Unable to reach server and run tests

docker

#1

I’m running a zap server with docker in order to run scans and then run jest test against the result. Locally it is working fine since the server is running on 0.0.0.0:8081 and in the tests i’m proxying zap to localhost:8081 but on circleci the server is running on 0.0.0.0:8081 and the circleci address is set to 127.0.0.1 resulting in test failures. Anyone has an idea of how to change circle’s host address and make it run on localhost instead of 127.0.0.1 ? Even if i change the proxy and run the server on 127.0.0.1 it is still not working.

Here’s the config.yml for this job:

test-zap:
docker:
  - image: circleci/node:8.11
  - image: owasp/zap2docker-stable
    name: zap
    command: zap.sh -daemon -host 0.0.0.0 -port 8081 -config api.disablekey=true -config 
    api.addrs.addr.name=.* -config api.addrs.addr.regex=true
working_directory: ~/repo
steps:
  - checkout
  - run:
      name: Wait For Proxy
      command: |
        until nc -z zap 8081
        do
          echo "Waiting for ZAP..."
          sleep 1
        done
  - restore_cache:
      name: Restore Yarn Package Cache
      keys:
        - yarn-packages-{{ checksum "yarn.lock" }}
  - run:
      name: Remove lock file
      command: rm yarn.lock
  - run:
      name: Install dependencies
      command: yarn install
  - save_cache:
      name: Save Yarn Package Cache
      key: yarn-packages-{{ checksum "yarn.lock" }}
      paths:
        - ~/.cache/yarn
  - run:
      name: Run zap test
      command: yarn test:zap

and here’s the zap configuration that i’m doing:

const zapOptions = {
   apiKey: '90qqdvuco5afvfglnn02oplss0',
   proxy: 'http://localhost:8081/',
};
const zaproxy = new ZapClient(zapOptions);

#2

Try removing the -host 0.0.0.0 in the command line. Perhaps it has to bind to the remote localhost and not to the (private) LAN IP?

Also, try SSHing in after a failed build and do a netstat to see if something is listening on 8081. The binding to localhost is a CircleCI device - it is a network between your build container and the remote server running the server container.

You may need to search the web for the correct commands to netstat to get the most useful report.


#3

I tried removing the -host 0.0.0.0 in the command and got the server to run on localhost. it seems i don’t have an issue with the port being in use. Here’s the error i’m logging:

message: 'Error: connect ECONNREFUSED 127.0.0.1:8081',
  cause: 
  { Error: connect ECONNREFUSED 127.0.0.1:8081
    at Object._errnoException (util.js:992:11)
    at _exceptionWithHostPort (util.js:1014:20)
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1186:14)
     code: 'ECONNREFUSED',
     errno: 'ECONNREFUSED',
     syscall: 'connect',
     address: '127.0.0.1',
     port: 8081 
  },
  error: 
  { Error: connect ECONNREFUSED 127.0.0.1:8081
    at Object._errnoException (util.js:992:11)
    at _exceptionWithHostPort (util.js:1014:20)
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1186:14)
     code: 'ECONNREFUSED',
     errno: 'ECONNREFUSED',
     syscall: 'connect',
     address: '127.0.0.1',
     port: 8081 
  },

Now i’m running a remote docker as follows instead of running the docker zap image:

steps:
  - checkout
  - setup_remote_docker:
      docker_layer_caching: true
  - run:
      name: Run ZAP Headless
      command: docker run -u zap -p 8081:8081 -i owasp/zap2docker-stable zap.sh -daemon -port 8081 
      -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.key=<api-key>
      background: true

and i’m getting this:

Remote Docker engine created. Using VM 'default-ab7e9746-2032-4668-ba13-453b9664e53f'
Created container accessible with:
DOCKER_CERT_PATH=/tmp/docker-certs025086737
DOCKER_HOST=tcp://104.196.152.141:2376
DOCKER_MACHINE_NAME=36896556
DOCKER_TLS_VERIFY=1
NO_PROXY=127.0.0.1,localhost,circleci-internal-outer-build-agent,104.196.152.141:2376

I’m assuming proxy needs to be enabled on the remote docker to be able to reach the server but in the documentation there is no additional info on this other than the setup and caching.