Comments (12)
@kingthorin Yes I know. Thats because it runs in GH Actions, so by default you don't have permission to write anywhere outside your pwd (specifically as stated above it tries to write here: /zap/wrk
).
from action-baseline.
Also, I am trying to generate a json report file with custom name using -J
flag. That tries to access /zap/wrk
(where it doesn't have permission to write to) and therefore it crashes.
As mentioned above, it would be nice if we could specify custom volume mounting point through some input. cc. @thc202
ERROR [Errno 13] Permission denied: '/zap/wrk/$REPORT_NAME.json' 2024-04-16 15:01:39,850 I/O error: [Errno 13] Permission denied: '/zap/wrk/$REPORT_NAME.json' Traceback (most recent call last): File "/zap/zap-baseline.py", line 606, in main write_report(os.path.join(base_dir, report_json), zap.core.jsonreport()) File "/zap/zap_common.py", line 569, in write_report with open(file_path, mode='wb') as f: PermissionError: [Errno 13] Permission denied: '/zap/wrk/$REPORT_NAME.json'
from action-baseline.
Yes, we should look at working around this issue in the ZAP actions if we can.
But I think the underlying issue is a docker one rather than a ZAP one.
Happy to be proved wrong of course...
from action-baseline.
Hi @psiinon Good Day
We're also facing same issue when running zaproxy baseline through Github Action (zaproxy/[email protected])
If there's any different docker image which we can pass in docker_name inputs for this action for which this doesn't fails, please let us know.
I'll attache the main logs after removing sensitive contents here.
ghcr.io/zaproxy/zaproxy:stable
/usr/bin/docker run -v <Runner_Workspace_Path>:/zap/wrk/:rw --network=host -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py -t <Target_URL> -J report_json.json -w report_md.md -r report_html.html
Using the Automation Framework
Unable to copy yaml file to /zap/wrk/zap.yaml [Errno 13] Permission denied: '/zap/wrk/zap.yaml'
Total of 4 URLs
--- Test Path Results ---
Automation plan failures:
Job report failed to generate report: /zap/wrk/report_html.html
Scanning process completed, starting to analyze the results!
Failed to locate the json report generated by ZAP Scan!
from action-baseline.
Can one of you provide the whole logs/output? (Removing any sensitive info.)
from action-baseline.
zap.yaml Permission Denied Logs.txt
Please find attached log file (Removed URLs, File & Jobs Names etc)
from action-baseline.
Hi @thc202 is there update on this issue?
from action-baseline.
Hi @thc202 Good Day
Any update on this issue?
from action-baseline.
Hello @thc202 !
Any updates on this ? Is there any workaround ?
from action-baseline.
You don't seem to have permissions to write to the directory you mounted 🤷♂️
from action-baseline.
As per my previous understanding, this is a limitation imposed by the zaproxy docker images due to how Github executes Github Actions. I would suggest having a dedicated image for Github Actions to allow it to mount to the preferred directory.
from action-baseline.
You would have to use a scan hook to write another JSON report, the action needs to know how the JSON report is named to later process the alerts raised.
Thanks for sharing the logs, I don't know if that case is the same as this one, but we'll fix it and you can try the changes.
I think it's just a matter of setting up the proper permissions.
from action-baseline.
Related Issues (20)
- xml placeholder file not created as part of execution causing -x flag HOT 1
- Update to Node 20
- Error when reading the rules file: /home/runner/work/<repo>/<repo>/owasp-zap-ignore.conf
- Put ignored alerts in a details tag HOT 1
- Option to fail or pass the action based on alerts HOT 4
- Permission issue while Ajax scanning with root user HOT 2
- Octokit problem HOT 29
- Error on fail_action HOT 1
- Capturing the ZAP scan run results and publish into Slack HOT 2
- OUTOFSCOPE doesn't seem to be working HOT 7
- Feature Request: Allow specifying artifact name HOT 6
- `Cannot listen on port 0.0.0.0:60926` error HOT 5
- Cannot turn off GitHub issue filing HOT 7
- GitHub Code Scanning Integration HOT 12
- Automation Framework - compatible with config file / basic auth? HOT 1
- Can't run with Ajax spider HOT 4
- Feature: Allows the use of Docker Volume Mount for /zap/wrk/
- Upgrade to node 16
- Nodejs 12 deprecated, upgrade to Nodejs 16. HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from action-baseline.