File tree Expand file tree Collapse file tree 4 files changed +17
-6
lines changed Expand file tree Collapse file tree 4 files changed +17
-6
lines changed Original file line number Diff line number Diff line change @@ -3,10 +3,13 @@ All notable changes to this GitHub action will be documented in this file.
33
44The format is based on [ Keep a Changelog] ( https://keepachangelog.com/en/1.0.0/ ) .
55
6- ## [ Unreleased ]
6+ ## [ 0.4.0 ] - 2022-05-23
77### Changed
88- Update dependencies.
99
10+ ### Fixed
11+ - Use default zap user rather than root to allow the Ajax Spider to run.
12+
1013## [ 0.3.0] - 2021-09-14
1114### Added
1215- An input (` allow_issue_writing ` ) to choose if a GitHub issue should be raised or not.
@@ -26,7 +29,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
2629
2730First release to Marketplace.
2831
29- [ Unreleased ] : https://github.com/zaproxy/action-full-scan/compare/v0.3.0...HEAD
32+ [ 0.4.0 ] : https://github.com/zaproxy/action-full-scan/compare/v0.3.0...v0.4.0
3033[ 0.3.0 ] : https://github.com/zaproxy/action-full-scan/compare/v0.2.0...v0.3.0
3134[ 0.2.0 ] : https://github.com/zaproxy/action-full-scan/compare/v0.1.0...v0.2.0
3235[ 0.1.0 ] : https://github.com/zaproxy/action-full-scan/compare/5842e3f84ec616724efb0230a6f6ab85146230c8...v0.1.0
Original file line number Diff line number Diff line change @@ -64,7 +64,7 @@ if it identifies any alerts. Set this option to `true` if you want to fail the s
6464```
6565steps:
6666 - name: ZAP Scan
67- uses: zaproxy/action-full-scan@v0.3 .0
67+ uses: zaproxy/action-full-scan@v0.4 .0
6868 with:
6969 target: 'https://www.zaproxy.org/'
7070```
8484 with:
8585 ref: master
8686 - name: ZAP Scan
87- uses: zaproxy/action-full-scan@v0.3 .0
87+ uses: zaproxy/action-full-scan@v0.4 .0
8888 with:
8989 token: ${{ secrets.GITHUB_TOKEN }}
9090 docker_name: 'owasp/zap2docker-stable'
Original file line number Diff line number Diff line change @@ -3858,8 +3858,12 @@ async function run() {
38583858 plugins = await common.helper.processLineByLine(`${workspace}/${rulesFileLocation}`);
38593859 }
38603860
3861+ // Create the files so we can change the perms and allow the docker non root user to update them
3862+ await exec.exec(`touch ${jsonReportName} ${mdReportName} ${htmlReportName}`);
3863+ await exec.exec(`chmod a+w ${jsonReportName} ${mdReportName} ${htmlReportName}`);
3864+
38613865 await exec.exec(`docker pull ${docker_name} -q`);
3862- let command = (`docker run --user root - v ${workspace}:/zap/wrk/:rw --network="host" ` +
3866+ let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" ` +
38633867 `-t ${docker_name} zap-full-scan.py -t ${target} -J ${jsonReportName} -w ${mdReportName} -r ${htmlReportName} ${cmdOptions}`);
38643868
38653869 if (plugins.length !== 0) {
Original file line number Diff line number Diff line change @@ -39,8 +39,12 @@ async function run() {
3939 plugins = await common . helper . processLineByLine ( `${ workspace } ${ rulesFileLocation } ) ;
4040 }
4141
42+ // Create the files so we can change the perms and allow the docker non root user to update them
43+ await exec . exec ( `touch ${ jsonReportName } ${ mdReportName } ${ htmlReportName } ) ;
44+ await exec . exec ( `chmod a+w ${ jsonReportName } ${ mdReportName } ${ htmlReportName } ) ;
45+
4246 await exec . exec ( `docker pull ${ docker_name } ) ;
43- let command = ( `docker run --user root - v ${ workspace } +
47+ let command = ( `docker run -v ${ workspace } +
4448 `-t ${ docker_name } ${ target } ${ jsonReportName } ${ mdReportName } ${ htmlReportName } ${ cmdOptions } ) ;
4549
4650 if ( plugins . length !== 0 ) {
You can’t perform that action at this time.
0 commit comments