How to add security tests to REST requests with JSON content
Ok, let me explain my problem:
I have REST request with few parameters, POST method, service accept only JSON content, so I changed Media Type to application/json and put values to the request body by this way:
Everything works fine (functional tests), but...
...when I trying add security tests: I choose my request in SecurityTest window > Add SecurityScan > SQL Injection > Adds a parameter > choosing param1 from the list > etc
And when I running that tests I getting informations like that one:
But when looking on the request body in Message Viewer window, it seems I still sending default values, not SQL Injections:
And when I looking to my server logs I really getting standard requests.
So, the question is: why SoapUI doesn't overwrites this parameters? Bug on your side, or I do something wrong? Maybe because you not support natively JSON in requests and I must create request circuitous way?
Thank you for any help,
Regards!
I have REST request with few parameters, POST method, service accept only JSON content, so I changed Media Type to application/json and put values to the request body by this way:
{
"param1" : "${param1}"
"param2" : "${param2}"
}Everything works fine (functional tests), but...
...when I trying add security tests: I choose my request in SecurityTest window > Add SecurityScan > SQL Injection > Adds a parameter > choosing param1 from the list > etc
And when I running that tests I getting informations like that one:
[SQL Injection] Request 1 - OK - [param1=' or '1'='1]: took 17 ms
But when looking on the request body in Message Viewer window, it seems I still sending default values, not SQL Injections:
{
"param1" : "value1"
"param2" : "value2"
}And when I looking to my server logs I really getting standard requests.
So, the question is: why SoapUI doesn't overwrites this parameters? Bug on your side, or I do something wrong? Maybe because you not support natively JSON in requests and I must create request circuitous way?
Thank you for any help,
Regards!
