Running with gitlab-runner 13.5.0 (ece86343)  on System Shared Runner J9EsdQ92 section_start:1643993191:resolve_secrets Resolving secrets section_end:1643993191:resolve_secrets section_start:1643993191:prepare_executor Preparing the "docker" executor Using Docker executor with image registry.gitlab.com/gitlab-org/security-products/analyzers/dast:1 ... Pulling docker image gitlab/gitlab-runner-helper:x86_64-6fbc7474 ... Using docker image sha256:4ab73fe41bd466dff16a0e732b568862dce676f1d49de2a85309349266c882f8 for gitlab/gitlab-runner-helper:x86_64-6fbc7474 with digest gitlab/gitlab-runner-helper@sha256:6275194f2d67051ee4538cbd086c4c61b35e15d4439f76b5b5b710bee7344895 ... Pulling docker image registry.gitlab.com/gitlab-org/security-products/analyzers/dast:1 ... Using docker image sha256:13bbe8188a86ba5e1623000847b04e3ff6c970c5acf640b9f817fba68728326a for registry.gitlab.com/gitlab-org/security-products/analyzers/dast:1 with digest registry.gitlab.com/gitlab-org/security-products/analyzers/dast@sha256:920a32542926cf32179790284ff61e0e8dc4b01fc0985a588623db366b892135 ... section_end:1643993196:prepare_executor section_start:1643993196:prepare_script Preparing environment Running on osm-gitlab via 7dbf9d05aeed... section_end:1643993197:prepare_script section_start:1643993197:get_sources Getting source from Git repository Skipping Git repository setup Skipping Git checkout Skipping Git submodules setup section_end:1643993198:get_sources section_start:1643993198:step_script Executing "step_script" stage of the job script $ echo "Preparing DAST" Preparing DAST $ ls -la total 8 drwxrwxrwx 2 root root 4096 Feb 4 16:46 . drwxrwxrwx 4 root root 4096 Feb 4 16:46 .. $ export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)} $ if [ -z "$DAST_WEBSITE$DAST_API_SPECIFICATION" ]; then echo "Either DAST_WEBSITE or DAST_API_SPECIFICATION must be set. See https://docs.gitlab.com/ee/user/application_security/dast/#configuration for more details." && exit 1; fi $ /analyze 2022-02-04 16:46:40,473 Running DAST v1.54.0 on Python 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110] 2022-02-04 16:46:40,474 writing zap log configuration 2022-02-04 16:46:40,474 Starting the ZAP Server 2022-02-04 16:46:40,474 Running ZAP with parameters ['/zap/zap.sh', '-daemon', '-config', 'proxy.reverseProxy.use=1', '-config', 'proxy.reverseProxy.ip=0.0.0.0', '-config', 'proxy.reverseProxy.httpPort=59026', '-dir', '/app/zap', '-config', 'api.disablekey=true', '-config', 'api.addrs.addr.name=.*', '-config', 'api.addrs.addr.regex=true', '-config', 'selenium.firefoxDriver=/usr/bin/geckodriver', '-config', 'spider.maxDuration=0', '-silent', '-config', 'replacer.full_list(0).description=header_0', '-config', 'replacer.full_list(0).enabled=true', '-config', 'replacer.full_list(0).matchtype=REQ_HEADER', '-config', 'replacer.full_list(0).matchstr=Via', '-config', 'replacer.full_list(0).regex=false', '-config', 'replacer.full_list(0).replacement=GitLab DAST/ZAP v1.54.0'] 2022-02-04 16:46:40,481 looking for ZAP at http://127.0.0.1:59026... 2022-02-04 16:46:40,490 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:41,494 looking for ZAP at http://127.0.0.1:59026... 2022-02-04 16:46:41,497 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:42,504 looking for ZAP at http://127.0.0.1:59026... 2022-02-04 16:46:42,510 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:43,513 looking for ZAP at http://127.0.0.1:59026... 2022-02-04 16:46:43,516 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:44,518 looking for ZAP at http://127.0.0.1:59026... 2022-02-04 16:46:44,521 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:45,523 looking for ZAP at http://127.0.0.1:59026... 2022-02-04 16:46:45,525 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:46,527 looking for ZAP at http://127.0.0.1:59026... 2022-02-04 16:46:46,530 Starting new HTTP connection (1): 127.0.0.1:59026 [zap_server] Found Java version 11.0.11 [zap_server] Available memory: 32166 MB [zap_server] Using JVM args: -Xmx8041m [zap_server] 536 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP D-2020-08-26 started 04/02/2022, 16:46:41 with home /app/zap/ [zap_server] 581 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config proxy.reverseProxy.use = 1 was null [zap_server] 581 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config proxy.reverseProxy.ip = 0.0.0.0 was null [zap_server] 581 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config proxy.reverseProxy.httpPort = 59026 was null [zap_server] 582 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.disablekey = true was null [zap_server] 582 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.name = .* was null [zap_server] 582 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.addrs.addr.regex = true was null [zap_server] 582 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config selenium.firefoxDriver = /usr/bin/geckodriver was null [zap_server] 583 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config spider.maxDuration = 0 was null [zap_server] 583 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config replacer.full_list(0).description = header_0 was null [zap_server] 583 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config replacer.full_list(0).enabled = true was null [zap_server] 584 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config replacer.full_list(0).matchtype = REQ_HEADER was null [zap_server] 584 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config replacer.full_list(0).matchstr = Via was null [zap_server] 588 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config replacer.full_list(0).regex = false was null [zap_server] 589 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config replacer.full_list(0).replacement = GitLab DAST/ZAP v1.54.0 was null [zap_server] 603 [main] INFO org.parosproxy.paros.network.SSLConnector - Reading supported SSL/TLS protocols... [zap_server] 603 [main] INFO org.parosproxy.paros.network.SSLConnector - Using a SSLEngine... [zap_server] 751 [main] INFO org.parosproxy.paros.network.SSLConnector - Done reading supported SSL/TLS protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3] [zap_server] 763 [main] INFO org.parosproxy.paros.extension.option.OptionsParamCertificate - Unsafe SSL renegotiation disabled. [zap_server] 1530 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions [zap_server] 5442 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=accessControl, version=6.0.0], [id=alertFilters, version=10.0.0], [id=ascanrules, version=37.0.0], [id=ascanrulesBeta, version=32.0.0], [id=bruteforce, version=10.0.0], [id=commonlib, version=1.2.0], [id=coreLang, version=14.0.0], [id=diff, version=10.0.0], [id=directorylistv1, version=4.0.0], [id=encoder, version=0.3.0], [id=formhandler, version=3.0.0], [id=fuzz, version=13.1.0], [id=fuzzdb, version=7.0.0], [id=gettingStarted, version=12.0.0], [id=help, version=11.0.0], [id=hud, version=0.12.0], [id=importurls, version=7.0.0], [id=invoke, version=10.0.0], [id=onlineMenu, version=8.0.0], [id=openapi, version=17.0.0], [id=plugnhack, version=12.0.0], [id=portscan, version=9.0.0], [id=pscanrules, version=30.0.0], [id=pscanrulesBeta, version=23.0.0], [id=quickstart, version=29.0.0], [id=replacer, version=8.0.0], [id=retire, version=0.5.0], [id=reveal, version=3.0.0], [id=saverawmessage, version=5.0.0], [id=savexmlmessage, version=0.1.0], [id=scripts, version=27.0.0], [id=selenium, version=15.3.0], [id=sequence, version=6.0.0], [id=spiderAjax, version=23.2.0], [id=tips, version=7.0.0], [id=webdriverlinux, version=23.0.0], [id=webdrivermacos, version=22.0.0], [id=webdriverwindows, version=23.0.0], [id=websocket, version=23.0.0], [id=zest, version2022-02-04 16:46:47,531 looking for ZAP at http://127.0.0.1:59026... 2022-02-04 16:46:47,535 Starting new HTTP connection (1): 127.0.0.1:59026 =33.0.0]] [zap_server] 5973 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded [zap_server] Feb 04, 2022 4:46:47 PM java.util.prefs.FileSystemPreferences$1 run [zap_server] INFO: Created user preferences directory. [zap_server] 6353 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows ZAP to check for updates [zap_server] 6357 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension [zap_server] 6357 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension [zap_server] 6357 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a rest based API for controlling and accessing ZAP [zap_server] 6373 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session State Extension [zap_server] 6373 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Extension [zap_server] 6373 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension [zap_server] 6375 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Show hidden fields and enable disabled fields [zap_server] 6376 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search messages for strings and regular expressions [zap_server] 6377 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to intercept and modify requests and responses [zap_server] 6380 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive scanner [zap_server] 6501 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules [zap_server] 6501 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule [zap_server] 6502 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure [zap_server] 6502 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Incomplete or No Cache-control and Pragma HTTP Header Set [zap_server] 6502 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch [zap_server] 6502 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP [zap_server] 6502 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing [zap_server] 6503 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag [zap_server] 6503 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie [zap_server] 6504 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without SameSite Attribute [zap_server] 6504 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag [zap_server] 6504 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration [zap_server] 6505 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion [zap_server] 6505 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens [zap_server] 6506 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure [zap_server] 6506 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite [zap_server] 6506 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages [zap_server] 6506 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL [zap_server] 6507 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header [zap_server] 6508 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments [zap_server] 6508 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method [zap_server] 6508 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState [zap_server] 6508 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content [zap_server] 6508 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure [zap_server] 6509 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found [zap_server] 6509 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate [zap_server] 6510 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header [zap_server] 6511 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing [zap_server] 6511 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak [zap_server] 6511 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Frame-Options Header [zap_server] 6512 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [zap_server] 6512 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak) [zap_server] 6513 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set [zap_server] 6515 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Directory Browsing [zap_server] 6515 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure [zap_server] 6515 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative) [zap_server] 6516 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post [zap_server] 6517 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post [zap_server] 6518 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing [zap_server] 6518 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Modern Web Application [zap_server] 6518 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: PII Disclosure [zap_server] 6523 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache [zap_server] 6523 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header [zap_server] 6524 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Parameter Override [zap_server] 6524 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header [zap_server] 6524 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset [zap_server] 6524 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning [zap_server] 6524 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS) [zap_server] 6525 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS) [zap_server] 6525 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Open Redirect [zap_server] 6525 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak [zap_server] 6525 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak [zap_server] 6525 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library [zap_server] 6545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to view and manage alerts [zap_server] 6548 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active scanner, heavily based on the original Paros active scanner, but with additional tests added [zap_server] 6556 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSequence [zap_server] 6557 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider used for automatically finding URIs on a site [zap_server] 6566 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing A set of common popup menus for miscellaneous tasks [zap_server] 6566 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced browsing of files and directories using code from the OWASP DirBuster tool [zap_server] 6567 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple but effective port scanner [zap_server] 6568 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Manual Request Editor Extension [zap_server] 6568 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compares 2 sessions and generates an HTML file showing the differences [zap_server] 6569 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Invoke external applications passing context related information such as URLs and parameters [zap_server] 6569 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles anti cross site request forgery (CSRF) tokens [zap_server] 6574 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authentication Extension [zap_server] 6595 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication] [zap_server] 6597 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Creates a dynamic SSL certificate to allow SSL communications to be intercepted without warnings being generated by the browser [zap_server] 6597 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Logs errors to the Output tab in development mode only [zap_server] 6598 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Users Extension [zap_server] 6600 [ZAP2022-02-04 16:46:48,537 looking for ZAP at http://127.0.0.1:59026... 2022-02-04 16:46:48,540 Starting new HTTP connection (1): 127.0.0.1:59026 -daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Summarise and analyse FORM and URL parameters as well as cookies [zap_server] 6601 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script integration [zap_server] 6620 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripting console, supports all JSR 223 scripting languages [zap_server] 6938 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced User Extension [zap_server] 6939 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension handling HTTP sessions [zap_server] 6947 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools [zap_server] 7326 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff [zap_server] 7326 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Post Table View Extension [zap_server] 7326 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for scriptable encoders to ZAP. [zap_server] 7327 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Simple browser configuration [zap_server] 7327 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session Management Extension [zap_server] 7335 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management] [zap_server] 7337 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Form Table View Extension [zap_server] 7337 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Capture messages from WebSockets with the ability to set breakpoints. [zap_server] 7379 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to import a file containing URLs which ZAP will access, adding them to the Sites tree [zap_server] 7380 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI related functionality. [zap_server] 7380 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authorization Extension [zap_server] 7381 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider, uses Crawljax [zap_server] 7384 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser. [zap_server] 7396 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Manages the local proxy configurations [zap_server] 7398 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Add-on that adds a set of tools for testing access control in web applications. [zap_server] 7404 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Handles adding Global Excluded URLs [zap_server] 7406 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds menu item to refresh the Sites tree [zap_server] 7406 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OWASP ZAP User Guide [zap_server] 7422 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides a URL suitable for calling from target sites [zap_server] 7425 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to configure which extensions are loaded when ZAP starts [zap_server] 7427 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Combined HTTP Panels Extension [zap_server] 7428 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Hex View Extension [zap_server] 7428 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Image View Extension [zap_server] 7428 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Large Request View Extension [zap_server] 7428 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Large Response View Extension [zap_server] 7428 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Query Table View Extension [zap_server] 7428 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension [zap_server] 7429 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds support for configurable keyboard shortcuts for all of the ZAP menus. [zap_server] 7429 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active and passive rule configuration [zap_server] 7432 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics [zap_server] 7434 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats [zap_server] 7435 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - beta [zap_server] 7436 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Translations of the core language files [zap_server] 7436 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules [zap_server] 7436 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The Online menu links [zap_server] 7437 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Context alert rules filter [zap_server] 7439 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz WebSocket messages. [zap_server] 7439 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveRawHttpMessage [zap_server] 7439 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - beta [zap_server] 7439 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing The ZAP Getting Started Guide [zap_server] 7439 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Heads Up Display [zap_server] 7527 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUDlaunch [zap_server] 7529 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Tips and Tricks [zap_server] 7529 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Adds the Quick Start panel for scanning and exploring applications [zap_server] 7531 [ZAP-daemon] INFO org.zaproxy.zap.extension.quickstart.ExtensionQuickStart - Shh! No check-for-news - silent mode enabled [zap_server] 7531 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Add the option to use the Ajax Spider in the Quick Start scan [zap_server] 7531 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP [zap_server] 7532 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Launch browsers proxying through ZAP [zap_server] 7533 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing This extension allows a user to change the default values used by ZAP Spiders. [zap_server] 7536 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules [zap_server] 7537 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionSaveXMLHttpMessage [zap_server] 7537 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Provides the foundation for concrete message types (for exa2022-02-04 16:46:49,543 looking for ZAP at http://127.0.0.1:59026... 2022-02-04 16:46:49,545 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:50,547 looking for ZAP at http://127.0.0.1:59026... 2022-02-04 16:46:50,550 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:50,644 http://127.0.0.1:59026 "GET http://zap/JSON/core/view/version/ HTTP/1.1" 200 26 2022-02-04 16:46:50,645 connected to ZAP with version D-2020-08-26 2022-02-04 16:46:50,646 handover_to_dast 2022-02-04 16:46:50,646 zap_started 2022-02-04 16:46:50,648 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:51,596 http://127.0.0.1:59026 "GET http://zap/JSON/core/action/newSession/?apikey=&name=dast HTTP/1.1" 200 15 2022-02-04 16:46:51,597 Context - create Target Context 2022-02-04 16:46:51,600 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:51,669 http://127.0.0.1:59026 "GET http://zap/JSON/context/action/newContext/?contextName=Target+Context&apikey= HTTP/1.1" 200 17 2022-02-04 16:46:51,673 Context - enable Target Context 2022-02-04 16:46:51,682 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:51,758 http://127.0.0.1:59026 "GET http://zap/JSON/context/action/setContextInScope/?contextName=Target+Context&booleanInScope=True&apikey= HTTP/1.1" 200 15 2022-02-04 16:46:51,760 Context - include https://ui\.172\.21\.248\.230\.nip\.io.* 2022-02-04 16:46:51,763 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:51,841 http://127.0.0.1:59026 "GET http://zap/JSON/context/action/includeInContext/?contextName=Target+Context®ex=https%3A%2F%2Fui%5C.172%5C.21%5C.248%5C.230%5C.nip%5C.io.%2A&apikey= HTTP/1.1" 200 15 2022-02-04 16:46:51,843 Context - exclude (logout|signout) 2022-02-04 16:46:51,846 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:51,873 http://127.0.0.1:59026 "GET http://zap/JSON/context/action/excludeFromContext/?contextName=Target+Context®ex=%28logout%7Csignout%29&apikey= HTTP/1.1" 200 15 2022-02-04 16:46:51,878 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:51,898 http://127.0.0.1:59026 "GET http://zap/JSON/context/view/context/?contextName=Default+Context HTTP/1.1" 200 537 2022-02-04 16:46:51,900 Context - disable Default Context 2022-02-04 16:46:51,903 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:51,934 http://127.0.0.1:59026 "GET http://zap/JSON/context/action/setContextInScope/?contextName=Default+Context&booleanInScope=False&apikey= HTTP/1.1" 200 15 2022-02-04 16:46:51,938 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:51,942 http://127.0.0.1:59026 "GET http://zap/JSON/pscan/action/setScanOnlyInScope/?onlyInScope=True&apikey= HTTP/1.1" 200 15 2022-02-04 16:46:51,945 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:51,951 http://127.0.0.1:59026 "GET http://zap/JSON/ajaxSpider/action/addAllowedResource/?regex=%5E%28%3F%21https%3A%2F%2Fui%5C.172%5C.21%5C.248%5C.230%5C.nip%5C.io%29.%2A%5C.js&apikey= HTTP/1.1" 200 15 2022-02-04 16:46:51,954 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:51,963 http://127.0.0.1:59026 "GET http://zap/JSON/ajaxSpider/action/addAllowedResource/?regex=%5E%28%3F%21https%3A%2F%2Fui%5C.172%5C.21%5C.248%5C.230%5C.nip%5C.io%29.%2A%5C.css&apikey= HTTP/1.1" 200 15 2022-02-04 16:46:51,967 Using scan target https://ui.172.21.248.230.nip.io 2022-02-04 16:46:51,972 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:51,996 http://127.0.0.1:59026 "GET http://zap/JSON/pscan/action/disableScanners/?ids=10015%2C10020%2C10026%2C10027%2C10044%2C10050%2C10052%2C10053%2C10096%2C10104%2C10109%2C20017%2C20018%2C30001%2C30002%2C30003%2C40009%2C40023%2C40028%2C40029%2C40034%2C43%2C90024%2C90027&apikey= HTTP/1.1" 200 15 2022-02-04 16:46:52,000 Starting new HTTP connection (1): 127.0.0.1:59026 2022-02-04 16:46:52,199 http://127.0.0.1:59026 "GET http://zap/JSON/ascan/action/disableScanners/?ids=10015%2C10020%2C10026%2C10027%2C10044%2C10050%2C10052%2C10053%2C10096%2C10104%2C10109%2C20017%2C20018%2C30001%2C30002%2C30003%2C40009%2C40023%2C40028%2C40029%2C40034%2C43%2C90024%2C90027&apikey=&scanPolicyName=Default+Policy HTTP/1.1" 200 15 2022-02-04 16:46:52,200 Waiting for https://ui.172.21.248.230.nip.io to be available 2022-02-04 16:46:52,200 Requesting access to https://ui.172.21.248.230.nip.io... 2022-02-04 16:46:52,204 Starting new HTTPS connection (1): ui.172.21.248.230.nip.io:443 2022-02-04 16:46:52,277 https://ui.172.21.248.230.nip.io:443 "GET / HTTP/1.1" 200 None 2022-02-04 16:46:52,279 Setup proxy for webdriver 2022-02-04 16:46:52,280 PROXY: http://127.0.0.1:59026 2022-02-04 16:46:52,280 Start webdriver 2022-02-04 16:46:52,293 POST http://127.0.0.1:37220/session {"capabilities": {"firstMatch": [{}], "alwaysMatch": {"browserName": "firefox", "acceptInsecureCerts": true, "moz:firefoxOptions": {"profile": "UEsDBBQAAAAIANqFRFSUiXH1mwMAAAsNAAAHAAAAdXNlci5qc6VWTW/cNhC991cEPjVAllg7zaU5OY4LFAjiIgsjR4IiRyt6KZIhhyvr32corZyNra+kN5F6j8P5esMUIXAfoPzzogiuoRVTrmaNtso1TKXaM7CiMKAu3rzCkOD1+z/SS44RCCEkewYuhYkTaAsNioKlYAh3IQqX8O/CCHu4mMN7sYd150cUAZNnmUHI7TyqcjWckCvu8pzF3ZE81wpYHdHZ7hS9ty7AxAG0pe7s1y7A8XLLtMXg7r98mjefk1KLRy6rQIZ5lEF75BRxjrrORt9uxwnrkAG8C8iFMfwhcniU4FE7G0eT/iCOoj+WuR7GYuWaf+0NfToDoyQL2LhwYFIQ5QibbE+YDQGOWi7kNYJMQWPLZBzKcQL4PDkNGJnjtVhqc0wmlNLZT7FwSAOFCuRc4ELmCPJEuU0RQXEJAcejeUaKMWWLTyRNGxAWWH08uBU5rByOYCcMDRnwwT22jFLtGl7pByEP2u65cVKYykXMLmbyM9+E9yx5RX3OREI3Hv8z0KpGVTp6I1pQt5fb3WeHVAlE+GsC7BprnFBU1pYyFLqi+1qB3eXckQ/ztm7vP12zoVlnxaxDvmV9DpeET9sDdQFYahqSwL5ErpawJGi9wk6DXVkSfqLOB1AAoXJkAEHSTf/RIeI1xUJONOGTiIkSum+K2kpJPWfUwjQirBVjEEFWp7JYgpoyJp+lYRgOUyoMMWbhQdJZikLXNyUpI5dBxGrBSgXGMFmBPHyEUiSDH/o/8zSaQJGR2/bO3hgXF1w5Q99RxsfBFBHRK2+OagXCYNWv2SpdnOEnn1vl9jfZg/UyF9SX9OvXN26/z5uynwi/cA/vjJYty5u7VNS6y/P/5f/XbV7/aOixY+CIzpnISCFcOF189vGTBycpWCe/XVsrmlKdlIoJG1kjbFe4nYh+7Mk7Seys2ZfbSXhB+nwwOuJ8RZwxugK/cbWnwVBok8en1fsKTbtIXSPhL+GW9Lts7ycb6ezZMBfVYUz1Kr856eCGBjSmOH7yQKkQ6dFX6Vi1m/zb00TdGLB7zJJw9e7dz7ThaJpa8TQPi5arXhNG70ajs/YYc3fz2ilhVr5bSm2AvpgLmtqC9zWan2IL+IhBS+TPaWOm8pvTkhTWUBcQdt1yIly5zA8a2Slswzg9lfKo4wMFwZAFDC3rQ9F5frWEnQ3SS3iAh26cjd7k0WuSfcoWyy5TTZD6E+Nb0mHKwg9KU2kyk7tohPEdUEsBAhQDFAAAAAgA2oVEVJSJcfWbAwAACw0AAAcAAAAAAAAAAAAAAKSBAAAAAHVzZXIuanNQSwUGAAAAAAEAAQA1AAAAwAMAAAAA", "args": ["-headless"]}}}, "desiredCapabilities": {"browserName": "firefox", "acceptInsecureCerts": true, "marionette": true, "moz:firefoxOptions": {"profile": "UEsDBBQAAAAIANqFRFSUiXH1mwMAAAsNAAAHAAAAdXNlci5qc6VWTW/cNhC991cEPjVAllg7zaU5OY4LFAjiIgsjR4IiRyt6KZIhhyvr32corZyNra+kN5F6j8P5esMUIXAfoPzzogiuoRVTrmaNtso1TKXaM7CiMKAu3rzCkOD1+z/SS44RCCEkewYuhYkTaAsNioKlYAh3IQqX8O/CCHu4mMN7sYd150cUAZNnmUHI7TyqcjWckCvu8pzF3ZE81wpYHdHZ7hS9ty7AxAG0pe7s1y7A8XLLtMXg7r98mjefk1KLRy6rQIZ5lEF75BRxjrrORt9uxwnrkAG8C8iFMfwhcniU4FE7G0eT/iCOoj+WuR7GYuWaf+0NfToDoyQL2LhwYFIQ5QibbE+YDQGOWi7kNYJMQWPLZBzKcQL4PDkNGJnjtVhqc0wmlNLZT7FwSAOFCuRc4ELmCPJEuU0RQXEJAcejeUaKMWWLTyRNGxAWWH08uBU5rByOYCcMDRnwwT22jFLtGl7pByEP2u65cVKYykXMLmbyM9+E9yx5RX3OREI3Hv8z0KpGVTp6I1pQt5fb3WeHVAlE+GsC7BprnFBU1pYyFLqi+1qB3eXckQ/ztm7vP12zoVlnxaxDvmV9DpeET9sDdQFYahqSwL5ErpawJGi9wk6DXVkSfqLOB1AAoXJkAEHSTf/RIeI1xUJONOGTiIkSum+K2kpJPWfUwjQirBVjEEFWp7JYgpoyJp+lYRgOUyoMMWbhQdJZikLXNyUpI5dBxGrBSgXGMFmBPHyEUiSDH/o/8zSaQJGR2/bO3hgXF1w5Q99RxsfBFBHRK2+OagXCYNWv2SpdnOEnn1vl9jfZg/UyF9SX9OvXN26/z5uynwi/cA/vjJYty5u7VNS6y/P/5f/XbV7/aOixY+CIzpnISCFcOF189vGTBycpWCe/XVsrmlKdlIoJG1kjbFe4nYh+7Mk7Seys2ZfbSXhB+nwwOuJ8RZwxugK/cbWnwVBok8en1fsKTbtIXSPhL+GW9Lts7ycb6ezZMBfVYUz1Kr856eCGBjSmOH7yQKkQ6dFX6Vi1m/zb00TdGLB7zJJw9e7dz7ThaJpa8TQPi5arXhNG70ajs/YYc3fz2ilhVr5bSm2AvpgLmtqC9zWan2IL+IhBS+TPaWOm8pvTkhTWUBcQdt1yIly5zA8a2Slswzg9lfKo4wMFwZAFDC3rQ9F5frWEnQ3SS3iAh26cjd7k0WuSfcoWyy5TTZD6E+Nb0mHKwg9KU2kyk7tohPEdUEsBAhQDFAAAAAgA2oVEVJSJcfWbAwAACw0AAAcAAAAAAAAAAAAAAKSBAAAAAHVzZXIuanNQSwUGAAAAAAEAAQA1AAAAwAMAAAAA", "args": ["-headless"]}}} 2022-02-04 16:46:52,295 Starting new HTTP connection (1): 127.0.0.1:37220 2022-02-04 16:46:57,221 http://127.0.0.1:37220 "POST /session HTTP/1.1" 200 701 2022-02-04 16:46:57,222 Finished Request 2022-02-04 16:46:57,222 POST http://127.0.0.1:37220/session/baad8232-9eaa-4390-bd79-24597d8cb3c4/timeouts {"implicit": 30000} 2022-02-04 16:46:57,231 http://127.0.0.1:37220 "POST /session/baad8232-9eaa-4390-bd79-24597d8cb3c4/timeouts HTTP/1.1" 200 14 2022-02-04 16:46:57,231 Finished Request 2022-02-04 16:46:57,232 Authenticate using webdriver https://ui.172.21.248.230.nip.io/login 2022-02-04 16:46:57,232 POST http://127.0.0.1:37220/session/baad8232-9eaa-4390-bd79-24597d8cb3c4/url {"url": "https://ui.172.21.248.230.nip.io/login"} 2022-02-04 16:46:58,823 http://127.0.0.1:37220 "POST /session/baad8232-9eaa-4390-bd79-24597d8cb3c4/url HTTP/1.1" 200 14 2022-02-04 16:46:58,824 Finished Request 2022-02-04 16:46:58,825 POST http://127.0.0.1:37220/session/baad8232-9eaa-4390-bd79-24597d8cb3c4/element {"using": "css selector", "value": "[id=\"xpath:/html/body/app-root/app-login/div[1]/div/form/div[1]/input\"]"} 2022-02-04 16:47:28,861 http://127.0.0.1:37220 "POST /session/baad8232-9eaa-4390-bd79-24597d8cb3c4/element HTTP/1.1" 404 351 2022-02-04 16:47:28,862 Finished Request 2022-02-04 16:47:28,863 POST http://127.0.0.1:37220/session/baad8232-9eaa-4390-bd79-24597d8cb3c4/element {"using": "css selector", "value": "[name=\"xpath:/html/body/app-root/app-login/div[1]/div/form/div[1]/input\"]"} 2022-02-04 16:47:58,880 http://127.0.0.1:37220 "POST /session/baad8232-9eaa-4390-bd79-24597d8cb3c4/element HTTP/1.1" 404 353 2022-02-04 16:47:58,881 Finished Request 2022-02-04 16:47:58,881 DELETE http://127.0.0.1:37220/session/baad8232-9eaa-4390-bd79-24597d8cb3c4 {} 2022-02-04 16:47:59,417 http://127.0.0.1:37220 "DELETE /session/baad8232-9eaa-4390-bd79-24597d8cb3c4 HTTP/1.1" 200 14 2022-02-04 16:47:59,418 Finished Request 2022-02-04 16:47:59,420 Unhandled exception has been thrown, aborting. Traceback (most recent call last): File "/app/src/zap_webdriver.py", line 117, in find_element return self.driver.find_element_by_id(name) File "/usr/local/lib/python3.9/dist-packages/selenium/webdriver/remote/webdriver.py", line 360, in find_element_by_id return self.find_element(by=By.ID, value=id_) File "/usr/local/lib/python3.9/dist-packages/selenium/webdriver/remote/webdriver.py", line 976, in find_element return self.execute(Command.FIND_ELEMENT, { File "/usr/local/lib/python3.9/dist-packages/selenium/webdriver/remote/webdriver.py", line 321, in execute self.error_handler.check_response(response) File "/usr/local/lib/python3.9/dist-packages/selenium/webdriver/remote/errorhandler.py", line 242, in check_response raise exception_class(message, screen, stacktrace) selenium.common.exceptions.NoSuchElementException: Message: Unable to locate element: [id="xpath:/html/body/app-root/app-login/div[1]/div/form/div[1]/input"] During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/app/src/dast.py", line 23, in start scan.run() File "/app/src/scan_script_wrapper.py", line 32, in run self._custom_hooks.handover_to_dast(zap_client, zap_daemon) File "/app/src/custom_hooks.py", line 64, in handover_to_dast TargetAuthenticator( File "/app/src/services/target_authenticator.py", line 25, in authenticate webdriver.login(self._zap, self._target) File "/app/src/zap_webdriver.py", line 44, in login self.normal_login(zap, target) File "/app/src/zap_webdriver.py", line 97, in normal_login userField = self.find_element(self.auth_username_field_name, None) File "/app/src/zap_webdriver.py", line 120, in find_element return self.driver.find_element_by_name(name) File "/usr/local/lib/python3.9/dist-packages/selenium/webdriver/remote/webdriver.py", line 496, in find_element_by_name return self.find_element(by=By.NAME, value=name) File "/usr/local/lib/python3.9/dist-packages/selenium/webdriver/remote/webdriver.py", line 976, in find_element return self.execute(Command.FIND_ELEMENT, { File "/usr/local/lib/python3.9/dist-packages/selenium/webdriver/remote/webdriver.py", line 321, in execute self.error_handler.check_response(response) File "/usr/local/lib/python3.9/dist-packages/selenium/webdriver/remote/errorhandler.py", line 242, in check_response raise exception_class(message, screen, stacktrace) selenium.common.exceptions.NoSuchElementException: Message: Unable to locate element: [name="xpath:/html/body/app-root/app-login/div[1]/div/form/div[1]/input"] mple, HTTP, WebSockets) expose fuzzer implementations. [zap_server] 7539 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows to fuzz HTTP messages. [zap_server] 7540 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Allows you to spider and import OpenAPI (Swagger) definitions [zap_server] 7568 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Easy way to replace strings in requests and responses [zap_server] 7575 [ZAP-daemon] WARN org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - This ZAP installation is over a year old - its probably very out of date [zap_server] 7865 [ZAP-daemon] INFO org.zaproxy.zap.extension.callback.ExtensionCallback - Started callback server on 0.0.0.0:46187 [zap_server] 7865 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - Creating new root CA certificate [zap_server] 9076 [ZAP-daemon] INFO org.zaproxy.zap.extension.dynssl.ExtensionDynSSL - New root CA certificate created [zap_server] 9081 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap - ZAP is now listening on localhost:8080 [zap_server] 9087 [ZAP-daemon] INFO org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - Shh! No check-for-update - silent mode enabled [zap_server] 10132 [ZAP-ProxyThread-2] INFO org.parosproxy.paros.control.Control - New session file created: /app/zap/session/dast.session section_end:1643993279:step_script section_start:1643993279:upload_artifacts_on_failure Uploading artifacts for failed job Uploading artifacts... WARNING: gl-dast-report.json: no matching files  ERROR: No files to upload  section_end:1643993280:upload_artifacts_on_failure section_start:1643993280:cleanup_file_variables Cleaning up file based variables section_end:1643993281:cleanup_file_variables ERROR: Job failed: exit code 1