Skip to content

Commit 243ad28

Browse files
authored
Merge pull request zaproxy#9347 from kingthorin/docker-scripts
docker: Fetch httpsender scripts from community-scripts
2 parents c11d163 + 30c7526 commit 243ad28

7 files changed

Lines changed: 31 additions & 220 deletions

File tree

docker/CHANGELOG.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
# Changelog
22
All notable changes to the docker containers will be documented in this file.
33

4+
### 2026-06-19
5+
- Fetch packaged scan HTTP Sender scripts from [community-scripts](https://github.com/zaproxy/community-scripts/tree/main/httpsender) instead of keeping local copies. NOTE: The names of the script files have changed.
6+
47
### 2026-05-08
58
- Fixed bug in baseline scan which could result in a python error when running the packaged scan without a mapped drive.
69

docker/Dockerfile-live

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,13 @@ RUN --mount=type=secret,id=webswing_url \
3434
# Remove Webswing bundled examples
3535
rm -Rf webswing/apps/
3636

37+
# Fetch packaged scan HttpSender scripts from community-scripts
38+
RUN mkdir -p /httpsender-scripts && \
39+
curl -fsSL "https://raw.githubusercontent.com/zaproxy/community-scripts/main/httpsender/AlertOnHttpResponseCodeErrors.js" \
40+
-o "/httpsender-scripts/AlertOnHttpResponseCodeErrors.js" && \
41+
curl -fsSL "https://raw.githubusercontent.com/zaproxy/community-scripts/main/httpsender/AlertOnUnexpectedContentTypes.js" \
42+
-o "/httpsender-scripts/AlertOnUnexpectedContentTypes.js"
43+
3744
FROM debian:trixie-slim AS final
3845
LABEL maintainer="psiinon@gmail.com"
3946

@@ -101,7 +108,7 @@ COPY --link --chown=1000:1000 webswing.config /zap/webswing/
101108
COPY --link --chown=1000:1000 webswing.properties /zap/webswing/
102109
COPY --link --chown=1000:1000 policies /home/zap/.ZAP_D/policies/
103110
COPY --link --chown=1000:1000 policies /root/.ZAP_D/policies/
104-
COPY --link --chown=1000:1000 scripts /home/zap/.ZAP_D/scripts/
111+
COPY --link --from=builder --chown=1000:1000 /httpsender-scripts/ /home/zap/.ZAP_D/scripts/scripts/httpsender/
105112
COPY --link --chown=1000:1000 .xinitrc /home/zap/
106113
COPY --link --chown=1000:1000 firefox /home/zap/.mozilla/firefox/
107114

docker/Dockerfile-stable

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,13 @@ RUN --mount=type=secret,id=webswing_url \
3434
# Remove Webswing bundled examples
3535
rm -Rf webswing/apps/
3636

37+
# Fetch packaged scan HttpSender scripts from community-scripts
38+
RUN mkdir -p /httpsender-scripts && \
39+
curl -fsSL "https://raw.githubusercontent.com/zaproxy/community-scripts/main/httpsender/AlertOnHttpResponseCodeErrors.js" \
40+
-o "/httpsender-scripts/AlertOnHttpResponseCodeErrors.js" && \
41+
curl -fsSL "https://raw.githubusercontent.com/zaproxy/community-scripts/main/httpsender/AlertOnUnexpectedContentTypes.js" \
42+
-o "/httpsender-scripts/AlertOnUnexpectedContentTypes.js"
43+
3744
FROM debian:bookworm-slim AS final
3845
LABEL maintainer="psiinon@gmail.com"
3946

@@ -105,7 +112,7 @@ COPY --link --chown=1000:1000 webswing.properties /zap/webswing/
105112
COPY --link --chown=1000:1000 policies /home/zap/.ZAP/policies/
106113
COPY --link --chown=1000:1000 policies /root/.ZAP/policies/
107114
# The scan script loads the scripts from dev home dir.
108-
COPY --link --chown=1000:1000 scripts /home/zap/.ZAP_D/scripts/
115+
COPY --link --from=builder --chown=1000:1000 /httpsender-scripts/ /home/zap/.ZAP_D/scripts/scripts/httpsender/
109116
COPY --link --chown=1000:1000 .xinitrc /home/zap/
110117
COPY --link --chown=1000:1000 firefox /home/zap/.mozilla/firefox/
111118

docker/Dockerfile-weekly

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,13 @@ RUN --mount=type=secret,id=webswing_url \
2121
# Remove Webswing bundled examples
2222
rm -Rf webswing/apps/
2323

24+
# Fetch packaged scan HttpSender scripts from community-scripts
25+
RUN mkdir -p /httpsender-scripts && \
26+
curl -fsSL "https://raw.githubusercontent.com/zaproxy/community-scripts/main/httpsender/AlertOnHttpResponseCodeErrors.js" \
27+
-o "/httpsender-scripts/AlertOnHttpResponseCodeErrors.js" && \
28+
curl -fsSL "https://raw.githubusercontent.com/zaproxy/community-scripts/main/httpsender/AlertOnUnexpectedContentTypes.js" \
29+
-o "/httpsender-scripts/AlertOnUnexpectedContentTypes.js"
30+
2431
FROM debian:trixie-slim AS final
2532
LABEL maintainer="psiinon@gmail.com"
2633

@@ -84,7 +91,7 @@ COPY --link --chown=1000:1000 webswing.config /zap/webswing/
8491
COPY --link --chown=1000:1000 webswing.properties /zap/webswing/
8592
COPY --link --chown=1000:1000 policies /home/zap/.ZAP_D/policies/
8693
COPY --link --chown=1000:1000 policies /root/.ZAP_D/policies/
87-
COPY --link --chown=1000:1000 scripts /home/zap/.ZAP_D/scripts/
94+
COPY --link --from=builder --chown=1000:1000 /httpsender-scripts/ /home/zap/.ZAP_D/scripts/scripts/httpsender/
8895
COPY --link --chown=1000:1000 .xinitrc /home/zap/
8996
COPY --link --chown=1000:1000 firefox /home/zap/.mozilla/firefox/
9097

docker/scripts/scripts/httpsender/Alert_on_HTTP_Response_Code_Errors.js

Lines changed: 0 additions & 104 deletions
This file was deleted.

docker/scripts/scripts/httpsender/Alert_on_Unexpected_Content_Types.js

Lines changed: 0 additions & 106 deletions
This file was deleted.

docker/zap-api-scan.py

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -385,9 +385,6 @@ def main(argv):
385385

386386
# Copy across the files that may not be in all of the docker images
387387
try:
388-
subprocess.check_output(['docker', 'exec', '-t', cid, 'mkdir', '-p', '/home/zap/.ZAP_D/scripts/scripts/httpsender/'])
389-
cp_to_docker(cid, 'scripts/scripts/httpsender/Alert_on_HTTP_Response_Code_Errors.js', '/home/zap/.ZAP_D/')
390-
cp_to_docker(cid, 'scripts/scripts/httpsender/Alert_on_Unexpected_Content_Types.js', '/home/zap/.ZAP_D/')
391388
cp_to_docker(cid, 'policies/API-Minimal.policy', '/home/zap/.ZAP_D/')
392389
if target_file:
393390
cp_to_docker(cid, target_file, '/zap/')
@@ -418,10 +415,10 @@ def main(argv):
418415

419416
# Enable scripts
420417
script_engine = get_script_engine(zap, ['Oracle Nashorn', 'Graal.js'])
421-
zap.script.load('Alert_on_HTTP_Response_Code_Errors.js', 'httpsender', script_engine, '/home/zap/.ZAP_D/scripts/scripts/httpsender/Alert_on_HTTP_Response_Code_Errors.js')
422-
zap.script.enable('Alert_on_HTTP_Response_Code_Errors.js')
423-
zap.script.load('Alert_on_Unexpected_Content_Types.js', 'httpsender', script_engine, '/home/zap/.ZAP_D/scripts/scripts/httpsender/Alert_on_Unexpected_Content_Types.js')
424-
zap.script.enable('Alert_on_Unexpected_Content_Types.js')
418+
zap.script.load('AlertOnHttpResponseCodeErrors.js', 'httpsender', script_engine, '/home/zap/.ZAP_D/scripts/scripts/httpsender/AlertOnHttpResponseCodeErrors.js')
419+
zap.script.enable('AlertOnHttpResponseCodeErrors.js')
420+
zap.script.load('AlertOnUnexpectedContentTypes.js', 'httpsender', script_engine, '/home/zap/.ZAP_D/scripts/scripts/httpsender/AlertOnUnexpectedContentTypes.js')
421+
zap.script.enable('AlertOnUnexpectedContentTypes.js')
425422

426423
# Import the API defn
427424
if format == 'openapi':

0 commit comments

Comments
 (0)