Skip to content

DAST fails to import jaydebeapi module when run on Red Hat OpenShift

Summary

A GitLab customer is failing to run DAST as the /analyze script fails with the following stack trace:

$ /analyze
 Traceback (most recent call last):
   File "/zap/zap-scan-launcher.py", line 3, in <module>
     from src.dependencies import APIScan, BaselineScan, FullScan, config
   File "/zap/src/dependencies.py", line 16, in <module>
     from src.zap_gateway import AlertsParser, ExcludeRulesConfigurationBuilder, HttpHeadersParser,\
   File "/zap/src/zap_gateway/__init__.py", line 6, in <module>
     from .zaproxy import ZAProxy
   File "/zap/src/zap_gateway/zaproxy.py", line 11, in <module>
     from .zap_database import MessageResultsParser, ZAPDatabase
   File "/zap/src/zap_gateway/zap_database/__init__.py", line 3, in <module>
     from .zap_database import ZAPDatabase
   File "/zap/src/zap_gateway/zap_database/zap_database.py", line 5, in <module>
     from jaydebeapi import Connection, connect
 ModuleNotFoundError: No module named 'jaydebeapi'
 cp: cannot stat '/zap/wrk/*': No such file or directory

Steps to reproduce

Run a DAST scan on Red Hat Openshift. This might error on any Kubernetes environment.

Results of GitLab environment info

The customer is reported to be using the default template and the same image we have (i.e. not custom-built).

The following information has been requested from the customer:

  • The folder /home/zap/.local/lib/python3.8/site-packages/jaydebeapi should exist
  • The folder /home/zap/.local/lib/python3.8/site-packages/JayDeBeApi-1.2.3.dist-info should exist
  • Executing pip list should contain JayDeBeApi 1.2.3 in the response
  • Executing python -c "import sys; print(sys.path)" should output ['', '/usr/lib/python38.zip', '/usr/lib/python3.8', '/usr/lib/python3.8/lib-dynload', '/home/zap/.local/lib/python3.8/site-packages', '/usr/local/lib/python3.8/dist-packages', '/usr/lib/python3/dist-packages']

Next steps / Possible fixes

If the customer confirms that the system path is as expected, then the issue should be tested on a Kubernetes environment. If that passes, an OpenShift trial account could be used to help understand what the problem is.

Edited by Cameron Swords