I was doing Zap test on two .Net micro services and automated the process with Git Actions, The work flow was running fine without any error but as soon as I updated the code base and added feature flags in my code it returned above mentioned error. Below is the .py file
#!/usr/bin/env python
import time
import datetime
import os
import requests
from pprint import pprint
from pprint import pprint
from zapv2 import ZAPv2
from zapv2 import ZAPv2 as ZAP
from selenium.webdriver.firefox.options import Options as FirefoxOptions
# The URL of the application to be tested
target = 'http://localhost:5074/hello'
# Change to match the API key set in ZAP, or use None if the API key is
disabled
apiKey = 'xxxxxxxxxxxxxxx'
firefox_options = FirefoxOptions()
firefox_options.headless = True
# By default ZAP API client will connect to port 8080
# zap = ZAPv2(apikey=apiKey)
# Use the line below if ZAP is not listening on port 8080, for example,
if listening on port 8090
zap = ZAPv2(apikey=apiKey, proxies={'http': 'http://127.0.0.1:8090',
'https': 'http://127.0.0.1:8090'})
print('Spidering target {}'.format(target))
# The scan returns a scan id to support concurrent scanning
scanID = zap.spider.scan(target)
while int(zap.spider.status(scanID)) < 100:
# Poll the status until it completes
print('Spider progress %: {}'.format(zap.spider.status(scanID)))
time.sleep(1)
print('Spider has completed!')
# Prints the URLs the spider has crawled
print('\n'.join(map(str, zap.spider.results(scanID))))
# If required post process the spider results
# TODO: Explore the Application more with Ajax Spider or Start scanning
the application for vulnerabilities
print('Ajax Spider target {}'.format(target))
scanID = zap.ajaxSpider.scan(target)
timeout = time.time() + 60*2 # 2 minutes from now
# Loop until the ajax spider has finished or the timeout has exceeded
while zap.ajaxSpider.status == 'running':
if time.time() > timeout:
break
print('Ajax Spider status' + zap.ajaxSpider.status)
time.sleep(2)
print('Ajax Spider completed')
ajaxResults = zap.ajaxSpider.results(start=0, count=10)
# If required perform additional operations with the Ajax Spider results
# TODO: Start scanning the application to find vulnerabilities
print('Active Scanning target {}'.format(target))
scanID = zap.ascan.scan(target)
print(scanID)
print(zap.ascan.status(scanID))
while int(zap.ascan.status(scanID)) < 100:
# Loop until the scanner has finished
print('Scan progress %: {}'.format(zap.ascan.status(scanID)))
time.sleep(25)
print('Active Scan completed')
# Print vulnerabilities found by the scanning
print('Hosts: {}'.format(', '.join(zap.core.hosts)))
print('Alerts: ')
pprint(zap.core.alerts(baseurl=target))
###########
alerts = zap.core.alerts(baseurl=target)
print('Alerts: ')
pprint(alerts)
with open("zap-alerts.txt", "w") as f:
f.write("Alerts:\n")
for alert in alerts:
f.write(str(alert) + "\n")
# Shut down ZAP
zap.core.shutdown()
Below is the specific error I am encountering
Ajax Spider completed
Active Scanning target http://localhost:5074/hello
url_not_found
does_not_exist
Traceback (most recent call last):
File "/home/cl/Desktop/Feature-toggling /sample-services/Sample-services/zap-testing.py", line 60, in <module>
while int(zap.ascan.status(scanID)) < 100:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: invalid literal for int() with base 10: 'does_not_exist'
I searched for alternative way to convert the following to int but I failed, Can anyone please guide me with this error.
The issue was with the docker compose file as after adjusting the flags the services utilized port 8080 instead of 80. I updated it an all is fine now.