From b87003633ad3453f63cbfeaf673db8324ea77343 Mon Sep 17 00:00:00 2001
From: winzj <86345915+winzj@users.noreply.github.com>
Date: Fri, 13 Dec 2024 14:34:29 +0100
Subject: [PATCH] Fix rule deactivation error handling #3736 (#3737)
* Fix rule deactivation error handling #3736
---
sechub-pds-solutions/owaspzap/env | 2 +-
.../internal/scan/ClientApiWrapper.java | 23 +++++++++++--------
.../ZapScriptLoginSessionConfigurator.java | 6 ++---
3 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/sechub-pds-solutions/owaspzap/env b/sechub-pds-solutions/owaspzap/env
index 6e98dbd42..a569e932d 100644
--- a/sechub-pds-solutions/owaspzap/env
+++ b/sechub-pds-solutions/owaspzap/env
@@ -4,7 +4,7 @@
BASE_IMAGE="ghcr.io/mercedes-benz/sechub/pds-base"
# See: https://github.com/mercedes-benz/sechub/releases/
-OWASPZAP_WRAPPER_VERSION="1.7.0"
+OWASPZAP_WRAPPER_VERSION="1.7.1"
# See: https://github.com/zaproxy/zaproxy/releases/latest
OWASPZAP_VERSION="2.15.0"
OWASPZAP_SHA256SUM="6410e196baab458a9204e29aafb5745fca003a2a6c0386f2c6e5c04b67621fa7"
diff --git a/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/internal/scan/ClientApiWrapper.java b/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/internal/scan/ClientApiWrapper.java
index 3ce9c1ea3..a0e2f0a6d 100644
--- a/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/internal/scan/ClientApiWrapper.java
+++ b/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/internal/scan/ClientApiWrapper.java
@@ -16,6 +16,7 @@
public class ClientApiWrapper {
+ public static final String ZAP_CONNECTION_REFUSED = "Connection refused";
private static final String URL_KEY = "url";
private static final String STATUS_CODE_KEY = "statusCode";
private static final String STATUS_REASON_KEY = "statusReason";
@@ -141,7 +142,7 @@ public ApiResponse setSpiderMaxDepth(int maxDepth) throws ClientApiException {
* @return true if the rule was a passive rule and was deactivated,
* false if the rule was not a passive rule and was not
* deactivated
- * @throws ClientApiException when anything goes wrong communicating with ZAP
+ * @throws ClientApiException when communication with ZAP is not possible
*/
public boolean disablePassiveScannerRule(String ruleId) throws ClientApiException {
try {
@@ -149,11 +150,12 @@ public boolean disablePassiveScannerRule(String ruleId) throws ClientApiExceptio
LOG.info("Passive scanner rule: {}, was deactivated", ruleId);
return true;
} catch (ClientApiException e) {
- if (e.getMessage().equalsIgnoreCase("Provided parameter has illegal or unrecognized value")) {
- LOG.info("Rule with id: {} was not a passive scanner rule.", ruleId);
- return false;
+ if (e.getMessage().equalsIgnoreCase(ZAP_CONNECTION_REFUSED)) {
+ throw e;
}
- throw e;
+ LOG.warn("ZAP backend error: {}", e.getMessage());
+ LOG.warn("Rule with id: {} was not a passive scanner rule.", ruleId);
+ return false;
}
}
@@ -166,7 +168,7 @@ public boolean disablePassiveScannerRule(String ruleId) throws ClientApiExceptio
* @return true if the rule was a passive rule and was deactivated,
* false if the rule was not a passive rule and was not
* deactivated
- * @throws ClientApiException when anything goes wrong communicating with ZAP
+ * @throws ClientApiException when communication with ZAP is not possible
*/
public boolean disableActiveScannerRuleForDefaultPolicy(String ruleId) throws ClientApiException {
try {
@@ -175,11 +177,12 @@ public boolean disableActiveScannerRuleForDefaultPolicy(String ruleId) throws Cl
LOG.info("Active scanner rule: {}, was deactivated", ruleId);
return true;
} catch (ClientApiException e) {
- if (e.getMessage().equalsIgnoreCase("Provided parameter has illegal or unrecognized value")) {
- LOG.info("Rule with id: {} was not an active scanner rule.", ruleId);
- return false;
+ if (e.getMessage().equalsIgnoreCase(ZAP_CONNECTION_REFUSED)) {
+ throw e;
}
- throw e;
+ LOG.warn("ZAP backend error: {}", e.getMessage());
+ LOG.warn("Rule with id: {} was not an active scanner rule.", ruleId);
+ return false;
}
}
diff --git a/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginSessionConfigurator.java b/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginSessionConfigurator.java
index f05f25e9b..be5616f40 100644
--- a/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginSessionConfigurator.java
+++ b/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginSessionConfigurator.java
@@ -69,21 +69,21 @@ public void cleanUpOldSessionDataIfNecessary(String targetUrl, ClientApiWrapper
try {
clientApiWrapper.removeHTTPSession(targetUrl, SESSION_IDENTIFIER);
} catch (ClientApiException e) {
- if (e.getMessage().equalsIgnoreCase("Connection refused")) {
+ if (e.getMessage().equalsIgnoreCase(ClientApiWrapper.ZAP_CONNECTION_REFUSED)) {
throw e;
}
}
try {
clientApiWrapper.removeHTTPSessionToken(targetUrl, SESSION_TOKEN_IDENTIFIER);
} catch (ClientApiException e) {
- if (e.getMessage().equalsIgnoreCase("Connection refused")) {
+ if (e.getMessage().equalsIgnoreCase(ClientApiWrapper.ZAP_CONNECTION_REFUSED)) {
throw e;
}
}
try {
clientApiWrapper.removeReplacerRule(JWT_REPLACER_DESCRIPTION);
} catch (ClientApiException e) {
- if (e.getMessage().equalsIgnoreCase("Connection refused")) {
+ if (e.getMessage().equalsIgnoreCase(ClientApiWrapper.ZAP_CONNECTION_REFUSED)) {
throw e;
}
}