zap didn't scan urls list on auth.include

[dhodyrahmad]

Hi, I tried to using auth.include options to my zap scan but turns out the urls not scanned by zap. On the auth.include value, I tried .*path1.* or https://url.com/path1 or https://url.com/path1.*, zap read it as include this include urls by showing with this

2022-12-21 10:51:50,509 Included .*path1.*
2022-12-21 10:51:50,608 Included .*etc.*

but I can't find it on zap.core.urls() when I print it. zap.core.urls just print others path like this

[
'https://url.com', 
'https://url.com/', 
'https://url.com/_next', 
'https://url.com/_next/image?q=75&url=%2Fimg%2Falto-logo-color.png&w=256', 
'https://url.com/_next/static', 
'https://url.com/_next/static/6p7g4_R0Fjy5c2P-ptme7', 
'https://url.com/_next/static/6p7g4_R0Fjy5c2P-ptme7/_buildManifest.js', 
'https://url.com/_next/static/6p7g4_R0Fjy5c2P-ptme7/_ssgManifest.js',
etc...
]

Not the one I want to scan on the include auth. Did I missed something?

NOTE:
I running with this command

zap-full-scan.py -I -j -m 10 -T 60 -t "https://url.com" --hook=/zap/auth_hook.py -J zap-$CI_PROJECT_NAME-report.json -r zap-$CI_PROJECT_NAME-report.html -x zap-$CI_PROJECT_NAME-report.xml -z 'auth.loginurl="https://web.portal.local.altodev.id/login" auth.username="[email protected]" auth.password="P4ssw0rd" auth.exclude=".*logout.*" auth.username_field="email" auth.password_field="password" auth.first_submit_field="Continue" auth.submit_field="LOGIN" auth.include=".*path1.*,.*etc.*"' 

[erno1978]

@dhodyrahmad Hello, we are currently reviewing if there's still a usecase for this repository because in the meanwhile, ZAP seems to have included the same functionality. Do you (still) have a specific reason to use this repostory instead of the "original ZAP"?