cancel
Showing results for 
Search instead for 
Did you mean: 

Security test using groovy script has an error.

SOLVED
Highlighted
Visitor

Security test using groovy script has an error.

The application uses OAuth1.0.  For the scan, I have created the groovy scripts for each test case (every other endpoint). When I run through the groovy script, it was executed without any problem, and I can check the right response as below.

scanResult.png

 

 

responseUsingGroovy.png

 

However, when I send the request in the REST editor, the response shows an error "oauth_problem=nonce_used".
Even though the groovyscript was coded correctly, I don't think the SoapUI Pro scan can grap the groovy script code properly when I run the security scans. reponseFromRESTscan.png

 

 

The security scan report shows same response from above the reponse. 

 

scanResult.png

 

How can I resolve this issue in the SoupUI scan?

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Moderator

Re: Security test using groovy script has an error.

Hi kimyeo01,

 

I've found the following explanation for the nonce_used error: 

"The nonce-timestamp combination has already been used"
Source: https://devdocs.magento.com/guides/v2.3/get-started/authentication/oauth-errors.html

So, it seems that you need to use a new value when you run the request again.

 

Also, I can recommend checking the ReadyAPI logs and logs from the server. 


Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️

View solution in original post

1 REPLY 1
Highlighted
Moderator

Re: Security test using groovy script has an error.

Hi kimyeo01,

 

I've found the following explanation for the nonce_used error: 

"The nonce-timestamp combination has already been used"
Source: https://devdocs.magento.com/guides/v2.3/get-started/authentication/oauth-errors.html

So, it seems that you need to use a new value when you run the request again.

 

Also, I can recommend checking the ReadyAPI logs and logs from the server. 


Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️

View solution in original post

New Here?
Join us and watch the welcome video:
Announcements
Script Wanted
Let's start July with new challenges!

Create a script to change request body before sending it to the server for the TechCorner tag!


Scripts created in June:
- A script to generate a request body based on data from Datasource
- A script to go through all response nodes and check the value of the required field
- A Dispatching script to get responses based on the values in Request Body
- A script to add a new tag and assign it to all TestCases in a TestSuite
Top Kudoed Authors