Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Addon automation maxRuleDurationInMins

See original GitHub issue

Describe the bug

Hello! Hope you are ok I have set maxRuleDurationInMins 1 minute but it doesn’t skip to next rule Maybe its a Active Scan ( GUI ) bug because when I try to skip to next rules doesn’t skip

Steps to reproduce the behavior

zaproxy -cmd -nostdout -silent -autorun /root/ET/examples/zap.yaml

---
env:
  contexts:
  - name: "Default Context"
    urls:
    - "https://ginandjuice.shop"
    includePaths:
    - "https://ginandjuice.shop.*"
    excludePaths: []
    authentication:
      parameters: {}
      verification:
        method: "response"
        pollFrequency: 60
        pollUnits: "requests"
        pollUrl: ""
        pollPostData: ""
    sessionManagement:
      method: "cookie"
      parameters: {}
  parameters:
    failOnError: true
    failOnWarning: false
    progressToStdout: true
  vars: {}
jobs:
- parameters:
    scanOnlyInScope: true
    enableTags: false
  rules: []
  name: "passiveScan-config"
  type: "passiveScan-config"
- parameters:
    context: ""
    user: ""
    url: ""
    maxDuration: 1
    maxDepth: 0
    maxChildren: 0
  name: "spider"
  type: "spider"
  tests:
  - onFail: "INFO"
    statistic: "automation.spider.urls.added"
    site: ""
    operator: ">="
    value: 100
    name: "At least 100 URLs found"
    type: "stats"
- parameters:
    maxDuration: 60
    maxCrawlDepth: 10
    numberOfBrowsers: 1
  name: "spiderAjax"
  type: "spiderAjax"
  tests:
  - onFail: "INFO"
    statistic: "spiderAjax.urls.added"
    site: ""
    operator: ">="
    value: 100
    name: "At least 100 URLs found"
    type: "stats"
- parameters: {}
  name: "passiveScan-wait"
  type: "passiveScan-wait"
- parameters:
    context: ""
    user: ""
    policy: ""
    maxRuleDurationInMins: 1
    maxScanDurationInMins: 10
  policyDefinition:
    defaultStrength: "medium"
    defaultThreshold: "medium"
    rules: []
  name: "activeScan"
  type: "activeScan"
- parameters:
    template: "risk-confidence-html"
    reportDir: "/home/kali"
    reportTitle: "ZAP Scanning Report"
    reportDescription: ""
  name: "report"
  type: "report"

Expected behavior

Skip to next Rule

Software versions

Zaproxy 2.12.0 Automation 0.19.0 OS Kali

Screenshots

No response

Errors from the zap.log file

No response

Additional context

No response

Would you like to help fix this issue?

Issue Analytics

State:
Created 10 months ago
Comments:7 (4 by maintainers)

Top GitHub Comments

1reaction

thc202commented, Dec 4, 2022

With which scan rule are you seeing that? Might be #1734.

0reactions

ErvisTushacommented, Dec 12, 2022

GUI : localhost, 4GB RAM , 4CPU ,200mbps, VirtualBox , Kali 2022.4, Zaproxy 2.12.0 I can NOT skip all of rules scan

Server , 128 GB RAM,18CPU,1Gbps, DOCKER, Kali 2022.4, Zaproxy 2.12.0 I can skip all without problem

cmd: same both VM and docker maxRuleDurationInMins doesn’t skip when x minutes finished

Top Results From Across the Web

Automation Framework - activeScan Job - OWASP ZAP

The following class will be made available to add-ons that provide access to the Job Data such as the Reporting add-on. Note that...

Disable a rule via yaml in automation framework

As per https://www.zaproxy.org/docs/desktop/addons/automation-framework/job-ascan ... maxRuleDurationInMins: 5 # Int: The max time in minutes any individual ...

zap-advanced 2.8.0 - Artifact Hub

The secureCodeBox provides two different scanner charts ( zap , zap-advanced ) to automate ZAP WebApplication security scans. The first one zap comes...

ZAP Automation - HAHWUL

그 때 당시에는 그냥 ZAP Automation Addon을 통해 기존 자동화 작업을 좀 더 ... context: policy: maxRuleDurationInMins: maxScanDurationInMins: ...

2021-02-09 ZAP Automation in CICD - OWASP Switzerland

A talk on ZAP Automation in CI/CD given remotely to OWASP Switzerland on 9th Febrary 2021 by Simon Bennetts.