private Map<String, String> createCheckMap(SubmitContext context) {
Map<String, String> checkMap = new HashMap<String, String>();
checkMap.putAll(createMapFromTable());
if (includeProjectSpecific) {
checkMap.putAll(SecurityScanUtil.projectEntriesList(this));
}
if (includeGlobal) {
checkMap.putAll(SecurityScanUtil.globalEntriesList());
}
Map<String, String> expandedMap = propertyExpansionSupport(checkMap, context);
return expandedMap;
}
@Override
protected void execute(
SecurityTestRunner securityTestRunner, TestStep testStep, SecurityTestRunContext context) {
scriptEngine.setScript(groovyscc.getExecuteScript().getStringValue());
scriptEngine.setVariable("context", context);
scriptEngine.setVariable("testStep", testStep);
scriptEngine.setVariable("securityScan", this);
scriptEngine.setVariable("parameters", parameters);
scriptEngine.setVariable("log", SoapUI.ensureGroovyLog());
try {
scriptResult = scriptEngine.run();
hasNext = castResultToBoolean(scriptResult);
XmlObjectTreeModel model = null;
for (SecurityCheckedParameter scp : getParameterHolder().getParameterList()) {
if (parameters.containsKey(scp.getLabel()) && parameters.get(scp.getLabel()) != null) {
if (scp.isChecked() && scp.getXpath().trim().length() > 0) {
model = SecurityScanUtil.getXmlObjectTreeModel(testStep, scp);
XmlTreeNode[] treeNodes = null;
treeNodes = model.selectTreeNodes(context.expand(scp.getXpath()));
if (treeNodes.length > 0) {
XmlTreeNode mynode = treeNodes[0];
mynode.setValue(1, parameters.get(scp.getLabel()));
}
updateRequestProperty(testStep, scp.getName(), model.getXmlObject().toString());
} else {
updateRequestProperty(testStep, scp.getName(), parameters.get(scp.getLabel()));
}
} else if (parameters.containsKey(scp.getLabel())
&& parameters.get(scp.getLabel()) == null) { // clears null values form parameters
parameters.remove(scp.getLabel());
}
}
MessageExchange message =
(MessageExchange) testStep.run((TestCaseRunner) securityTestRunner, context);
createMessageExchange(clearNullValues(parameters), message, context);
} catch (Exception e) {
SoapUI.logError(e);
hasNext = false;
} finally {
// if( scriptResult != null )
// {
// getTestStep().getProperty( "Request" ).setValue( ( String
// )scriptResult );
//
// getTestStep().run( ( TestCaseRunner )securityTestRunner,
// ( TestCaseRunContext )securityTestRunner.getRunContext() );
// }
}
}
// TODO check if this should be applicable to properties after all, it's not mapped for properties
// currently
protected String internalAssertProperty(
TestPropertyHolder source,
String propertyName,
MessageExchange messageExchange,
SubmitContext context)
throws AssertionException {
Map<String, String> checkMap = createCheckMap(context);
List<AssertionError> assertionErrorList = new ArrayList<AssertionError>();
String propertyValue = source.getPropertyValue(propertyName);
Set<String> messages = new HashSet<String>();
try {
for (String token : checkMap.keySet()) {
boolean useRegexp = token.trim().startsWith(PREFIX);
String description = !checkMap.get(token).equals("") ? checkMap.get(token) : token;
if (useRegexp) {
token = token.substring(token.indexOf(PREFIX) + 1);
}
String match = SecurityScanUtil.contains(context, propertyValue, token, useRegexp);
if (match != null) {
String message =
description
+ " - Token ["
+ token
+ "] found ["
+ match
+ "] in property "
+ propertyName;
if (!messages.contains(message)) {
assertionErrorList.add(new AssertionError(message));
messages.add(message);
}
}
}
} catch (Throwable e) {
SoapUI.logError(e);
}
if (!messages.isEmpty()) {
throw new AssertionException(
assertionErrorList.toArray(new AssertionError[assertionErrorList.size()]));
}
return "OK";
}
/*
* (non-Javadoc)
*
* @see com.eviware.soapui.SoapUICore#saveSettings()
*/
public String saveSettings() throws Exception {
PropertyExpansionUtils.saveGlobalProperties();
SecurityScanUtil.saveGlobalSecuritySettings();
isSavingSettings = true;
try {
if (settingsFile == null) {
settingsFile = getRoot() + File.separatorChar + DEFAULT_SETTINGS_FILE;
}
// Save settings to root or user.home
File file = new File(settingsFile);
if (!file.canWrite()) {
file = new File(new File(System.getProperty("user.home", ".")), DEFAULT_SETTINGS_FILE);
}
SoapuiSettingsDocumentConfig settingsDocument =
(SoapuiSettingsDocumentConfig) this.settingsDocument.copy();
String password = settings.getString(SecuritySettings.SHADOW_PASSWORD, null);
if (password != null && password.length() > 0) {
try {
byte[] data = settingsDocument.xmlText().getBytes();
String encryptionAlgorithm = "des3";
byte[] encryptedData = OpenSSL.encrypt(encryptionAlgorithm, password.toCharArray(), data);
settingsDocument.setSoapuiSettings(null);
settingsDocument.getSoapuiSettings().setEncryptedContent(encryptedData);
settingsDocument.getSoapuiSettings().setEncryptedContentAlgorithm(encryptionAlgorithm);
} catch (UnsupportedEncodingException e) {
log.error("Encryption error", e);
} catch (IOException e) {
log.error("Encryption error", e);
} catch (GeneralSecurityException e) {
log.error("Encryption error", e);
}
}
FileOutputStream out = new FileOutputStream(file);
settingsDocument.save(out);
out.flush();
out.close();
log.info("Settings saved to [" + file.getAbsolutePath() + "]");
lastSettingsLoad = file.lastModified();
return file.getAbsolutePath();
} finally {
isSavingSettings = false;
}
}