I'm using a shell script to install & run ZAP on an Ubuntu image.
sudo apt update
sudo apt install default-jre -y
sudo apt install snapd -y
sudo snap install zaproxy --classic
cd /snap/zaproxy/current
java -jar ./zap-2.11.1.jar -cmd -quickurl https://www.website.com/ -quickprogress -quickout ~/report.xml
The Spider works fine, but a little while after the Active Scan starts, it throws the following error:
java.io.EOFException
at java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2353)
at java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2822)
at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:804)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:301)
at hudson.remoting.ObjectInputStreamEx.<init>(ObjectInputStreamEx.java:49)
at hudson.remoting.Command.readFrom(Command.java:142)
at hudson.remoting.Command.readFrom(Command.java:128)
at hudson.remoting.AbstractSynchronousByteArrayCommandTransport.read(AbstractSynchronousByteArrayCommandTransport.java:35)
at hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:61)
Caused: java.io.IOException: Unexpected termination of the channel
at hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:75)
Caused: java.io.IOException: Backing channel 'jenkins-zap-t6s4nu' is disconnected.
I saw in another question that java.io.EOFException happens when you try to read an empty file. The shell script works fine when it's running on a PC or VM, so I'm thinking maybe there's a hidden dependency that isn't installed by default on the barebones Ubuntu image.
Is there a portion of this shell script that's missing or incorrect?
It turns out that the problem was with our server, not with ZAP! We had a rogue Jenkins controller that believed it needed to kill all agents it had not started.
If someone else runs into this problem in the future, definitely try running server diagnostics.