Ryarlagadda
11 years agoOccasional Contributor
Security Test Failure - SOAP UI Pro
Hello,
I have tried to run Security Test (Cross Site Scripting, Invalid Types, SQL Injection, XPath Injection etc ..) for one of Restful API.
Restful service responding in JSon format.
All the security scan tests completed, with 282 failures "Unknown MessageExchange type".
PFA Security Log for reference
SecurityTest started at 2014-03-12 14:39:06.724
Step 3 [Get2Valid_zeroInvalidpackages] Alerts: took 8794 ms
SecurityScan 1 [Cross Site Scripting] Alerts, took = 7005
[Cross Site Scripting] Request 1 - FAILED - [Password=<SCRIPT>document.write("<SCRI");</SCRIPT>PT src="http://soapui.org/xss.js"></SCRIPT>]: took 42 ms
-> Unknown MessageExchange type
[Cross Site Scripting] Request 2 - FAILED - [Username=<SCRIPT>document.write("<SCRI");</SCRIPT>PT src="http://soapui.org/xss.js"></SCRIPT>]: took 38 ms
-> Unknown MessageExchange type
Could you please advise how to analyze these failure, as This information not clear enough. Is there any further log to identify root cause of these failures.
In addition, SOAP UI not generating "common report" after completion of Security test.
Following failure reported in error.log in SOAPUI Pro installation directory.
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
net.sf.jasperreports.engine.design.JRValidationException: Report design not valid :
1. Parameter not found : FailedTestSteps
2. Parameter not found : ProjectCoverage
3. Parameter not found : RequirementLinkedTestCases
4. Parameter not found : TestCaseCoverage
5. Parameter not found : TestStepResults
6. Parameter not found : TestSuiteCoverage
at net.sf.jasperreports.engine.design.JRAbstractCompiler.verifyDesign(JRAbstractCompiler.java:258)
at net.sf.jasperreports.engine.design.JRAbstractCompiler.compileReport(JRAbstractCompiler.java:140)
at net.sf.jasperreports.engine.JasperCompileManager.compileReport(JasperCompileManager.java:215)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport.createReport(SourceFile:460)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport$ReportFillWorker.construct(SourceFile:428)
at com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWorkerDelegator.java:46)
at com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:149)
at java.lang.Thread.run(Unknown Source)
net.sf.jasperreports.engine.design.JRValidationException: Report design not valid :
1. Parameter not found : FailedTestSteps
2. Parameter not found : ProjectCoverage
3. Parameter not found : RequirementLinkedTestCases
4. Parameter not found : TestCaseCoverage
5. Parameter not found : TestStepResults
6. Parameter not found : TestSuiteCoverage
at net.sf.jasperreports.engine.design.JRAbstractCompiler.verifyDesign(JRAbstractCompiler.java:258)
at net.sf.jasperreports.engine.design.JRAbstractCompiler.compileReport(JRAbstractCompiler.java:140)
at net.sf.jasperreports.engine.JasperCompileManager.compileReport(JasperCompileManager.java:215)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport.createReport(SourceFile:460)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport$ReportFillWorker.construct(SourceFile:428)
at com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWorkerDelegator.java:46)
at com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:149)
at java.lang.Thread.run(Unknown Source)
net.sf.jasperreports.engine.design.JRValidationException: Report design not valid :
1. Parameter not found : FailedTestSteps
2. Parameter not found : ProjectCoverage
3. Parameter not found : RequirementLinkedTestCases
4. Parameter not found : TestCaseCoverage
5. Parameter not found : TestStepResults
6. Parameter not found : TestSuiteCoverage
at net.sf.jasperreports.engine.design.JRAbstractCompiler.verifyDesign(JRAbstractCompiler.java:258)
at net.sf.jasperreports.engine.design.JRAbstractCompiler.compileReport(JRAbstractCompiler.java:140)
at net.sf.jasperreports.engine.JasperCompileManager.compileReport(JasperCompileManager.java:215)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport.createReport(SourceFile:460)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport$ReportFillWorker.construct(SourceFile:428)
at com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWorkerDelegator.java:46)
at com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:149)
at java.lang.Thread.run(Unknown Source)
Please could you advise how to resolve this issue , This error not shown while generating other reports.
Thanks,
Raj
I have tried to run Security Test (Cross Site Scripting, Invalid Types, SQL Injection, XPath Injection etc ..) for one of Restful API.
Restful service responding in JSon format.
All the security scan tests completed, with 282 failures "Unknown MessageExchange type".
PFA Security Log for reference
SecurityTest started at 2014-03-12 14:39:06.724
Step 3 [Get2Valid_zeroInvalidpackages] Alerts: took 8794 ms
SecurityScan 1 [Cross Site Scripting] Alerts, took = 7005
[Cross Site Scripting] Request 1 - FAILED - [Password=<SCRIPT>document.write("<SCRI");</SCRIPT>PT src="http://soapui.org/xss.js"></SCRIPT>]: took 42 ms
-> Unknown MessageExchange type
[Cross Site Scripting] Request 2 - FAILED - [Username=<SCRIPT>document.write("<SCRI");</SCRIPT>PT src="http://soapui.org/xss.js"></SCRIPT>]: took 38 ms
-> Unknown MessageExchange type
Could you please advise how to analyze these failure, as This information not clear enough. Is there any further log to identify root cause of these failures.
In addition, SOAP UI not generating "common report" after completion of Security test.
Following failure reported in error.log in SOAPUI Pro installation directory.
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
net.sf.jasperreports.engine.design.JRValidationException: Report design not valid :
1. Parameter not found : FailedTestSteps
2. Parameter not found : ProjectCoverage
3. Parameter not found : RequirementLinkedTestCases
4. Parameter not found : TestCaseCoverage
5. Parameter not found : TestStepResults
6. Parameter not found : TestSuiteCoverage
at net.sf.jasperreports.engine.design.JRAbstractCompiler.verifyDesign(JRAbstractCompiler.java:258)
at net.sf.jasperreports.engine.design.JRAbstractCompiler.compileReport(JRAbstractCompiler.java:140)
at net.sf.jasperreports.engine.JasperCompileManager.compileReport(JasperCompileManager.java:215)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport.createReport(SourceFile:460)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport$ReportFillWorker.construct(SourceFile:428)
at com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWorkerDelegator.java:46)
at com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:149)
at java.lang.Thread.run(Unknown Source)
net.sf.jasperreports.engine.design.JRValidationException: Report design not valid :
1. Parameter not found : FailedTestSteps
2. Parameter not found : ProjectCoverage
3. Parameter not found : RequirementLinkedTestCases
4. Parameter not found : TestCaseCoverage
5. Parameter not found : TestStepResults
6. Parameter not found : TestSuiteCoverage
at net.sf.jasperreports.engine.design.JRAbstractCompiler.verifyDesign(JRAbstractCompiler.java:258)
at net.sf.jasperreports.engine.design.JRAbstractCompiler.compileReport(JRAbstractCompiler.java:140)
at net.sf.jasperreports.engine.JasperCompileManager.compileReport(JasperCompileManager.java:215)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport.createReport(SourceFile:460)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport$ReportFillWorker.construct(SourceFile:428)
at com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWorkerDelegator.java:46)
at com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:149)
at java.lang.Thread.run(Unknown Source)
net.sf.jasperreports.engine.design.JRValidationException: Report design not valid :
1. Parameter not found : FailedTestSteps
2. Parameter not found : ProjectCoverage
3. Parameter not found : RequirementLinkedTestCases
4. Parameter not found : TestCaseCoverage
5. Parameter not found : TestStepResults
6. Parameter not found : TestSuiteCoverage
at net.sf.jasperreports.engine.design.JRAbstractCompiler.verifyDesign(JRAbstractCompiler.java:258)
at net.sf.jasperreports.engine.design.JRAbstractCompiler.compileReport(JRAbstractCompiler.java:140)
at net.sf.jasperreports.engine.JasperCompileManager.compileReport(JasperCompileManager.java:215)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport.createReport(SourceFile:460)
at com.eviware.soapui.reporting.engine.jasper.GenerateJasperReport$ReportFillWorker.construct(SourceFile:428)
at com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWorkerDelegator.java:46)
at com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:149)
at java.lang.Thread.run(Unknown Source)
Please could you advise how to resolve this issue , This error not shown while generating other reports.
Thanks,
Raj