I’m using a shell script to install & run ZAP on an Ubuntu image.
sudo apt update
sudo apt install default-jre -y
sudo apt install snapd -y
sudo snap install zaproxy --classic
cd /snap/zaproxy/current
java -jar ./zap-2.11.1.jar -cmd -quickurl https://www.website.com/ -quickprogress -quickout ~/report.xml
The Spider works fine, but a little while after the Active Scan starts, it throws the following error:
java.io.EOFException
at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2353)
at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2822)
at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:804)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:301)
at hudson.remoting.ObjectInputStreamEx.<init>(ObjectInputStreamEx.java:49)
at hudson.remoting.Command.readFrom(Command.java:142)
at hudson.remoting.Command.readFrom(Command.java:128)
at hudson.remoting.AbstractSynchronousByteArrayCommandTransport.read(AbstractSynchronousByteArrayCommandTransport.java:35)
at hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:61)
Caused: java.io.IOException: Unexpected termination of the channel
at hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:75)
Caused: java.io.IOException: Backing channel 'jenkins-zap-t6s4nu' is disconnected.
I saw in another question that java.io.EOFException
happens when you try to read an empty file. The shell script works fine when it’s running on a PC or VM, so I’m thinking maybe there’s a hidden dependency that isn’t installed by default on the barebones Ubuntu image.
Is there a portion of this shell script that’s missing or incorrect?
3
Answers
It turns out that the problem was with our server, not with ZAP! We had a rogue Jenkins controller that believed it needed to kill all agents it had not started.
If someone else runs into this problem in the future, definitely try running server diagnostics.
Instead of manually launching the jar try using
zap.sh
Run the below commands to install owasp zap