-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incomplete report for template Risk and Confidence HTML #8460
Comments
I'm seeing the alert details with latest version. Could you provide more details on how to reproduce that? |
I'll see if I can provide some more details. In the mean time, I've found that the Report Generation plugin might not be the one to blame here, as generating the report with 0.26.0 from a session that was persisted with 0.31.0 installed also results in the details missing from the report. [edit] |
This comment has been minimized.
This comment has been minimized.
Please use the ZAP User Group for questions: https://groups.google.com/g/zaproxy-users |
Update: I still have to find the time to come up with a way to reproduce the issue without disclosing too much of our company data. That might take some more days. |
The problem is not with the reports but alerts raised on temporary messages, which get removed when the session is closed. |
If you can use a weekly and enable debug log for |
Did that. The issue persisted. Got a couple of hundred log lines from that class, all about alerts that it found. NullPointerException (60+ times):
On a couple of occasions, the host under test failed to respond, apparently:
A few read timeouts:
Other than that, I didn't see anything interesting in the logs. Support info:
|
No debug entries with |
Check that the `variant` is non-null before attempting to decode the body, as it can be if the extending class sends requests before (indirectly) initializing the `variant`. From logs in zaproxy#8460. Signed-off-by: thc202 <thc202@gmail.com>
Nope, no such entries.
|
Reproduced the issue using Juice Shop application (running on the local host):
|
Can you persist/save the session zip it up and attach it here? |
A reopened session does not reproduce the issue though. |
Oh okay, disregard. |
Describe the bug
When generating a report using the template Risk and Confidence HTML, with all Sections enabled, the generated report does not show any details of the alerts found:
The generated report files are a lot smaller than they used to be (with earlier versions, when the details were included).
Using ZAP 2.14.0, Report Generation plugin 0.31.0.
Reverting to plugin versions bundled with 2.14.0 (by removing the ~/.ZAP/plugin; this reverts Report Generation to 0.26.0) resolves the issue, but as soon as I upgrade plugins to the latest versions, the issue is back.
Steps to reproduce the behavior
Expected behavior
The generated report contains alert details, such as http requests and responses.
Software versions
ZAP
Version: 2.14.0
Installed Add-ons: [[id=alertFilters, version=20.0.0],
[id=ascanrules, version=65.0.0], [id=authhelper,
version=0.12.0], [id=automation, version=0.39.0],
[id=bruteforce, version=15.0.0], [id=callhome,
version=0.11.0], [id=commonlib, version=1.24.0],
[id=database, version=0.3.0], [id=diff, version=14.0.0],
[id=directorylistv1, version=7.0.0], [id=domxss,
version=18.0.0], [id=encoder, version=1.4.0], [id=exim,
version=0.8.0], [id=formhandler, version=6.5.0], [id=fuzz,
version=13.12.0], [id=gettingStarted, version=16.0.0],
[id=graaljs, version=0.6.0], [id=graphql, version=0.23.0],
[id=help, version=17.0.0], [id=hud, version=0.18.0],
[id=invoke, version=14.0.0], [id=network, version=0.15.0],
[id=oast, version=0.17.0], [id=onlineMenu, version=12.0.0],
[id=openapi, version=39.0.0], [id=postman, version=0.3.0],
[id=pscanrules, version=57.0.0], [id=quickstart,
version=46.0.0], [id=replacer, version=16.0.0], [id=reports,
version=0.31.0], [id=requester, version=7.5.0], [id=retest,
version=0.8.0], [id=retire, version=0.34.0], [id=reveal,
version=7.0.0], [id=scripts, version=45.2.0], [id=selenium,
version=15.22.0], [id=soap, version=22.0.0], [id=spider,
version=0.10.0], [id=spiderAjax, version=23.18.0], [id=tips,
version=12.0.0], [id=webdriverlinux, version=81.0.0],
[id=websocket, version=30.0.0], [id=zest, version=44.0.0]]
Operating System: Linux
Architecture: amd64
Java Version: Debian 21.0.2
System's Locale: en_US
Display Locale: en_GB
Format Locale: en_US
Default Charset: UTF-8
ZAP Home Directory: /home/username/.ZAP/
ZAP Installation Directory: /usr/share/zaproxy/./
Look and Feel: FlatLaf Light (com.formdev.flatlaf.FlatLightLaf)
Screenshots
No response
Errors from the zap.log file
No response
Additional context
No response
Would you like to help fix this issue?
The text was updated successfully, but these errors were encountered: