private Map<String, String> createCheckMap(SubmitContext context) {
    Map<String, String> checkMap = new HashMap<String, String>();
    checkMap.putAll(createMapFromTable());
    if (includeProjectSpecific) {
      checkMap.putAll(SecurityScanUtil.projectEntriesList(this));
    }

    if (includeGlobal) {
      checkMap.putAll(SecurityScanUtil.globalEntriesList());
    }
    Map<String, String> expandedMap = propertyExpansionSupport(checkMap, context);
    return expandedMap;
  }
예제 #2
0
  @Override
  protected void execute(
      SecurityTestRunner securityTestRunner, TestStep testStep, SecurityTestRunContext context) {
    scriptEngine.setScript(groovyscc.getExecuteScript().getStringValue());
    scriptEngine.setVariable("context", context);
    scriptEngine.setVariable("testStep", testStep);
    scriptEngine.setVariable("securityScan", this);
    scriptEngine.setVariable("parameters", parameters);
    scriptEngine.setVariable("log", SoapUI.ensureGroovyLog());

    try {
      scriptResult = scriptEngine.run();
      hasNext = castResultToBoolean(scriptResult);
      XmlObjectTreeModel model = null;
      for (SecurityCheckedParameter scp : getParameterHolder().getParameterList()) {
        if (parameters.containsKey(scp.getLabel()) && parameters.get(scp.getLabel()) != null) {
          if (scp.isChecked() && scp.getXpath().trim().length() > 0) {
            model = SecurityScanUtil.getXmlObjectTreeModel(testStep, scp);
            XmlTreeNode[] treeNodes = null;
            treeNodes = model.selectTreeNodes(context.expand(scp.getXpath()));
            if (treeNodes.length > 0) {
              XmlTreeNode mynode = treeNodes[0];
              mynode.setValue(1, parameters.get(scp.getLabel()));
            }
            updateRequestProperty(testStep, scp.getName(), model.getXmlObject().toString());

          } else {
            updateRequestProperty(testStep, scp.getName(), parameters.get(scp.getLabel()));
          }
        } else if (parameters.containsKey(scp.getLabel())
            && parameters.get(scp.getLabel()) == null) { // clears null values form parameters
          parameters.remove(scp.getLabel());
        }
      }

      MessageExchange message =
          (MessageExchange) testStep.run((TestCaseRunner) securityTestRunner, context);
      createMessageExchange(clearNullValues(parameters), message, context);

    } catch (Exception e) {
      SoapUI.logError(e);
      hasNext = false;
    } finally {
      // if( scriptResult != null )
      // {
      // getTestStep().getProperty( "Request" ).setValue( ( String
      // )scriptResult );
      //
      // getTestStep().run( ( TestCaseRunner )securityTestRunner,
      // ( TestCaseRunContext )securityTestRunner.getRunContext() );
      // }

    }
  }
  // TODO check if this should be applicable to properties after all, it's not mapped for properties
  // currently
  protected String internalAssertProperty(
      TestPropertyHolder source,
      String propertyName,
      MessageExchange messageExchange,
      SubmitContext context)
      throws AssertionException {

    Map<String, String> checkMap = createCheckMap(context);
    List<AssertionError> assertionErrorList = new ArrayList<AssertionError>();
    String propertyValue = source.getPropertyValue(propertyName);
    Set<String> messages = new HashSet<String>();

    try {
      for (String token : checkMap.keySet()) {
        boolean useRegexp = token.trim().startsWith(PREFIX);
        String description = !checkMap.get(token).equals("") ? checkMap.get(token) : token;
        if (useRegexp) {
          token = token.substring(token.indexOf(PREFIX) + 1);
        }

        String match = SecurityScanUtil.contains(context, propertyValue, token, useRegexp);
        if (match != null) {
          String message =
              description
                  + " - Token ["
                  + token
                  + "] found ["
                  + match
                  + "] in property "
                  + propertyName;
          if (!messages.contains(message)) {
            assertionErrorList.add(new AssertionError(message));
            messages.add(message);
          }
        }
      }
    } catch (Throwable e) {
      SoapUI.logError(e);
    }

    if (!messages.isEmpty()) {
      throw new AssertionException(
          assertionErrorList.toArray(new AssertionError[assertionErrorList.size()]));
    }

    return "OK";
  }
예제 #4
0
  /*
   * (non-Javadoc)
   *
   * @see com.eviware.soapui.SoapUICore#saveSettings()
   */
  public String saveSettings() throws Exception {
    PropertyExpansionUtils.saveGlobalProperties();
    SecurityScanUtil.saveGlobalSecuritySettings();
    isSavingSettings = true;
    try {
      if (settingsFile == null) {
        settingsFile = getRoot() + File.separatorChar + DEFAULT_SETTINGS_FILE;
      }

      // Save settings to root or user.home
      File file = new File(settingsFile);
      if (!file.canWrite()) {
        file = new File(new File(System.getProperty("user.home", ".")), DEFAULT_SETTINGS_FILE);
      }

      SoapuiSettingsDocumentConfig settingsDocument =
          (SoapuiSettingsDocumentConfig) this.settingsDocument.copy();
      String password = settings.getString(SecuritySettings.SHADOW_PASSWORD, null);

      if (password != null && password.length() > 0) {
        try {
          byte[] data = settingsDocument.xmlText().getBytes();
          String encryptionAlgorithm = "des3";
          byte[] encryptedData = OpenSSL.encrypt(encryptionAlgorithm, password.toCharArray(), data);
          settingsDocument.setSoapuiSettings(null);
          settingsDocument.getSoapuiSettings().setEncryptedContent(encryptedData);
          settingsDocument.getSoapuiSettings().setEncryptedContentAlgorithm(encryptionAlgorithm);
        } catch (UnsupportedEncodingException e) {
          log.error("Encryption error", e);
        } catch (IOException e) {
          log.error("Encryption error", e);
        } catch (GeneralSecurityException e) {
          log.error("Encryption error", e);
        }
      }

      FileOutputStream out = new FileOutputStream(file);
      settingsDocument.save(out);
      out.flush();
      out.close();
      log.info("Settings saved to [" + file.getAbsolutePath() + "]");
      lastSettingsLoad = file.lastModified();
      return file.getAbsolutePath();
    } finally {
      isSavingSettings = false;
    }
  }