one, please provide a valid target: "target: 1httpa:----------.com' "
Please don't ask questions as issues - the ZAP User Group is a much better place for questions.
If youβre asking about a third party components such as the Jenkins plugin or VSTS plugin please look for their preferred support mechanism as these were not created by and are not supported by the core team.
from action-baseline.
kingthorin
commented on June 8, 2024
@pgregory118 I've moved the ticket to the appropriate repo. There isn't enough detail in your report to identify an issue aside from the fact that your target appears invalid (yes I understand it isn't full of hyphens but the leading "1" and trailing "a" didn't bode well). Further we have no idea what may have changed between runs or within the environment/code base.
If you can pin point an issue let us know, otherwise it seems like a question to be handled via the User Group.
from action-baseline.
erzz
commented on June 8, 2024
Would be nice for this to be included - any ideas of timeline?
from action-baseline.
dennis-hh
commented on June 8, 2024
This issue unfortunately still exists. Also used @acodeninja's workaround.
from action-baseline.
Related Issues (20)
- xml placeholder file not created as part of execution causing -x flag HOT 1
- Update to Node 20
- PermissionError: [Errno 13] Permission denied: '/zap/wrk/ HOT 12
- Error when reading the rules file: /home/runner/work/<repo>/<repo>/owasp-zap-ignore.conf
- Put ignored alerts in a details tag HOT 1
- Option to fail or pass the action based on alerts HOT 4
- Permission issue while Ajax scanning with root user HOT 2
- Octokit problem HOT 29
- Error on fail_action HOT 1
- Capturing the ZAP scan run results and publish into Slack HOT 2
- Feature Request: Allow specifying artifact name HOT 6
- `Cannot listen on port 0.0.0.0:60926` error HOT 5
- Cannot turn off GitHub issue filing HOT 7
- GitHub Code Scanning Integration HOT 12
- Automation Framework - compatible with config file / basic auth? HOT 1
- Can't run with Ajax spider HOT 4
- Feature: Allows the use of Docker Volume Mount for /zap/wrk/
- Upgrade to node 16
- Nodejs 12 deprecated, upgrade to Nodejs 16. HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from action-baseline.