Merge pull request #3738 from mercedes-benz/develop

Merge `develop` into `master` for zap wrapper hotfix
mercedes-benz · Dec 13, 2024 · ec64246 · ec64246
2 parents 4216f3c + b870036
commit ec64246
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 14 deletions.
diff --git a/sechub-pds-solutions/owaspzap/env b/sechub-pds-solutions/owaspzap/env
@@ -4,7 +4,7 @@
 BASE_IMAGE="ghcr.io/mercedes-benz/sechub/pds-base"
 
 # See: https://github.com/mercedes-benz/sechub/releases/
-OWASPZAP_WRAPPER_VERSION="1.7.0"
+OWASPZAP_WRAPPER_VERSION="1.7.1"
 # See: https://github.com/zaproxy/zaproxy/releases/latest
 OWASPZAP_VERSION="2.15.0"
 OWASPZAP_SHA256SUM="6410e196baab458a9204e29aafb5745fca003a2a6c0386f2c6e5c04b67621fa7"

diff --git a/...-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/internal/scan/ClientApiWrapper.java b/...-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/internal/scan/ClientApiWrapper.java
@@ -16,6 +16,7 @@
 
 public class ClientApiWrapper {
 
+    public static final String ZAP_CONNECTION_REFUSED = "Connection refused";
     private static final String URL_KEY = "url";
     private static final String STATUS_CODE_KEY = "statusCode";
     private static final String STATUS_REASON_KEY = "statusReason";
@@ -141,19 +142,20 @@ public ApiResponse setSpiderMaxDepth(int maxDepth) throws ClientApiException {
      * @return <code>true</code> if the rule was a passive rule and was deactivated,
      *         <code>false</code> if the rule was not a passive rule and was not
      *         deactivated
-     * @throws ClientApiException when anything goes wrong communicating with ZAP
+     * @throws ClientApiException when communication with ZAP is not possible
      */
     public boolean disablePassiveScannerRule(String ruleId) throws ClientApiException {
         try {
             clientApi.pscan.disableScanners(ruleId);
             LOG.info("Passive scanner rule: {}, was deactivated", ruleId);
             return true;
         } catch (ClientApiException e) {
-            if (e.getMessage().equalsIgnoreCase("Provided parameter has illegal or unrecognized value")) {
-                LOG.info("Rule with id: {} was not a passive scanner rule.", ruleId);
-                return false;
+            if (e.getMessage().equalsIgnoreCase(ZAP_CONNECTION_REFUSED)) {
+                throw e;
             }
-            throw e;
+            LOG.warn("ZAP backend error: {}", e.getMessage());
+            LOG.warn("Rule with id: {} was not a passive scanner rule.", ruleId);
+            return false;
         }
     }
 
@@ -166,7 +168,7 @@ public boolean disablePassiveScannerRule(String ruleId) throws ClientApiExceptio
      * @return <code>true</code> if the rule was a passive rule and was deactivated,
      *         <code>false</code> if the rule was not a passive rule and was not
      *         deactivated
-     * @throws ClientApiException when anything goes wrong communicating with ZAP
+     * @throws ClientApiException when communication with ZAP is not possible
      */
     public boolean disableActiveScannerRuleForDefaultPolicy(String ruleId) throws ClientApiException {
         try {
@@ -175,11 +177,12 @@ public boolean disableActiveScannerRuleForDefaultPolicy(String ruleId) throws Cl
             LOG.info("Active scanner rule: {}, was deactivated", ruleId);
             return true;
         } catch (ClientApiException e) {
-            if (e.getMessage().equalsIgnoreCase("Provided parameter has illegal or unrecognized value")) {
-                LOG.info("Rule with id: {} was not an active scanner rule.", ruleId);
-                return false;
+            if (e.getMessage().equalsIgnoreCase(ZAP_CONNECTION_REFUSED)) {
+                throw e;
             }
-            throw e;
+            LOG.warn("ZAP backend error: {}", e.getMessage());
+            LOG.warn("Rule with id: {} was not an active scanner rule.", ruleId);
+            return false;
         }
     }
 

diff --git a/...java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginSessionConfigurator.java b/...java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginSessionConfigurator.java
@@ -69,21 +69,21 @@ public void cleanUpOldSessionDataIfNecessary(String targetUrl, ClientApiWrapper
         try {
             clientApiWrapper.removeHTTPSession(targetUrl, SESSION_IDENTIFIER);
         } catch (ClientApiException e) {
-            if (e.getMessage().equalsIgnoreCase("Connection refused")) {
+            if (e.getMessage().equalsIgnoreCase(ClientApiWrapper.ZAP_CONNECTION_REFUSED)) {
                 throw e;
             }
         }
         try {
             clientApiWrapper.removeHTTPSessionToken(targetUrl, SESSION_TOKEN_IDENTIFIER);
         } catch (ClientApiException e) {
-            if (e.getMessage().equalsIgnoreCase("Connection refused")) {
+            if (e.getMessage().equalsIgnoreCase(ClientApiWrapper.ZAP_CONNECTION_REFUSED)) {
                 throw e;
             }
         }
         try {
             clientApiWrapper.removeReplacerRule(JWT_REPLACER_DESCRIPTION);
         } catch (ClientApiException e) {
-            if (e.getMessage().equalsIgnoreCase("Connection refused")) {
+            if (e.getMessage().equalsIgnoreCase(ClientApiWrapper.ZAP_CONNECTION_REFUSED)) {
                 throw e;
             }
         }