zaproxy: ZAP does not shutdown in command line mode if AJAX Spider fails to start the browser

Describe the bug

The process hangs (does not finish) after the automation plan succeeded if the job spiderAjax is included into the plan.

Steps to reproduce the behavior

Create file config.yaml with the following content:

--- # OWASP ZAP automation configuration file, for more details see https://www.zaproxy.org/docs/automate/automation-framework/
env:                                   # The environment, mandatory
  contexts :                           # List of 1 or more contexts, mandatory
    - name: my_context                 # Name to be used to refer to this context in other jobs, mandatory
      urls:                            # A mandatory list of top level urls, everything under each url will be included
        - "http://example.com"
jobs:
  - type: spiderAjax

Run ZAP and see the output:

$ zap.sh -cmd -autorun "$(pwd)/config.yaml"
Found Java version 17.0.2
Available memory: 25343 MB
Using JVM args: -Xmx6335m
Job spiderAjax started
Job spiderAjax found 0 URLs
Job spiderAjax finished
Automation plan succeeded!

Note that the process has not finished after the automation plan succeeded.

Expected behavior

The process has finished after the automation plan succeeded.

Software versions

OWASP ZAP
Version: 2.11.1
Installed Add-ons: [[id=alertFilters, version=13.0.0], [id=ascanrules, version=44.0.0], [id=automation, version=0.13.0], [id=bruteforce, version=11.0.0], [id=callhome, version=0.3.0], [id=commonlib, version=1.8.0], [id=diff, version=11.0.0], [id=directorylistv1, version=5.0.0], [id=domxss, version=12.0.0], [id=encoder, version=0.6.0], [id=exim, version=0.1.0], [id=formhandler, version=4.0.0], [id=fuzz, version=13.6.0], [id=gettingStarted, version=13.0.0], [id=graaljs, version=0.2.0], [id=graphql, version=0.7.0], [id=help, version=14.0.0], [id=hud, version=0.13.0], [id=importurls, version=9.0.0], [id=invoke, version=11.0.0], [id=network, version=0.0.1], [id=onlineMenu, version=9.0.0], [id=openapi, version=24.0.0], [id=pscanrules, version=39.0.0], [id=quickstart, version=33.0.0], [id=replacer, version=9.0.0], [id=reports, version=0.10.0], [id=retest, version=0.2.0], [id=retire, version=0.10.0], [id=reveal, version=4.0.0], [id=saverawmessage, version=7.0.0], [id=savexmlmessage, version=0.3.0], [id=scripts, version=30.0.0], [id=selenium, version=15.7.0], [id=soap, version=12.0.0], [id=spiderAjax, version=23.7.0], [id=tips, version=9.0.0], [id=webdriverlinux, version=33.0.0], [id=websocket, version=24.0.0], [id=zest, version=35.0.0]]
Operating System: Linux
Java Version: Private Build 17.0.2
System's Locale: en
Display Locale: en_GB
Format Locale: en_GB
ZAP Home Directory: /home/user/.ZAP/
ZAP Installation Directory: /opt/zaproxy/./
Look and Feel: Metal (javax.swing.plaf.metal.MetalLookAndFeel)

Screenshots

No response

Errors from the zap.log file

~/.ZAP/zap.log

Additional context

thread-dump.txt (received using kill -3 $(pidof java))

Would you like to help fix this issue?

About this issue

Original URL
State: open
Created 2 years ago
Comments: 24 (15 by maintainers)

Commits related to this issue

Ensure executor is shutdown on error Change `CrawlController` to shutdown the executor (if not already) in a finally block to ensure it's shutdown even in case of error calling the `consumerfactory` ... — committed to thc202/crawljax by thc202 a year ago

Most upvoted comments

You need to remove -daemon still, as the error indicates:

Command line arguments -cmd and -daemon cannot be used at the same time.

Also, note that -cmd should not be between the -autorun and the file, i.e.: zap.sh -cmd -autorun /zap/wrk/my.trunk_test_ajax.yaml || true

thc202 on May 16, 2023

I was planning to close it with the same PR.

thc202 on Mar 20, 2023