Merge pull request #6954 from thc202/automation/delay-validation

kingthorin · web-flow · commit bc61e8901da9 · 2025-12-01T11:27:35.000-05:00
automation: delay scan policy validation
diff --git a/addOns/automation/CHANGELOG.md b/addOns/automation/CHANGELOG.md
@@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Fixed
 - Restore default standard output on absent `env` `parameters`.
+- Delay Scan Policy validation to runtime phase in the `activeScan` job, the Scan Policy might be created dynamically by other jobs.
 
 ## [0.56.0] - 2025-11-07
 ### Added
diff --git a/addOns/automation/src/main/java/org/zaproxy/addon/automation/jobs/ActiveScanJob.java b/addOns/automation/src/main/java/org/zaproxy/addon/automation/jobs/ActiveScanJob.java
@@ -118,15 +118,7 @@ public void verifyParameters(AutomationProgress progress) {
         }
 
         if (!StringUtils.isEmpty(getParameters().getPolicy())) {
-            try {
-                getExtAScan().getPolicyManager().getPolicy(getParameters().getPolicy());
-            } catch (ConfigurationException e) {
-                progress.error(
-                        Constant.messages.getString(
-                                "automation.error.ascan.policy.name",
-                                this.getName(),
-                                getParameters().getPolicy()));
-            }
+            // Validate the policy exists when running, it might be created dynamically.
 
             if (!StringUtils.isEmpty(getParameters().getDefaultStrength())) {
                 JobUtils.parseAttackStrength(
@@ -239,7 +231,12 @@ public void runJob(AutomationEnvironment env, AutomationProgress progress) {
                 }
 
             } catch (ConfigurationException e) {
-                // Error already raised above
+                progress.error(
+                        Constant.messages.getString(
+                                "automation.error.ascan.policy.name",
+                                this.getName(),
+                                getParameters().getPolicy()));
+                return;
             }
         } else {
             scanPolicy =
diff --git a/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobUnitTest.java b/addOns/automation/src/test/java/org/zaproxy/addon/automation/jobs/ActiveScanJobUnitTest.java
@@ -236,7 +236,7 @@ public ScannerParam getScannerParam() {
     }
 
     @Test
-    void shouldRunValidJob() throws MalformedURLException {
+    void shouldRunValidJob() throws Exception {
         // Given
         Constant.messages = new I18N(Locale.ENGLISH);
         Context context = mock(Context.class);
@@ -254,8 +254,12 @@ void shouldRunValidJob() throws MalformedURLException {
         AutomationEnvironment env = mock(AutomationEnvironment.class);
         given(env.getDefaultContextWrapper()).willReturn(contextWrapper);
 
-        // When
+        given(policyManager.getPolicy("policy1")).willReturn(mock(ScanPolicy.class));
+
         ActiveScanJob job = new ActiveScanJob();
+        job.getParameters().setPolicy("policy1");
+
+        // When
         job.runJob(env, progress);
 
         // Then
@@ -288,6 +292,29 @@ void shouldFailIfUnknownContext() throws MalformedURLException {
         assertThat(progress.getErrors().get(0), is(equalTo("!automation.error.context.unknown!")));
     }
 
+    @Test
+    void shouldFailIfUnknownPolicy() throws Exception {
+        // Given
+        given(policyManager.getPolicy("missingPolicy")).willThrow(ConfigurationException.class);
+        Constant.messages = new I18N(Locale.ENGLISH);
+        AutomationProgress progress = new AutomationProgress();
+        AutomationEnvironment env = mock(AutomationEnvironment.class);
+
+        ContextWrapper contextWrapper = new ContextWrapper(mock(Context.class), env);
+        given(env.getDefaultContextWrapper()).willReturn(contextWrapper);
+
+        ActiveScanJob job = new ActiveScanJob();
+        job.getParameters().setPolicy("missingPolicy");
+
+        // When
+        job.runJob(env, progress);
+
+        // Then
+        assertThat(progress.hasWarnings(), is(equalTo(false)));
+        assertThat(progress.hasErrors(), is(equalTo(true)));
+        assertThat(progress.getErrors(), contains("!automation.error.ascan.policy.name!"));
+    }
+
     @Test
     void shouldUseSpecifiedContext() throws MalformedURLException {
         // Given
@@ -782,10 +809,8 @@ void shouldWarnOnInvalidIntThreshold() throws MalformedURLException {
     }
 
     @Test
-    void shouldVerifyParameters() throws Exception {
+    void shouldVerifyParameters() {
         // Given
-        given(policyManager.getPolicy("policy1")).willReturn(mock(ScanPolicy.class));
-
         AutomationEnvironment env = mock(AutomationEnvironment.class);
         given(env.getAllUserNames()).willReturn(List.of("user0", "user1"));
         ActiveScanJob job = new ActiveScanJob();
@@ -833,30 +858,4 @@ void shouldVerifyParameters() throws Exception {
         assertThat(job.getParameters().getThreadPerHost(), is(equalTo(2)));
         assertThat(job.getParameters().getMaxAlertsPerRule(), is(equalTo(5)));
     }
-
-    @Test
-    void shouldErrorOnUnknownPolicy() throws Exception {
-        // Given
-        given(policyManager.getPolicy("missingPolicy")).willThrow(ConfigurationException.class);
-
-        String yamlStr =
-                """
-                parameters:
-                  policy: missingPolicy
-                """;
-        AutomationProgress progress = new AutomationProgress();
-        Yaml yaml = new Yaml();
-        Object data = yaml.load(yamlStr);
-
-        ActiveScanJob job = new ActiveScanJob();
-        job.setJobData(((LinkedHashMap<?, ?>) data));
-
-        // When
-        job.verifyParameters(progress);
-
-        // Then
-        assertThat(progress.hasErrors(), is(equalTo(true)));
-        assertThat(progress.hasWarnings(), is(equalTo(false)));
-        assertThat(progress.getErrors(), contains("!automation.error.ascan.policy.name!"));
-    }
 }
