AJAX Spider - 'Namespace for prefix 'xlink' has not been declared' error when crawling

[acardnell-intruder]

Describe the bug

I'm seeing this error a lot in the logs when crawling testphp.vulnweb.com with the AJAX spider and Chrome.

ERROR:  'Namespace for prefix 'xlink' has not been declared.'
871172 [pool-2-thread-4] WARN  com.crawljax.browser.WebDriverBackedEmbeddedBrowser - Could not get the dom
com.crawljax.core.CrawljaxException: Could not tranform the DOM
        at com.crawljax.util.DomUtils.getDocumentToString(DomUtils.java:253) ~[spiderAjax-release-23.18.0.zap:?]
        at com.crawljax.browser.WebDriverBackedEmbeddedBrowser.getStrippedDom(WebDriverBackedEmbeddedBrowser.java:394) [spiderAjax-release-23.18.0.zap:?]
        at com.crawljax.forms.FormHandler.getFormInputs(FormHandler.java:164) [spiderAjax-release-23.18.0.zap:?]
        at com.crawljax.core.Crawler.handleInputElements(Crawler.java:209) [spiderAjax-release-23.18.0.zap:?]
        at com.crawljax.core.Crawler.follow(Crawler.java:154) [spiderAjax-release-23.18.0.zap:?]
        at com.crawljax.core.Crawler.execute(Crawler.java:128) [spiderAjax-release-23.18.0.zap:?]
        at com.crawljax.core.CrawlTaskConsumer.handleTask(CrawlTaskConsumer.java:79) [spiderAjax-release-23.18.0.zap:?]
        at com.crawljax.core.CrawlTaskConsumer.pollAndHandleCrawlTasks(CrawlTaskConsumer.java:71) [spiderAjax-release-23.18.0.zap:?]
        at com.crawljax.core.CrawlTaskConsumer.call(CrawlTaskConsumer.java:47) [spiderAjax-release-23.18.0.zap:?]
        at com.crawljax.core.CrawlTaskConsumer.call(CrawlTaskConsumer.java:16) [spiderAjax-release-23.18.0.zap:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
        at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: javax.xml.transform.TransformerException: java.lang.RuntimeException: Namespace for prefix 'xlink' has not been declared.
        at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:784) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:371) ~[?:?]
        at com.crawljax.util.DomUtils.getDocumentToString(DomUtils.java:250) ~[spiderAjax-release-23.18.0.zap:?]
        ... 13 more
Caused by: java.lang.RuntimeException: Namespace for prefix 'xlink' has not been declared.
        at com.sun.org.apache.xml.internal.serializer.SerializerBase.getNamespaceURI(SerializerBase.java:784) ~[?:?]
        at com.sun.org.apache.xml.internal.serializer.SerializerBase.addAttribute(SerializerBase.java:379) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.DOM2TO.parse(DOM2TO.java:200) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.DOM2TO.parse(DOM2TO.java:229) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.DOM2TO.parse(DOM2TO.java:229) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.DOM2TO.parse(DOM2TO.java:229) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.DOM2TO.parse(DOM2TO.java:229) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.DOM2TO.parse(DOM2TO.java:229) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.DOM2TO.parse(DOM2TO.java:229) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.DOM2TO.parse(DOM2TO.java:229) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.DOM2TO.parse(DOM2TO.java:229) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.DOM2TO.parse(DOM2TO.java:134) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.DOM2TO.parse(DOM2TO.java:96) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transformIdentity(TransformerImpl.java:713) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:775) ~[?:?]
        at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:371) ~[?:?]
        at com.crawljax.util.DomUtils.getDocumentToString(DomUtils.java:250) ~[spiderAjax-release-23.18.0.zap:?]
        ... 13 more

The crawler itself seems to continue though and find URLs, despite the error.

Edit: Also seeing this error when crawling https://demo.testfire.net as well.

Steps to reproduce the behavior

I'm using the ZAP Python API and a custom Dockerfile to use Chrome that looks like this:

ARG ZAP_VERSION=20240304

FROM --platform=linux/amd64 softwaresecurityproject/zap-stable:${ZAP_VERSION}

ARG CHROME_VERSION=122.0.6261.94-1

USER root

RUN apt-get update && \
    wget -q https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${CHROME_VERSION}_amd64.deb && \
    apt-get install -y ./google-chrome-stable_${CHROME_VERSION}_amd64.deb && \
    rm -rf /var/lib/apt/lists/*

USER zap

However, I've confirmed this is happening with Firefox as well.

Expected behavior

I'm unsure whether this is an issue or just a normal part of scanning but I don't remember seeing this error before - I tested and can confirm I'm seeing this with Firefox as well. The fact it flags it as an ERROR suggested it isn't expected behaviour.

Software versions

ZAP Docker version: 20240304
ZAP Python API version: 0.1.0

Screenshots

No response

Errors from the zap.log file

No response

Additional context

No response

Would you like to help fix this issue?

• Yes

[droidzcj]

I had the same problem