Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission issue while Ajax scanning with root user #33

Closed
sshniro opened this issue May 22, 2020 · 2 comments · Fixed by #77
Closed

Permission issue while Ajax scanning with root user #33

sshniro opened this issue May 22, 2020 · 2 comments · Fixed by #77
Labels
bug Something isn't working
Milestone
0.5.0

Comments

@sshniro
Copy link
Member

sshniro commented May 22, 2020

image
@sshniro sshniro added the bug Something isn't working label May 22, 2020
@sshniro
Copy link
Member Author

sshniro commented Jun 4, 2020

Seems like this is a prominent problem. @thc202 @psiinon I think in order to fix this we need to create a dedicated docker for action scan and in that docker file we should not use ZAP user.

Because the reason for this problem is Github action cannot persist file if a docker uses any user other than root. So shall I create another docker file for action? wdyt

@thc202 thc202 mentioned this issue Apr 8, 2021
Closed
@isaru66 isaru66 mentioned this issue Nov 12, 2021
Closed
@thc202 thc202 mentioned this issue Dec 6, 2021
Closed
@psiinon
Copy link
Member

psiinon commented May 19, 2022

I've found a workaround which we use in the ZAP test scans.
We create the files we know are required using the root user and give write access to everyone, then we run ZAP using the zap user.
Example: https://github.com/zapbot/zap-mgmt-scripts/blob/master/.github/workflows/zap-vs-ssti.yml#L42-L46
I think this workaround will work here too...

@psiinon psiinon mentioned this issue May 20, 2022
Merged
@thc202 thc202 added this to the 0.5.0 milestone May 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Milestone
0.5.0
Development

Successfully merging a pull request may close this issue.

Use default user instead of root psiinon/action-baseline
3 participants
@psiinon @thc202 @sshniro