Skipping 12,851 KB..
Full Log [java] Open URL: http://zap/xml/reports/action/generate/?template=high-level-report&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-rest-status_high-level-report.html&apikey=govway-test_20240427_160719650&display=false&description=Analisi+per+API+di+tipo+REST&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-rest-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-rest-status%2Fv1%2F&contexts=govway-test_20240427_160719650415928116&title=GovWay+API+REST§ions=riskSummaryChart%7CbugsCountChart%7CvulnerabilityImpact&
16:08:04 [java] Open URL: http://zap/xml/reports/action/generate/?template=risk-confidence-html&includedRisks=Informational%7CLow%7CMedium%7CHigh&apikey=govway-test_20240427_160719650&display=false&description=Analisi+per+API+di+tipo+REST&reportDir=reports%2Fapi-rest-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-rest-status%2Fv1%2F&contexts=govway-test_20240427_160719650415928116&title=GovWay+API+REST§ions=contents%7CaboutThisReport%7CreportDescription%7CreportParameters%7Csummaries%7CriskConfidenceCounts%7CsiteRiskCounts%7CalertTypeCounts%7Calerts%7CrequestHeader%7CrequestBody%7CresponseHeader%7CresponseBody%7Cappendix%7CalertTypes&reportFileNamePattern=zap_report_api-rest-status_risk-confidence.html&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&theme=original&
16:08:04 [java] Open URL: http://zap/xml/reports/action/generate/?template=traditional-json-plus&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-rest-status_plus.json&apikey=govway-test_20240427_160719650&display=false&description=Analisi+per+API+di+tipo+REST&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-rest-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-rest-status%2Fv1%2F&contexts=govway-test_20240427_160719650415928116&title=GovWay+API+REST&
16:08:04 [java] Open URL: http://zap/xml/reports/action/generate/?template=traditional-xml-plus&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-rest-status_plus.xml&apikey=govway-test_20240427_160719650&display=false&description=Analisi+per+API+di+tipo+REST&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-rest-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-rest-status%2Fv1%2F&contexts=govway-test_20240427_160719650415928116&title=GovWay+API+REST&
16:08:04 [java] Open URL: http://zap/xml/reports/action/generate/?template=traditional-html-plus&includedRisks=Informational%7CLow%7CMedium%7CHigh&apikey=govway-test_20240427_160719650&display=false&description=Analisi+per+API+di+tipo+REST&reportDir=reports%2Fapi-rest-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-rest-status%2Fv1%2F&contexts=govway-test_20240427_160719650415928116&title=GovWay+API+REST§ions=chart%7Calertcount%7Cinstancecount%7Cpassingrules%7Calertdetails%7Cstatistics%7Cparams&reportFileNamePattern=zap_report_api-rest-status_plus.html&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&theme=light&
16:08:04 [exec] Fermo processo con pid: 28076 ...
16:08:04 [exec] Processo terminato
16:08:05 [exec] Result: 143
16:08:05 [exec] Result: 1
16:08:05
16:08:05 -analizeGovWayAPI:
16:08:05 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/tools/zap/reports/api-soap-status
16:08:05
16:08:05 analizeSoap:
16:08:05
16:08:05 -checkZapProxyHome:
16:08:05
16:08:05 clean:
16:08:05 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/tools/zap/build
16:08:05
16:08:05 init:
16:08:05 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/tools/zap/build
16:08:05
16:08:05 build:
16:08:05 [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/tools/zap/build
16:08:07
16:08:07 -executeZap:
16:08:07 [exec] Result: 1
16:08:07
16:08:07 -runZapProxy:
16:08:07 [echo] Run ZAP Api Key: 'govway-test_20240427_160807608'
16:08:07 [exec] Svuota sessione '/tmp/goway-dynamic-analysis'
16:08:07 [exec] Execute: /opt/openjdk-11.0.12_7//bin/java -classpath /opt/zaproxy/ZAP_2.12.0/*:/opt/zaproxy/ZAP_2.12.0/lib/* org.zaproxy.zap.ZAP -daemon -newsession /tmp/goway-dynamic-analysis/session -config session=/tmp/goway-dynamic-analysis/session -config api.key=govway-test_20240427_160807608 -config port=8280 -config host=127.0.0.1 -port 8280 -host 127.0.0.1
16:08:08 [exec] Defaulting ZAP install dir to /opt/zaproxy/ZAP_2.12.0
16:08:09 [exec] 1399 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP 2.12.0 started 27/04/2024, 16:08:09 with home /var/lib/jenkins/.ZAP/
16:08:09 [exec] 1515 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config session = /tmp/goway-dynamic-analysis/session was /tmp/goway-dynamic-analysis/session
16:08:09 [exec] 1524 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.key = govway-test_20240427_160807608 was govway-test_20240427_160719650
16:08:09 [exec] 1524 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config port = 8280 was 8280
16:08:09 [exec] 1524 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config host = 127.0.0.1 was 127.0.0.1
16:08:10 [exec] 2892 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=alertFilters, version=16.0.0], [id=ascanrules, version=55.0.0], [id=automation, version=0.29.0], [id=bruteforce, version=13.0.0], [id=callhome, version=0.6.0], [id=commonlib, version=1.14.0], [id=database, version=0.1.0], [id=diff, version=12.0.0], [id=directorylistv1, version=5.0.0], [id=domxss, version=15.0.0], [id=encoder, version=1.1.0], [id=exim, version=0.5.0], [id=formhandler, version=6.3.0], [id=fuzz, version=13.9.0], [id=gettingStarted, version=14.0.0], [id=graaljs, version=0.3.0], [id=graphql, version=0.17.0], [id=help, version=15.0.0], [id=hud, version=0.16.0], [id=invoke, version=12.0.0], [id=network, version=0.9.0], [id=oast, version=0.15.0], [id=onlineMenu, version=10.0.0], [id=openapi, version=34.0.0], [id=pscanrules, version=49.0.0], [id=quickstart, version=37.0.0], [id=replacer, version=12.0.0], [id=reports, version=0.22.0], [id=requester, version=7.2.0], [id=retest, version=0.5.0], [id=retire, version=0.23.0], [id=reveal, version=5.0.0], [id=scripts, version=38.0.0], [id=selenium, version=15.12.1], [id=soap, version=17.0.0], [id=spider, version=0.4.0], [id=spiderAjax, version=23.14.1], [id=tips, version=10.0.0], [id=webdriverlinux, version=56.0.0], [id=websocket, version=28.0.0], [id=zest, version=38.0.0]]
16:08:10 [exec] 2900 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions
16:08:12 [exec] 4069 [ZAP-daemon] INFO org.zaproxy.addon.network.internal.TlsUtils - Using supported SSL/TLS protocols: [TLSv1.2, TLSv1.3]
16:08:12 [exec] 4631 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded
16:08:14 [exec] 5989 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Auto-update Extension - Allows ZAP to check for updates
16:08:14 [exec] 6010 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension - Options Extension
16:08:14 [exec] 6010 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension - Edit Menu Extension
16:08:14 [exec] 6014 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing API Extension - Provides a rest based API for controlling and accessing ZAP
16:08:14 [exec] 6054 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension - History Extension
16:08:14 [exec] 6064 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionReveal - Show hidden fields and enable disabled fields
16:08:14 [exec] 6066 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search Extension - Search messages for strings and regular expressions
16:08:14 [exec] 6069 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Breakpoint Extension - Allows you to intercept and modify requests and responses
16:08:14 [exec] 6072 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Extension - Passive scanner
16:08:14 [exec] 6253 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
16:08:14 [exec] 6254 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
16:08:14 [exec] 6255 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Anti-clickjacking Header
16:08:14 [exec] 6255 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
16:08:14 [exec] 6255 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)
16:08:14 [exec] 6255 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Re-examine Cache-control Directives
16:08:14 [exec] 6255 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
16:08:14 [exec] 6255 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set
16:08:14 [exec] 6255 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP
16:08:14 [exec] 6256 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
16:08:14 [exec] 6256 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
16:08:14 [exec] 6256 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
16:08:14 [exec] 6256 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie without SameSite Attribute
16:08:14 [exec] 6256 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
16:08:14 [exec] 6257 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration
16:08:14 [exec] 6257 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
16:08:14 [exec] 6257 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
16:08:14 [exec] 6258 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Directory Browsing
16:08:14 [exec] 6258 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure
16:08:14 [exec] 6258 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)
16:08:14 [exec] 6259 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
16:08:14 [exec] 6259 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
16:08:14 [exec] 6260 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
16:08:14 [exec] 6260 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
16:08:14 [exec] 6260 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
16:08:14 [exec] 6260 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
16:08:14 [exec] 6261 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
16:08:14 [exec] 6262 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post
16:08:14 [exec] 6262 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post
16:08:14 [exec] 6262 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
16:08:14 [exec] 6263 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing
16:08:14 [exec] 6263 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
16:08:14 [exec] 6263 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Modern Web Application
16:08:14 [exec] 6264 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: PII Disclosure
16:08:14 [exec] 6264 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache
16:08:14 [exec] 6265 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header
16:08:14 [exec] 6265 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header
16:08:14 [exec] 6265 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure
16:08:14 [exec] 6265 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset
16:08:14 [exec] 6266 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning
16:08:14 [exec] 6266 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)
16:08:14 [exec] 6266 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS)
16:08:14 [exec] 6267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Open Redirect
16:08:14 [exec] 6267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found
16:08:14 [exec] 6267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate
16:08:14 [exec] 6267 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header
16:08:14 [exec] 6269 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak
16:08:14 [exec] 6270 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak
16:08:14 [exec] 6270 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
16:08:14 [exec] 6270 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak
16:08:14 [exec] 6270 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
16:08:14 [exec] 6270 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: WSDL File Detection
16:08:14 [exec] 6271 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library (Powered by Retire.js)
16:08:14 [exec] 6544 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Alerts Extension - Allows you to view and manage alerts
16:08:14 [exec] 6547 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Extension - Active scanner, heavily based on the original Paros active scanner, but with additional tests added
16:08:14 [exec] 6558 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Standard Menus Extension - A set of common popup menus for miscellaneous tasks
16:08:14 [exec] 6559 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionBruteForce - Forced browsing of files and directories using code from the OWASP DirBuster tool
16:08:14 [exec] 6563 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compare Extension - Compares 2 sessions and generates an HTML file showing the differences
16:08:14 [exec] 6563 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionInvoke - Invoke external applications passing context related information such as URLs and parameters
16:08:14 [exec] 6563 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Anti-CSRF Extension - Handles anti cross site request forgery (CSRF) tokens
16:08:14 [exec] 6568 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authentication Extension - Authentication Extension
16:08:14 [exec] 6591 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]
16:08:14 [exec] 6595 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Log4j Extension - Logs errors to the Output tab in development mode only
16:08:14 [exec] 6595 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Users Extension - Users Extension
16:08:14 [exec] 6598 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Parameters Extension - Summarise and analyse FORM and URL parameters as well as cookies
16:08:14 [exec] 6599 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script Extension - Script integration
16:08:14 [exec] 6606 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionScripts - Scripting console, supports all JSR 223 scripting languages
16:08:15 [exec] 7005 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced User Extension - Forced User Extension
16:08:15 [exec] 7006 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Sessions Extension - Extension handling HTTP sessions
16:08:15 [exec] 7008 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionZest - Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools
16:08:15 [exec] 7653 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff - ExtensionDiff
16:08:15 [exec] 7654 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Post Table View Extension - HTTP Panel Post Table View Extension
16:08:15 [exec] 7655 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encoder Addon - Adds support for scriptable encoders to ZAP.
16:08:15 [exec] 7657 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session Management Extension - Session Management Extension
16:08:15 [exec] 7674 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]
16:08:15 [exec] 7677 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Form Table View Extension - HTTP Panel Form Table View Extension
16:08:15 [exec] 7678 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSockets Support - Capture messages from WebSockets with the ability to set breakpoints.
16:08:15 [exec] 7792 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP/WSDL Support - Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
16:08:15 [exec] 7792 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI Extension - Core UI related functionality.
16:08:15 [exec] 7793 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authorization Extension - Authorization Extension
16:08:15 [exec] 7793 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Requester - Allows to manually edit and send messages.
16:08:15 [exec] 7802 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider - AJAX Spider, uses Crawljax
16:08:15 [exec] 7809 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebDriver Provider - Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
16:08:15 [exec] 7825 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Global Exclude URLs Extension - Handles adding Global Excluded URLs
16:08:15 [exec] 7826 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Refresh Sites Tree Extension - Adds menu item to refresh the Sites tree
16:08:15 [exec] 7826 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Help Extension - OWASP ZAP User Guide
16:08:15 [exec] 7827 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Call Home - Handles all of the calls to ZAP services
16:08:15 [exec] 7830 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Network Extension - Provides core networking capabilities.
16:08:17 [exec] 9153 [ZAP-daemon] INFO org.zaproxy.addon.network.ConnectionOptions - Unsafe SSL/TLS renegotiation disabled.
16:08:17 [exec] 9155 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension Configuration Extension - Allows you to configure which extensions are loaded when ZAP starts
16:08:17 [exec] 9158 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Combined HTTP Panels Extension - Combined HTTP Panels Extension
16:08:17 [exec] 9166 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Hex View Extension - HTTP Panel Hex View Extension
16:08:17 [exec] 9166 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Image View Extension - HTTP Panel Image View Extension
16:08:17 [exec] 9166 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Query Table View Extension - HTTP Panel Query Table View Extension
16:08:17 [exec] 9167 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension - HTTP Panel Syntax Highlighter View Extension
16:08:17 [exec] 9167 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Keyboard Configuration Extension - Adds support for configurable keyboard shortcuts for all of the ZAP menus.
16:08:17 [exec] 9167 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scanner Rule Configuration Extension - Active and passive rule configuration
16:08:17 [exec] 9168 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics Extension - Statistics
16:08:17 [exec] 9170 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats
16:08:17 [exec] 9171 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Custom Pages Extension - Custom Pages Definition
16:08:17 [exec] 9171 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionGettingStarted - The ZAP Getting Started Guide
16:08:17 [exec] 9171 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraalVM JavaScript Engine Extension - Provides the GraalVM JavaScript engine for ZAP scripting.
16:08:18 [exec] 10071 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionOnlineMenu - The Online menu links
16:08:18 [exec] 10080 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionTipsAndTricks - Tips and Tricks
16:08:18 [exec] 10081 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Ajax Spider Automation - Ajax Spider Automation Framework Integration
16:08:18 [exec] 10085 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - Release status passive scan rules
16:08:18 [exec] 10085 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSocket Fuzzer - Allows to fuzz WebSocket messages.
16:08:18 [exec] 10085 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSocket Message Editor - Provides the WebSocket Message Editor dialogues.
16:08:18 [exec] 10086 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Match and Replace - Easy way to replace strings in requests and responses
16:08:18 [exec] 10107 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Retest - Facilitates the verification of presence/absence of certain alerts.
16:08:18 [exec] 10119 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Advance Fuzzer - Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
16:08:18 [exec] 10128 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Fuzzer - Allows to fuzz HTTP messages.
16:08:18 [exec] 10129 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUD - Heads Up Display
16:08:18 [exec] 10443 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUDlaunch - ExtensionHUDlaunch
16:08:18 [exec] 10444 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider Extension - Spider used for automatically finding URIs on a site.
16:08:18 [exec] 10482 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider Automation - Spider Automation Integration
16:08:18 [exec] 10488 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider Form Handler - Spider Form Handler Integration
16:08:18 [exec] 10489 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDomXSS - DOM XSS Active Scan Rule
16:08:18 [exec] 10557 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionFormHandler - This extension allows a user to change the default values used for generated content (e.g. spiders, importers).
16:08:18 [exec] 10558 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Automation Framework - Provides functionality to simplify using ZAP in an automated manner
16:08:18 [exec] 10566 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Automation - SOAP Automation Framework Integration
16:08:18 [exec] 10570 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Form Handler - SOAP Form Handler Integration
16:08:18 [exec] 10571 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Spider - SOAP Spider Integration
16:08:18 [exec] 10572 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Common Library - A library of shared functionality
16:08:18 [exec] 10573 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Out-of-band Application Security Testing - Adds Out-of-band Application Security Testing functionality.
16:08:18 [exec] 10581 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OAST Scripts - Adds OAST scripts.
16:08:18 [exec] 10582 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start panel - Adds the Quick Start panel for scanning and exploring applications
16:08:18 [exec] 10585 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Ajax Spider integration - Add the option to use the Ajax Spider in the Quick Start scan
16:08:18 [exec] 10585 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start HUD Integration - HUD integration for the quick start panel
16:08:18 [exec] 10585 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Browser Launcher - Launch browsers preset proxying through ZAP
16:08:18 [exec] 10587 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Spider Integration - Adds the option to use the traditional Spider in the Quick Start scan.
16:08:18 [exec] 10589 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripts Automation Framework Integration - Scripts Automation
16:08:18 [exec] 10603 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Import/Export - Import and Export functionality supporting multiple formats.
16:08:18 [exec] 10607 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Import/Export Automation - Import/Export Automation Framework Integration
16:08:18 [exec] 10612 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAlertFilters - Context alert rules filter
16:08:18 [exec] 10617 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Alert Filters Automation - Alert Filters Automation Framework Integration
16:08:18 [exec] 10621 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generator - Templated and themed report generation functionality
16:08:18 [exec] 10625 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generation Automation Integration - Report Generation Automation Integration
16:08:18 [exec] 10634 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionGraphQl - Allows you to inspect and attack GraphQL endpoints.
16:08:18 [exec] 10646 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Automation - GraphQL Automation Framework Integration
16:08:18 [exec] 10651 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Form Handler - GraphQL Form Handler Integration
16:08:18 [exec] 10651 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Spider - GraphQL Spider Integration
16:08:18 [exec] 10653 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Import - Allows you to spider and import OpenAPI (Swagger) definitions
16:08:18 [exec] 10656 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Automation - OpenAPI Automation Framework Integration
16:08:18 [exec] 10663 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Form Handler - OpenAPI Form Handler Integration
16:08:18 [exec] 10663 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Spider - OpenAPI Spider Integration
16:08:18 [exec] 10669 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - Release status active scan rules
16:08:18 [exec] 10671 [ZAP-daemon] WARN org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - This ZAP installation is over a year old - its probably very out of date
16:08:20 [exec] 12297 [ZAP-daemon] INFO org.flywaydb.core.internal.license.VersionPrinter - Flyway Community Edition 9.4.0 by Redgate
16:08:20 [exec] 12298 [ZAP-daemon] INFO org.flywaydb.core.internal.license.VersionPrinter - See what's new here: https://flywaydb.org/documentation/learnmore/releaseNotes#9.4.0
16:08:20 [exec] 12298 [ZAP-daemon] INFO org.flywaydb.core.internal.license.VersionPrinter -
16:08:20 [exec] 12344 [ZAP-daemon] INFO org.flywaydb.core.internal.database.base.BaseDatabaseType - Database: jdbc:hsqldb:file:/var/lib/jenkins/.ZAP/db/permanent (HSQL Database Engine 2.7)
16:08:20 [exec] 12366 [ZAP-daemon] WARN org.flywaydb.core.internal.database.base.Database - Flyway upgrade recommended: HSQLDB 2.7 is newer than this version of Flyway and support has not been tested. The latest supported version of HSQLDB is 2.6.
16:08:20 [exec] 12446 [ZAP-daemon] INFO org.flywaydb.core.internal.command.DbValidate - Successfully validated 1 migration (execution time 00:00.052s)
16:08:20 [exec] 12478 [ZAP-daemon] INFO org.flywaydb.core.internal.command.DbMigrate - Current version of schema "PUBLIC": 1
16:08:20 [exec] 12481 [ZAP-daemon] INFO org.flywaydb.core.internal.command.DbMigrate - Schema "PUBLIC" is up to date. No migration necessary.
16:08:20 [exec] 12506 [ZAP-daemon] INFO org.zaproxy.addon.oast.services.callback.CallbackService - Started callback service on 0.0.0.0:39035
16:08:20 [exec] 12620 [ZAP-daemon] WARN org.zaproxy.addon.network.ExtensionNetwork - ZAP's Root CA certificate has expired as of Wed Nov 29 07:57:36 CET 2023 (now: Sat Apr 27 16:08:20 CEST 2024).
16:08:20 [exec] You should regenerate it and re-install it in your browsers.
16:08:20 [exec] Regenerate the certificate and go to the relevant options screen now?
16:08:21 [exec] 13812 [ZAP-daemon] INFO org.parosproxy.paros.control.Control - New session file created: /tmp/goway-dynamic-analysis/session.session
16:08:22 [exec] 14500 [ZAP-daemon] INFO org.zaproxy.addon.network.ExtensionNetwork - ZAP is now listening on 127.0.0.1:8280
16:08:37 [exec] (Not all processes could be identified, non-owned process info
16:08:37 [exec] will not be shown, you would have to be root to see it all.)
16:08:37 [exec] Rilevato ZAP Proxy avviato: tcp6 0 0 127.0.0.1:8280 :::* LISTEN 28218/java
16:08:37
16:08:37 -analizeSoap:
16:08:37 [echo] SOAP Api Key: 'govway-test_20240427_160807608'
16:08:38 [java] Open URL: http://zap/xml/context/action/newContext/?contextName=govway-test_20240427_1608076081480744462&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/context/view/context/?contextName=govway-test_20240427_1608076081480744462&apikey=govway-test_20240427_160807608&
16:08:39 [java] ContextName: govway-test_20240427_1608076081480744462
16:08:39 [java] ContextId: 2
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-pdf&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-pdf&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-html&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=modern&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=modern&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=high-level-report&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=risk-confidence-html&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=risk-confidence-html&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160807608
16:08:39 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-html-plus&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-html-plus&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/context/action/includeInContext/?contextName=govway-test_20240427_1608076081480744462®ex=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1.*&apikey=govway-test_20240427_160807608&
16:08:39 [java] Open URL: http://zap/xml/context/action/setContextInScope/?contextName=govway-test_20240427_1608076081480744462&apikey=govway-test_20240427_160807608&booleanInScope=true&
16:08:39 [java] Open URL: http://zap/xml/sessionManagement/action/setSessionManagementMethod/?apikey=govway-test_20240427_160807608&methodConfigParams=&methodName=httpAuthSessionManagement&contextId=2&
16:08:39 [java] Retrieving document at '/var/lib/jenkins/workspace/GovWay/tools/zap/../../core/deploy/preloading/status/govway_status.wsdl'.
16:08:41 [java] Open URL: http://zap/xml/soap/action/importFile/?file=%2Ftmp%2Fsoap5265839172357817999.wsdl&apikey=govway-test_20240427_160807608&
16:08:46 [java] Open URL: http://zap/xml/reports/action/generate/?template=traditional-json&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-soap-status.json&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP&
16:08:47 [java] Open URL: http://zap/xml/reports/action/generate/?template=traditional-xml&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-soap-status.xml&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP&
16:08:47 [java] Open URL: http://zap/xml/reports/action/generate/?template=traditional-pdf&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-soap-status.pdf&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP§ions=alertcount%7Cinstancecount%7Calertdetails&
16:08:48 [java] Open URL: http://zap/xml/reports/action/generate/?template=traditional-pdf&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-soap-status.pdf&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP§ions=alertcount%7Cinstancecount%7Calertdetails&
16:08:48 [java] Open URL: http://zap/xml/reports/action/generate/?template=traditional-html&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-soap-status.html&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP§ions=alertcount%7Cinstancecount%7Calertdetails&
16:08:48 [java] Open URL: http://zap/xml/reports/action/generate/?template=sarif-json&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-soap-status_sarif.json&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP&
16:08:48 [java] Open URL: http://zap/xml/reports/action/generate/?template=modern&includedRisks=Informational%7CLow%7CMedium%7CHigh&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP§ions=chart%7Calertcount%7Cinstancecount%7Cpassingrules%7Calertdetails%7Cstatistics%7Cparams&reportFileNamePattern=zap_report_api-soap-status_modern.html&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&theme=marketing&
16:08:48 [java] Open URL: http://zap/xml/reports/action/generate/?template=high-level-report&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-soap-status_high-level-report.html&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP§ions=riskSummaryChart%7CbugsCountChart%7CvulnerabilityImpact&
16:08:48 [java] Open URL: http://zap/xml/reports/action/generate/?template=risk-confidence-html&includedRisks=Informational%7CLow%7CMedium%7CHigh&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP§ions=contents%7CaboutThisReport%7CreportDescription%7CreportParameters%7Csummaries%7CriskConfidenceCounts%7CsiteRiskCounts%7CalertTypeCounts%7Calerts%7CrequestHeader%7CrequestBody%7CresponseHeader%7CresponseBody%7Cappendix%7CalertTypes&reportFileNamePattern=zap_report_api-soap-status_risk-confidence.html&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&theme=original&
16:08:48 [java] Open URL: http://zap/xml/reports/action/generate/?template=traditional-json-plus&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-soap-status_plus.json&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP&
16:08:48 [java] Open URL: http://zap/xml/reports/action/generate/?template=traditional-xml-plus&includedRisks=Informational%7CLow%7CMedium%7CHigh&reportFileNamePattern=zap_report_api-soap-status_plus.xml&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP&
16:08:49 [java] Open URL: http://zap/xml/reports/action/generate/?template=traditional-html-plus&includedRisks=Informational%7CLow%7CMedium%7CHigh&apikey=govway-test_20240427_160807608&display=false&description=Analisi+per+API+di+tipo+SOAP&reportDir=reports%2Fapi-soap-status&sites=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-soap-status%2Fv1%2F&contexts=govway-test_20240427_1608076081480744462&title=GovWay+API+SOAP§ions=chart%7Calertcount%7Cinstancecount%7Cpassingrules%7Calertdetails%7Cstatistics%7Cparams&reportFileNamePattern=zap_report_api-soap-status_plus.html&includedConfidences=False+Positive%7CLow%7CMedium%7CHigh%7CConfirmed&theme=light&
16:08:49 [exec] Fermo processo con pid: 28218 ...
16:08:49 [exec] Processo terminato
16:08:49 [exec] Result: 143
16:08:49 [exec] Result: 1
16:08:49
16:08:49 -analizeGovWayAPI:
16:08:49 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/tools/zap/reports/api-config
16:08:50
16:08:50 analizeOpenAPI:
16:08:50
16:08:50 -checkZapProxyHome:
16:08:50
16:08:50 clean:
16:08:50 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/tools/zap/build
16:08:50
16:08:50 init:
16:08:50 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/tools/zap/build
16:08:50
16:08:50 build:
16:08:50 [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/tools/zap/build
16:08:51
16:08:51 -executeZap:
16:08:51 [exec] Result: 1
16:08:51
16:08:51 -runZapProxy:
16:08:51 [echo] Run ZAP Api Key: 'govway-test_20240427_160851410'
16:08:51 [exec] Svuota sessione '/tmp/goway-dynamic-analysis'
16:08:51 [exec] Execute: /opt/openjdk-11.0.12_7//bin/java -classpath /opt/zaproxy/ZAP_2.12.0/*:/opt/zaproxy/ZAP_2.12.0/lib/* org.zaproxy.zap.ZAP -daemon -newsession /tmp/goway-dynamic-analysis/session -config session=/tmp/goway-dynamic-analysis/session -config api.key=govway-test_20240427_160851410 -config port=8280 -config host=127.0.0.1 -port 8280 -host 127.0.0.1
16:08:52 [exec] Defaulting ZAP install dir to /opt/zaproxy/ZAP_2.12.0
16:08:53 [exec] 1604 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP 2.12.0 started 27/04/2024, 16:08:53 with home /var/lib/jenkins/.ZAP/
16:08:53 [exec] 1745 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config session = /tmp/goway-dynamic-analysis/session was /tmp/goway-dynamic-analysis/session
16:08:53 [exec] 1745 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.key = govway-test_20240427_160851410 was govway-test_20240427_160719650
16:08:53 [exec] 1745 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config port = 8280 was 8280
16:08:53 [exec] 1746 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config host = 127.0.0.1 was 127.0.0.1
16:08:55 [exec] 4212 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=alertFilters, version=16.0.0], [id=ascanrules, version=55.0.0], [id=automation, version=0.29.0], [id=bruteforce, version=13.0.0], [id=callhome, version=0.6.0], [id=commonlib, version=1.14.0], [id=database, version=0.1.0], [id=diff, version=12.0.0], [id=directorylistv1, version=5.0.0], [id=domxss, version=15.0.0], [id=encoder, version=1.1.0], [id=exim, version=0.5.0], [id=formhandler, version=6.3.0], [id=fuzz, version=13.9.0], [id=gettingStarted, version=14.0.0], [id=graaljs, version=0.3.0], [id=graphql, version=0.17.0], [id=help, version=15.0.0], [id=hud, version=0.16.0], [id=invoke, version=12.0.0], [id=network, version=0.9.0], [id=oast, version=0.15.0], [id=onlineMenu, version=10.0.0], [id=openapi, version=34.0.0], [id=pscanrules, version=49.0.0], [id=quickstart, version=37.0.0], [id=replacer, version=12.0.0], [id=reports, version=0.22.0], [id=requester, version=7.2.0], [id=retest, version=0.5.0], [id=retire, version=0.23.0], [id=reveal, version=5.0.0], [id=scripts, version=38.0.0], [id=selenium, version=15.12.1], [id=soap, version=17.0.0], [id=spider, version=0.4.0], [id=spiderAjax, version=23.14.1], [id=tips, version=10.0.0], [id=webdriverlinux, version=56.0.0], [id=websocket, version=28.0.0], [id=zest, version=38.0.0]]
16:08:55 [exec] 4218 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions
16:08:58 [exec] 6681 [ZAP-daemon] INFO org.zaproxy.addon.network.internal.TlsUtils - Using supported SSL/TLS protocols: [TLSv1.2, TLSv1.3]
16:08:59 [exec] 7605 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded
16:09:00 [exec] 8760 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Auto-update Extension - Allows ZAP to check for updates
16:09:00 [exec] 8779 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension - Options Extension
16:09:00 [exec] 8782 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension - Edit Menu Extension
16:09:00 [exec] 8782 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing API Extension - Provides a rest based API for controlling and accessing ZAP
16:09:00 [exec] 8816 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension - History Extension
16:09:00 [exec] 8824 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionReveal - Show hidden fields and enable disabled fields
16:09:00 [exec] 8826 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search Extension - Search messages for strings and regular expressions
16:09:00 [exec] 8833 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Breakpoint Extension - Allows you to intercept and modify requests and responses
16:09:00 [exec] 8835 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Extension - Passive scanner
16:09:00 [exec] 9015 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
16:09:00 [exec] 9015 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
16:09:00 [exec] 9015 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Anti-clickjacking Header
16:09:00 [exec] 9015 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
16:09:00 [exec] 9015 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)
16:09:00 [exec] 9016 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Re-examine Cache-control Directives
16:09:00 [exec] 9016 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
16:09:00 [exec] 9016 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set
16:09:00 [exec] 9016 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP
16:09:00 [exec] 9016 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
16:09:00 [exec] 9016 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
16:09:00 [exec] 9016 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
16:09:00 [exec] 9016 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie without SameSite Attribute
16:09:00 [exec] 9017 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
16:09:00 [exec] 9017 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration
16:09:00 [exec] 9017 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
16:09:00 [exec] 9017 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
16:09:00 [exec] 9017 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Directory Browsing
16:09:00 [exec] 9017 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure
16:09:00 [exec] 9017 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)
16:09:00 [exec] 9018 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
16:09:00 [exec] 9018 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
16:09:00 [exec] 9018 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
16:09:00 [exec] 9018 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
16:09:00 [exec] 9018 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
16:09:00 [exec] 9018 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
16:09:00 [exec] 9018 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
16:09:00 [exec] 9018 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post
16:09:00 [exec] 9019 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post
16:09:00 [exec] 9019 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
16:09:00 [exec] 9019 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing
16:09:00 [exec] 9019 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
16:09:00 [exec] 9019 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Modern Web Application
16:09:00 [exec] 9019 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: PII Disclosure
16:09:00 [exec] 9019 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache
16:09:00 [exec] 9019 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header
16:09:00 [exec] 9020 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header
16:09:00 [exec] 9020 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure
16:09:00 [exec] 9020 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset
16:09:00 [exec] 9020 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning
16:09:00 [exec] 9020 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)
16:09:00 [exec] 9020 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS)
16:09:00 [exec] 9024 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Open Redirect
16:09:00 [exec] 9024 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found
16:09:00 [exec] 9025 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate
16:09:00 [exec] 9025 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header
16:09:00 [exec] 9025 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak
16:09:00 [exec] 9026 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak
16:09:00 [exec] 9026 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
16:09:00 [exec] 9026 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak
16:09:00 [exec] 9026 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
16:09:00 [exec] 9026 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: WSDL File Detection
16:09:00 [exec] 9026 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library (Powered by Retire.js)
16:09:01 [exec] 9395 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Alerts Extension - Allows you to view and manage alerts
16:09:01 [exec] 9398 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Extension - Active scanner, heavily based on the original Paros active scanner, but with additional tests added
16:09:01 [exec] 9414 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Standard Menus Extension - A set of common popup menus for miscellaneous tasks
16:09:01 [exec] 9421 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionBruteForce - Forced browsing of files and directories using code from the OWASP DirBuster tool
16:09:01 [exec] 9424 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compare Extension - Compares 2 sessions and generates an HTML file showing the differences
16:09:01 [exec] 9424 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionInvoke - Invoke external applications passing context related information such as URLs and parameters
16:09:01 [exec] 9425 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Anti-CSRF Extension - Handles anti cross site request forgery (CSRF) tokens
16:09:01 [exec] 9428 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authentication Extension - Authentication Extension
16:09:01 [exec] 9468 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]
16:09:01 [exec] 9475 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Log4j Extension - Logs errors to the Output tab in development mode only
16:09:01 [exec] 9476 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Users Extension - Users Extension
16:09:01 [exec] 9484 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Parameters Extension - Summarise and analyse FORM and URL parameters as well as cookies
16:09:01 [exec] 9486 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script Extension - Script integration
16:09:01 [exec] 9494 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionScripts - Scripting console, supports all JSR 223 scripting languages
16:09:01 [exec] 9964 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced User Extension - Forced User Extension
16:09:01 [exec] 9965 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Sessions Extension - Extension handling HTTP sessions
16:09:01 [exec] 9968 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionZest - Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools
16:09:02 [exec] 10474 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff - ExtensionDiff
16:09:02 [exec] 10475 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Post Table View Extension - HTTP Panel Post Table View Extension
16:09:02 [exec] 10476 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encoder Addon - Adds support for scriptable encoders to ZAP.
16:09:02 [exec] 10476 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session Management Extension - Session Management Extension
16:09:02 [exec] 10493 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]
16:09:02 [exec] 10494 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Form Table View Extension - HTTP Panel Form Table View Extension
16:09:02 [exec] 10494 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSockets Support - Capture messages from WebSockets with the ability to set breakpoints.
16:09:02 [exec] 10570 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP/WSDL Support - Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
16:09:02 [exec] 10574 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI Extension - Core UI related functionality.
16:09:02 [exec] 10575 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authorization Extension - Authorization Extension
16:09:02 [exec] 10577 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Requester - Allows to manually edit and send messages.
16:09:02 [exec] 10582 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider - AJAX Spider, uses Crawljax
16:09:02 [exec] 10592 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebDriver Provider - Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
16:09:02 [exec] 10608 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Global Exclude URLs Extension - Handles adding Global Excluded URLs
16:09:02 [exec] 10608 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Refresh Sites Tree Extension - Adds menu item to refresh the Sites tree
16:09:02 [exec] 10609 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Help Extension - OWASP ZAP User Guide
16:09:02 [exec] 10611 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Call Home - Handles all of the calls to ZAP services
16:09:02 [exec] 10613 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Network Extension - Provides core networking capabilities.
16:09:03 [exec] 11859 [ZAP-daemon] INFO org.zaproxy.addon.network.ConnectionOptions - Unsafe SSL/TLS renegotiation disabled.
16:09:03 [exec] 11860 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension Configuration Extension - Allows you to configure which extensions are loaded when ZAP starts
16:09:03 [exec] 11861 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Combined HTTP Panels Extension - Combined HTTP Panels Extension
16:09:03 [exec] 11862 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Hex View Extension - HTTP Panel Hex View Extension
16:09:03 [exec] 11862 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Image View Extension - HTTP Panel Image View Extension
16:09:03 [exec] 11862 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Query Table View Extension - HTTP Panel Query Table View Extension
16:09:03 [exec] 11862 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension - HTTP Panel Syntax Highlighter View Extension
16:09:03 [exec] 11863 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Keyboard Configuration Extension - Adds support for configurable keyboard shortcuts for all of the ZAP menus.
16:09:03 [exec] 11863 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scanner Rule Configuration Extension - Active and passive rule configuration
16:09:03 [exec] 11865 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics Extension - Statistics
16:09:03 [exec] 11867 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats
16:09:03 [exec] 11869 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Custom Pages Extension - Custom Pages Definition
16:09:03 [exec] 11870 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionGettingStarted - The ZAP Getting Started Guide
16:09:03 [exec] 11870 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraalVM JavaScript Engine Extension - Provides the GraalVM JavaScript engine for ZAP scripting.
16:09:04 [exec] 12645 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionOnlineMenu - The Online menu links
16:09:04 [exec] 12647 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionTipsAndTricks - Tips and Tricks
16:09:04 [exec] 12647 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Ajax Spider Automation - Ajax Spider Automation Framework Integration
16:09:04 [exec] 12659 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - Release status passive scan rules
16:09:04 [exec] 12659 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSocket Fuzzer - Allows to fuzz WebSocket messages.
16:09:04 [exec] 12660 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSocket Message Editor - Provides the WebSocket Message Editor dialogues.
16:09:04 [exec] 12661 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Match and Replace - Easy way to replace strings in requests and responses
16:09:04 [exec] 12669 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Retest - Facilitates the verification of presence/absence of certain alerts.
16:09:04 [exec] 12671 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Advance Fuzzer - Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
16:09:04 [exec] 12674 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Fuzzer - Allows to fuzz HTTP messages.
16:09:04 [exec] 12674 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUD - Heads Up Display
16:09:04 [exec] 12993 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUDlaunch - ExtensionHUDlaunch
16:09:04 [exec] 12994 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider Extension - Spider used for automatically finding URIs on a site.
16:09:04 [exec] 13033 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider Automation - Spider Automation Integration
16:09:04 [exec] 13038 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider Form Handler - Spider Form Handler Integration
16:09:04 [exec] 13038 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDomXSS - DOM XSS Active Scan Rule
16:09:04 [exec] 13174 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionFormHandler - This extension allows a user to change the default values used for generated content (e.g. spiders, importers).
16:09:04 [exec] 13179 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Automation Framework - Provides functionality to simplify using ZAP in an automated manner
16:09:04 [exec] 13183 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Automation - SOAP Automation Framework Integration
16:09:04 [exec] 13187 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Form Handler - SOAP Form Handler Integration
16:09:04 [exec] 13188 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Spider - SOAP Spider Integration
16:09:04 [exec] 13188 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Common Library - A library of shared functionality
16:09:04 [exec] 13189 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Out-of-band Application Security Testing - Adds Out-of-band Application Security Testing functionality.
16:09:04 [exec] 13200 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OAST Scripts - Adds OAST scripts.
16:09:04 [exec] 13200 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start panel - Adds the Quick Start panel for scanning and exploring applications
16:09:04 [exec] 13214 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Ajax Spider integration - Add the option to use the Ajax Spider in the Quick Start scan
16:09:04 [exec] 13215 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start HUD Integration - HUD integration for the quick start panel
16:09:04 [exec] 13215 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Browser Launcher - Launch browsers preset proxying through ZAP
16:09:04 [exec] 13217 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Spider Integration - Adds the option to use the traditional Spider in the Quick Start scan.
16:09:04 [exec] 13219 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripts Automation Framework Integration - Scripts Automation
16:09:04 [exec] 13233 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Import/Export - Import and Export functionality supporting multiple formats.
16:09:04 [exec] 13234 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Import/Export Automation - Import/Export Automation Framework Integration
16:09:04 [exec] 13235 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAlertFilters - Context alert rules filter
16:09:04 [exec] 13237 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Alert Filters Automation - Alert Filters Automation Framework Integration
16:09:04 [exec] 13239 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generator - Templated and themed report generation functionality
16:09:04 [exec] 13241 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generation Automation Integration - Report Generation Automation Integration
16:09:04 [exec] 13244 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionGraphQl - Allows you to inspect and attack GraphQL endpoints.
16:09:04 [exec] 13258 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Automation - GraphQL Automation Framework Integration
16:09:04 [exec] 13262 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Form Handler - GraphQL Form Handler Integration
16:09:04 [exec] 13263 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Spider - GraphQL Spider Integration
16:09:04 [exec] 13264 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Import - Allows you to spider and import OpenAPI (Swagger) definitions
16:09:04 [exec] 13269 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Automation - OpenAPI Automation Framework Integration
16:09:04 [exec] 13273 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Form Handler - OpenAPI Form Handler Integration
16:09:04 [exec] 13273 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Spider - OpenAPI Spider Integration
16:09:04 [exec] 13279 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - Release status active scan rules
16:09:05 [exec] 13285 [ZAP-daemon] WARN org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - This ZAP installation is over a year old - its probably very out of date
16:09:07 [exec] 15394 [ZAP-daemon] INFO org.flywaydb.core.internal.license.VersionPrinter - Flyway Community Edition 9.4.0 by Redgate
16:09:07 [exec] 15394 [ZAP-daemon] INFO org.flywaydb.core.internal.license.VersionPrinter - See what's new here: https://flywaydb.org/documentation/learnmore/releaseNotes#9.4.0
16:09:07 [exec] 15394 [ZAP-daemon] INFO org.flywaydb.core.internal.license.VersionPrinter -
16:09:07 [exec] 15442 [ZAP-daemon] INFO org.flywaydb.core.internal.database.base.BaseDatabaseType - Database: jdbc:hsqldb:file:/var/lib/jenkins/.ZAP/db/permanent (HSQL Database Engine 2.7)
16:09:07 [exec] 15450 [ZAP-daemon] WARN org.flywaydb.core.internal.database.base.Database - Flyway upgrade recommended: HSQLDB 2.7 is newer than this version of Flyway and support has not been tested. The latest supported version of HSQLDB is 2.6.
16:09:07 [exec] 15518 [ZAP-daemon] INFO org.flywaydb.core.internal.command.DbValidate - Successfully validated 1 migration (execution time 00:00.051s)
16:09:07 [exec] 15537 [ZAP-daemon] INFO org.flywaydb.core.internal.command.DbMigrate - Current version of schema "PUBLIC": 1
16:09:07 [exec] 15547 [ZAP-daemon] INFO org.flywaydb.core.internal.command.DbMigrate - Schema "PUBLIC" is up to date. No migration necessary.
16:09:07 [exec] 15568 [ZAP-daemon] INFO org.zaproxy.addon.oast.services.callback.CallbackService - Started callback service on 0.0.0.0:43023
16:09:07 [exec] 15620 [ZAP-daemon] WARN org.zaproxy.addon.network.ExtensionNetwork - ZAP's Root CA certificate has expired as of Wed Nov 29 07:57:36 CET 2023 (now: Sat Apr 27 16:09:07 CEST 2024).
16:09:07 [exec] You should regenerate it and re-install it in your browsers.
16:09:07 [exec] Regenerate the certificate and go to the relevant options screen now?
16:09:08 [exec] 16706 [ZAP-daemon] INFO org.parosproxy.paros.control.Control - New session file created: /tmp/goway-dynamic-analysis/session.session
16:09:09 [exec] 17307 [ZAP-daemon] INFO org.zaproxy.addon.network.ExtensionNetwork - ZAP is now listening on 127.0.0.1:8280
16:09:21 [exec] Rilevato ZAP Proxy avviato: tcp6 0 0 127.0.0.1:8280 :::* LISTEN 28352/java
16:09:21 [exec] (Not all processes could be identified, non-owned process info
16:09:21 [exec] will not be shown, you would have to be root to see it all.)
16:09:21
16:09:21 -analizeOpenAPI:
16:09:21 [echo] OpenAPI Api Key: 'govway-test_20240427_160851410'
16:09:22 [java] Open URL: http://zap/xml/context/action/newContext/?contextName=govway-test_20240427_160851410-1542160029&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/context/view/context/?contextName=govway-test_20240427_160851410-1542160029&apikey=govway-test_20240427_160851410&
16:09:23 [java] ContextName: govway-test_20240427_160851410-1542160029
16:09:23 [java] ContextId: 2
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-pdf&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-pdf&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-html&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=modern&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=modern&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=high-level-report&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=risk-confidence-html&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=risk-confidence-html&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_160851410
16:09:23 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-html-plus&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-html-plus&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/context/action/includeInContext/?contextName=govway-test_20240427_160851410-1542160029®ex=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-config%2Fv1.*&apikey=govway-test_20240427_160851410&
16:09:23 [java] Open URL: http://zap/xml/context/action/setContextInScope/?contextName=govway-test_20240427_160851410-1542160029&apikey=govway-test_20240427_160851410&booleanInScope=true&
16:09:23 [java] Open URL: http://zap/xml/sessionManagement/action/setSessionManagementMethod/?apikey=govway-test_20240427_160851410&methodConfigParams=&methodName=httpAuthSessionManagement&contextId=2&
16:09:23 [java] Open URL: http://zap/xml/openapi/action/importFile/?file=%2Fvar%2Flib%2Fjenkins%2Fworkspace%2FGovWay%2Ftools%2Fzap%2F..%2F..%2Ftools%2Frs%2Fconfig%2Fserver%2Fsrc%2Fschemi%2Fmerge%2Fgovway_rs-api_config.yaml&apikey=govway-test_20240427_160851410&contextId=2&target=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-config%2Fv1%2F&
16:11:47 [exec] 153443 [ZAP-PassiveScan-2] WARN org.zaproxy.zap.extension.pscan.PassiveScanTask - Passive Scan rule Parameter Scanner took 7 seconds to scan http://127.0.0.1:8080/govway/SOGGETTO/api-config/v1/api/nome/1/risorse?profilo=APIGateway&soggetto=ENTE&q=q&limit=10&offset=0&http_method=Qualsiasi application/problem+json 120
16:18:52 [echo] Execute '-analizeOpenAPI' failed
16:18:53 [exec] Result: 143
16:18:55 [java] org.zaproxy.clientapi.core.ClientApiException: java.net.SocketException: Unexpected end of file from server
16:18:55 [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:194)
16:18:55 [java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:861)
16:18:55 [java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:231)
16:18:55 [java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:135)
16:18:55 [java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:108)
16:18:55 [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
16:18:55 [java] at jdk.internal.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
16:18:55 [java] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
16:18:55 [java] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
16:18:55 [java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99)
16:18:55 [java] at org.apache.tools.ant.Task.perform(Task.java:350)
16:18:55 [java] at org.apache.tools.ant.Target.execute(Target.java:449)
16:18:55 [java] at org.apache.tools.ant.Target.performTasks(Target.java:470)
16:18:55 [java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1391)
16:18:55 [java] at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:36)
16:18:55 [java] at org.apache.tools.ant.Project.executeTargets(Project.java:1254)
16:18:55 [java] at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:437)
16:18:55 [java] at org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:106)
16:18:55 [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
16:18:55 [java] at jdk.internal.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
16:18:55 [java] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
16:18:55 [java] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
16:18:55 [java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99)
16:18:55 [java] at org.apache.tools.ant.Task.perform(Task.java:350)
16:18:55 [java] at java.base/java.util.Vector.forEach(Vector.java:1388)
16:18:55 [java] at org.apache.tools.ant.taskdefs.Sequential.execute(Sequential.java:67)
16:18:55 [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
16:18:55 [java] at jdk.internal.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
16:18:55 [java] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
16:18:55 [java] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
16:18:55 [java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99)
16:18:55 [java] at org.apache.tools.ant.Task.perform(Task.java:350)
16:18:55 [java] at org.apache.tools.ant.taskdefs.Parallel$TaskRunnable.run(Parallel.java:454)
16:18:55 [java] at java.base/java.lang.Thread.run(Thread.java:829)
16:18:55 [java] Caused by: org.zaproxy.clientapi.core.ClientApiException: java.net.SocketException: Unexpected end of file from server
16:18:55 [java] at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:385)
16:18:55 [java] at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:369)
16:18:55 [java] at org.zaproxy.clientapi.gen.Openapi.importFile(Openapi.java:54)
16:18:55 [java] at org.openspcoop2.testsuite.zap.OpenAPI.main(OpenAPI.java:84)
16:18:55 [java] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:18:55 [java] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
16:18:55 [java] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
16:18:55 [java] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
16:18:55 [java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:218)
16:18:55 [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:155)
16:18:55 [java] ... 33 more
16:18:55 [java] Caused by: java.net.SocketException: Unexpected end of file from server
16:18:55 [java] at java.base/sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:866)
16:18:55 [java] at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:689)
16:18:55 [java] at java.base/sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:863)
16:18:55 [java] at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:689)
16:18:55 [java] at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1615)
16:18:55 [java] at java.base/sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1512)
16:18:55 [java] at java.base/sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1510)
16:18:55 [java] at java.base/java.security.AccessController.doPrivileged(Native Method)
16:18:55 [java] at java.base/java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:795)
16:18:55 [java] at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509)
16:18:55 [java] at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
16:18:55 [java] at org.zaproxy.clientapi.core.ClientApi.getConnectionInputStream(ClientApi.java:418)
16:18:55 [java] at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:383)
16:18:55 [java] ... 42 more
16:18:55 [java] Java Result: -1
16:18:55 [exec] Processo non attivo ?
16:18:59
16:18:59 -analizeGovWayAPI:
16:18:59 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/tools/zap/reports/api-monitor
16:19:02
16:19:02 analizeOpenAPI:
16:19:04
16:19:04 -checkZapProxyHome:
16:19:04
16:19:04 clean:
16:19:04 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/tools/zap/build
16:19:04
16:19:04 init:
16:19:04 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/tools/zap/build
16:19:04
16:19:04 build:
16:19:04 [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/tools/zap/build
16:19:20
16:19:20 -executeZap:
16:19:20 [exec] Result: 1
16:19:20
16:19:20 -runZapProxy:
16:19:20 [echo] Run ZAP Api Key: 'govway-test_20240427_161920374'
16:19:20 [exec] Svuota sessione '/tmp/goway-dynamic-analysis'
16:19:20 [exec] Execute: /opt/openjdk-11.0.12_7//bin/java -classpath /opt/zaproxy/ZAP_2.12.0/*:/opt/zaproxy/ZAP_2.12.0/lib/* org.zaproxy.zap.ZAP -daemon -newsession /tmp/goway-dynamic-analysis/session -config session=/tmp/goway-dynamic-analysis/session -config api.key=govway-test_20240427_161920374 -config port=8280 -config host=127.0.0.1 -port 8280 -host 127.0.0.1
16:19:23 [exec] Defaulting ZAP install dir to /opt/zaproxy/ZAP_2.12.0
16:19:23 [exec] 2712 [main] INFO org.zaproxy.zap.DaemonBootstrap - OWASP ZAP 2.12.0 started 27/04/2024, 16:19:23 with home /var/lib/jenkins/.ZAP/
16:19:23 [exec] 2884 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config session = /tmp/goway-dynamic-analysis/session was /tmp/goway-dynamic-analysis/session
16:19:23 [exec] 2884 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config api.key = govway-test_20240427_161920374 was govway-test_20240427_160719650
16:19:23 [exec] 2885 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config port = 8280 was 8280
16:19:23 [exec] 2885 [main] INFO org.parosproxy.paros.common.AbstractParam - Setting config host = 127.0.0.1 was 127.0.0.1
16:19:26 [exec] 5014 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Installed add-ons: [[id=alertFilters, version=16.0.0], [id=ascanrules, version=55.0.0], [id=automation, version=0.29.0], [id=bruteforce, version=13.0.0], [id=callhome, version=0.6.0], [id=commonlib, version=1.14.0], [id=database, version=0.1.0], [id=diff, version=12.0.0], [id=directorylistv1, version=5.0.0], [id=domxss, version=15.0.0], [id=encoder, version=1.1.0], [id=exim, version=0.5.0], [id=formhandler, version=6.3.0], [id=fuzz, version=13.9.0], [id=gettingStarted, version=14.0.0], [id=graaljs, version=0.3.0], [id=graphql, version=0.17.0], [id=help, version=15.0.0], [id=hud, version=0.16.0], [id=invoke, version=12.0.0], [id=network, version=0.9.0], [id=oast, version=0.15.0], [id=onlineMenu, version=10.0.0], [id=openapi, version=34.0.0], [id=pscanrules, version=49.0.0], [id=quickstart, version=37.0.0], [id=replacer, version=12.0.0], [id=reports, version=0.22.0], [id=requester, version=7.2.0], [id=retest, version=0.5.0], [id=retire, version=0.23.0], [id=reveal, version=5.0.0], [id=scripts, version=38.0.0], [id=selenium, version=15.12.1], [id=soap, version=17.0.0], [id=spider, version=0.4.0], [id=spiderAjax, version=23.14.1], [id=tips, version=10.0.0], [id=webdriverlinux, version=56.0.0], [id=websocket, version=28.0.0], [id=zest, version=38.0.0]]
16:19:26 [exec] 5016 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Loading extensions
16:19:28 [exec] 7215 [ZAP-daemon] INFO org.zaproxy.addon.network.internal.TlsUtils - Using supported SSL/TLS protocols: [TLSv1.2, TLSv1.3]
16:19:28 [exec] 7708 [ZAP-daemon] INFO org.zaproxy.zap.control.ExtensionFactory - Extensions loaded
16:19:29 [exec] 8514 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Auto-update Extension - Allows ZAP to check for updates
16:19:29 [exec] 8525 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Options Extension - Options Extension
16:19:29 [exec] 8525 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Edit Menu Extension - Edit Menu Extension
16:19:29 [exec] 8526 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing API Extension - Provides a rest based API for controlling and accessing ZAP
16:19:29 [exec] 8545 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing History Extension - History Extension
16:19:29 [exec] 8550 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionReveal - Show hidden fields and enable disabled fields
16:19:29 [exec] 8551 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Search Extension - Search messages for strings and regular expressions
16:19:29 [exec] 8555 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Breakpoint Extension - Allows you to intercept and modify requests and responses
16:19:29 [exec] 8562 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Extension - Passive scanner
16:19:29 [exec] 8776 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Script Passive Scan Rules
16:19:29 [exec] 8776 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Stats Passive Scan Rule
16:19:29 [exec] 8777 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Anti-clickjacking Header
16:19:29 [exec] 8777 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Application Error Disclosure
16:19:29 [exec] 8777 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Big Redirect Detected (Potential Sensitive Information Leak)
16:19:29 [exec] 8777 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Re-examine Cache-control Directives
16:19:29 [exec] 8777 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Charset Mismatch
16:19:29 [exec] 8777 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content Security Policy (CSP) Header Not Set
16:19:29 [exec] 8777 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: CSP
16:19:29 [exec] 8778 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Content-Type Header Missing
16:19:29 [exec] 8778 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie No HttpOnly Flag
16:19:29 [exec] 8778 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Loosely Scoped Cookie
16:19:29 [exec] 8778 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie without SameSite Attribute
16:19:29 [exec] 8778 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Without Secure Flag
16:19:29 [exec] 8778 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain Misconfiguration
16:19:29 [exec] 8778 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cross-Domain JavaScript Source File Inclusion
16:19:29 [exec] 8779 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Absence of Anti-CSRF Tokens
16:19:29 [exec] 8779 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Directory Browsing
16:19:29 [exec] 8779 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Hash Disclosure
16:19:29 [exec] 8779 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Heartbleed OpenSSL Vulnerability (Indicative)
16:19:29 [exec] 8779 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Private IP Disclosure
16:19:29 [exec] 8779 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Session ID in URL Rewrite
16:19:29 [exec] 8780 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Debug Error Messages
16:19:29 [exec] 8780 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in URL
16:19:29 [exec] 8780 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Sensitive Information in HTTP Referrer Header
16:19:29 [exec] 8780 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Information Disclosure - Suspicious Comments
16:19:29 [exec] 8780 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Weak Authentication Method
16:19:29 [exec] 8780 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP to HTTPS Insecure Transition in Form Post
16:19:29 [exec] 8780 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTPS to HTTP Insecure Transition in Form Post
16:19:29 [exec] 8781 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Insecure JSF ViewState
16:19:29 [exec] 8781 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Reverse Tabnabbing
16:19:29 [exec] 8781 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Secure Pages Include Mixed Content
16:19:29 [exec] 8781 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Modern Web Application
16:19:29 [exec] 8781 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: PII Disclosure
16:19:29 [exec] 8782 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Retrieved from Cache
16:19:29 [exec] 8782 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: HTTP Server Response Header
16:19:29 [exec] 8782 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Strict-Transport-Security Header
16:19:29 [exec] 8782 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Timestamp Disclosure
16:19:29 [exec] 8782 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable Charset
16:19:29 [exec] 8782 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Cookie Poisoning
16:19:29 [exec] 8783 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable HTML Element Attribute (Potential XSS)
16:19:29 [exec] 8783 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: User Controllable JavaScript Event (XSS)
16:19:29 [exec] 8783 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Open Redirect
16:19:29 [exec] 8783 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Username Hash Found
16:19:29 [exec] 8783 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Viewstate
16:19:29 [exec] 8784 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-AspNet-Version Response Header
16:19:29 [exec] 8784 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Backend-Server Header Information Leak
16:19:29 [exec] 8784 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-ChromeLogger-Data (XCOLD) Header Information Leak
16:19:29 [exec] 8784 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Content-Type-Options Header Missing
16:19:29 [exec] 8784 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: X-Debug-Token Information Leak
16:19:29 [exec] 8784 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
16:19:29 [exec] 8785 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: WSDL File Detection
16:19:29 [exec] 8785 [ZAP-daemon] INFO org.zaproxy.zap.extension.pscan.ExtensionPassiveScan - loaded passive scan rule: Vulnerable JS Library (Powered by Retire.js)
16:19:30 [exec] 9130 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Alerts Extension - Allows you to view and manage alerts
16:19:30 [exec] 9133 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Extension - Active scanner, heavily based on the original Paros active scanner, but with additional tests added
16:19:30 [exec] 9163 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Standard Menus Extension - A set of common popup menus for miscellaneous tasks
16:19:30 [exec] 9163 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionBruteForce - Forced browsing of files and directories using code from the OWASP DirBuster tool
16:19:30 [exec] 9167 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Compare Extension - Compares 2 sessions and generates an HTML file showing the differences
16:19:30 [exec] 9167 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionInvoke - Invoke external applications passing context related information such as URLs and parameters
16:19:30 [exec] 9167 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Anti-CSRF Extension - Handles anti cross site request forgery (CSRF) tokens
16:19:30 [exec] 9173 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authentication Extension - Authentication Extension
16:19:30 [exec] 9215 [ZAP-daemon] INFO org.zaproxy.zap.extension.authentication.ExtensionAuthentication - Loaded authentication method types: [Form-based Authentication, HTTP/NTLM Authentication, Manual Authentication, Script-based Authentication, JSON-based Authentication]
16:19:30 [exec] 9221 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Log4j Extension - Logs errors to the Output tab in development mode only
16:19:30 [exec] 9222 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Users Extension - Users Extension
16:19:30 [exec] 9227 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Parameters Extension - Summarise and analyse FORM and URL parameters as well as cookies
16:19:30 [exec] 9230 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Script Extension - Script integration
16:19:30 [exec] 9240 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionScripts - Scripting console, supports all JSR 223 scripting languages
16:19:30 [exec] 9608 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Forced User Extension - Forced User Extension
16:19:30 [exec] 9609 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Sessions Extension - Extension handling HTTP sessions
16:19:30 [exec] 9623 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionZest - Zest is a specialized scripting language, originally, from Mozilla specifically designed to be used in security tools
16:19:31 [exec] 10331 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDiff - ExtensionDiff
16:19:31 [exec] 10332 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Post Table View Extension - HTTP Panel Post Table View Extension
16:19:31 [exec] 10333 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Encoder Addon - Adds support for scriptable encoders to ZAP.
16:19:31 [exec] 10334 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Session Management Extension - Session Management Extension
16:19:31 [exec] 10354 [ZAP-daemon] INFO org.zaproxy.zap.extension.sessions.ExtensionSessionManagement - Loaded session management method types: [Cookie-based Session Management, HTTP Authentication Session Management, Script-based Session Management]
16:19:31 [exec] 10355 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Form Table View Extension - HTTP Panel Form Table View Extension
16:19:31 [exec] 10355 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSockets Support - Capture messages from WebSockets with the ability to set breakpoints.
16:19:31 [exec] 10394 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP/WSDL Support - Allows you to import a WSDL file containing operations which ZAP will access, adding them to the Sites tree.
16:19:31 [exec] 10395 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Core UI Extension - Core UI related functionality.
16:19:31 [exec] 10396 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Authorization Extension - Authorization Extension
16:19:31 [exec] 10396 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Requester - Allows to manually edit and send messages.
16:19:31 [exec] 10406 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing AJAX Spider - AJAX Spider, uses Crawljax
16:19:31 [exec] 10413 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebDriver Provider - Provides WebDrivers to control several browsers using Selenium and includes HtmlUnit browser.
16:19:31 [exec] 10458 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Global Exclude URLs Extension - Handles adding Global Excluded URLs
16:19:31 [exec] 10464 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Refresh Sites Tree Extension - Adds menu item to refresh the Sites tree
16:19:31 [exec] 10466 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Help Extension - OWASP ZAP User Guide
16:19:31 [exec] 10466 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Call Home - Handles all of the calls to ZAP services
16:19:31 [exec] 10473 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Network Extension - Provides core networking capabilities.
16:19:32 [exec] 11476 [ZAP-daemon] INFO org.zaproxy.addon.network.ConnectionOptions - Unsafe SSL/TLS renegotiation disabled.
16:19:32 [exec] 11479 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Extension Configuration Extension - Allows you to configure which extensions are loaded when ZAP starts
16:19:32 [exec] 11481 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Combined HTTP Panels Extension - Combined HTTP Panels Extension
16:19:32 [exec] 11481 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Hex View Extension - HTTP Panel Hex View Extension
16:19:32 [exec] 11482 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Image View Extension - HTTP Panel Image View Extension
16:19:32 [exec] 11482 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Query Table View Extension - HTTP Panel Query Table View Extension
16:19:32 [exec] 11482 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Panel Syntax Highlighter View Extension - HTTP Panel Syntax Highlighter View Extension
16:19:32 [exec] 11484 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Keyboard Configuration Extension - Adds support for configurable keyboard shortcuts for all of the ZAP menus.
16:19:32 [exec] 11484 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scanner Rule Configuration Extension - Active and passive rule configuration
16:19:32 [exec] 11490 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Statistics Extension - Statistics
16:19:32 [exec] 11494 [ZAP-daemon] INFO org.zaproxy.zap.extension.stats.ExtensionStats - Start recording in memory stats
16:19:32 [exec] 11499 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Custom Pages Extension - Custom Pages Definition
16:19:32 [exec] 11500 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionGettingStarted - The ZAP Getting Started Guide
16:19:32 [exec] 11501 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraalVM JavaScript Engine Extension - Provides the GraalVM JavaScript engine for ZAP scripting.
16:19:33 [exec] 12451 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionOnlineMenu - The Online menu links
16:19:33 [exec] 12453 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionTipsAndTricks - Tips and Tricks
16:19:33 [exec] 12454 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Ajax Spider Automation - Ajax Spider Automation Framework Integration
16:19:33 [exec] 12485 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Passive Scan Rules - Release status passive scan rules
16:19:33 [exec] 12485 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSocket Fuzzer - Allows to fuzz WebSocket messages.
16:19:33 [exec] 12486 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing WebSocket Message Editor - Provides the WebSocket Message Editor dialogues.
16:19:33 [exec] 12488 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Match and Replace - Easy way to replace strings in requests and responses
16:19:33 [exec] 12511 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Retest - Facilitates the verification of presence/absence of certain alerts.
16:19:33 [exec] 12512 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Advance Fuzzer - Provides the foundation for concrete message types (for example, HTTP, WebSockets) expose fuzzer implementations.
16:19:33 [exec] 12529 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing HTTP Fuzzer - Allows to fuzz HTTP messages.
16:19:33 [exec] 12529 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUD - Heads Up Display
16:19:34 [exec] 13271 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionHUDlaunch - ExtensionHUDlaunch
16:19:34 [exec] 13272 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider Extension - Spider used for automatically finding URIs on a site.
16:19:34 [exec] 13378 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider Automation - Spider Automation Integration
16:19:34 [exec] 13392 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Spider Form Handler - Spider Form Handler Integration
16:19:34 [exec] 13398 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionDomXSS - DOM XSS Active Scan Rule
16:19:34 [exec] 13677 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionFormHandler - This extension allows a user to change the default values used for generated content (e.g. spiders, importers).
16:19:34 [exec] 13678 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Automation Framework - Provides functionality to simplify using ZAP in an automated manner
16:19:34 [exec] 13687 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Automation - SOAP Automation Framework Integration
16:19:34 [exec] 13689 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Form Handler - SOAP Form Handler Integration
16:19:34 [exec] 13690 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing SOAP Spider - SOAP Spider Integration
16:19:34 [exec] 13690 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Common Library - A library of shared functionality
16:19:34 [exec] 13697 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Out-of-band Application Security Testing - Adds Out-of-band Application Security Testing functionality.
16:19:34 [exec] 13738 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OAST Scripts - Adds OAST scripts.
16:19:34 [exec] 13738 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start panel - Adds the Quick Start panel for scanning and exploring applications
16:19:34 [exec] 13749 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Ajax Spider integration - Add the option to use the Ajax Spider in the Quick Start scan
16:19:34 [exec] 13749 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start HUD Integration - HUD integration for the quick start panel
16:19:34 [exec] 13750 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Browser Launcher - Launch browsers preset proxying through ZAP
16:19:34 [exec] 13750 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Quick Start Spider Integration - Adds the option to use the traditional Spider in the Quick Start scan.
16:19:34 [exec] 13770 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Scripts Automation Framework Integration - Scripts Automation
16:19:34 [exec] 13805 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Import/Export - Import and Export functionality supporting multiple formats.
16:19:34 [exec] 13806 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Import/Export Automation - Import/Export Automation Framework Integration
16:19:34 [exec] 13820 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionAlertFilters - Context alert rules filter
16:19:34 [exec] 13836 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Alert Filters Automation - Alert Filters Automation Framework Integration
16:19:34 [exec] 13847 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generator - Templated and themed report generation functionality
16:19:34 [exec] 13860 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Report Generation Automation Integration - Report Generation Automation Integration
16:19:34 [exec] 13888 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing ExtensionGraphQl - Allows you to inspect and attack GraphQL endpoints.
16:19:34 [exec] 13929 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Automation - GraphQL Automation Framework Integration
16:19:34 [exec] 13933 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Form Handler - GraphQL Form Handler Integration
16:19:34 [exec] 13934 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing GraphQL Spider - GraphQL Spider Integration
16:19:34 [exec] 13936 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Import - Allows you to spider and import OpenAPI (Swagger) definitions
16:19:34 [exec] 13944 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Automation - OpenAPI Automation Framework Integration
16:19:34 [exec] 13949 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Form Handler - OpenAPI Form Handler Integration
16:19:34 [exec] 13950 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing OpenAPI Spider - OpenAPI Spider Integration
16:19:34 [exec] 13964 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader - Initializing Active Scan Rules - Release status active scan rules
16:19:34 [exec] 13968 [ZAP-daemon] WARN org.zaproxy.zap.extension.autoupdate.ExtensionAutoUpdate - This ZAP installation is over a year old - its probably very out of date
16:20:00 [exec] 33962 [ZAP-daemon] INFO org.flywaydb.core.internal.license.VersionPrinter - Flyway Community Edition 9.4.0 by Redgate
16:20:01 [exec] 33973 [ZAP-daemon] INFO org.flywaydb.core.internal.license.VersionPrinter - See what's new here: https://flywaydb.org/documentation/learnmore/releaseNotes#9.4.0
16:20:01 [exec] 33973 [ZAP-daemon] INFO org.flywaydb.core.internal.license.VersionPrinter -
16:20:01 [exec] 34009 [ZAP-daemon] INFO org.flywaydb.core.internal.database.base.BaseDatabaseType - Database: jdbc:hsqldb:file:/var/lib/jenkins/.ZAP/db/permanent (HSQL Database Engine 2.7)
16:20:01 [exec] 34016 [ZAP-daemon] WARN org.flywaydb.core.internal.database.base.Database - Flyway upgrade recommended: HSQLDB 2.7 is newer than this version of Flyway and support has not been tested. The latest supported version of HSQLDB is 2.6.
16:20:01 [exec] 36599 [ZAP-daemon] INFO org.flywaydb.core.internal.command.DbValidate - Successfully validated 1 migration (execution time 00:02.543s)
16:20:01 [exec] 36613 [ZAP-daemon] INFO org.flywaydb.core.internal.command.DbMigrate - Current version of schema "PUBLIC": 1
16:20:01 [exec] 36614 [ZAP-daemon] INFO org.flywaydb.core.internal.command.DbMigrate - Schema "PUBLIC" is up to date. No migration necessary.
16:20:01 [exec] 36761 [ZAP-daemon] INFO org.zaproxy.addon.oast.services.callback.CallbackService - Started callback service on 0.0.0.0:33079
16:20:21 [exec] (Not all processes could be identified, non-owned process info
16:20:21 [exec] will not be shown, you would have to be root to see it all.)
16:21:06 [exec] 97505 [ZAP-daemon] WARN org.zaproxy.addon.network.ExtensionNetwork - ZAP's Root CA certificate has expired as of Wed Nov 29 07:57:36 CET 2023 (now: Sat Apr 27 16:20:58 CEST 2024).
16:21:06 [exec] You should regenerate it and re-install it in your browsers.
16:21:06 [exec] Regenerate the certificate and go to the relevant options screen now?
16:21:28 [exec] 107093 [ZAP-daemon] INFO org.parosproxy.paros.control.Control - New session file created: /tmp/goway-dynamic-analysis/session.session
16:21:28 [exec] (Not all processes could be identified, non-owned process info
16:21:28 [exec] will not be shown, you would have to be root to see it all.)
16:21:28 [exec] 127134 [ZAP-daemon] INFO org.zaproxy.addon.network.ExtensionNetwork - ZAP is now listening on 127.0.0.1:8280
16:21:45 [exec] (Not all processes could be identified, non-owned process info
16:21:45 [exec] will not be shown, you would have to be root to see it all.)
16:21:45 [exec] Rilevato ZAP Proxy avviato: tcp6 0 0 127.0.0.1:8280 :::* LISTEN 28925/java
16:21:54
16:21:54 -analizeOpenAPI:
16:21:54 [echo] OpenAPI Api Key: 'govway-test_20240427_161920374'
16:22:55 [java] Open URL: http://zap/xml/context/action/newContext/?contextName=govway-test_20240427_16192037491799816&apikey=govway-test_20240427_161920374&
16:23:18 [java] Open URL: http://zap/xml/context/view/context/?contextName=govway-test_20240427_16192037491799816&apikey=govway-test_20240427_161920374&
16:23:24 [java] ContextName: govway-test_20240427_16192037491799816
16:23:24 [java] ContextId: 2
16:23:24 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-pdf&apikey=govway-test_20240427_161920374&
16:23:37 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-pdf&apikey=govway-test_20240427_161920374&
16:23:37 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-html&apikey=govway-test_20240427_161920374&
16:23:37 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=modern&apikey=govway-test_20240427_161920374&
16:23:37 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=modern&apikey=govway-test_20240427_161920374&
16:23:37 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=high-level-report&apikey=govway-test_20240427_161920374&
16:23:37 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=risk-confidence-html&apikey=govway-test_20240427_161920374&
16:23:37 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=risk-confidence-html&apikey=govway-test_20240427_161920374&
16:23:37 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templates/?apikey=govway-test_20240427_161920374
16:23:37 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-html-plus&apikey=govway-test_20240427_161920374&
16:23:37 [java] Open URL: http://zap/xml/reports/view/templateDetails/?template=traditional-html-plus&apikey=govway-test_20240427_161920374&
16:23:37 [java] Open URL: http://zap/xml/context/action/includeInContext/?contextName=govway-test_20240427_16192037491799816®ex=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-monitor%2Fv1.*&apikey=govway-test_20240427_161920374&
16:23:37 [java] Open URL: http://zap/xml/context/action/setContextInScope/?contextName=govway-test_20240427_16192037491799816&apikey=govway-test_20240427_161920374&booleanInScope=true&
16:23:38 [java] Open URL: http://zap/xml/sessionManagement/action/setSessionManagementMethod/?apikey=govway-test_20240427_161920374&methodConfigParams=&methodName=httpAuthSessionManagement&contextId=2&
16:23:38 [java] Open URL: http://zap/xml/openapi/action/importFile/?file=%2Fvar%2Flib%2Fjenkins%2Fworkspace%2FGovWay%2Ftools%2Fzap%2F..%2F..%2Ftools%2Frs%2Fmonitor%2Fserver%2Fsrc%2Fschemi%2Fmerge%2Fgovway_rs-api_monitor.yaml&apikey=govway-test_20240427_161920374&contextId=2&target=http%3A%2F%2F127.0.0.1%3A8080%2Fgovway%2FSOGGETTO%2Fapi-monitor%2Fv1%2F&
16:26:42 [exec] 437236 [ZAP-PassiveScan-1] WARN org.zaproxy.zap.extension.pscan.PassiveScanTask - Passive Scan rule Parameter Scanner took 6 seconds to scan http://127.0.0.1:8080/govway/SOGGETTO/api-monitor/v1/monitoraggio/transazioni/id-applicativo?profilo=APIGateway&soggetto=ENTE application/problem+json 1252
16:27:28 [exec] 485497 [ZAP-PassiveScan-4] WARN org.zaproxy.zap.extension.pscan.PassiveScanTask - Passive Scan rule Application Error Disclosure took 5 seconds to scan http://127.0.0.1:8080/govway/SOGGETTO/api-monitor/v1/monitoraggio/eventi?offset=0&limit=10&data_inizio=data_inizio&data_fine=data_fine&severita=fatal&tipo=tipo&codice=codice&origine=origine&ricerca_esatta=true&case_sensitive=true application/problem+json 471
16:27:28 [exec] 485503 [ZAP-PassiveScan-3] WARN org.zaproxy.zap.extension.pscan.PassiveScanTask - Passive Scan rule Application Error Disclosure took 5 seconds to scan http://127.0.0.1:8080/govway/SOGGETTO/api-monitor/v1/monitoraggio/transazioni/f54d8638-79f5-45db-878a-82d858ba128e application/problem+json 223
16:34:14 [echo] Execute '-analizeOpenAPI' failed
16:34:15 [exec] 601166 [ZAP-Import-OpenAPI-1] WARN org.zaproxy.zap.extension.openapi.ExtensionOpenApi - Failed to access URL: http://127.0.0.1:8080/govway/SOGGETTO/api-monitor/v1/monitoraggio/transazioni?profilo=APIGateway&soggetto=ENTE&offset=0&limit=10&sort=+name&data_inizio=data_inizio&data_fine=data_fine&tipo=fruizione&id_cluster=id_cluster&soggetto_remoto=soggetto_remoto&soggetto_erogatore=soggetto_erogatore&tag=tag&uri_api_implementata=uri_api_implementata&nome_servizio=nome_servizio&tipo_servizio=tipo_servizio&versione_servizio=1&azione=azione&esito=ok&escludi_scartate=false : org.zaproxy.addon.network.common.ZapSocketTimeoutException : Read timed out
16:34:15 [exec] 601219 [ZAP-Import-OpenAPI-1] WARN org.zaproxy.zap.extension.openapi.ExtensionOpenApi - Failed to access URL: http://127.0.0.1:8080/govway/SOGGETTO/api-monitor/v1/monitoraggio/transazioni?profilo=APIGateway&soggetto=ENTE : org.zaproxy.addon.network.common.ZapSocketTimeoutException : Read timed out
16:34:15 [exec] 601219 [ZAP-Import-OpenAPI-1] WARN org.zaproxy.zap.extension.openapi.ExtensionOpenApi - Failed to access URL: http://127.0.0.1:8080/govway/SOGGETTO/api-monitor/v1/monitoraggio/transazioni/id-applicativo?profilo=APIGateway&soggetto=ENTE&offset=0&limit=10&sort=+name&data_inizio=data_inizio&data_fine=data_fine&tipo=fruizione&id_cluster=id_cluster&soggetto_remoto=soggetto_remoto&soggetto_erogatore=soggetto_erogatore&tag=tag&uri_api_implementata=uri_api_implementata&nome_servizio=nome_servizio&tipo_servizio=tipo_servizio&versione_servizio=1&azione=azione&esito=ok&escludi_scartate=false&id_applicativo=id_applicativo&ricerca_esatta=true&case_sensitive=true : org.zaproxy.addon.network.common.ZapSocketTimeoutException : Read timed out
16:34:15 [exec] 601219 [ZAP-Import-OpenAPI-1] WARN org.zaproxy.zap.extension.openapi.ExtensionOpenApi - Failed to access URL: http://127.0.0.1:8080/govway/SOGGETTO/api-monitor/v1/monitoraggio/transazioni/id-applicativo/id?profilo=APIGateway&soggetto=ENTE&offset=0&limit=10&sort=+name&tipo_identificativo=richiesta : org.zaproxy.addon.network.common.ZapSocketTimeoutException : Read timed out
16:34:15 [exec] 601219 [ZAP-Import-OpenAPI-1] WARN org.zaproxy.zap.extension.openapi.ExtensionOpenApi - Failed to access URL: http://127.0.0.1:8080/govway/SOGGETTO/api-monitor/v1/reportistica/configurazione-api?profilo=APIGateway&soggetto=ENTE&tipo=fruizione&offset=0&limit=10 : org.zaproxy.addon.network.common.ZapSocketTimeoutException : Read timed out
16:34:15 [exec] 601219 [ZAP-Import-OpenAPI-1] WARN org.zaproxy.zap.extension.openapi.ExtensionOpenApi - Failed to access URL: http://127.0.0.1:8080/govway/SOGGETTO/api-monitor/v1/status : org.zaproxy.addon.network.common.ZapSocketTimeoutException : Read timed out
16:34:15
16:34:15 BUILD SUCCESSFUL
16:34:15 Total time: 22 minutes 26 seconds
16:34:15 org.apache.tools.ant.ExitException: Permission ("java.lang.RuntimePermission" "exitVM") was not granted.
16:34:15 at org.apache.tools.ant.types.Permissions$MySM.checkExit(Permissions.java:196)
16:34:15 at java.base/java.lang.Runtime.exit(Runtime.java:114)
16:34:15 at java.base/java.lang.System.exit(System.java:1752)
16:34:15 at org.apache.tools.ant.Main.exit(Main.java:251)
16:34:15 at org.apache.tools.ant.Main.startAnt(Main.java:241)
16:34:15 at org.apache.tools.ant.launch.Launcher.run(Launcher.java:284)
16:34:15 at org.apache.tools.ant.launch.Launcher.main(Launcher.java:101)
16:34:15 ant.home: /var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6
16:34:15 Classpath: /var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-launcher.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-antlr.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-apache-bcel.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-apache-bsf.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-apache-log4j.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-apache-oro.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-apache-regexp.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-apache-resolver.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-apache-xalan2.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-commons-logging.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-commons-net.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-imageio.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-jai.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-javamail.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-jdepend.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-jmf.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-jsch.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-junit.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-junit4.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-junitlauncher.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-launcher.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-netrexx.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-swing.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-testutil.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-xz.jar:/var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant.jar
16:34:15 Launcher JAR: /var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib/ant-launcher.jar
16:34:15 Launcher Directory: /var/lib/jenkins/tools/hudson.tasks.Ant_AntInstallation/ant-1.10.6/lib
16:34:15 Exception in thread "main" org.apache.tools.ant.ExitException: Permission ("java.lang.RuntimePermission" "exitVM") was not granted.
16:34:15 at org.apache.tools.ant.types.Permissions$MySM.checkExit(Permissions.java:196)
16:34:15 at java.base/java.lang.Runtime.exit(Runtime.java:114)
16:34:15 at java.base/java.lang.System.exit(System.java:1752)
16:34:15 at org.apache.tools.ant.launch.Launcher.main(Launcher.java:114)
16:34:15 [java] org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused (Connection refused)
16:34:15 [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:194)
16:34:15 [java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:861)
16:34:15 [java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:231)
16:34:15 [java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:135)
16:34:15 [java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:108)
16:34:15 [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
16:34:15 [java] at jdk.internal.reflect.GeneratedMethodAccessor35.invoke(Unknown Source)
16:34:15 [java] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
16:34:15 [java] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
16:34:15 [java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99)
16:34:15 [java] at org.apache.tools.ant.Task.perform(Task.java:350)
16:34:15 [java] at org.apache.tools.ant.Target.execute(Target.java:449)
16:34:15 [java] at org.apache.tools.ant.Target.performTasks(Target.java:470)
16:34:15 [java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1391)
16:34:15 [java] at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:36)
16:34:15 [java] at org.apache.tools.ant.Project.executeTargets(Project.java:1254)
16:34:15 [java] at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:437)
16:34:15 [java] at org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:106)
16:34:15 [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
16:34:15 [java] at jdk.internal.reflect.GeneratedMethodAccessor35.invoke(Unknown Source)
16:34:15 [java] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
16:34:15 [java] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
16:34:15 [java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99)
16:34:15 [java] at org.apache.tools.ant.Task.perform(Task.java:350)
16:34:15 [java] at java.base/java.util.Vector.forEach(Vector.java:1388)
16:34:15 [java] at org.apache.tools.ant.taskdefs.Sequential.execute(Sequential.java:67)
16:34:15 [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
16:34:15 [java] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:34:15 [java] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
16:34:15 [java] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
16:34:15 [java] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
16:34:15 [java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99)
16:34:15 [java] at org.apache.tools.ant.Task.perform(Task.java:350)
16:34:15 [java] at org.apache.tools.ant.taskdefs.Parallel$TaskRunnable.run(Parallel.java:454)
16:34:15 [java] at java.base/java.lang.Thread.run(Thread.java:829)
16:34:15 [java] Caused by: org.zaproxy.clientapi.core.ClientApiException: java.net.ConnectException: Connection refused (Connection refused)
16:34:15 [java] at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:385)
16:34:15 [java] at org.zaproxy.clientapi.core.ClientApi.callApi(ClientApi.java:369)
16:34:15 [java] at org.zaproxy.clientapi.gen.Openapi.importFile(Openapi.java:54)
16:34:15 [java] at org.openspcoop2.testsuite.zap.OpenAPI.main(OpenAPI.java:84)
16:34:15 [java] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:34:15 [java] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
16:34:15 [java] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
16:34:15 [java] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
16:34:15 [java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:218)
16:34:15 [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:155)
16:34:15 [java] ... 34 more
16:34:15 [java] Caused by: java.net.ConnectException: Connection refused (Connection refused)
16:34:15 [java] at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
16:34:15 [java] at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
16:34:15 [java] at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
16:34:15 [java] at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
16:34:15 [java] at java.base/java.net.Socket.connect(Socket.java:609)
16:34:15 [java] at java.base/java.net.Socket.connect(Socket.java:558)
16:34:15 [java] at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:182)
16:34:15 [java] at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474)
16:34:15 [java] at java.base/sun.net.www.http.HttpClient$1.run(HttpClient.java:526)
16:34:15 [java] at java.base/sun.net.www.http.HttpClient$1.run(HttpClient.java:524)
16:34:15 [java] at java.base/java.security.AccessController.doPrivileged(Native Method)
16:34:15 [java] at java.base/sun.net.www.http.HttpClient.privilegedOpenServer(HttpClient.java:523)
16:34:15 [java] at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:564)
16:34:15 [java] at java.base/sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:859)
16:34:15 [java] at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:689)
16:34:15 [java] at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1615)
16:34:15 [java] at java.base/sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1512)
16:34:15 [java] at java.base/sun.net.www.protocol.http.HttpURLConnection$9.run(HttpURLConnection.java:1510)
16:34:15 [java] at java.base/java.security.AccessController.doPrivileged(Native Method)
16:34:15 [java] at java.base/java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:795)
16:34:15 [java] at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509)
16:34:15 [java] at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
16:34:15 [java] at org.zaproxy.clientapi.core.ClientApi.getConnectionInputStream(ClientApi.java:418)
16:34:15 [java] at org.zaproxy.clientapi.core.ClientApi.callApiDom(ClientApi.java:383)
16:34:15 [java] ... 43 more
16:34:15 [java] Java Result: -1
16:34:15 [exec] Processo non attivo ?
16:34:15 [exec] Result: 143
16:34:25 Build step 'Conditional steps (multiple)' marked build as failure
16:34:34 INFO: Processing JUnit
16:34:41 INFO: [JUnit] - 2 test report file(s) were found with the pattern 'tools/rs/*/server/testsuite/risultati-testsuite/TEST-*.xml' relative to '/var/lib/jenkins/workspace/GovWay' for the testing framework 'JUnit'.
16:34:47 INFO: Processing JUnit
16:34:53 INFO: [JUnit] - 16 test report file(s) were found with the pattern 'protocolli/modipa/testsuite/risultati-testsuite/*/TEST-*.xml' relative to '/var/lib/jenkins/workspace/GovWay' for the testing framework 'JUnit'.
16:34:57 INFO: Processing JUnit
16:35:11 INFO: [JUnit] - 164 test report file(s) were found with the pattern 'protocolli/trasparente/testsuite/karate/risultati-testsuite/*/*/TEST-*.xml' relative to '/var/lib/jenkins/workspace/GovWay' for the testing framework 'JUnit'.
16:35:26 INFO: Check 'Failed Tests' threshold.
16:35:27 INFO: The total number of tests for the threshold 'Failed Tests' exceeds the specified "failure threshold" value.
16:35:27 [Checks API] No suitable checks publisher found.
16:35:27 INFO: Setting the build status to FAILURE
16:35:27 TestNG Reports Processing: START
16:35:27 Looking for TestNG results report in workspace using pattern: **/testng-results.xml
16:36:06 Saving reports...
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-1.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-10.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-11.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-12.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-13.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-14.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-15.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-16.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-17.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-18.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-19.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-2.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-20.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-21.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-22.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-23.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-24.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-25.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-26.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-27.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-28.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-29.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-3.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-30.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-31.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-32.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-33.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-34.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-35.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-36.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-37.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-38.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-39.xml'
16:36:08 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-4.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-40.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-41.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-42.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-43.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-44.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-45.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-46.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-47.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-48.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-49.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-5.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-50.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-51.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-52.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-53.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-54.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-55.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-56.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-57.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-58.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-59.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-6.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-60.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-61.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-62.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-63.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-7.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-8.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results-9.xml'
16:36:09 Processing '/var/lib/jenkins/jobs/GovWay/builds/1061/testng/testng-results.xml'
16:36:09 TestNG Reports Processing: FINISH
16:36:09 Collecting Dependency-Check artifact
16:36:09 Parsing file /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.xml
16:36:10 [SpotBugsZed Attack Proxy (ZAP)] Skipping execution of recorder since overall result is 'FAILURE'
16:36:10 Started calculate disk usage of build
16:36:10 Finished Calculation of disk usage of build in 0 seconds
16:36:11 Started calculate disk usage of workspace
16:36:12 Finished Calculation of disk usage of workspace in 1 second
16:36:13 Finished: FAILURE
![[Jenkins]](/govway/static/fe7758f4/images/svgs/logo.svg){kind=logo}
