From fe10b65e4b44c4699f0fc294866e5d90e90982ea Mon Sep 17 00:00:00 2001
From: Simon Bennetts <psiinon@gmail.com>
Date: Fri, 20 May 2022 12:49:38 +0100
Subject: [PATCH] Use default user instead of root

Signed-off-by: Simon Bennetts <psiinon@gmail.com>
---
 CHANGELOG.md  | 3 +++
 dist/index.js | 6 +++++-
 index.js      | 6 +++++-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1bc6e5b..2a8f08b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 - Update dependencies.
 
+### Fixed
+- Use default zap user rather than root to allow the Ajax Spider to run.
+
 ## [0.3.0] - 2021-09-14
 ### Added
 - An input (`allow_issue_writing`) to choose if a GitHub issue should be raised or not.
diff --git a/dist/index.js b/dist/index.js
index 9f6aae6..15ecd8a 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -3858,8 +3858,12 @@ async function run() {
             plugins = await common.helper.processLineByLine(`${workspace}/${rulesFileLocation}`);
         }
 
+        // Create the files so we can change the perms and allow the docker non root user to update them
+        await exec.exec(`touch ${jsonReportName} ${mdReportName} ${htmlReportName}`);
+        await exec.exec(`chmod a+w ${jsonReportName} ${mdReportName} ${htmlReportName}`);
+
         await exec.exec(`docker pull ${docker_name} -q`);
-        let command = (`docker run --user root -v ${workspace}:/zap/wrk/:rw --network="host" ` +
+        let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" ` +
             `-t ${docker_name} zap-full-scan.py -t ${target} -J ${jsonReportName} -w ${mdReportName}  -r ${htmlReportName} ${cmdOptions}`);
 
         if (plugins.length !== 0) {
diff --git a/index.js b/index.js
index a733f47..fe7e2c3 100644
--- a/index.js
+++ b/index.js
@@ -39,8 +39,12 @@ async function run() {
             plugins = await common.helper.processLineByLine(`${workspace}/${rulesFileLocation}`);
         }
 
+        // Create the files so we can change the perms and allow the docker non root user to update them
+        await exec.exec(`touch ${jsonReportName} ${mdReportName} ${htmlReportName}`);
+        await exec.exec(`chmod a+w ${jsonReportName} ${mdReportName} ${htmlReportName}`);
+
         await exec.exec(`docker pull ${docker_name} -q`);
-        let command = (`docker run --user root -v ${workspace}:/zap/wrk/:rw --network="host" ` +
+        let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" ` +
             `-t ${docker_name} zap-full-scan.py -t ${target} -J ${jsonReportName} -w ${mdReportName}  -r ${htmlReportName} ${cmdOptions}`);
 
         if (plugins.length !== 0) {