Jenkins 无法绕过ZAP中的SSL证书验证
我正在使用Jenkins在OWASP ZAP中执行基于表单的身份验证。我有一个网站Jenkins 无法绕过ZAP中的SSL证书验证,jenkins,owasp,zap,Jenkins,Owasp,Zap,我正在使用Jenkins在OWASP ZAP中执行基于表单的身份验证。我有一个网站http://localhost/webui/login 一旦我启动上面的web链接,就会有一个SSL证书身份验证,我必须单击“继续”,然后登录到web 现在我已经在Jenkins中进行了配置,Jenkins尝试启动ZAP守护进程模式并尝试启动spider扫描,但是一旦spider扫描启动,作业就失败了 [ZAP Jenkins Plugin] SPIDER SCAN THE SITE [ https://loca
http://localhost/webui/login[ZAP Jenkins Plugin] SPIDER SCAN THE SITE [ https://localhost/webui ] AS USER [ User ]
9103 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.extension.spider.SpiderThread - Starting spidering scan on Context: SecurityTest at Mon Sep 28 13:02:55 EDT 2020
9108 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Spider initializing...
[ZAP Jenkins Plugin] SPIDER SCAN STATUS [ 0% ]
[ZAP Jenkins Plugin] ALERTS COUNT [ 0 ]
9143 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Starting spider...
9143 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Scan will be performed from the point of view of User: User
9168 [ZAP-SpiderThreadPool-0-thread-1] INFO org.zaproxy.zap.users.User - Authenticating user: User
9323 [ZAP-SpiderThreadPool-0-thread-1] ERROR org.zaproxy.zap.authentication.PostBasedAuthenticationMethodType - Unable to prepare authentication message: Index: 0, Size: 0
java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
at java.util.ArrayList.rangeCheck(Unknown Source)
at java.util.ArrayList.get(Unknown Source)
at org.zaproxy.zap.authentication.PostBasedAuthenticationMethodType$PostBasedAuthenticationMethod.extractParametersFromPostData(PostBasedAuthenticationMethodType.java:458)
at org.zaproxy.zap.authentication.PostBasedAuthenticationMethodType$PostBasedAuthenticationMethod.replaceAntiCsrfTokenValueIfRequired(PostBasedAuthenticationMethodType.java:420)
at org.zaproxy.zap.authentication.PostBasedAuthenticationMethodType$PostBasedAuthenticationMethod.authenticate(PostBasedAuthenticationMethodType.java:339)
at org.zaproxy.zap.users.User.authenticate(User.java:265)
at org.zaproxy.zap.users.User.processMessageToMatchUser(User.java:175)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:581)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:573)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:478)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:448)
at org.zaproxy.zap.spider.SpiderTask.fetchResource(SpiderTask.java:445)
at org.zaproxy.zap.spider.SpiderTask.runImpl(SpiderTask.java:218)
at org.zaproxy.zap.spider.SpiderTask.run(SpiderTask.java:190)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
9328 [ZAP-SpiderThreadPool-0-thread-1] INFO org.zaproxy.zap.users.User - Authentication failed for user: User
9386 [ZAP-SpiderThreadPool-0-thread-2] INFO org.zaproxy.zap.users.User - Authenticating user: User
9447 [ZAP-SpiderThreadPool-0-thread-2] ERROR org.zaproxy.zap.authentication.PostBasedAuthenticationMethodType - Unable to prepare authentication message: Index: 0, Size: 0
java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
at java.util.ArrayList.rangeCheck(Unknown Source)
at java.util.ArrayList.get(Unknown Source)
at org.zaproxy.zap.authentication.PostBasedAuthenticationMethodType$PostBasedAuthenticationMethod.extractParametersFromPostData(PostBasedAuthenticationMethodType.java:458)
at org.zaproxy.zap.authentication.PostBasedAuthenticationMethodType$PostBasedAuthenticationMethod.replaceAntiCsrfTokenValueIfRequired(PostBasedAuthenticationMethodType.java:420)
at org.zaproxy.zap.authentication.PostBasedAuthenticationMethodType$PostBasedAuthenticationMethod.authenticate(PostBasedAuthenticationMethodType.java:339)
at org.zaproxy.zap.users.User.authenticate(User.java:265)
at org.zaproxy.zap.users.User.processMessageToMatchUser(User.java:175)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:581)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:573)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:478)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:448)
at org.zaproxy.zap.spider.SpiderTask.fetchResource(SpiderTask.java:445)
at org.zaproxy.zap.spider.SpiderTask.runImpl(SpiderTask.java:218)
at org.zaproxy.zap.spider.SpiderTask.run(SpiderTask.java:190)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
9448 [ZAP-SpiderThreadPool-0-thread-2] INFO org.zaproxy.zap.users.User - Authentication failed for user: User
9463 [ZAP-SpiderThreadPool-0-thread-2] INFO org.zaproxy.zap.spider.Spider - Spidering process is complete. Shutting down...
9466 [ZAP-SpiderShutdownThread-0] INFO org.zaproxy.zap.extension.spider.SpiderThread - Spider scanning complete: true
[ZAP Jenkins Plugin] AJAX SPIDER ENABLED [ FALSE ]