Ask a Question

LoadScripts not working: SOAPUI claims it may contain "malicious code" ||-( Why?

mmoser18
Frequent Contributor

LoadScripts not working: SOAPUI claims it may contain "malicious code" ||-( Why?

On a a colleague's machine SOAPUI refuses to start up mocks automatically. On my system (using same SOAPUI-version v5.6.0, same OS (Windows 10), same soapui project files) it works as it always did. On his machine mocks can be started manually and individually but not by running the LoadScript.

 

In his log file I found multiple entries reading:

"In project '<project name here>' we have detected Load script that may contain malicious code, if you do not want to receive this message please change the setting in preferences."

 

What the heck is this supposed to mean? ||-(

 

The loadscript reads:

 

for (ms in project.mockServiceList) {
    // open window:
    def dp = com.eviware.soapui.support.UISupport.showDesktopPanel(ms)
    // start mockservice:
    ms.start()
    // minimize window:
    com.eviware.soapui.SoapUI.desktop.minimize(dp)
}

 

 

We are using this very same load script since several years in misc. projects. What causes SOAPUI to suddenly consider this as malicious code?

 

Where is that preference setting that is referenced in the error message? We found nothing in preferences that sounds even vaguely related to maliscious code nor loadscripts (except the checkbox to disable them).

 

And how to we convince SOAPUI to run this script?

4 REPLIES 4
mmoser18
Frequent Contributor

Re: LoadScripts not working: SOAPUI claims it may contain "malicious code" ||-( Why?

Hello? Anyone from SmartBear listening? How can I trigger some attention?

KarelHusa
Frequent Contributor

Re: LoadScripts not working: SOAPUI claims it may contain "malicious code" ||-( Why?

Hi @mmoser18 ,

execution of the load scripts is a serious security vulnerability.

 

Imagine someone infects your SoapUI projects and you compromise your computer by mere opening the SoapUI project. This vulnerability bas been resolved in release 5.6.0, the load scripts are not executed automatically anymore.

 

If you decide you take the risks and want to run the load (and save) scripts, you can configure it:

 

KarelHusa_0-1633674101087.png

Another option is to execute the script manually:

 

KarelHusa_1-1633674452794.png

 

Best regards,

Karel

 

mmoser18
Frequent Contributor

Re: LoadScripts not working: SOAPUI claims it may contain "malicious code" ||-( Why?

Thanks for the explanation and the reasoning behind it. We understand and are willing to take that risk.

 

But, as I had described, we have already been that far, i.e. we had found the checkbox you described (and unchecked it).

Only, on my colleagues machine the load scripts are not executed automatically even though he has unchecked that checkbox.

 

And what's puzzling me most: how is it possible that only he gets said warning, while I myself am not getting anything like that (although we run the very same version of SOAPUI)?

 

... but as you write in your other post: we probably won't get an answer from SmartBear on that.

 

Thanks again for responding!

KarelHusa
Frequent Contributor

Re: LoadScripts not working: SOAPUI claims it may contain "malicious code" ||-( Why?

In case the Load script isn't executed even if you uncheck the "Disable the Load and Save Scripts" option, there can be other things which prevent the execution:

  • an antivirus or other blocker on the operating system level
  • another settings in SoapUI (or else) which is different to yours

 

I would recommend to debug the issue. You can make a sample project and put inside a simple Load script, e.g.:

log.info "Project LOAD script! " + new Date().format("yyyy-MM-dd:HH:mm:SS") 

 

If you close and open the project, check if the message is in the "script log". What happens if you run the script manually?

 

K.

 

 

cancel
Showing results for 
Search instead for 
Did you mean: