DAST not recognizing ZAP arguments
Last Friday June, 14th I discovered that -g and -r arguments that came from ZAP Baseline and ZAP Full Scan are not recognized.
As far as I remember until this commit I had no problems at all.
Besides this was the image I was using locally, before pulling it again:
registry.gitlab.com/gitlab-org/security-products/dast b2547fa74a73 2 weeks ago 2.98GB
Today I ran dast against a dockerized WebGoat:
(registry.gitlab.com/gitlab-org/security-products/dast:latest, image ID 261377f77b51, sha256:812de719a44a037b81327463dda71acf5936b709c3f47bfd709d45d8be1644ca)
docker run --rm -v $(pwd):/zap/wrk/:rw -i registry.gitlab.com/gitlab-org/security-products/dast:latest /analyze -t "http://goat:8080/WebGoat" --auth-url "http://goat:8080/WebGoat/login" --auth-username "sample" --auth-password "sample" --auth-exclude-urls "http://goat:8080/WebGoat/logout" -g gen.conf -r testreport_webgoat.html
I only get gl-dast-report.json.
One more thing: If I execute zap-baseline.py or zap_baseline_original.py inside the docker image in interactive mode with -r there is no problem at all,
but ...
If I run /analyze -t "http://goat:8080/WebGoat" -r "report.html" a message is displayed:
-r: not found
Could it be that this latest commit on analyze file changed some of its initial behaviour?