Forum Discussion

ChristianB's avatar
ChristianB
Contributor
12 years ago

[4.6.4] XPath Injection Scans return Exceptions (REST)

Hi!

We get the following NPE for XPath Injection security Scans against a REST Interface (all parameters are defined without an XPath in the parameters list):

Tue Feb 04 12:32:34 GMT 2014:ERROR:[XPathInjectionSecurityScan]Property value is not valid xml!
Tue Feb 04 12:32:34 GMT 2014:ERROR:java.lang.NullPointerException
   java.lang.NullPointerException
    at com.eviware.soapui.security.scan.XPathInjectionSecurityScan.update(XPathInjectionSecurityScan.java:144)
    at com.eviware.soapui.security.scan.XPathInjectionSecurityScan.execute(XPathInjectionSecurityScan.java:110)
    at com.eviware.soapui.security.scan.AbstractSecurityScan.run(AbstractSecurityScan.java:215)
    at com.eviware.soapui.security.SecurityTestRunnerImpl.runTestStepSecurityScan(SecurityTestRunnerImpl.java:306)
    at com.eviware.soapui.security.SecurityTestRunnerImpl.runCurrentTestStep(SecurityTestRunnerImpl.java:216)
    at com.eviware.soapui.security.SecurityTestRunnerImpl.runCurrentTestStep(SecurityTestRunnerImpl.java:39)
    at com.eviware.soapui.impl.wsdl.support.AbstractTestCaseRunner.internalRun(AbstractTestCaseRunner.java:148)
    at com.eviware.soapui.impl.wsdl.support.AbstractTestCaseRunner.internalRun(AbstractTestCaseRunner.java:43)
    at com.eviware.soapui.impl.wsdl.support.AbstractTestRunner.run(AbstractTestRunner.java:135)
    at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)


Tue Feb 04 12:32:34 GMT 2014:ERROR:Header #status# is missing!
Tue Feb 04 12:32:34 GMT 2014:ERROR:java.lang.NullPointerException
   java.lang.NullPointerException
    at com.eviware.soapui.security.assertion.ValidHttpStatusCodesAssertion.internalAssertResponse(ValidHttpStatusCodesAssertion.java:83)
    at com.eviware.soapui.impl.wsdl.teststeps.WsdlMessageAssertion.assertResponse(WsdlMessageAssertion.java:161)
    at com.eviware.soapui.security.scan.AbstractSecurityScan.assertResponse(AbstractSecurityScan.java:640)
    at com.eviware.soapui.security.scan.AbstractSecurityScan.run(AbstractSecurityScan.java:218)
    at com.eviware.soapui.security.SecurityTestRunnerImpl.runTestStepSecurityScan(SecurityTestRunnerImpl.java:306)
    at com.eviware.soapui.security.SecurityTestRunnerImpl.runCurrentTestStep(SecurityTestRunnerImpl.java:216)
    at com.eviware.soapui.security.SecurityTestRunnerImpl.runCurrentTestStep(SecurityTestRunnerImpl.java:39)
    at com.eviware.soapui.impl.wsdl.support.AbstractTestCaseRunner.internalRun(AbstractTestCaseRunner.java:148)
    at com.eviware.soapui.impl.wsdl.support.AbstractTestCaseRunner.internalRun(AbstractTestCaseRunner.java:43)
    at com.eviware.soapui.impl.wsdl.support.AbstractTestRunner.run(AbstractTestRunner.java:135)
    at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)


The test runner then hangs.

Any idea what those are about?

Kind regards,

Christian

2 Replies

  • MarcusJ's avatar
    MarcusJ
    Icon for Staff rankStaff
    12 years ago
    Hi,

    I can not reproduce this issue. Does this only occur when running the security test runner outside of the SoapUI GUI?

    If you have a reproducible test case then please attach.
  • ChristianB's avatar
    ChristianB
    Contributor
    12 years ago
    Hi Marcus,

    We have changed our project file since then, but I'll try to dig out one that produces the error and get back to you next week. I'd have to change endpoints etc. before posting it, though...

    Brgrds,

    Christian