Reporting does not work gives python error
Closed this issue · 3 comments
Scanning works perfectly, but when I try to create a report after scan into xml or html it gives me a python error.
I am trying to script the zap-cli that it wil scan automaticlly and give me an xml report which I can inject into my html page every day to monitor the page.
zap-cli report
Traceback (most recent call last):
File "/usr/local/bin/zap-cli", line 11, in
sys.exit(cli())
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 664, in call
return self.main(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 644, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 991, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 837, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 464, in invoke
return callback(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/click/decorators.py", line 26, in new_func
return ctx.invoke(f, ctx.obj, *args[1:], **kwargs)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 464, in invoke
return callback(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/zapcli/cli.py", line 265, in report
zap_helper.xml_report(output)
File "/usr/local/lib/python2.7/dist-packages/zapcli/zap_helper.py", line 399, in xml_report
report = self.zap.core.xmlreport(apikey=self.api_key)
File "/usr/local/lib/python2.7/dist-packages/zapv2/core.py", line 432, in xmlreport
return (self.zap._request_other(self.zap.base_other + 'core/other/xmlreport/', {'apikey': apikey}))
File "/usr/local/lib/python2.7/dist-packages/zapv2/init.py", line 170, in _request_other
data = self._request_api(url, get)
File "/usr/local/lib/python2.7/dist-packages/zapv2/init.py", line 149, in _request_api
return self.session.get(url, params=query, proxies=self.__proxies, verify=False)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 501, in get
return self.request('GET', url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 473, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine("''",))
Hi. Is ZAP definitely running and listening on the right port when you call the report command? If you run zap-cli status after you see this error, does it state ZAP is running? And what is the scan command you run before running the report command?
Hi Grunny,
Yes it does say it's running, problem is I am trying to run the comman to run zap and at the saem time whne it finish to write a report> something like this: zap-cli --zap-path /usr/share/zaproxy --port 8090 --api-key 123456789 --verbose quick-scan --self-contained --spider -r http://demo.testfire.net/ report --output test.xml
If you're using --self-contained with quick-scan then it would shutdown ZAP before the report command was run. You can run commands one after the other (with either your path, port, etc. set in the commands or in environment variables), i.e.
zap-cli -v start
zap-cli -v quick-scan --spider -r http://demo.testfire.net/
zap-cli -v report --output test.xml --format xml
zap-cli -v shutdown
And you could make this a one-liner by joining those commands with && if you need that.
The error you were receiving requests.exceptions.ConnectionError: ('Connection aborted.', BadStatusLine("''",)) is usually because you didn't provide an API key (or provide an incorrect one), so I'd also make sure you pass the API key to the report command with --api-key or by setting it in the ZAP_API_KEY environment variable so that you don't need to pass it with each command.