Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZAP wrapper shall use template data #3710

Closed
winzj opened this issue Dec 6, 2024 · 0 comments · Fixed by #3715
Closed

ZAP wrapper shall use template data #3710

winzj opened this issue Dec 6, 2024 · 0 comments · Fixed by #3715
Assignees
@winzj
Labels
webscan zap wrapper
Milestone
ZAP Wrapper 1.7.0

Comments

@winzj
Copy link
Member

winzj commented Dec 6, 2024
edited
Loading

Situation

With #3545 we are now able to use template data inside pds-solutions.

Wanted

Make use of the template data to enable script authentication in pds-owaspzap solution.

Solution

  • the script file must be correctly loaded from the extracted directory
  • the template webscans always use the template variables username and password for pds-owaspzap solution
  • make sure the path to the script is exported as environment variable in the owasp-zap.sh script if it exists
  • document the following requirements on the pds-solution side:
    • the script file is always called script.groovy
    • the variables username and password must be present for template webscans. The value of username can be any user identification like an ID, an email or a name.
@winzj winzj added this to the ZAP Wrapper 1.7.0 milestone Dec 6, 2024
@winzj winzj self-assigned this Dec 6, 2024
winzj added a commit that referenced this issue Dec 9, 2024
@winzj
Use tempalte data for script authentication #3710
409aa0d 
- resolve template data variables
- validate configuration
- add test cases
- update pds solutions to make use of script authentication file if it exists
- add documentation for pds solution
- small improvements to error handling
@winzj winzj mentioned this issue Dec 9, 2024
Merged
winzj added a commit that referenced this issue Dec 12, 2024
@winzj
Use template data for script authentication #3710 (#3715)
20749ba 
* Use tempalte data for script authentication #3710

- resolve template data variables
- validate configuration
- add test cases
- update pds solutions to make use of script authentication file if it exists
- add documentation for pds solution
- small improvements to error handling
- add new exit code for command line parsing errors
- add dedicated exception for wrong ZAP wrapper configuration
- updated command line parser to return settings and create scan context
  in an additional step
- improve exception handling of cli
- update test cases
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@winzj winzj

Labels
webscan zap wrapper
Projects
None yet
Milestone
ZAP Wrapper 1.7.0
Development

Successfully merging a pull request may close this issue.

Use template data for script authentication #3710 mercedes-benz/sechub
1 participant
@winzj