René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Authenticated advanced ZAP scan fails in the Juice Shop demo","articleBody":"## 🐞 Bug report\r\n\r\n### Describe the bug\r\n\u003c!-- A clear and concise description of what the bug is. --\u003e\r\n\r\n### Steps To Reproduce\r\n\r\n1. Create a separate namespace: ```kubectl create namespace juiceshop```\r\n2. Install OWASP juice-shop: ```helm upgrade --install juice-shop secureCodeBox/juice-shop -n juiceshop```\r\n3. Install zap-advanced: ```helm upgrade --install zap-advanced secureCodeBox/zap-advanced -n juiceshop```\r\n4. Apply the **[demo-juiceshop-scan-authenticated](https://docs.securecodebox.io/docs/scanners/zap-advanced#demo-juiceshop-scan-authenticated)** scan and update the service name and namespace beforehand\r\n\r\n```\r\napiVersion: v1\r\nkind: ConfigMap\r\nmetadata:\r\n  name: zap-advanced-scan-config\r\n  namespace: juiceshop\r\ndata:\r\n  2-zap-advanced-scan.yaml: |-\r\n\r\n    contexts:\r\n      - name: scb-juiceshop-context\r\n        url: http://juice-shop.juiceshop.svc:3000/\r\n        ...\r\n```\r\n5. Inspect the logs of the scanner container\r\n\r\n### Expected behavior\r\nThe scanner should not fail and generate the findings. \r\n\r\n### System\r\n\r\n- secureCodeBox: 3.0.1\r\n- OS: macOS\r\n- Kubernetes Version: v1.22.0 (client), v1.21.2 (server)\r\n- Docker Version: 20.10.8\r\n\r\n### Screenshots / Logs\r\n\r\n\u003cdetails\u003e\r\n\r\n\u003csummary\u003eZAP logs\u003c/summary\u003e\r\n\r\n```\r\n2021-08-27 09:37 zapclient    INFO    : :: Configuring ZAP Instance with {'http': 'http://localhost:8080', 'https': 'http://localhost:8080'}\r\n2021-08-27 09:37 zapclient    INFO    : :: Starting SCB ZAP Automation Framework with config /home/securecodebox/configs/\r\n2021-08-27 09:37 ZapClient    INFO    : Importing YAML files for ZAP configuration at dir: '['/home/securecodebox/configs/1-zap-advanced-scantype.yaml', '/home/securecodebox/configs/2-zap-advanced-scan.yaml']'\r\n2021-08-27 09:37 zapclient    INFO    : :: Starting SCB ZAP Scan with target http://juice-shop.juiceshop.svc:3000/\r\n2021-08-27 09:37 ZapClient    INFO    : Configuring ZAP Global\r\n2021-08-27 09:37 ZapConfigureSettings INFO    : Creating a new ZAP session with the name: secureCodeBox\r\n2021-08-27 09:37 ZapClient    INFO    : Configuring ZAP Context\r\n2021-08-27 09:37 ZapConfigureContext INFO    : Existing Contexts will be removed: ['Default Context']\r\n2021-08-27 09:37 ZapConfigureContext INFO    : Configuring a new ZAP Context with name: scb-juiceshop-context\r\n2021-08-27 09:37 ZapConfigureContextAuthentication INFO    : HTTP ZAP HTTP JSON Params: 'loginUrl=http://juice-shop.juiceshop.svc:3000/rest/user/login\u0026loginRequestData={\"email\":\"admin@juice-sh.op\",\"password\":\"admin123\"}'\r\n2021-08-27 09:37 ZapConfigureContext INFO    : Existing Users will be removed before adding new ones.\r\n2021-08-27 09:37 ZapConfigureContext INFO    : Configuring the ZAP session management (type=scriptBasedSessionManagement)\r\n2021-08-27 09:37 ZapClient    INFO    : Loading new Script 'juiceshop-session-management.js' at '/home/zap/.ZAP_D/scripts/scripts/session/juiceshop-session-management.js' with type: 'session' and engine 'Oracle Nashorn'\r\n2021-08-27 09:37 ZapClient    ERROR   : The script couldn't be loaded due to errors!\r\n2021-08-27 09:37 zapclient    ERROR   : Unexpected error: The script couldn't be loaded due to errors!\r\nTraceback (most recent call last):\r\n  File \"/zap-client/zapclient/__main__.py\", line 64, in process\r\n    zap_automation.scan_target(target=args.target)\r\n  File \"/zap-client/zapclient/zap_automation.py\", line 84, in scan_target\r\n    zap_context.configure_contexts()\r\n  File \"/zap-client/zapclient/context/zap_context.py\", line 64, in configure_contexts\r\n    self._configure_context(context)\r\n  File \"/zap-client/zapclient/context/zap_context.py\", line 97, in _configure_context\r\n    self._configure_context_session_management(sessions_config=context[\"session\"], context_id=context_id)\r\n  File \"/zap-client/zapclient/context/zap_context.py\", line 229, in _configure_context_session_management\r\n    self._configure_context_session_management_scriptbased(script_config=script_config, context_id=context_id)\r\n  File \"/zap-client/zapclient/context/zap_context.py\", line 245, in _configure_context_session_management_scriptbased\r\n    self._configure_load_script(script_config=script_config, script_type=\"session\")\r\n  File \"/zap-client/zapclient/zap_abstract_client.py\", line 115, in _configure_load_script\r\n    self.check_zap_result(\r\n  File \"/zap-client/zapclient/zap_abstract_client.py\", line 71, in check_zap_result\r\n    raise Exception(exception_message)\r\nException: The script couldn't be loaded due to errors!\r\n2021-08-27 09:37 ZapClient    INFO    : :: Show all Statistics\r\n2021-08-27 09:37 ZapClient    INFO    : []\r\n2021-08-27 09:37 ZapClient    INFO    : :: Shutting down the running ZAP Instance.\r\n```\r\n\u003c/details\u003e\r\n","author":{"url":"https://github.com/ammerzon","@type":"Person","name":"ammerzon"},"datePublished":"2021-08-30T08:58:08.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":6},"url":"https://github.com/615/secureCodeBox/issues/615"}