Using Security Scan for XML SOAP request - how to?
Hi everyone,
What do I need to do to make soapUI use a sample request and plug malformed XML into the right node?
It's currently just using a default template request with ? place holders...
Details:
I have a web service that expects SOAP requests like the following:
I have set up a Malformed XML test with Schema Compliance assertion, but when I run it, soapUI sends the request template (with question mark placeholders):
Of course, the web service realises that a question mark is not a valid code/number/date and returns an error.
What I'd like to know is: how do I need to set up the test so that soapUI uses my sample request (snippet 1) and just inserts the malformed XML into either the MyCode, MyNumber or MyDate node and uses the valid samples (instead of question marks) for the other nodes.
At the moment, I have one parameter set up for the test:
Label: req1
Name: Request
Enabled: checked
XPath:
But as I said, that doesn't pick up the sample request, only the template - and it doesn't insert the malformed XML, too. So it's clearly wrong. Any idea what I need to do to get this to work? What I want ideally is for soapUI to send something like this:
Kind regards,
Christian
What do I need to do to make soapUI use a sample request and plug malformed XML into the right node?
It's currently just using a default template request with ? place holders...
Details:
I have a web service that expects SOAP requests like the following:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:get="http://www.example.com/path">
<soapenv:Header/>
<soapenv:Body>
<get:GetInfoRequest>
<MyCode>AA</MyCode>
<MyNumber>123</MyNumber>
<MyDate>2013-11-14</MyDate>
</get:GetInfoRequest>
</soapenv:Body>
</soapenv:Envelope>
I have set up a Malformed XML test with Schema Compliance assertion, but when I run it, soapUI sends the request template (with question mark placeholders):
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:get="http://www.example.com/path">
<soapenv:Header/>
<soapenv:Body>
<get:GetInfoRequest>
<MyCode>?</MyCode> <============= bad
<MyNumber>?</MyNumber> <============= bad
<MyDate>?</MyDate> <============= bad
</get:GetInfoRequest>
</soapenv:Body>
</soapenv:Envelope>
Of course, the web service realises that a question mark is not a valid code/number/date and returns an error.
What I'd like to know is: how do I need to set up the test so that soapUI uses my sample request (snippet 1) and just inserts the malformed XML into either the MyCode, MyNumber or MyDate node and uses the valid samples (instead of question marks) for the other nodes.
At the moment, I have one parameter set up for the test:
Label: req1
Name: Request
Enabled: checked
XPath:
declare namespace ns1='http://www.example.com/path';
//ns1:GetInfoRequest[1]/ns1:MyNumber[1]
But as I said, that doesn't pick up the sample request, only the template - and it doesn't insert the malformed XML, too. So it's clearly wrong. Any idea what I need to do to get this to work? What I want ideally is for soapUI to send something like this:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:get="http://www.example.com/path">
<soapenv:Header/>
<soapenv:Body>
<get:GetInfoRequest>
<MyCode><xml>xml <joke> </xml> </joke></MyCode> <===== malformed XML here
<MyNumber>123</MyNumber> <===== valid data here
<MyDate>2013-11-14</MyDate> <===== valid data here
</get:GetInfoRequest>
</soapenv:Body>
</soapenv:Envelope>
Kind regards,
Christian
