zap-cli icon indicating copy to clipboard operation
zap-cli copied to clipboard
verified publisher icon Grunny

Escaped chars in regex from context import

Open M0ustach3 opened this issue 6 years ago • 0 comments

Hello everyone, I'm actually testing for some vulns with the official OWASP ZAP container (Docker image) and i'm experiencing an issue : When importing a context (created and exported with ZAP GUI) into zap-cli, every line concerning the regex of excluded and included site won't be recognized by the spider and scanners. Actually, the program escapes all of the backslashes inside the regexp so, for example, it transforms : \Qhttp://172.17.0.3:3000/\E.* By this \\Qhttp://172.17.0.3:3000/\\E.*

As you can imagine, this is a big problem : the regex isn't recognized by the spider. I tried putting a custom regex direclty in the zap-cli command (eg. : zap-cli -p 2375 exclude "\Qhttp://172.17.0.3:3000/dontgohereplz\E.*" ) and It worked perfectly.

I have no idea why this happens...

If anyone has a solution to this, this would be very appreciated ! 😄

EDIT : I found that It could be the same issue than #72 ... Please fix :(

M0ustach3 avatar May 09 '19 11:05 M0ustach3