zaproxy - API scan - missing c in config

Question

I run the following command: docker run -v /etc/hosts:/etc/hosts -v $(pwd):/zap/wrk:rw -t owasp/zap2docker-weekly zap-api-scan.py -t api.yaml -f openapi -r zap_report.html -config replacer.full_list$0$.description=auth1 -config replacer.full_list$0$.enabled=true -config replacer.full_list$0$.matchtype=REQ_HEADER -config replacer.full_list$0$.matchstr=X-XXXXX-APIkey -config replacer.full_list$0$.regex=false -config replacer.full_list$0$.replacement=123456789

But got the error:

Traceback (most recent call last): File "/zap/zap-api-scan.py", line 539, in

File "/zap/zap-api-scan.py", line 246, in main with open(base_dir + config_file) as f: IOError: [Errno 2] No such file or directory: '/zap/wrk/onfig'

How is it possible?

Omer Levi Hevroni Omer Levi Hevroni · Accepted Answer · 2018-03-28T13:56:28

The problem is in how you pass parameters to the python script. The python script parse the -config as -c onfig, and trying to read configuration from the file onfig. You should pass zap params using the following format: -z "-config aaa=bbb -config ccc=ddd"'

zaproxy - API scan - missing c in config

1 Answers