Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error when reading the rules file: /home/runner/work/<repo>/<repo>/owasp-zap-ignore.conf #125

Open
soderlind opened this issue Apr 24, 2024 · 3 comments

Comments

@soderlind
Copy link

Somehow the path has the repo twice, I believe because of actions/runner#2058

let workspace = process.env.GITHUB_WORKSPACE;

My action is:

name: OWASP Zap Daily Live Check

on:
  workflow_dispatch:

  schedule:
    # Run once daily, at 03:00.
    - cron: '3 0 * * *'

jobs:
  remote-test:
    runs-on: ubuntu-latest

    steps:
      - name: OWASP Zap Baseline Scan
        uses: zaproxy/[email protected]
        with:
          target: ${{ secrets.OWASP_CHECK_URL }}
          rules_file_name: 'owasp-zap-ignore.conf'

Error log:

Error when reading the rules file: /home/runner/work/<repo>/<repo>/owasp-zap-ignore.conf
/usr/bin/touch report_json.json report_md.md report_html.html
/usr/bin/chmod a+w report_json.json report_md.md report_html.html
/usr/bin/docker pull ghcr.io/zaproxy/zaproxy:stable -q
ghcr.io/zaproxy/zaproxy:stable
/usr/bin/docker run -v /home/runner/work/<repo>/<repo>:/zap/wrk/:rw --network=host -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py -t *** -J report_json.json -w report_md.md -r report_html.html

Set up job, (when running the action above) reports:

Current runner version: '2.315.0'
Operating System
  Ubuntu
  2.04.4
  LTS
Runner Image
  Image: ubuntu-22.04
  Version: 20240422.1.0
  Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240422.1/images/ubuntu/Ubuntu2204-Readme.md
  Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240422.1
Runner Image Provisioner
  2.0.
GITHUB_TOKEN Permissions
  Actions: write
  Attestations: write
  Checks: write
  Contents: write
  Deployments: write
  Discussions: write
  Issues: write
  Metadata: read
  Packages: write
  Pages: write
  PullRequests: write
  RepositoryProjects: write
  SecurityEvents: write
  Statuses: write
Secret source: Actions
Prepare workflow directory
Prepare all required actions
Getting action download info
Download action repository 'zaproxy/[email protected]'
Complete job name: remote-test
@monishbb
Copy link

I am facing the same issue, I have tried even changing the action file but still zap is not able to read the file

@kingthorin
Copy link
Member

You don't seem to have checked out your repo.

@monishbb
Copy link

I have checked out the repo @kingthorin and I have found the root case for this issue, this issue comes up in the way the action actually tries to parse your rules file.

The message will always be Error when reading the rules file since this is in the catch block of processLineByLine function.

The problem:
Your rules file has wrong type of spacing, you need to use only tabs not spaces between the columns since it splits it by \t and hence fails when you use spaces instead, so make sure in your rules file:

# MAKE SURE TO ONLY USE TAB SPACING BETWEEN EACH COLUMN OR THE ACTION FAILS TO READ THE RULES
10055	IGNORE	CSP

I was able to resolve my issue after fixing my spaces to tabs.

chad-butler-git added a commit to chad-butler-git/pygoat-github-actions that referenced this issue Nov 21, 2024
Changed spaces to tabs.

See: zaproxy/action-baseline#125
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants