I am passing the 90019 scanner, for SOAP injection, into a zap script, but it is not running it, while it does run other rules, such as OS Command Injection, and SSI Server Side. I am running zap from a docker container and I noticed watching the output that these other rules correspond to a particular zap plugin. So, I am guessing I am missing a SOAP plugin in my environment and my question is: how can I install a plugin in Docker that corresponds to scanner 90019 to make sure that the script that runs zap scan checks for this rule? Many thanks. If there's something else that I am missing or more info is needed, please let me know.
The SOAP Scanner is included in this add-on: https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsSoapSoap
This is included in the weekly docker image but not in the stable one.
You can install it when you start ZAP in the docker container by adding the parameters:
-addoninstall soap
You can also install add-ons using the ZAP API, but thats only worth doing if you are already using the API.
Related
I am facing issue while running jmeter using docker container. The script works fine when I run it through GUI or CLI on my local machine. But when I execute same script using container it getting failed.
Below is the issue.
So I am using beanshell postprocessor for capturing response cookies. Below is the code for same.props.put("MyCookie1","${COOKIE_one}");
props.put("MyCookie2","${COOKIE_two}");
props.put("MyCookie3","${COOKIE_three}");
And this parameterized value works fine in my local machine(windows 10). But when I run the same in container these parameterized value doesn't gets resolved.
I am using "alpine:3.12" base image in container.
NOTE : Jmeter version in my local machine is "5.4.1" and java version is "java 11". In docker container Jmeter version is "5.3" and java version is "java 8". The API which I am hitting is hosted in AWS Lambda.
You forgot the most important detail: your Dockerfile
Blind shot: in order to be able to access cookies as COOKIE_one, etc. - you need to add an extra property to wit CookieManager.save.cookies=true either to user.properties file or to pass it to JMeter startup script via -J command-line argument like:
./jmeter -JCookieManager.save.cookies=true -n -t test.jmx -l result.jtl
Also according to JMeter Best Practices:
Since JMeter 3.1 you should be using JSR223 Test Elements and Groovy language for scripting
You should always be using the latest version of JMeter
So maybe it worth consider migrating to Groovy, you will only need to amend your code from:
props.put("MyCookie1","${COOKIE_one}")
to
props.put("MyCookie1",vars.get("COOKIE_one"))
where vars stands for JMeterVariables class instance, see Top 8 JMeter Java Classes You Should Be Using with Groovy for more information if needed.
And update your Dockerfile to use the latest stable version of JMeter
My Python project is very windows-centric, we want the benefits of containers but we can't give up Windows just yet.
I'd like to be able to use the Dockerized remote python interpreter feature that comes with IntelliJ. This works flawlessly with Python running on a standard Linux container, but appears to work not at all for Python running on a Windows container.
I've built a new image based on a standard Microsoft Server core image. I've installed Miniconda, bootstrapped a Python environment and verified that I can start an interactive Python session from the command prompt.
Whenever I try to set this up I get an error message: "Can't retrieve image ID from build stream". This occurs at the moment when IntelliJ would have normally detected the python interpreter and it's installed libraries.
I also tried giving the full path for the interpreter: c:\miniconda\envs\htp\python.exe
I've never seen any mention that this works in the documentation, but nor have I seen any mention that it does not work. I totally accept that Windows Containers are an oddity, so it's entirely possible that IntelliJ's remote-Python feature was never tested on Python running in Windows containers.
So, has anybody got this feature working with Python running on a Windows container yet? Is there any reason to believe that it does or does not work?
Regrettably, it is not supported yet. Please vote for the feature request https://youtrack.jetbrains.com/issue/PY-45222 in order to increase its priority.
I'm working in an Erlang environment. I'm looking to establish a dependency manager so that our build server can publish binaries for reuse instead of using source code dependencies. The Hexpm GitHub project implies that it is possible to run it outside of the hex.pm website, but I don't see any instructions for doing so. Specifically, I would like my build server to be able to publish packages either directly (via the filesystem) or via rebar3, and for subsequent rebar3 builds to be able to use those published packages
Is it possible to run Hex on my own server?
If so, where would I find some documentation on how to set it up (or provide the instructions directly)?
If you look at https://github.com/hexpm/hex_web there are instructions in the README.md for both installing and running it. It's a phoenix application, so it should all be relatively familiar ground if you've looked at the phoenix framework before.
As for getting rebar3 to work with your installation, there is documentation here as to the config values to use for setting the URLs to use for hex packages: http://www.rebar3.org/docs/hex-package-management.
HTH.
I've googled the topic but no result. One alternative way is to use Java client to start appium server programatically. However, I am using Python as my test script. It seems the Python client does not have such APIs.
So, I want to know if it is possible to run appium server as a service, so that I can use the following command to start/stop it:
service appium-server start
service appium-server stop
Any information will be appreciated.
We have an application which used JBoss 4.2.3.GA and we are migrating it to WildFly 8.2. In the old implementation, the JMX monitoring was done using twiddle. Since twiddle doesn't exist in WildFly, we are using the JBoss CLI for JMX monitoring.
Is it the right approach to use the JBoss CLI for JMX monitoring? Are there any command line tools similar to twiddle which can be used for JMX monitoring in WildFly?
One option to get something similar would be to simply query the JMX MBeans programmatically yourself. The advantage here is that your solution can be reused without depending on things like Twiddle which may be discontinued and also are compatible with other app servers.
Here is an example using Groovy to query an MBean in Tomcat and here is an example using Java to query an MBean in ActiveMQ.
If you choose to go with Groovy, you should be aware that there is a way to use Groovy (or Javascript or Python) to wrap the CLI and have more of a control flow. The CLI is great for simple declarative things, but lacks the versatility of a proper scripting language.
If you want to use pure CLI, then that's fine too, but I would suggest you create files which you can then call through bash e.g.:
$JBOSS_HOME/bin/jboss-cli.sh -c --file="my-jvm-monitoring.cli"
You might find this CLI model reference useful and also this blog about monitoring WildFly with the CLI