Fixed OCI error (RedHatProductSecurity#134)

* fixed the OCI permission error while creating /home/zap/.ZAP/policies
jeremychoi · Sep 22, 2023 · 6a51f6a · 6a51f6a
1 parent 46a9e68
commit 6a51f6a
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/scanners/zap/zap_podman.py b/scanners/zap/zap_podman.py
@@ -57,7 +57,6 @@ def __init__(self, config, ident="zap"):
             "Zap",
             ("workdir", self._create_temp_dir("workdir"), "/zap/results"),
             ("scripts", f"{MODULE_DIR}/scripts", "/zap/scripts"),
-            ("policies", f"{MODULE_DIR}/policies", "/home/zap/.ZAP/policies/"),
             ("zaphomedir", self._create_temp_dir("zaphomedir"), "/home/zap/.ZAP"),
         )
         self.zap_home = self.path_map.zaphomedir.host_path
@@ -83,6 +82,9 @@ def setup(self):
         if self.state != State.UNCONFIGURED:
             raise RuntimeError(f"ZAP setup encounter an unexpected state: {self.state}")
 
+        # copy policy files so that they will be available in the container
+        shutil.copytree(f"{MODULE_DIR}/policies", f"{self.zap_home}/policies")
+
         self._setup_podman_cli()
 
         super().setup()