Forum Discussion

z21ray's avatar
z21ray
Occasional Contributor
7 years ago

SoapUI hide password in reports

After run soapUI tests, I see there are reports on it (junit html) and content contains usernames and password used. They are used as global parameters. I start tests from command line and pass parameters as -Gusername=value and I noticed this value also appears in report. 

How do I hide password form reports?

  • Yeah, I was not sure how that would work 100% with Jenkins being a headless server and being unable to do that. You might be able to use a local install of ReadyAPI to build the template, then move that to jenkins to adjust the logging there.

     

    With your idea, you might be able to set up a tear-down script that overwrites the username/password global property with a fake value to obfuscate it in the report. Good luck!

  • In the begging of the command I have added: #!/bin/bash +x

    Then deleted all AppenderRef's from ReadyAPI-2.5.0\bin\soapui-log4j.xml

    Then in teh end of command added: 2>/dev/null

    This way I don't see any output in log (console).

    But I could not hide password in JUnit reports when tests fail.

  • groovyguy's avatar
    groovyguy
    Community Hero

    Found this post after your other one. Based on what you are doing, if I surmise correctly, you have the username/password showing up in both the Jenkins console logs and the ReadyAPI reports that are generated. 

     

    The first part, where the username / password are in the jenkins console logs, might not be avoildable. Jenkins is going to log the Test Runner command line arguments, so I am not sure you can obfuscate that. 


    Beyond that, to hide said global properties from your final reports, you would need to customize your report templates to remove reporting on global properties. At least, based on my understanding, that is what you would need. There's documentation on customizing report templates here.

    • z21ray's avatar
      z21ray
      Occasional Contributor

      Thank you for the reply.

      My readyAPI software is installed on pod in Jenkins, and jenkins is as a service in redhat openshift. So I am not able to open readyAPI and work with UI. 

      But maybe after the tests/job I could run groovie script, so it goes through all reports and replaces all passwords with empty strings :)

      • groovyguy's avatar
        groovyguy
        Community Hero

        Yeah, I was not sure how that would work 100% with Jenkins being a headless server and being unable to do that. You might be able to use a local install of ReadyAPI to build the template, then move that to jenkins to adjust the logging there.

         

        With your idea, you might be able to set up a tear-down script that overwrites the username/password global property with a fake value to obfuscate it in the report. Good luck!

  • z21ray's avatar
    z21ray
    Occasional Contributor

    In the begging of the command I have added: #!/bin/bash +x

    Then deleted all AppenderRef's from ReadyAPI-2.5.0\bin\soapui-log4j.xml

    Then in teh end of command added: 2>/dev/null

    This way I don't see any output in log (console).

    But I could not hide password in JUnit reports when tests fail.