ZAP SCAN: Jenkins Job failed (url_not_in_context) - jenkins

I have installed ZAP plugin on Jenkins and downloaded ZAP-Proxy WAR file in Jenkins Server(ubuntu)
and configured as jenkins job but its giving error when I execute the Job
4051 [ZAP-ProxyThread-15] WARN org.zaproxy.zap.extension.api.API - Bad request to API endpoint [/xml/spider/action/scanAsUser/] from [127.0.0.1]:
The provided url is not in the required context (url_not_in_context) : url
at org.zaproxy.zap.extension.spider.SpiderAPI.scanURL(SpiderAPI.java:508)
at org.zaproxy.zap.extension.spider.SpiderAPI.handleApiAction(SpiderAPI.java:283)
at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:506)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:499)
at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335)
at java.lang.Thread.run(Thread.java:748)
ERROR: org.zaproxy.clientapi.core.ClientApiException: The provided url is not in the required context

There is a property named Include in Context in job.
Found under: Build > Session Properties > Include in Context
If you have your starting point like
http://<IP/Host>:port/context1/context2/
under attack mode.
Keep Include in Context configured as
http://<IP/Host>:port/.*
so as to consider that URL as valid context with anything changing after /.

Related

Jenkins with Azure AD integration fails with "A problem occurred while processing the request"

There is lot of help available. Not able to fix it. After I enter my user name and password.
Jenkins with Azure AD login is successful and it return the token also. After that it fails with "A problem occurred while processing the request". Login is successful when I see the Azure side and jenkins ui prints token also.
When I see the error logs, I see
javax.net.ssl|DEBUG|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:53.374 EDT|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=login.microsoftonline.com) was replaced with (type=host_name (0), value=login.microsoftonline.com)
2021-07-15 23:36:55.398+0000 [id=326] INFO c.m.a.a.AuthenticationAuthority#doInstanceDiscovery: [Correlation ID: e11160be-50c3-43d7-96a8-dc02c3cc2b2c] Instance discovery was successful
javax.net.ssl|ERROR|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:55.769 EDT|TransportContext.java:344|Fatal **** (CERTIFICATE_UNKNOWN): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (
"throwable" : {
Also
javax.net.ssl|DEBUG|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:55.773 EDT|SSLSocketImpl.java:1569|close the underlying socket
javax.net.ssl|DEBUG|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:55.773 EDT|SSLSocketImpl.java:1588|close the SSL connection (initiative)
2021-07-15 23:36:55.787+0000 [id=19] SEVERE c.m.j.azuread.AzureSecurityRealm#doFinishLogin: error
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have imported certs for login.microsoftonline.com and portal.azure.com, my jenkins.xml has
-Djavax.net.ssl.trustStore="C:\Program Files (x86)\Jenkins\.cacerts\jssecacerts" -Djavax.net.ssl.trustStorePassword=changeit
Not sure what website it says "unable to find valid certification path to requested target"
As posted in another entry in stack overflow I'd try to debug what is happening with your trustStore with something like:
java -Djavax.net.debug=all -Djavax.net.ssl.trustStore="C:\Program Files (x86)\Jenkins\.cacerts\jssecacerts" -Djavax.net.ssl.trustStorePassword=changeit
You may want to have a look at this post

Jenkins - No valid crumb was included in request

Jenkins - 2.263.1(LTS) deployed through tomcat on CentOS-8.2and have Nginx reverse proxy running in-front of Jenkins.
Under Manage Jenkins > Configure Systems - Apply and Save not working, Due to this error, i cannot Apply (or) Save any of my configurations, It always shows below error on browser (Firefox & Chrome).
HTTP Status 403 – Forbidden
Type Status Report
Message No valid crumb was included in the request
Description The server understood the request but refuses to authorize
it. Apache Tomcat/9.0.30
Also Jenkins > Manage Jenkins > Configure Global Security - Apply works. But Save not working this too results same above given error.
Systems log error message.
Feb 19, 2021 10:56:05 AM WARNING hudson.security.csrf.CrumbFilter
doFilter No valid crumb was included in request for
/jenkins/configSubmit by ankit.sahu. Returning 403.
Workaround tried:-
1) Under Configure Global security > CSRF Protection > Enable proxy compatibility( Tick marked Enabled). - Didn't work so disabled with below command.
2) hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = true - Even this didn't solve the problem.
3) Installed the Strict Crumb Issuer plugin.
Enabled this plugin and unchecked Check the session ID from its configuration (Under Jenkins Configure Global Security).
4) Restated the Jenkins.
Even tried by adding below in /apache-tomcat-9.0.30/conf/tomcat-users.xml file.
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="user" password="password" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
</tomcat-users>
However still experiencing same problem. I don't know how to fix it, Can someone help me?
You can (temporarily) disable CSRF with below groovy script. Go to Manage Jenkins >> Script Console, then execute the below groovy script.
import jenkins.model.Jenkins
def instance = Jenkins.instance
instance.setCrumbIssuer(null)
The nonces embedded into web output from Jenkins with CSRF protection are based (at least in part as I've read) on values from the requesting client. In addition to making sure your reverse proxy is correctly configured to pass X-Forwarded-For and X-Forwarded-Proto, make sure that Tomcat valve is in place to expose those header values in the servlet request API so Jenkins has access to them.
Add the following to $CATALINA_BASE/conf/server.xml, subordinate to the <Host> element:
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" />
ref: https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-troubleshooting/
ref: https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/
ref: https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_IP_Valve
If you're using jenkinsapi, I resolved this error by specifying useCrumb=True in the constructor:
j = Jenkins(base_url, username=username, password=password, useCrumb=True)

Jenkins fails when starting in WebSphere: NullPointerException in WebApp.getInitParameter()

I have WebSphere 8.5.5.9 and want to run Jenkins on it, because of that, I have installed jenkins.war (the last version 2.19.2), but when I try to start it, I get the error bellow and the application(Jenkins) doesn't start.
OS: Red Hat Enterprise Linux Server release 6.7 (Santiago) - 64 bits
[11/14/16 14:34:55:824 EST] 0000007c BootFailure E Failed to initialize Jenkins
hudson.util.HudsonFailedToLoad: java.lang.NullPointerException
at hudson.WebAppMain$3.run(WebAppMain.java:248)
Caused by: java.lang.NullPointerException
at com.ibm.ws.webcontainer.webapp.WebApp.getInitParameter(WebApp.java:2791)
at com.ibm.wsspi.webcontainer.facade.ServletContextFacade.getInitParameter(ServletContextFacade.java:264)
at jenkins.util.SystemProperties.tryGetValueFromContext(SystemProperties.java:322)
at jenkins.util.SystemProperties.getString(SystemProperties.java:121)
at jenkins.util.SystemProperties.getInteger(SystemProperties.java:258)
at jenkins.model.Jenkins.<init>(Jenkins.java:599)
at hudson.model.Hudson.<init>(Hudson.java:85)
at hudson.model.Hudson.<init>(Hudson.java:81)
at hudson.WebAppMain$3.run(WebAppMain.java:231)
Does somebody have any idea what could be the rouse cause?
Thanks
Looking into other log from WebSphere I found an erro like this:
restricted programmatic session cookie
looking new solutions to this new error, I found a solution:
Just remove on item from programmatic session cookie configuration
Cookie Domain:*
Cookie Name: "JSESSIONID"
Cookie Path: /
from:
Security > Global security > Programmatic session cookie configuration.
After that, I could start Jenkins with success.

Error when queing build with sonarqube. Unauthorized

I am trying to integrate sonarqube with TFS, I created a build definition with only one step, the sonar qube integration, based on this tutorial:
https://blogs.msdn.microsoft.com/visualstudioalm/2015/08/24/build-tasks-for-sonarqube-analysis/
I know my sonarqube is already setup, because I can access it through the browser and the database is correctly setup.
However I am getting this error:
14:45:53.684 Default properties file was not found at C:\BuildAgents\DefaultBuildAgent\5\.sonarqube\bin\SonarQube.Analysis.xml
14:45:53.762 Updating build integration targets...
14:45:53.84 Fetching analysis configuration settings...
Unhandled Exception: System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
at System.Net.WebClient.DownloadString(Uri address)
at System.Net.WebClient.DownloadString(String address)
at SonarQube.TeamBuild.PreProcessor.WebClientDownloader.Download(String url)
at SonarQube.TeamBuild.PreProcessor.SonarWebService.GetProperties(String projectKey, String projectBranch)
at SonarQube.TeamBuild.PreProcessor.TeamBuildPreProcessor.FetchArgumentsAndRulesets(ISonarQubeServer server, ProcessedArgs args, TeamBuildSettings settings, IDictionary`2& serverSettings, AnalyzerSettings& analyzerSettings)
at SonarQube.TeamBuild.PreProcessor.TeamBuildPreProcessor.DoExecute(ProcessedArgs args)
at SonarQube.TeamBuild.PreProcessor.TeamBuildPreProcessor.Execute(String[] args)
at SonarQube.TeamBuild.PreProcessor.Program.Main(String[] args)
Pre-processing succeeded.
Unexpected exit code received from batch file: 255
******************************************************************************
Finishing task: SonarQubePreBuild
******************************************************************************
Task SonarQubePreBuild failed. This caused the job to fail. Look at the logs for the task for more details.
******************************************************************************
Finishing Build
******************************************************************************
Worker Worker-28c6fdb7-9350-4b65-bbba-0e9aab5e0e83 finished running job 28c6fdb7-9350-4b65-bbba-0e9aab5e0e83
You need to specify the authentication token in the SonarQube service endpoint in TFS: click!
To obtain a user token in SonarQube follow these steps
Be sure the sonar.login and sonar.password properties in SonarQube.Analysis.xml are commented out, otherwise the token won't be used.

Jenkins-Testlink integration - HTTP server returned unexpected status: Found

I’m trying to connect Jenkins (1.482) with TestLink (1.9.4) thru Jenkins configuration in order to retrieve tests, but while running the job in Jenkins I get the below error in the console log.
Please note that Jenkins is hosted on tomcat (linux) on network“gnb” and Testlink is hosted on php (linux) on another network “<company network name>”. It works well when both are on my localhost (in windows)
but this integration does not work when both Jenkins and TestLink are on separate networks/hosts.
I get the below error on the console while running the job:
Preparing TestLink client API.
Using TestLink URL: http://<hostname>/mr61_php5/testlink/lib/api/xmlrpc.php
FATAL: Error verifying developer key: HTTP server returned unexpected status: Found
br.eti.kinoshita.testlinkjavaapi.util.TestLinkAPIException: Error verifying developer key: HTTP server returned unexpected status: Found
at br.eti.kinoshita.testlinkjavaapi.MiscService.checkDevKey(MiscService.java:66)
at br.eti.kinoshita.testlinkjavaapi.TestLinkAPI.(TestLinkAPI.java:162)
at hudson.plugins.testlink.TestLinkBuilder.getTestLinkSite(TestLinkBuilder.java:244)
at hudson.plugins.testlink.TestLinkBuilder.perform(TestLinkBuilder.java:134)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:19)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:717)
at hudson.model.Build$BuildExecution.build(Build.java:199)
at hudson.model.Build$BuildExecution.doRun(Build.java:160)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499)
at hudson.model.Run.execute(Run.java:1502)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:236)
Caused by: org.apache.xmlrpc.client.XmlRpcHttpTransportException: HTTP server returned unexpected status: Found
at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.getInputStream(XmlRpcSunHttpTransport.java:94)
at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:152)
at org.apache.xmlrpc.client.XmlRpcHttpTransport.sendRequest(XmlRpcHttpTransport.java:143)
at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.sendRequest(XmlRpcSunHttpTransport.java:69)
at org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:56)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:167)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:158)
at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:147)
at br.eti.kinoshita.testlinkjavaapi.BaseService.executeXmlRpcCall(BaseService.java:90)
at br.eti.kinoshita.testlinkjavaapi.MiscService.checkDevKey(MiscService.java:62)
... 12 more
ERROR: Error communicating with TestLink. Check your TestLink configuration.
I have below settings in my Jenkins’s global configuration for Testlink installation
Name: testlink
URL: http://<host name>/mr61_php5/testlink/lib/api/xmlrpc.php
Developer key: generated from Testlink (Settings->Generate a new key)
Can you please point me if I miss something?
Usually in the Testlink folder structure, the path that you have mentioned, does not contain the xmlrpc.php file
Probabaly worng URL: URL: http:///mr61_php5/testlink/lib/api/
The correct URL is usually of this format
.../testlink/lib/api/xmlrpc//xmlrpc.php
Kindly check the correct URL, or try opening the xmlrpc.php page, so that you can get the correct path of the file. As per my assumption it should be somewhat like this:
http:///mr61_php5/testlink/lib/api/xmlrpc/xmlrpc.php
Good answer In my case it is as below...
http://IP:PORT/testlink/lib/api/xmlrpc/v1/xmlrpc.php in 1.9.11 version of testlink

Resources