GraalVM JavaScript engine not loading with Java 22

[SamDubYah]

Describe the bug

Zaproxy is failing to load the graaljs extension limiting the capability of using any js scripts or the OAST functionality.

I have tried re-installed zaproxy using the ARCH pacman ( blackarch repo ) and the homepage package. I have also re-installed the graaljs addon.

Steps to reproduce the behavior

1. Launch Zaproxy
2. Add Scripting tab
3. Attempt to add new script
4. Select scripting engine
5. See graaljs is missing from scripting engine
6. view the 'zap.log' for error
7. see the following error

5988 [ZAP-BootstrapGUI] ERROR org.parosproxy.paros.extension.ExtensionLoader - Failed to initialise extension org.zaproxy.zap.extension.graaljs.ExtensionGraalJs (from add-on [id=graaljs, version=0.7.0]), cause: NoSuchMethodError: 'void sun.misc.Unsafe.ensureClassInitialized(java.lang.Class)

Expected behavior

Expect graaljs to load, and access to the graaljs scripting engine to be available.

Software versions

ZAP
Version: 2.14.0

Installed Add-ons: [[id=alertFilters, version=20.0.0],
[id=ascanrules, version=65.0.0], [id=authhelper,
version=0.12.0], [id=automation, version=0.39.0],
[id=bruteforce, version=15.0.0], [id=callhome,
version=0.11.0], [id=commonlib, version=1.24.0],
[id=database, version=0.3.0], [id=diff, version=14.0.0],
[id=directorylistv1, version=7.0.0], [id=domxss,
version=18.0.0], [id=encoder, version=1.4.0], [id=exim,
version=0.8.0], [id=formhandler, version=6.5.0], [id=fuzz,
version=13.12.0], [id=gettingStarted, version=16.0.0],
[id=graaljs, version=0.6.0], [id=graphql, version=0.23.0],
[id=help, version=17.0.0], [id=hud, version=0.18.0],
[id=invoke, version=14.0.0], [id=network, version=0.15.0],
[id=oast, version=0.17.0], [id=onlineMenu, version=12.0.0],
[id=openapi, version=39.0.0], [id=postman, version=0.3.0],
[id=pscanrules, version=57.0.0], [id=quickstart,
version=46.0.0], [id=replacer, version=16.0.0], [id=reports,
version=0.31.0], [id=requester, version=7.5.0], [id=retest,
version=0.8.0], [id=retire, version=0.34.0], [id=reveal,
version=7.0.0], [id=scripts, version=45.2.0], [id=selenium,
version=15.22.0], [id=soap, version=22.0.0], [id=spider,
version=0.10.0], [id=spiderAjax, version=23.18.0], [id=tips,
version=12.0.0], [id=webdriverlinux, version=81.0.0],
[id=websocket, version=30.0.0], [id=zest, version=44.0.0]]

Operating System: Linux
Architecture: amd64
Java Version: N/A 22
System's Locale: en_US
Display Locale: en_GB
Format Locale: en_US
Default Charset: UTF-8
ZAP Home Directory: /home/dubs/.ZAP/
ZAP Installation Directory: /usr/share/zaproxy/./
Look and Feel: FlatLaf Light (com.formdev.flatlaf.FlatLightLaf)

Screenshots

No response

Errors from the zap.log file

zap.log

Additional context

No response

Would you like to help fix this issue?

• Yes

[kingthorin]

It doesn't limit OAST functionality. It means you can't use JS scripts, a few of which OAST is packaged with but they're bonuses not requirements.

I'd suggest starting ZAP with a clean home directory using the -dir switch https://www.zaproxy.org/docs/desktop/cmdline/#options

[kingthorin]

Might also be a Java 22 issue, not sure we're compatible yet.

[thc202]

Yes, that's because of the Java version:

Failed to initialise extension org.zaproxy.zap.extension.graaljs.ExtensionGraalJs (from add-on [id=graaljs, version=0.6.0]), cause: NoSuchMethodError: 'void sun.misc.Unsafe.ensureClassInitialized(java.lang.Class)'
java.lang.NoSuchMethodError: 'void sun.misc.Unsafe.ensureClassInitialized(java.lang.Class)'

[SamDubYah]

You're correct, downgrading to java 21 fixes the issue. Thank you

[thc202]

For the record, the update of GraalVM JavaScript engine to latest version (which should address this) requires bumping ZAP's minimum Java version to 17.