From 5287b1ff5284a80876eaabcc68990977579ea66e Mon Sep 17 00:00:00 2001 From: Simon Bennetts Date: Fri, 5 May 2023 17:20:13 +0200 Subject: [PATCH] Don't install/update add-ons if '-silent' option specified Signed-off-by: Simon Bennetts --- docker/CHANGELOG.md | 3 +++ docker/zap-api-scan.py | 27 +++++++++++++++++--------- docker/zap-baseline.py | 43 ++++++++++++++++++++++++----------------- docker/zap-full-scan.py | 42 ++++++++++++++++++++++++---------------- 4 files changed, 71 insertions(+), 44 deletions(-) diff --git a/docker/CHANGELOG.md b/docker/CHANGELOG.md index dc35a03900b..6bbd5dbb98c 100644 --- a/docker/CHANGELOG.md +++ b/docker/CHANGELOG.md @@ -1,6 +1,9 @@ # Changelog All notable changes to the docker containers will be documented in this file. +### 2023-05-05 + - Do not install/update add-ons if ZAP '-silent' option specified (Issue 4633). + ### 2023-02-03 - Alert_on_Unexpected_Content_Types.js > Added Content-Type application/hal+json to the list of expected types. diff --git a/docker/zap-api-scan.py b/docker/zap-api-scan.py index 2f28a0772e0..b62a977557f 100755 --- a/docker/zap-api-scan.py +++ b/docker/zap-api-scan.py @@ -246,6 +246,10 @@ def main(argv): usage() sys.exit(3) + if "-silent" in zap_options and zap_alpha: + logging.warning('You cannot use the \'-a\' option with the ZAP \'-silent\' option') + sys.exit(3) + if running_in_docker(): base_dir = '/zap/wrk/' if config_file or generate or report_html or report_xml or report_json or report_md or progress_file or context_file: @@ -329,13 +333,15 @@ def main(argv): if running_in_docker(): try: - params = [ - '-addonupdate', - '-addoninstall', 'pscanrulesBeta'] # In case we're running in the stable container + params = [] - if zap_alpha: - params.append('-addoninstall') - params.append('pscanrulesAlpha') + if "-silent" not in zap_options: + params.append('-addonupdate') + # In case we're running in the stable container + params.extend(['-addoninstall', 'pscanrulesBeta']) + + if zap_alpha: + params.extend(['-addoninstall', 'pscanrulesAlpha']) add_zap_options(params, zap_options) @@ -351,10 +357,13 @@ def main(argv): if context_file: mount_dir = os.path.dirname(os.path.abspath(context_file)) - params = ['-addonupdate'] + params = [] + + if "-silent" not in zap_options: + params.append('-addonupdate') - if (zap_alpha): - params.extend(['-addoninstall', 'pscanrulesAlpha']) + if (zap_alpha): + params.extend(['-addoninstall', 'pscanrulesAlpha']) add_zap_options(params, zap_options) diff --git a/docker/zap-baseline.py b/docker/zap-baseline.py index dcbc1fb7ede..92eb78d5839 100755 --- a/docker/zap-baseline.py +++ b/docker/zap-baseline.py @@ -285,6 +285,10 @@ def main(argv): usage() sys.exit(3) + if "-silent" in zap_options and zap_alpha: + logging.warning('You cannot use the \'-a\' option with the ZAP \'-silent\' option') + sys.exit(3) + if running_in_docker(): base_dir = '/zap/wrk/' if config_file or generate or report_html or report_xml or report_json or report_md or progress_file or context_file: @@ -402,13 +406,13 @@ def main(argv): logging.warning('Unable to copy yaml file to ' + yaml_copy_file + ' ' + str(err)) try: - # Run ZAP inline to update the add-ons - install_opts = ['-addonupdate', '-addoninstall', 'pscanrulesBeta'] - if zap_alpha: - install_opts.append('-addoninstall') - install_opts.append('pscanrulesAlpha') + if "-silent" not in zap_options: + # Run ZAP inline to update the add-ons + install_opts = ['-addonupdate', '-addoninstall', 'pscanrulesBeta'] + if zap_alpha: + install_opts.extend(['-addoninstall', 'pscanrulesAlpha']) - run_zap_inline(port, install_opts) + run_zap_inline(port, install_opts) # Run ZAP inline with the yaml file params = ['-autorun', yaml_file] @@ -453,14 +457,15 @@ def main(argv): else: try: - params = [ - '-config', 'spider.maxDuration=' + str(mins), - '-addonupdate', - '-addoninstall', 'pscanrulesBeta'] # In case we're running in the stable container + params = ['-config', 'spider.maxDuration=' + str(mins)] + + if "-silent" not in zap_options: + params.append('-addonupdate') + # In case we're running in the stable container + params.extend(['-addoninstall', 'pscanrulesBeta']) - if zap_alpha: - params.append('-addoninstall') - params.append('pscanrulesAlpha') + if zap_alpha: + params.extend(['-addoninstall', 'pscanrulesAlpha']) add_zap_options(params, zap_options) @@ -476,12 +481,14 @@ def main(argv): if context_file: mount_dir = os.path.dirname(os.path.abspath(context_file)) - params = [ - '-config', 'spider.maxDuration=' + str(mins), - '-addonupdate'] - if (zap_alpha): - params.extend(['-addoninstall', 'pscanrulesAlpha']) + params = ['-config', 'spider.maxDuration=' + str(mins)] + + if "-silent" not in zap_options: + params.append('-addonupdate') + + if (zap_alpha): + params.extend(['-addoninstall', 'pscanrulesAlpha']) add_zap_options(params, zap_options) diff --git a/docker/zap-full-scan.py b/docker/zap-full-scan.py index 4ae62bafa66..8188cccc2f1 100755 --- a/docker/zap-full-scan.py +++ b/docker/zap-full-scan.py @@ -224,6 +224,10 @@ def main(argv): usage() sys.exit(3) + if "-silent" in zap_options and zap_alpha: + logging.warning('You cannot use the \'-a\' option with the ZAP \'-silent\' option') + sys.exit(3) + if running_in_docker(): base_dir = '/zap/wrk/' if config_file or generate or report_html or report_xml or report_json or report_md or progress_file or context_file: @@ -277,15 +281,17 @@ def main(argv): if running_in_docker(): try: - params = [ - '-config', 'spider.maxDuration=' + str(mins), - '-addonupdate', - '-addoninstall', 'pscanrulesBeta', # In case we're running in the stable container - '-addoninstall', 'ascanrulesBeta'] - - if zap_alpha: - params.extend(['-addoninstall', 'pscanrulesAlpha']) - params.extend(['-addoninstall', 'ascanrulesAlpha']) + params = ['-config', 'spider.maxDuration=' + str(mins)] + + if "-silent" not in zap_options: + params.append('-addonupdate') + # In case we're running in the stable container + params.extend(['-addoninstall', 'pscanrulesBeta']) + params.extend(['-addoninstall', 'ascanrulesBeta']) + + if zap_alpha: + params.extend(['-addoninstall', 'pscanrulesAlpha']) + params.extend(['-addoninstall', 'ascanrulesAlpha']) add_zap_options(params, zap_options) @@ -301,15 +307,17 @@ def main(argv): if context_file: mount_dir = os.path.dirname(os.path.abspath(context_file)) - params = [ - '-config', 'spider.maxDuration=' + str(mins), - '-addonupdate', - '-addoninstall', 'pscanrulesBeta', # In case we're running in the stable container - '-addoninstall', 'ascanrulesBeta'] + params = ['-config', 'spider.maxDuration=' + str(mins)] + + if "-silent" not in zap_options: + params.append('-addonupdate') + # In case we're running in the stable container + params.extend(['-addoninstall', 'pscanrulesBeta']) + params.extend(['-addoninstall', 'ascanrulesBeta']) - if (zap_alpha): - params.extend(['-addoninstall', 'pscanrulesAlpha']) - params.extend(['-addoninstall', 'ascanrulesAlpha']) + if (zap_alpha): + params.extend(['-addoninstall', 'pscanrulesAlpha']) + params.extend(['-addoninstall', 'ascanrulesAlpha']) add_zap_options(params, zap_options)