Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OWASP ZAP 自動化手順の README 追加 #5183

Merged
merged 1 commit into from
Nov 17, 2021
Merged

OWASP ZAP 自動化手順の README 追加 #5183

merged 1 commit into from
Nov 17, 2021

Conversation

nanasess
Copy link
Contributor

@nanasess nanasess commented Sep 29, 2021
edited by carkn
Loading

概要(Overview・Refs Issue)

相談(Discussion)

doc4.ec-cube.net に記述した方が良い?

マイナーバージョン互換性保持のための制限事項チェックリスト

  • 既存機能の仕様変更
  • フックポイントの呼び出しタイミングの変更
  • フックポイントのパラメータの削除・データ型の変更
  • twigファイルに渡しているパラメータの削除・データ型の変更
  • Serviceクラスの公開関数の、引数の削除・データ型の変更
  • 入出力ファイル(CSVなど)のフォーマット変更

レビュワー確認項目

  • 動作確認
  • コードレビュー
  • E2E/Unit テスト確認(テストの追加・変更が必要かどうか)
  • 互換性が保持されているか
  • セキュリティ上の問題がないか

@codecov-commenter
Copy link

Codecov Report

Merging #5183 (b24f05c) into 4.1 (eed7e0a) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##              4.1    #5183   +/-   ##
=======================================
  Coverage   68.35%   68.35%           
=======================================
  Files         456      456           
  Lines       24945    24945           
=======================================
  Hits        17050    17050           
  Misses       7895     7895
Flag Coverage Δ
tests 68.35% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
src/Eccube/Form/Type/Shopping/ShippingType.php 84.96% <0.00%> (-1.51%) ⬇️
...be/Service/PurchaseFlow/Processor/TaxProcessor.php 73.77% <0.00%> (+3.27%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update eed7e0a...b24f05c. Read the comment docs.

@chihiro-adachi chihiro-adachi added this to the 4.1.1 milestone Oct 13, 2021
@chihiro-adachi chihiro-adachi added the document Improvements or additions to documentation label Oct 13, 2021
@carkn
Copy link
Contributor

carkn commented Nov 17, 2021

問題はありませんでした。
Mergeします。

@carkn carkn merged commit 2406d1e into EC-CUBE:4.1 Nov 17, 2021
@chihiro-adachi
Copy link
Contributor

@nanasess

doc4.ec-cube.net に記述した方が良い?

まずはこちらにドキュメントがあればよいかと思いました。
もしお手間でなければ、doc4からリンクする等しておいてもらえるとありがたいかなと思います。

nanasess added a commit to nanasess/doc4.ec-cube.net that referenced this pull request Nov 22, 2021
@nanasess
テスト自動化へのリンク追加
006f98a 
see EC-CUBE/ec-cube#5183 (comment)
@nanasess nanasess mentioned this pull request Nov 22, 2021
Merged
@nanasess
Copy link
Contributor Author

@chihiro-adachi
doc4.ec-cube.net へのリンク追加 PR しておきました
EC-CUBE/doc4.ec-cube.net#226

@chihiro-adachi
Copy link
Contributor

@nanasess
こちらの手順を試してみたんですが少しはまってます。
何かわかることありますでしょうか?

playwrightの実行時にエラー(page.goto: net::ERR_NAME_NOT_RESOLVED at https://ec-cube/contact)

% HTTP_PROXY=127.0.0.1:8090 HTTPS_PROXY=127.0.0.1:8090 yarn playwright test
yarn run v1.22.17
$ /Users/chihiro_adachi/repos/eccube41/zap/selenium/ci/TypeScript/node_modules/.bin/playwright test
Using config at /Users/chihiro_adachi/repos/eccube41/zap/selenium/ci/TypeScript/playwright.config.ts

Running 35 tests using 2 workers
  1) [chromium] › front_guest/contact.test.ts:20:3 › お問い合わせフォームのテストをします › お問い合わせページを表示します ==========

    page.goto: net::ERR_NAME_NOT_RESOLVED at https://ec-cube/contact
    =========================== logs ===========================
    navigating to "https://ec-cube/contact", waiting until "load"
    ============================================================

      15 |     const browser = await chromium.launch();
      16 |     page = await browser.newPage();
    > 17 |     await page.goto(url);
         |                ^
      18 |   });
      19 |
      20 |   test('お問い合わせページを表示します', async () => {

        at /Users/chihiro_adachi/repos/eccube41/zap/selenium/ci/TypeScript/test/front_guest/contact.test.ts:17:16

dockerはunhealthyでてる

% docker ps
CONTAINER ID   IMAGE                    COMMAND                  CREATED         STATUS                     PORTS                                            NAMES
b2b7186303bf   eccube41_zap             "bash -c 'zap.sh -da…"   7 minutes ago   Up 7 minutes (unhealthy)   0.0.0.0:8090->8090/tcp, 0.0.0.0:8081->8080/tcp   eccube41_zap_1
37720d46e1b1   eccube41_ec-cube         "docker-php-entrypoi…"   7 minutes ago   Up 7 minutes               0.0.0.0:8080->80/tcp, 0.0.0.0:4430->443/tcp      eccube41_ec-cube_1
34d9b784c2bb   postgres:14              "docker-entrypoint.s…"   7 minutes ago   Up 7 minutes               0.0.0.0:15432->5432/tcp                          eccube41_postgres_1
847252b2cc47   schickling/mailcatcher   "mailcatcher --no-qu…"   7 minutes ago   Up 7 minutes               0.0.0.0:1025->1025/tcp, 0.0.0.0:1080->1080/tcp   eccube41_mailcatcher_1

docker log

コンテナの起動時に以下
13980 [ZAP-telemetry-stats] ERROR org.zaproxy.zap.ZAP.UncaughtExceptionLogger - Exception in thread "ZAP-telemetry-stats"
java.lang.NoClassDefFoundError: org/zaproxy/addon/callhome/ExtensionCallHome$StatsPredicate
	at org.zaproxy.addon.callhome.ExtensionCallHome.addStatistics(ExtensionCallHome.java:273) ~[?:?]
	at org.zaproxy.addon.callhome.ExtensionCallHome.lambda$uploadTelemetrySessionData$6(ExtensionCallHome.java:345) ~[?:?]
	at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: java.lang.ClassNotFoundException
	at org.zaproxy.zap.control.AddOnClassLoader.findClass(AddOnClassLoader.java:330) ~[zap-2.11.1.jar:2.11.1]
	at java.lang.ClassLoader.loadClass(ClassLoader.java:589) ~[?:?]
	at java.lang.ClassLoader.loadClass(ClassLoader.java:522) ~[?:?]
	... 3 more


playwright実行時に以下
99406 [ZAP-ProxyThread-3] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit start
99408 [ZAP-ProxyThread-3] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache commit end
99413 [ZAP-ProxyThread-3] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - Database closed
99520 [ZAP-ProxyThread-4] ERROR org.parosproxy.paros.db.paros.ParosDatabase - connection exception: closed
java.sql.SQLNonTransientConnectionException: connection exception: closed
	at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source) ~[hsqldb-2.5.2.jar:2.5.2]
	at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source) ~[hsqldb-2.5.2.jar:2.5.2]
	at org.hsqldb.jdbc.JDBCPreparedStatement.<init>(Unknown Source) ~[hsqldb-2.5.2.jar:2.5.2]
	at org.hsqldb.jdbc.JDBCCallableStatement.<init>(Unknown Source) ~[hsqldb-2.5.2.jar:2.5.2]
	at org.hsqldb.jdbc.JDBCConnection.prepareCall(Unknown Source) ~[hsqldb-2.5.2.jar:2.5.2]
	at org.parosproxy.paros.db.paros.ParosDatabaseServer.shutdown(ParosDatabaseServer.java:139) ~[zap-2.11.1.jar:2.11.1]
	at org.parosproxy.paros.db.paros.ParosDatabase.close(ParosDatabase.java:204) [zap-2.11.1.jar:2.11.1]
	at org.parosproxy.paros.model.Model.createAndOpenUntitledDb(Model.java:380) [zap-2.11.1.jar:2.11.1]
	at org.parosproxy.paros.control.Control.runCommandLineNewSession(Control.java:432) [zap-2.11.1.jar:2.11.1]
	at org.zaproxy.zap.extension.api.CoreAPI.handleApiAction(CoreAPI.java:623) [zap-2.11.1.jar:2.11.1]
	at org.zaproxy.zap.extension.api.API.handleApiRequest(API.java:513) [zap-2.11.1.jar:2.11.1]
	at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:497) [zap-2.11.1.jar:2.11.1]
	at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:333) [zap-2.11.1.jar:2.11.1]
	at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: org.hsqldb.HsqlException: connection exception: closed
	at org.hsqldb.error.Error.error(Unknown Source) ~[hsqldb-2.5.2.jar:2.5.2]
	at org.hsqldb.error.Error.error(Unknown Source) ~[hsqldb-2.5.2.jar:2.5.2]
	at org.hsqldb.Session.execute(Unknown Source) ~[hsqldb-2.5.2.jar:2.5.2]
	... 12 more
99670 [ZAP-ProxyThread-4] INFO  hsqldb.db.HSQLDB379AF3DEBD.ENGINE - dataFileCache open start

This was referenced Jan 27, 2022
Merged
Merged
@nanasess
Copy link
Contributor Author

@chihiro-adachi macOS では環境変数から proxy の情報を渡せないようです。 #5282 で対応してみました

@chihiro-adachi
Copy link
Contributor

@nanasess
ありがとうございます、動作するようになりました!
#5282 マージさせていただきました。

@nanasess nanasess deleted the add-readme-owaspzap-ci branch October 3, 2022 07:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
document Improvements or additions to documentation
Projects
None yet
Milestone
4.1.1
Development

Successfully merging this pull request may close these issues.
4 participants
@nanasess @codecov-commenter @carkn @chihiro-adachi