The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

188597 (1) [Avatar] Offline
I am working through the book, and I have been stuck on section 3.1 for the last couple of days. I got the deployment pipeline working in chapter 2, but when I updated the circle.yml to run ZAP, it isn't giving me the output I am expecting. The book shows a summary of vulnerabilities, but I don't see that at all. It looks to me like the docker container that is hosting the app is not running properly - kind of like it isn't listening on port 8080. When I look through the ZAP output (which there is a LOT - mostly things like "org.parosproxy.paros.extension.ExtensionLoader - Initializing <something>"), I do see this: "ERROR Failed to connect

2017-02-14 04:06:15,151 I/O error(5): Failed to connect".

I have tried forking the chapter 3 code, and I get the same result.
I have also tried running the build with ssh turned on and tried connecting to, and it won't let me in.

Do you have any thoughts or suggestions? For now, I am going to skip the ZAP testing and move along in the book.
Julien Vehent (14) [Avatar] Offline
Sorry for the late reply. Did you ever find the solution to this issue? It is running fine in the main CircleCI integration of the invoicer, as you can see here:
mdeinum (20) [Avatar] Offline
I actually have the same problem.

Comparing the code from the book

docker pull owasp/zap2docker-weekly

docker run -t owasp/zap2docker-weekly                        

And looking at the build you pointed to

docker pull owasp/zap2docker-weekly

ip="$(docker inspect $(docker ps | tail -1 | awk '{print $1}') | jq -r '.[0].NetworkSettings.IPAddress')"

timeout 300 docker run -t owasp/zap2docker-weekly \
    -u \
    -t http://${ip}:8080/ \
    -m 3 -i

if [ $code -ne 0 ]; then
    cat ~/.ZAP_D/zap.log
    exit $code

You seem to be running quite a different command. The one,currently, in the book has a hardcoded IP address whereas yours retrieves it from the docker configuration.
Julien Vehent (14) [Avatar] Offline
This is a good point. I'll make sure to update the code snippet in the book. Thanks!