Forum Discussion
Just one question, how does the response look like for PATCH request?
I can see from the documentation that user can write your own custom script for the assertion.
https://support.smartbear.com/readyapi/docs/testing/assertions/reference/security/xss.html
Since you like to run a GET request after receiving the PATCH response, you can write code to make the GET call in the custom script. For that, use groovy wslite (check github for the library and sample code).
Hi nmrao
In general the success response is a simple
HTTP/1.1 204 No Content
Server: Kestrel
Strict-Transport-Security: max-age=2592000
X-Powered-By: ASP.NET
Date: Tue, 10 Sep 2019 10:55:29 GMT
We also the typical error responses (Unauthorized, Bad Request...)
Responses that return error details return a body like this
{
"code": "string",
"target": "string",
"message": "string",
"errors": [
null
],
"innerDetails": {}
}
I'll check the library you indicated but on first glance don't see how this would allow me to grab the details of the PATCH request that SoapUI sends
Still I see here that property expansion could work for ReadyAPI
https://support.smartbear.com/readyapi/docs/testing/properties/expansion.html#scopes
But I cannot seem to get this to work
I have a structure something like
Test Suite: SecTest
=> Security Tests: SecTestCustPhones
=> TestSteps: CustPhones_Get
==> Security Scan: Fuzzing Scan
(I use a different method and secuirty scan for simplicity and because the Pro trial version has expired so I work with whatever the community edition has to offer on my previous setup)
def ResFile ="C:/Request.xml"
def request = context.expand('${#SecurityTest#SecTestCustPhones#Request}')
def j = new File(ResFile)
j.write(request, "UTF-8")
I add this in a script assertion just to see if it manages to grab the request but when I run the security test the resulting file is empty
Which means two things
- My script is wrong ...most probably
- This is available only in SoapUI pro whose trial version has expired
- nmrao5 years agoChampion Level 3If that does not allow you to grab the response or some other hurdle to use security test, I would suggest to use normal test in data driven format and use different requests resembling as security test does.
Then you can grab the response and write the script using the mentioned library to send the GET request dynamically.
Related Content
- 5 years agoNinjaMarvel
- 7 years agoDonkey2017
- 6 years agomartonjurak
- 7 years agoDonkey2017
- 5 years agoTheEnd