zaproxy: Automation framework - Unable to generate report
I’m having some issues on generating a report using the automation framework
I downloaded zap 2.10.0 cross platform package to build my own C# application. It works perfect when using the command line function, but i’m having some issues with the automation framework. I followed this video https://www.youtube.com/watch?v=aZmS9NiQlJA and tried to do the same on a windows machine.
Steps I took: First things first, I installed the automation framework and the reports addon on OWASP ZAP. Then I generated a minimum configuration file (exactly the same steps as in the youtube video) and wrote the following yaml:
env:
contexts:
- name: randomname
url: mytarget
authentication:
parameters:
failOnError: true
failOnWarning: false
progressToStdout: true
jobs:
- type: addOns
parameters:
updateAddOns: true
install:
uninstall:
- type: passiveScan-config
parameters:
maxAlertsPerRule: 10
rules:
- id: 2
desc: Private IP Disclosure
threshold: high
- type: spider
parameters:
failIfFoundUrlsLessThan: 50
warnIfFoundUrlsLessThan: 20
maxDuration: 0
maxDepth: 5
parseComments: true
- type: passiveScan-wait
parameters:
maxDuration: 5
- type: report
parameters:
reportFile: somename
template: traditional-html
reportTitle: 'My ZAP Test'
reportDescription: 'My description'
displayReport: true
When I run the command: ./zap.bat -cmd -autorun baseline.yml (The yaml you see above)
It gives me the following error message:
Job addOns set updateAddOns = true
Job addOns started
Job addOns finished
Job passiveScan-config set maxAlertsPerRule = 10
Job passiveScan-config started
Job passiveScan-config set maxAlertsPerRule = 10
Job passiveScan-config finished
Job spider set failIfFoundUrlsLessThan = 50
Job spider set warnIfFoundUrlsLessThan = 20
Job spider set maxDuration = 0
Job spider set maxDepth = 5
Job spider set parseComments = true
Job spider started
Job spider found 58 URLs
Job spider finished
Job passiveScan-wait set maxDuration = 5
Job passiveScan-wait started
Job passiveScan-wait finished
Job report set reportFile = baseline
Job report set template = traditional-html
Job report set reportTitle = Hrajr ZAP Test
Job report set reportDescription = Mijn description
Job report set displayReport = true
Job report started
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
Job report generated report C:\SomeFolder\SomeFolder2\RayRay\SecScan\assets\zap\baseline.html
Job report finished
Automation plan succeeded!
When I remove the report job from the yaml file then the error message doesn’t show up. So I think it has something to do with the java dependency used for logging (SLF4J). I’m kinda new to this so I don’t fully understand why i’m having this issue with the logger?
Software information: I’m using the following Java version: jdk 15.0.2 and jre 1.8.0_281 I tested it on two different machines. One running Win10 Home and the other Win10 Pro My OWASP ZAP is of verion 2.10.0
I also installed the following addons in OWASP ZAP:
- Automation framework v0.1.0
- Report generation v0.1.0
and later on I also installed Export report v7.0.0 to see I that would do it
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 19 (13 by maintainers)
Thanks for letting us know. Yes if you’re in agreement that it’s been addressed the issue should be closed.
⚡
@thc202 I just updated everything and tried it again… and it WORKED!! Thanks guys for the fast response on this issue and for fixing 👍
ps. Should I close the issue
Closing, per previous comment. Thanks for giving it a try!