Exemplo n.º 1
0
  private void initXmlBombConfig() {
    getConfig().setConfig(XmlBombSecurityScanConfig.Factory.newInstance());
    xmlBombConfig = (XmlBombSecurityScanConfig) getConfig().getConfig();

    xmlBombConfig.setAttachXmlBomb(false);
    xmlBombConfig.setXmlAttachmentPrefix(DEFAULT_PREFIX);

    initDefaultVectors();
  }
Exemplo n.º 2
0
  private void initDefaultVectors() {
    try {
      InputStream in =
          SoapUI.class.getResourceAsStream(
              "/com/eviware/soapui/resources/security/xmlbomb/BillionLaughsAttack.xml.txt");
      BufferedReader br = new BufferedReader(new InputStreamReader(in));
      String strLine;
      StringBuffer value = new StringBuffer();
      while ((strLine = br.readLine()) != null) {
        value.append(strLine).append('\n');
      }
      in.close();
      XmlString bomb = xmlBombConfig.addNewXmlBombs();
      bomb.setStringValue(value.toString());
    } catch (Exception e) {
      SoapUI.logError(e);
    }

    try {
      InputStream in =
          SoapUI.class.getResourceAsStream(
              "/com/eviware/soapui/resources/security/xmlbomb/QuadraticBlowup.xml.txt");
      BufferedReader br = new BufferedReader(new InputStreamReader(in));
      String strLine;
      StringBuffer value = new StringBuffer();
      while ((strLine = br.readLine()) != null) {
        value.append(strLine).append('\n');
      }
      in.close();
      XmlString bomb = xmlBombConfig.addNewXmlBombs();
      bomb.setStringValue(value.toString());
    } catch (Exception e) {
      SoapUI.logError(e);
    }

    try {
      InputStream in =
          SoapUI.class.getResourceAsStream(
              "/com/eviware/soapui/resources/security/xmlbomb/ExternalEntity.dtd.txt");
      BufferedReader br = new BufferedReader(new InputStreamReader(in));
      String strLine;
      StringBuffer value = new StringBuffer();
      while ((strLine = br.readLine()) != null) {
        value.append(strLine).append('\n');
      }
      in.close();
      XmlString bomb = xmlBombConfig.addNewXmlBombs();
      bomb.setStringValue(value.toString());
    } catch (Exception e) {
      SoapUI.logError(e);
    }
  }
Exemplo n.º 3
0
  private void mutateParameters(TestStep testStep, SecurityTestRunContext context)
      throws XmlException, Exception {
    mutation = true;

    // for each parameter
    for (SecurityCheckedParameter parameter : getParameterHolder().getParameterList()) {

      if (parameter.isChecked()) {
        for (String bomb : xmlBombConfig.getXmlBombsList()) {
          if (!parameterMutations.containsKey(parameter))
            parameterMutations.put(parameter, new ArrayList<String>());
          parameterMutations.get(parameter).add(bomb);
        }
      }
    }
  }
Exemplo n.º 4
0
 public void setAttachmentPrefix(String prefix) {
   xmlBombConfig.setXmlAttachmentPrefix(prefix);
 }
Exemplo n.º 5
0
 public String getAttachmentPrefix() {
   return xmlBombConfig.getXmlAttachmentPrefix();
 }
Exemplo n.º 6
0
 protected void setBombList(List<String> bombList) {
   xmlBombConfig.setXmlBombsArray(bombList.toArray(new String[1]));
 }
Exemplo n.º 7
0
 public List<String> getXmlBombList() {
   return xmlBombConfig.getXmlBombsList();
 }
Exemplo n.º 8
0
 public void setAttachXmlBomb(boolean attach) {
   xmlBombConfig.setAttachXmlBomb(attach);
 }
Exemplo n.º 9
0
 public boolean isAttachXmlBomb() {
   return xmlBombConfig.getAttachXmlBomb();
 }