Update ZAPROXY version and ZAPROXY plugins #2604

mercedes-benz · Oct 23, 2023 · 02ed051 · 02ed051
1 parent f4adb8e
commit 02ed051
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 32 deletions.
diff --git a/sechub-pds-solutions/owaspzap/docker/Owasp-Zap-Debian.dockerfile b/sechub-pds-solutions/owaspzap/docker/Owasp-Zap-Debian.dockerfile
@@ -10,10 +10,10 @@ LABEL org.opencontainers.image.description="A container which combines OWASP ZAP
 LABEL maintainer="SecHub FOSS Team"
 
 # Build args
-ARG OWASPZAP_VERSION="2.13.0"
-ARG OWASPZAP_SHA256SUM="24dfba87278515e3dabe8d24c259981cd812a8f6e66808c956104c3283d91d9d"
+ARG OWASPZAP_VERSION="2.14.0"
+ARG OWASPZAP_SHA256SUM="219d7f25bbe25247713805ab02cc12279898c870743c1aae3c2b0b1882191960"
 
-ARG OWASPZAP_WRAPPER_VERSION="1.2.0"
+ARG OWASPZAP_WRAPPER_VERSION="1.3.1"
 
 # OWASP ZAP host and port
 ENV ZAP_HOST="127.0.0.1"
@@ -37,16 +37,17 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get install --assume-yes openjdk-17-jre firefox-esr wget && \
     apt-get clean
 
-# Install OWASP ZAP
+# Download ZAP
 RUN cd "$DOWNLOAD_FOLDER" && \
-	# download latest release of owasp zap
-	wget --no-verbose https://github.com/zaproxy/zaproxy/releases/download/v${OWASPZAP_VERSION}/zaproxy_${OWASPZAP_VERSION}-1_all.deb && \
+	# download latest release of zap
+	wget --no-verbose https://github.com/zaproxy/zaproxy/releases/download/v${OWASPZAP_VERSION}/ZAP_${OWASPZAP_VERSION}_Linux.tar.gz && \
 	# verify that the checksum and the checksum of the file are same
-    echo "${OWASPZAP_SHA256SUM} zaproxy_${OWASPZAP_VERSION}-1_all.deb" | sha256sum --check && \
-	dpkg -i zaproxy_${OWASPZAP_VERSION}-1_all.deb && \
-	# remove zaproxy deb package
-	rm zaproxy_${OWASPZAP_VERSION}-1_all.deb
-
+    echo "${OWASPZAP_SHA256SUM} ZAP_${OWASPZAP_VERSION}_Linux.tar.gz" | sha256sum --check && \
+    # install ZAP
+	tar xf ZAP_${OWASPZAP_VERSION}_Linux.tar.gz -C "$TOOL_FOLDER" && \
+	ln -s "$TOOL_FOLDER/ZAP_${OWASPZAP_VERSION}/zap.sh" "/usr/local/bin/zap" && \
+	# remove plugins installed on default
+	rm $TOOL_FOLDER/ZAP_${OWASPZAP_VERSION}/plugin/*.zap
 
 # Install SecHub OWASP ZAP wrapper
 RUN cd "$TOOL_FOLDER" && \

diff --git a/sechub-pds-solutions/owaspzap/docker/scripts/owasp-zap.sh b/sechub-pds-solutions/owaspzap/docker/scripts/owasp-zap.sh
@@ -3,8 +3,7 @@
 
 shutdownZAP() {
 	# --full: to specify the process by looking at full command line including the parameters
-	pkill -9 --full "/usr/bin/owasp-zap"
-	pkill -9 --full "/usr/share/zaproxy/zap-"
+	pkill -9 --full "/pds/tools/ZAP_"
 }
 
 # Start OWASP-ZAP server
@@ -13,7 +12,7 @@ echo "Starting up OWASP-ZAP server"
 #   This addon is mandatory now but the telemetry calls can be deactivated.
 #   This feature addtionally disables automated update calls, e.g. to update extensions.
 #   Otherwise, if you want to use a specific versions of extensions e.g. for testing reasons, ZAP would automatically check for updates.
-owasp-zap -daemon -silent -nostdout -host "$ZAP_HOST" -port "$ZAP_PORT" -config "api.key=$ZAP_API_KEY" &
+zap -daemon -silent -nostdout -host "$ZAP_HOST" -port "$ZAP_PORT" -config "api.key=$ZAP_API_KEY" &
 
 echo "Waiting for OWASP-ZAP to start"
 RETRIES=20

diff --git a/sechub-pds-solutions/owaspzap/docker/zap-addons.txt b/sechub-pds-solutions/owaspzap/docker/zap-addons.txt
@@ -1,16 +1,16 @@
-https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.14.0/commonlib-release-1.14.0.zap
-https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v55/ascanrules-release-55.zap
-https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.12.1/selenium-release-15.12.1.zap
-https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.14.1/spiderAjax-release-23.14.1.zap
-https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v49/pscanrules-release-49.zap
-https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.23.0/retire-release-0.23.0.zap
-https://github.com/zaproxy/zap-extensions/releases/download/domxss-v15/domxss-release-15.zap
-https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v56/webdriverlinux-release-56.zap
-https://github.com/zaproxy/zap-extensions/releases/download/network-v0.9.0/network-beta-0.9.0.zap
-https://github.com/zaproxy/zap-extensions/releases/download/openapi-v34/openapi-beta-34.zap
-https://github.com/zaproxy/zap-extensions/releases/download/callhome-v0.6.0/callhome-release-0.6.0.zap
-https://github.com/zaproxy/zap-extensions/releases/download/spider-v0.4.0/spider-release-0.4.0.zap
-https://github.com/zaproxy/zap-extensions/releases/download/database-v0.1.0/database-alpha-0.1.0.zap
-https://github.com/zaproxy/zap-extensions/releases/download/oast-v0.15.0/oast-beta-0.15.0.zap
-https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.22.0/reports-release-0.22.0.zap
-https://github.com/zaproxy/zap-extensions/releases/download/replacer-v12/replacer-release-12.zap
+https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.18.0/commonlib-release-1.18.0.zap
+https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v58/ascanrules-release-58.zap
+https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.15.0/selenium-release-15.15.0.zap
+https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.17.0/spiderAjax-release-23.17.0.zap
+https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v52/pscanrules-release-52.zap
+https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.26.0/retire-release-0.26.0.zap
+https://github.com/zaproxy/zap-extensions/releases/download/domxss-v18/domxss-release-18.zap
+https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v64/webdriverlinux-release-64.zap
+https://github.com/zaproxy/zap-extensions/releases/download/network-v0.12.0/network-beta-0.12.0.zap
+https://github.com/zaproxy/zap-extensions/releases/download/openapi-v37/openapi-beta-37.zap
+https://github.com/zaproxy/zap-extensions/releases/download/callhome-v0.8.0/callhome-release-0.8.0.zap
+https://github.com/zaproxy/zap-extensions/releases/download/spider-v0.7.0/spider-release-0.7.0.zap
+https://github.com/zaproxy/zap-extensions/releases/download/database-v0.3.0/database-alpha-0.3.0.zap
+https://github.com/zaproxy/zap-extensions/releases/download/oast-v0.17.0/oast-beta-0.17.0.zap
+https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.26.0/reports-release-0.26.0.zap
+https://github.com/zaproxy/zap-extensions/releases/download/replacer-v15/replacer-release-15.zap
diff --git a/sechub-pds-solutions/owaspzap/env b/sechub-pds-solutions/owaspzap/env
@@ -6,8 +6,8 @@ BASE_IMAGE="ghcr.io/mercedes-benz/sechub/pds-base"
 # See: https://github.com/mercedes-benz/sechub/releases/
 OWASPZAP_WRAPPER_VERSION="1.3.1"
 # See: https://github.com/zaproxy/zaproxy/releases/latest
-OWASPZAP_VERSION="2.13.0"
-OWASPZAP_SHA256SUM="24dfba87278515e3dabe8d24c259981cd812a8f6e66808c956104c3283d91d9d"
+OWASPZAP_VERSION="2.14.0"
+OWASPZAP_SHA256SUM="219d7f25bbe25247713805ab02cc12279898c870743c1aae3c2b0b1882191960"
 
 PDS_START_MODE=localserver
 ADMIN_USERID=admin