我有最新版本的Jenkins,我安装了最新版本2.10.0的OWASP Zap插件我在构建步骤中插入执行ZAP时出错。如果我在构建步骤中插入后点击保存,我会收到一个错误,在日志中我看到:
2021-04-04 14:06:09.460+0000 [id=15] WARNING o.e.j.s.h.ContextHandler$Context#log: Error while serving http://localhost:8080/job/zap-project/configSubmit
java.lang.NullPointerException
at org.jenkinsci.plugins.zap.ZAPBuilder.<init>(ZAPBuilder.java:94)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.kohsuke.stapler.RequestImpl.invokeConstructor(RequestImpl.java:530)
at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:794)
at org.kohsuke.stapler.RequestImpl.access$200(RequestImpl.java:84)
at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:679)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:479)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:475)
at hudson.model.Descriptor.newInstance(Descriptor.java:598)
Caused: java.lang.Error: Failed to instantiate class org.jenkinsci.plugins.zap.ZAPBuilder from {"zapHost":"localhost","zapPort":"8090","startZAPFirst":false,"jdk":"InheritFromJob","autoInstall":"true","toolUsed":"ZAP_2.10.0","zapHome":"ZAPROXY_HOME","timeout":"60","zapSettingsDir":"","autoLoadSession":"true","loadSession":"","sessionFilename":"","removeExternalSites":false,"internalSites":"","contextName":"","includedURL":"","excludedURL":"","alertFilters":"","authMode":false,"username":"","password":"[value redacted]","$redact":"password","loggedInIndicator":"","loggedOutIndicator":"","authMethod":"FORM_BASED","loginURL":"","usernameParameter":"","passwordParameter":"","extraPostData":"","authScript":"","scriptParameterName":"","scriptParameterValue":"","targetURL":"","spiderScanURL":false,"spiderScanRecurse":true,"spiderScanSubtreeOnly":false,"spiderScanMaxChildrenToCrawl":"0","ajaxSpiderURL":false,"ajaxSpiderInScopeOnly":false,"activeScanURL":false,"activeScanPolicy":"","activeScanRecurse":true,"generateReports":false,"deleteReports":false,"reportFilename":"JENKINS_ZAP_VULNERABILITY_REPORT","selectedReportMethod":"DEFAULT_REPORT","selectedReportFormats":[],"selectedExportFormats":[],"exportreportTitle":"","exportreportBy":"","exportreportFor":"","exportreportScanDate":"","exportreportReportDate":"","exportreportScanVersion":"","exportreportReportVersion":"","exportreportReportDescription":"","exportreportAlertHigh":true,"exportreportAlertMedium":true,"exportreportAlertLow":true,"exportreportAlertInformational":true,"exportreportCWEID":true,"exportreportWASCID":true,"exportreportDescription":true,"exportreportOtherInfo":true,"exportreportSolution":true,"exportreportReference":true,"exportreportRequestHeader":false,"exportreportResponseHeader":false,"exportreportRequestBody":false,"exportreportResponseBody":false,"jiraCreate":false,"jiraProjectKey":"","jiraAssignee":"","jiraAlertHigh":false,"jiraAlertMedium":false,"jiraAlertLow":false,"jiraFilterIssuesByResourceType":false,"stapler-class":"org.jenkinsci.plugins.zap.ZAPBuilder","$class":"org.jenkinsci.plugins.zap.ZAPBuilder"}
at hudson.model.Descriptor.newInstance(Descriptor.java:606)
at hudson.model.Descriptor.newInstancesFromHeteroList(Descriptor.java:1075)
at hudson.model.Descriptor.newInstancesFromHeteroList(Descriptor.java:1037)
at hudson.util.DescribableList.rebuildHetero(DescribableList.java:208)
at hudson.model.Project.submit(Project.java:230)
at hudson.model.Job.doConfigSubmit(Job.java:1335)
at hudson.model.AbstractProject.doConfigSubmit(AbstractProject.java:768)
at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
Caused: java.lang.reflect.InvocationTargetException
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:400)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
at org.kohsuke.stapler.SelectionInterceptedFunction$Adapter.invoke(SelectionInterceptedFunction.java:36)
at org.kohsuke.stapler.verb.HttpVerbInterceptor.invoke(HttpVerbInterceptor.java:48)
at org.kohsuke.stapler.SelectionInterceptedFunction.bindAndInvoke(SelectionInterceptedFunction.java:26)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:536)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:281)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:766)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:898)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:694)
at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:76)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:153)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:92)
at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:92)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:62)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:97)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:109)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:168)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:51)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:36)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:516)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:279)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:383)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:882)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1036)
at java.base/java.lang.Thread.run(Thread.java:834)
我该如何解决这个问题?提前感谢
这个问题与Jenkins的新版本有关。由于各种原因,我不能降级我的Jenkins,必须使用更新的版本。所以我下载了一个旧的詹金斯战争,并暂时启动了这个。我安装了官方的zap插件,在这里我可以毫无问题地保存构建步骤。我将这个作业配置文件config.xml复制回我的新jenkins作业,并从磁盘重新加载配置。执行得很好,但我仍然无法通过浏览器对新版本的Jenkins进行任何修改。任何需要的配置更改我都是通过直接编辑配置文件并从磁盘重新加载配置来完成的。
如果必须使用较新版本的Jenkins,可以将此配置放置在作业的config.xml文件中,并根据需要修改参数。
<builders>
<org.jenkinsci.plugins.zap.ZAPBuilder plugin="zap@1.1.0">
<startZAPFirst>false</startZAPFirst>
<zaproxy>
<startZAPFirst>false</startZAPFirst>
<zapHost>localhost</zapHost>
<zapPort>8081</zapPort>
<evaluatedZapPort>0</evaluatedZapPort>
<cmdLinesZAP/>
<jdk>InheritFromJob</jdk>
<toolUsed></toolUsed>
<zapHome>ZAPROXY_HOME</zapHome>
<timeout>60</timeout>
<autoInstall>false</autoInstall>
<zapSettingsDir>C:UsersadminOWASP ZAP</zapSettingsDir>
<autoLoadSession>false</autoLoadSession>
<loadSession></loadSession>
<sessionFilename>zap_test</sessionFilename>
<removeExternalSites>false</removeExternalSites>
<internalSites></internalSites>
<contextName>default</contextName>
<excludedURL></excludedURL>
<includedURL>http://localhost:8080</includedURL>
<alertFilters></alertFilters>
<authMode>false</authMode>
<username></username>
<password></password>
<loggedInIndicator></loggedInIndicator>
<loggedOutIndicator></loggedOutIndicator>
<authMethod>FORM_BASED</authMethod>
<loginURL></loginURL>
<usernameParameter></usernameParameter>
<passwordParameter></passwordParameter>
<extraPostData></extraPostData>
<authScript></authScript>
<authScriptParams/>
<targetURL>http://localhost:8080</targetURL>
<spiderScanURL>true</spiderScanURL>
<spiderScanRecurse>true</spiderScanRecurse>
<spiderScanSubtreeOnly>false</spiderScanSubtreeOnly>
<spiderScanMaxChildrenToCrawl>0</spiderScanMaxChildrenToCrawl>
<ajaxSpiderURL>true</ajaxSpiderURL>
<ajaxSpiderInScopeOnly>false</ajaxSpiderInScopeOnly>
<activeScanURL>true</activeScanURL>
<activeScanRecurse>true</activeScanRecurse>
<activeScanPolicy></activeScanPolicy>
<generateReports>true</generateReports>
<deleteReports>false</deleteReports>
<reportFilename>JENKINS_ZAP_VULNERABILITY_REPORT</reportFilename>
<selectedReportMethod>DEFAULT_REPORT</selectedReportMethod>
<selectedReportFormats>
<string>html</string>
</selectedReportFormats>
<selectedExportFormats/>
<exportreportTitle></exportreportTitle>
<exportreportBy></exportreportBy>
<exportreportFor></exportreportFor>
<exportreportScanDate></exportreportScanDate>
<exportreportReportDate></exportreportReportDate>
<exportreportScanVersion></exportreportScanVersion>
<exportreportReportVersion></exportreportReportVersion>
<exportreportReportDescription></exportreportReportDescription>
<exportreportAlertHigh>true</exportreportAlertHigh>
<exportreportAlertMedium>true</exportreportAlertMedium>
<exportreportAlertLow>true</exportreportAlertLow>
<exportreportAlertInformational>true</exportreportAlertInformational>
<exportreportCWEID>true</exportreportCWEID>
<exportreportWASCID>true</exportreportWASCID>
<exportreportDescription>true</exportreportDescription>
<exportreportOtherInfo>true</exportreportOtherInfo>
<exportreportSolution>true</exportreportSolution>
<exportreportReference>true</exportreportReference>
<exportreportRequestHeader>false</exportreportRequestHeader>
<exportreportResponseHeader>false</exportreportResponseHeader>
<exportreportRequestBody>false</exportreportRequestBody>
<exportreportResponseBody>false</exportreportResponseBody>
<jiraCreate>false</jiraCreate>
<jiraBaseURL></jiraBaseURL>
<jiraUsername></jiraUsername>
<jiraPassword></jiraPassword>
<jiraProjectKey></jiraProjectKey>
<jiraAssignee></jiraAssignee>
<jiraAlertHigh>false</jiraAlertHigh>
<jiraAlertMedium>false</jiraAlertMedium>
<jiraAlertLow>false</jiraAlertLow>
<jiraFilterIssuesByResourceType>false</jiraFilterIssuesByResourceType>
</zaproxy>
<zapHost>localhost</zapHost>
<zapPort>8081</zapPort>
</org.jenkinsci.plugins.zap.ZAPBuilder>
</builders>