Forum Discussion

mmoser18's avatar
mmoser18
Frequent Contributor
4 years ago

LoadScripts not working: SOAPUI claims it may contain "malicious code" ||-( Why?

On a a colleague's machine SOAPUI refuses to start up mocks automatically. On my system (using same SOAPUI-version v5.6.0, same OS (Windows 10), same soapui project files) it works as it always did. On his machine mocks can be started manually and individually but not by running the LoadScript.

 

In his log file I found multiple entries reading:

"In project '<project name here>' we have detected Load script that may contain malicious code, if you do not want to receive this message please change the setting in preferences."

 

What the heck is this supposed to mean? ||-(

 

The loadscript reads:

 

for (ms in project.mockServiceList) {
    // open window:
    def dp = com.eviware.soapui.support.UISupport.showDesktopPanel(ms)
    // start mockservice:
    ms.start()
    // minimize window:
    com.eviware.soapui.SoapUI.desktop.minimize(dp)
}

 

 

We are using this very same load script since several years in misc. projects. What causes SOAPUI to suddenly consider this as malicious code?

 

Where is that preference setting that is referenced in the error message? We found nothing in preferences that sounds even vaguely related to maliscious code nor loadscripts (except the checkbox to disable them).

 

And how to we convince SOAPUI to run this script?

Scripting
  • mmoser18's avatar
    mmoser18
    Frequent Contributor
    4 years ago

    Hello? Anyone from SmartBear listening? How can I trigger some attention?

  • KarelHusa's avatar
    KarelHusa
    Champion Level 1
    4 years ago

    Hi mmoser18 ,

    execution of the load scripts is a serious security vulnerability.

     

    Imagine someone infects your SoapUI projects and you compromise your computer by mere opening the SoapUI project. This vulnerability bas been resolved in release 5.6.0, the load scripts are not executed automatically anymore.

     

    If you decide you take the risks and want to run the load (and save) scripts, you can configure it:

     

    Another option is to execute the script manually:

     

     

    Best regards,

    Karel

     

    • mmoser18's avatar
      mmoser18
      Frequent Contributor
      4 years ago

      Thanks for the explanation and the reasoning behind it. We understand and are willing to take that risk.

       

      But, as I had described, we have already been that far, i.e. we had found the checkbox you described (and unchecked it).

      Only, on my colleagues machine the load scripts are not executed automatically even though he has unchecked that checkbox.

       

      And what's puzzling me most: how is it possible that only he gets said warning, while I myself am not getting anything like that (although we run the very same version of SOAPUI)?

       

      ... but as you write in your other post: we probably won't get an answer from SmartBear on that.

       

      Thanks again for responding!

      • KarelHusa's avatar
        KarelHusa
        Champion Level 1
        4 years ago

        In case the Load script isn't executed even if you uncheck the "Disable the Load and Save Scripts" option, there can be other things which prevent the execution:

        • an antivirus or other blocker on the operating system level
        • another settings in SoapUI (or else) which is different to yours

         

        I would recommend to debug the issue. You can make a sample project and put inside a simple Load script, e.g.:

        log.info "Project LOAD script! " + new Date().format("yyyy-MM-dd:HH:mm:SS") 

         

        If you close and open the project, check if the message is in the "script log". What happens if you run the script manually?

         

        K.

         

         

Related Content