HUD not updating percentage for Spider, Ajax Spider and Attack #1089
Description
Describe the bug
When running a web security scan with the ZAP HUD I usually start with a Spider, then Ajax Spider then Attack. When clicking on the Spider button, in the HUD the percentage remains 0, even though the Java GUI is showing 100%
Steps to reproduce the behavior
Start a scan from Manual Explore
Click on the Spider icon in the hud
Wait a few minutes for it to complete
Observe the Java GUI is finished spidering 100%, but the HUD is still reporting 100%
repeat Ajax Spider
and again for Attack
Adjusted the Read Timeout as suggested in the log file but still the same behavior
Expected behavior
The HUD should show the actual percentage that is finished for the scan type selected
Software versions
OWASP ZAPD 2022-03-07
(would be nice if we could copy past the version number instead of having to type it over) ;-)
Screenshots
Errors from the zap.log file
2022-03-08 14:54:58,700 [ZAP-SpiderInitThread-0] INFO SpiderThread - Starting spidering scan on https://{MYURL}/ at 2022-03-08T14:54:58.700+0100
2022-03-08 14:54:58,707 [ZAP-SpiderInitThread-0] INFO Spider - Spider initializing...
2022-03-08 14:54:58,783 [ZAP-SpiderInitThread-0] INFO Spider - Starting spider...
2022-03-08 14:54:59,168 [ZAP-SpiderThreadPool-0-thread-1] INFO Spider - Spidering process is complete. Shutting down...
2022-03-08 14:54:59,180 [ZAP-SpiderShutdownThread-0] INFO SpiderThread - Spider scanning complete: true on https://{MYURL}/ at 2022-03-08T14:54:59.180+0100
2022-03-08 14:55:27,908 [ZAP-PassiveScanner] WARN PassiveScanThread - Passive Scan rule Wappalyzer Scanner (Tech Detection) took 21 seconds to scan https://{MYURL}themes/resurface-admincentral/styles.css?v=8.14.1 text/css;charset=UTF-8 718649
2022-03-08 14:55:31,016 [ZAP-IO-EventExecutor-3-7] WARN HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 14:55:34,093 [ZAP-PassiveScanner] WARN PassiveScanThread - Passive Scan rule Application Error Disclosure took 6 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:55:45,605 [ZAP-PassiveScanner] WARN PassiveScanThread - Passive Scan rule Information Disclosure - Suspicious Comments took 6 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:55:57,487 [ZAP-PassiveScanner] WARN PassiveScanThread - Passive Scan rule Vulnerable JS Library took 7 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:56:31,030 [ZAP-IO-EventExecutor-3-6] WARN HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 14:57:30,992 [ZAP-IO-EventExecutor-3-5] WARN HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 14:58:16,055 [ZAP-IO-EventExecutor-3-2] WARN HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 14:58:55,331 [ZAP-PassiveScanner] WARN PassiveScanThread - Passive Scan rule Wappalyzer Scanner (Tech Detection) took 171 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:59:01,585 [ZAP-IO-EventExecutor-3-4] WARN HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 14:59:12,656 [ZAP-PassiveScanner] WARN PassiveScanThread - Passive Scan rule Application Error Disclosure took 7 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:59:24,877 [ZAP-PassiveScanner] WARN PassiveScanThread - Passive Scan rule Information Disclosure - Suspicious Comments took 7 seconds to scan https://{MYURL}{MYWIDGET}cache.js application/javascript;charset=UTF-8 7749932
2022-03-08 14:59:46,816 [ZAP-IO-EventExecutor-3-6] WARN HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 15:00:46,855 [ZAP-IO-EventExecutor-3-2] WARN HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 15:01:46,777 [ZAP-IO-EventExecutor-3-4] WARN HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 15:02:46,809 [ZAP-IO-EventExecutor-3-5] WARN HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
2022-03-08 15:03:46,888 [ZAP-IO-EventExecutor-3-5] WARN HttpSenderHandler - Failed to read https://{MYURL}{MYID}{MYPROT}{MYNUM} within 20 seconds, check to see if the site is available and if so consider adjusting ZAP's read time out in the Connection options panel.
Additional context
This bug entered the code around the D-2022-02-15 release.
Would you like to help fix this issue?
- Yes