[英]Daemon OWASP ZAP on Azure App Service always returns code 400 - Bad Request
我正在嘗試運行 OWASP ZAP 的守護程序實例以在 Azure 應用程序服務 - 容器上使用 ZAP API。
配置鏡像為owasp/zap2docker-stable並指明啟動命令
zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.disablekey=true
我開始在 App Service 中運行以下 docker 命令(取自日志)
docker run -d --expose=8080 --name zap-tool_8_4bedc839 -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=false -e WEBSITES_PORT=8080 -e WEBSITE_SITE_NAME=zap-tool -e WEBSITE_AUTH_ENABLED=False -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=zap-*****.azurewebsites.net -e WEBSITE_INSTANCE_ID=b9972c7b5014a11146e04035fe1b8e55b22384befd7977a509e8dc0b******** -e HTTP_LOGGING_ENABLED=1 -e NODE_OPTIONS=--require /agents/node/build/src/Loader.js -e JAVA_TOOL_OPTIONS=-javaagent:/agents/java/applicationinsights-agent-codeless.jar -e StartupBootstrapper=Microsoft.ApplicationInsights.StartupBootstrapper -e DOTNET_SHARED_STORE=/agents/core/store/lin -e DOTNET_ADDITIONAL_DEPS=/agents/core/additionalDeps -e WEBSITE_USE_DIAGNOSTIC_SERVER=False owasp/zap2docker-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.disablekey=true
在日志中加載腳本后,我發現消息說服務器正在偵聽,但在第一次調用(應用程序服務發出的虛擬調用)時,我們收到了bad request響應,並且像這樣發出了以下所有請求(甚至是獲取服務器根目錄)
2023-01-19T09:47:17.840154581Z 105098 [ZAP-daemon] INFO org.zaproxy.addon.network.ExtensionNetwork - ZAP is now listening on 0.0.0.0:8080
2023-01-19T09:47:19.599466935Z 106791 [ZAP-IO-Server-1-1] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/robots933456.txt] from [169.254.130.1]:
2023-01-19T09:47:19.599494735Z org.zaproxy.zap.extension.api.ApiException: bad_format
2023-01-19T09:47:19.599499835Z at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:438) ~[zap-2.12.0.jar:2.12.0]
2023-01-19T09:47:19.599504035Z at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleApiRequest(ZapApiHandler.java:100) ~[?:?]
2023-01-19T09:47:19.599518235Z at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleRequest(ZapApiHandler.java:74) ~[?:?]
2023-01-19T09:47:19.599529835Z at org.zaproxy.addon.network.internal.server.http.handlers.ZapApiHandler.handleMessage(ZapApiHandler.java:59) ~[?:?]
2023-01-19T09:47:19.599533235Z at org.zaproxy.addon.network.internal.server.http.MainServerHandler.notifyMessageHandlers(MainServerHandler.java:147) ~[?:?]
2023-01-19T09:47:19.599536335Z at org.zaproxy.addon.network.internal.server.http.MainServerHandler.processMessage(MainServerHandler.java:129) ~[?:?]
2023-01-19T09:47:19.599539435Z at org.zaproxy.addon.network.internal.server.http.LocalServerHandler.processMessage(LocalServerHandler.java:66) ~[?:?]
2023-01-19T09:47:19.599542435Z at org.zaproxy.addon.network.internal.server.http.MainServerHandler.process(MainServerHandler.java:94) ~[?:?]
2023-01-19T09:47:19.599545535Z at org.zaproxy.addon.network.internal.server.http.MainServerHandler.lambda$channelRead0$0(MainServerHandler.java:82) ~[?:?]
2023-01-19T09:47:19.599548535Z at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
2023-01-19T09:47:19.599551535Z at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
2023-01-19T09:47:19.599554535Z at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[?:?]
2023-01-19T09:47:19.599557635Z at java.lang.Thread.run(Thread.java:829) ~[?:?]
2023-01-19T09:47:19.599560535Z Caused by: java.lang.IllegalArgumentException: No enum constant org.zaproxy.zap.extension.api.API.Format.ROBOTS933456.TXT
2023-01-19T09:47:19.599563635Z at java.lang.Enum.valueOf(Enum.java:240) ~[?:?]
2023-01-19T09:47:19.599566535Z at org.zaproxy.zap.extension.api.API$Format.valueOf(API.java:62) ~[zap-2.12.0.jar:2.12.0]
2023-01-19T09:47:19.599569635Z at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:417) ~[zap-2.12.0.jar:2.12.0]
2023-01-19T09:47:19.599572636Z ... 12 more
什么可能導致此錯誤? 什么可能導致錯誤java.lang.IllegalArgumentException: No enum constant org.zaproxy.zap.extension.api.API.Format.ROBOTS933456.TXT ?
這表明您(或至少某事)向 ZAPI API 發出了無效請求:
對 API 端點的錯誤請求 [/robots933456.txt]
要么不要發出這樣的請求,要么忽略錯誤:)
僅供參考,使用自動化框架而不是通過 API 控制 ZAP 可能更容易。
Azure 應用服務某些請求返回 400 錯誤請求。 由於語法格式錯誤,服務器無法理解該請求
[英]Azure app service some requests returns 400 Bad Request. The request could not be understood by the server due to malformed syntax
Context.ExecuteQuery() 適用於本地計算機,但不適用於 Azure Function 應用程序。 返回錯誤 (400) 錯誤請求。 Sharepoint CSOM
[英]Context.ExecuteQuery() works on local machine but not in Azure Function app. Returns Error (400) Bad Request. Sharepoint CSOM
在 Azure Runbook 中添加 CC 以發送 email SendGrid JSON 時出現 400 錯誤請求
[英]400 Bad Request when adding CC for send email SendGrid JSON in Azure Runbook
OWASP ZAP - SSLHandshakeException:收到致命警報:handshake_failure
[英]OWASP ZAP - SSLHandshakeException: Received fatal alert: handshake_failure
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.