Azure Pipeline与OWASP ZAP和Handlebars不生成报告。

huangapple
go评论48阅读模式
英文:

Azure pipline with OWASP ZAP and Handlebars not producing report

问题

以下是你提供的 Azure 发布管道的代码部分的翻译:

- task: DockerInstaller@0
  displayName: 'Install Docker'

- task: CSE-DevOps.zap-scanner.custom-build-release-task.owaspzap@1
  displayName: 'Run ZAP Scan'
  inputs:
    scantype: targetedScan
    url: '$(targetUrl)'
    port: 443
  continueOnError: true

- bash: |
   npm install -g handlebars-cmd
   cat <<EOF > owaspzap/nunit-template.hbs
   <test-run id="2" name="Owasp test" start-time="{{@generated}}"  >
   	<test-suite id="{{@index}}" type="Assembly" name="{{[@name]}}" result="Failed" failed="{{alerts.length}}">
   		<attachments>
   			<attachment>
   				<filePath>owaspzap/report.html</filePath>
   			</attachment>
   		</attachments>
   		<test-case id="{{@index}}" name="{{alert}}" result="Failed" fullname="{{alert}}" time="1">
   			<failure>
   				<message>
   					<![CDATA[{{{desc}}}]>
   				</message>
   				<stack-trace>
   					<![CDATA[Solution:{{{solution}}} Reference: {{{reference}}}
   					instances:{{#each instances}}
   						* {{uri}}
   						- {{method}}
   						{{#if evidence}}- {{{evidence}}}{{/if}}
   					{{/each}}]]>
   				</stack-trace>
   			</failure>
   		</test-case>
   	</test-suite>
   </test-run>
   EOF   

- bash: 'handlebars owaspzap/report.json < owaspzap/nunit-template.hbs > owaspzap/test-results.xml'

- task: PublishTestResults@2
  displayName: 'Publish Test Results'
  inputs:
    testResultsFormat: NUnit
    testResultsFiles: 'owaspzap/test-results.xml'
    publishRunAttachments: false
  condition: succeededOrFailed()

请注意,这些脚本主要用于 Azure 发布管道,其中包括安装 Docker、运行 ZAP 扫描、生成测试结果以及发布测试结果。如果你需要进一步的帮助或有其他问题,请随时提出。

英文:

So I have this Azure release pipeline as follows

- task: DockerInstaller@0
  displayName: &#39;Install Docker&#39;

- task: CSE-DevOps.zap-scanner.custom-build-release-task.owaspzap@1
  displayName: &#39;Run ZAP Scan&#39;
  inputs:
    scantype: targetedScan
    url: &#39;$(targetUrl)&#39;
    port: 443
  continueOnError: true

- bash: |
   npm install -g handlebars-cmd
   cat &lt;&lt;EOF &gt; owaspzap/nunit-template.hbs
   &lt;test-run id=&quot;2&quot; name=&quot;Owasp test&quot; start-time=&quot;{{@generated}}&quot;  &gt;
   	&lt;test-suite id=&quot;{{@index}}&quot; type=&quot;Assembly&quot; name=&quot;{{[@name]}}&quot; result=&quot;Failed&quot; failed=&quot;{{alerts.length}}&quot;&gt;
   		&lt;attachments&gt;
   			&lt;attachment&gt;
   				&lt;filePath&gt;owaspzap/report.html&lt;/filePath&gt;
   			&lt;/attachment&gt;
   		&lt;/attachments&gt;
   		&lt;test-case id=&quot;{{@index}}&quot; name=&quot;{{alert}}&quot; result=&quot;Failed&quot; fullname=&quot;{{alert}}&quot; time=&quot;1&quot;&gt;
   			&lt;failure&gt;
   				&lt;message&gt;
   					&lt;![CDATA[{{{desc}}}]]&gt;
   				&lt;/message&gt;
   				&lt;stack-trace&gt;
   					&lt;![CDATA[Solution:{{{solution}}} Reference: {{{reference}}}
   					instances:{{#each instances}}
   						* {{uri}}
   						- {{method}}
   						{{#if evidence}}- {{{evidence}}}{{/if}}
   					{{/each}}]]&gt;
   				&lt;/stack-trace&gt;
   			&lt;/failure&gt;
   		&lt;/test-case&gt;
   	&lt;/test-suite&gt;
   &lt;/test-run&gt;
   EOF

- bash: &#39;handlebars owaspzap/report.json &lt; owaspzap/nunit-template.hbs &gt; owaspzap/test-results.xml&#39;
  
- task: PublishTestResults@2
  displayName: &#39;Publish Test Results&#39;
  inputs:
    testResultsFormat: NUnit
    testResultsFiles: &#39;owaspzap/test-results.xml&#39;
    publishRunAttachments: false
  condition: succeededOrFailed()

So when I run this pipeline it all seems to pass but when I look at the output for the PublishTestResults task I see this

Azure Pipeline与OWASP ZAP和Handlebars不生成报告。

2023-02-09T22:22:39.8408385Z Publishing test results to test run &#39;1003246&#39;.
2023-02-09T22:22:39.8436588Z TestResults To Publish 1, Test run id:1003246
2023-02-09T22:22:39.8473673Z Test results publishing 1, remaining: 0. Test run id: 1003246
2023-02-09T22:22:39.9290477Z ##[warning]Failed to publish test results: AutomatedTestName must be specified for automated test runs when neither TestPointId nor TestCaseId has been specified..
2023-02-09T22:22:40.0280319Z No test runs are present

I also tried a different handlebars step as below

- bash: |
   sudo npm install -g handlebars-cmd
   cat &lt;&lt;EOF &gt; owaspzap/nunit-template.hbs
   {{#each site}}
   &lt;test-run id=&quot;2&quot; name=&quot;Owasp test&quot; start-time=&quot;{{../[@generated]}}&quot;  &gt;
   	&lt;test-suite id=&quot;{{@index}}&quot; type=&quot;Assembly&quot; name=&quot;{{[@name]}}&quot; result=&quot;Failed&quot; failed=&quot;{{alerts.length}}&quot;&gt;
   		&lt;attachments&gt;
   			&lt;attachment&gt;
   				&lt;filePath&gt;owaspzap/report.html&lt;/filePath&gt;
   			&lt;/attachment&gt;
   		&lt;/attachments&gt;
   		{{#each alerts}}
   		&lt;test-case id=&quot;{{@index}}&quot; name=&quot;{{alert}}&quot; result=&quot;Failed&quot; fullname=&quot;{{alert}}&quot; time=&quot;1&quot;&gt;
   			&lt;failure&gt;
   				&lt;message&gt;
   					&lt;![CDATA[{{{desc}}}]]&gt;
   				&lt;/message&gt;
   				&lt;stack-trace&gt;
   					&lt;![CDATA[Solution: {{{solution}}} Reference: {{{reference}}}
   					instances:{{#each instances}}
   						* {{uri}}
   						- {{method}}
   						{{#if evidence}}- {{{evidence}}}{{/if}}
   					{{/each}}]]&gt;
   				&lt;/stack-trace&gt;
   			&lt;/failure&gt;
   		&lt;/test-case&gt;
   		{{/each}}
   	&lt;/test-suite&gt;
   &lt;/test-run&gt;
   {{/each}}
   EOF

This also appears to complete but in the output I see this

2023-02-10T08:36:04.1124393Z Result Attachments will be stored in LogStore
2023-02-10T08:36:04.1540352Z Run Attachments will be stored in LogStore
2023-02-10T08:36:04.2252107Z No Result Found to Publish &#39;/home/vsts/work/r1/a/owaspzap/test-results.xml&#39;

Can anyone advise what is wrong with these scripts please

Thanks in advance

答案1

得分: 1

这段代码解决了这个问题,但引发了一个新的问题,需要创建一个新的工单。

<test-run id="1" name="TestReport" fullname="TestReport" testcasecount="" result="Passed" total="{$NumberOfItems}" passed="{$NumberOfItems}" failed="{$NumberOfItems}" inconclusive="0" skipped="0" asserts="{$NumberOfItems}" start-time="{$generatedDateTime}" end-time="{$generatedDateTime}" duration="0">
  <command-line>a</command-line>
  <test-suite type="Assembly" id="0-1005" name="TestReport" fullname="TestReport" runstate="Runnable" testcasecount="{$NumberOfItems}" result="Passed" site="Child" start-time="{$generatedDateTime}" end-time="{$generatedDateTime}" duration="0.352610" total="{$NumberOfItems}" passed="0" failed="{$NumberOfItems}" warnings="0" inconclusive="0" skipped="0" asserts="{$NumberOfItems}">
    <attachments>
      <attachment>
        <filePath>
          xml_report.xml
        </filePath>
      </attachment>
    </attachments>
    <for-each select="OWASPZAPReport/site/alerts/alertitem">
    <test-case id="0-1001" name="{name}" fullname="{name}" methodname="Stub" runstate="NotRunnable" seed="400881240" result="Passed" label="Invalid" start-time="{$generatedDateTime}" end-time="{$generatedDateTime}" duration="0" asserts="0">
      <failure>
        <message>
          <value-of select="desc"/>. 
          <value-of select="solution"/>
        </message>
        <stack-trace>
          <for-each select="instances/instance">
            <value-of select="uri"/>, <value-of select="method"/>, <value-of select="param"/>,
          </for-each>
        </stack-trace>
      </failure>
    </test-case>
    </for-each>
  </test-suite>
</test-run>
英文:

This code solved this question but raises another which will be a new ticket

&lt;test-run id=&quot;1&quot; name=&quot;TestReport&quot; fullname=&quot;TestReport&quot; testcasecount=&quot;&quot; result=&quot;Passed&quot; total=&quot;{$NumberOfItems}&quot; passed=&quot;{$NumberOfItems}&quot; failed=&quot;{$NumberOfItems}&quot; inconclusive=&quot;0&quot; skipped=&quot;0&quot; asserts=&quot;{$NumberOfItems}&quot; start-time=&quot;{$generatedDateTime}&quot; end-time=&quot;{$generatedDateTime}&quot; duration=&quot;0&quot;&gt;
&lt;command-line&gt;a&lt;/command-line&gt;
&lt;test-suite type=&quot;Assembly&quot; id=&quot;0-1005&quot; name=&quot;TestReport&quot; fullname=&quot;TestReport&quot; runstate=&quot;Runnable&quot; testcasecount=&quot;{$NumberOfItems}&quot; result=&quot;Passed&quot; site=&quot;Child&quot; start-time=&quot;{$generatedDateTime}&quot; end-time=&quot;{$generatedDateTime}&quot; duration=&quot;0.352610&quot; total=&quot;{$NumberOfItems}&quot; passed=&quot;0&quot; failed=&quot;{$NumberOfItems}&quot; warnings=&quot;0&quot; inconclusive=&quot;0&quot; skipped=&quot;0&quot; asserts=&quot;{$NumberOfItems}&quot;&gt;
&lt;attachments&gt;
&lt;attachment&gt;
&lt;filePath&gt;
xml_report.xml
&lt;/filePath&gt;
&lt;/attachment&gt;
&lt;/attachments&gt;
&lt;for-each select=&quot;OWASPZAPReport/site/alerts/alertitem&quot;&gt;
&lt;test-case id=&quot;0-1001&quot; name=&quot;{name}&quot; fullname=&quot;{name}&quot; methodname=&quot;Stub&quot; runstate=&quot;NotRunnable&quot; seed=&quot;400881240&quot; result=&quot;Passed&quot; label=&quot;Invalid&quot; start-time=&quot;{$generatedDateTime}&quot; end-time=&quot;{$generatedDateTime}&quot; duration=&quot;0&quot; asserts=&quot;0&quot;&gt;
&lt;failure&gt;
&lt;message&gt;
&lt;value-of select=&quot;desc&quot;/&gt;. 
&lt;value-of select=&quot;solution&quot;/&gt;
&lt;/message&gt;
&lt;stack-trace&gt;
&lt;for-each select=&quot;instances/instance&quot;&gt;
&lt;value-of select=&quot;uri&quot;/&gt;, &lt;value-of select=&quot;method&quot;/&gt;, &lt;value-of select=&quot;param&quot;/&gt;,
&lt;/for-each&gt;
&lt;/stack-trace&gt;
&lt;/failure&gt;
&lt;/test-case&gt;
&lt;/for-each&gt;
&lt;/test-suite&gt;
&lt;/test-run&gt;

huangapple
  • 本文由 发表于 2023年2月10日 16:43:41
  • 转载请务必保留本文链接:https://go.coder-hub.com/75408711.html
  • azure-pipelines
  • handlebars.js
  • owasp
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定