Infrequently I run into the situation where ZAP has no reaction when I right click a node on [Sites] tab and click one of the “Active Scan *” menu items. I’m just gonna write about this topic on my blog for now because of its poor-reproducibility.

Yesterday I was able to look into this issue a little when I debugged ZAP and (un?)luckily it happened. What I learned from the investigation are the following.

• When actionPerformed method of PerformActionsActionListener class in PopupMenuItemHttpMessageContainer.java file is executed, referenceHttpMessageContainer.get() returns null. So a process ends before doing ActiveScan.
• An object referred to referenceHttpMessageContainer is created by executing new DefaultSelectableHistoryReferencesContainer(...) in showPopupMenuIfTriggered method, which is in SiteMapPanel.java file.
• The type of referenceHttpMessageContainer filed is WeakReference<HttpMessageContainer>, so it needs reference(s) from other objects to keep on existing.
• The inner class MessageContainerPopupMenuInvoker in PopupMenuUtils class has messageContainer field, which refers to the same object as referenceHttpMessageContainer field of PopupMenuItemHttpMessageContainer class.
• An instance of MessageContainerPopupMenuInvoker class is created during the process run by right clicking a node on [Sites] tab.

But still, what kind of situation causes the field referenceHttpMessageContainer to lose its reference to a container object?

* Environment: OWASP ZAP 2.3.1

[Last updated: 28 Oct. 2014]