Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.eviware.soapui.security.scan
Class CrossSiteScriptingScan

java.lang.Object
  extended by com.eviware.soapui.model.support.AbstractModelItem
      extended by com.eviware.soapui.model.support.AbstractAnimatableModelItem<com.eviware.soapui.config.ModelItemConfig>
          extended by com.eviware.soapui.impl.wsdl.AbstractWsdlModelItem<com.eviware.soapui.config.SecurityScanConfig>
              extended by com.eviware.soapui.security.scan.AbstractSecurityScan
                  extended by com.eviware.soapui.security.scan.AbstractSecurityScanWithProperties
                      extended by com.eviware.soapui.security.scan.CrossSiteScriptingScan
All Implemented Interfaces:
ModelItem, SecurityScan, XPathReferenceContainer, Assertable, ResponseAssertion, PropertyChangeNotifier
public class CrossSiteScriptingScan
extends AbstractSecurityScanWithProperties

This checks whether any parameters sent in the request are included in the response, If they do appear, this is a good parameter to look at as a possible attack vector for XSS

Author:
nebojsa.tasic

Nested Class Summary
protected static interface CrossSiteScriptingScan.AdvancedSettings
           
 
Nested classes/interfaces inherited from interface com.eviware.soapui.model.testsuite.Assertable
Assertable.AssertionStatus
 
Field Summary
static java.lang.String NAME
           
static java.lang.String PARAMETER_EXPOSURE_SCAN_CONFIG
           
static java.lang.String TEST_CASE_RUNNER
           
static java.lang.String TEST_STEP
           
static java.lang.String TYPE
           
 
Fields inherited from class com.eviware.soapui.security.scan.AbstractSecurityScanWithProperties
SECURITY_CHANGED_PARAMETERS
 
Fields inherited from class com.eviware.soapui.security.scan.AbstractSecurityScan
assertionsSupport
 
Fields inherited from interface com.eviware.soapui.model.security.SecurityScan
SECURITY_CHECK_RESPONSE_RESULT, SECURITY_SCAN_REQUEST_RESULT, STATUS_PROPERTY
 
Fields inherited from interface com.eviware.soapui.model.ModelItem
DESCRIPTION_PROPERTY, ICON_PROPERTY, LABEL_PROPERTY, NAME_PROPERTY
 
Constructor Summary
CrossSiteScriptingScan(TestStep testStep, com.eviware.soapui.config.SecurityScanConfig config, ModelItem parent, java.lang.String icon)
           
 
Method Summary
protected  void execute(SecurityTestRunner securityTestRunner, TestStep testStep, SecurityTestRunContext context)
          should be implemented in every particular scan it executes one request, modified by securityScan if necessary and internally adds messages for logging to SecurityScanRequestResult
 javax.swing.JComponent getAdvancedSettingsPanel()
          Overide if SecurityScan needs advanced settings
 javax.swing.JComponent getComponent()
          Overide if SecurityScan have Optional component
 java.lang.String getConfigDescription()
           
 java.lang.String getConfigName()
           
 java.lang.String getHelpURL()
           
 java.lang.String getType()
          The type of this check
protected  boolean hasNext(TestStep testStep, SecurityTestRunContext context)
          checks if specific SecurityScan still has modifications left
protected  void initAssertions()
           
 void release()
           
 void updateSecurityConfig(com.eviware.soapui.config.SecurityScanConfig config)
           
 
Methods inherited from class com.eviware.soapui.security.scan.AbstractSecurityScanWithProperties
copyConfig, createMessageExchange, getParameterAt, getParameterByLabel, getParameterHolder, getXPathReferences, importParameter, setParameterHolder
 
Methods inherited from class com.eviware.soapui.security.scan.AbstractSecurityScan
addAssertion, addAssertionsListener, addPropertyChangeListener, addWsdlAssertion, assertResponse, clear, cloneAssertion, getAssertableContent, getAssertableType, getAssertionAt, getAssertionByName, getAssertionCount, getAssertionList, getAssertions, getAssertionsSupport, getAssertionStatus, getDefaultAssertableContent, getExecutionStrategy, getInterface, getModelItem, getOriginalResult, getRequest, getSecurityScanRequestResult, getSecurityScanResult, getSecurityStatus, getTestStep, isApplyForFailedStep, isConfigurable, isDisabled, isRunOnlyOnce, isSecurable, isSkipFurtherRunning, moveAssertion, removeAssertion, removeAssertionsListener, removePropertyChangeListener, reportSecurityScanException, run, setApplyForFailedTestStep, setDisabled, setExecutionStrategy, setRunOnlyOnce, setSecurityScanRequestResult, setSkipFurtherRunning, setTestStep
 
Methods inherited from class com.eviware.soapui.impl.wsdl.AbstractWsdlModelItem
addExternalDependencies, afterLoad, beforeSave, dependsOn, getConfig, getDescription, getExternalDependencies, getIcon, getId, getName, getParent, getSettings, getWsdlModelItemByName, resolve, setConfig, setDescription, setIcon, setName, setSettings
 
Methods inherited from class com.eviware.soapui.model.support.AbstractModelItem
addPropertyChangeListener, fireIndexedPropertyChange, fireIndexedPropertyChange, fireIndexedPropertyChange, getChildren, notifyPropertyChanged, notifyPropertyChanged, notifyPropertyChanged, notifyPropertyChanged, removePropertyChangeListener
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface com.eviware.soapui.model.security.SecurityScan
getConfig
 
Methods inherited from interface com.eviware.soapui.model.ModelItem
getChildren, getDescription, getIcon, getId, getName, getParent, getSettings
 
Methods inherited from interface com.eviware.soapui.support.PropertyChangeNotifier
addPropertyChangeListener, removePropertyChangeListener
 

Field Detail

TYPE

public static final java.lang.String TYPE
See Also:
Constant Field Values

NAME

public static final java.lang.String NAME
See Also:
Constant Field Values

PARAMETER_EXPOSURE_SCAN_CONFIG

public static final java.lang.String PARAMETER_EXPOSURE_SCAN_CONFIG
See Also:
Constant Field Values

TEST_CASE_RUNNER

public static final java.lang.String TEST_CASE_RUNNER
See Also:
Constant Field Values

TEST_STEP

public static final java.lang.String TEST_STEP
See Also:
Constant Field Values
Constructor Detail

CrossSiteScriptingScan

public CrossSiteScriptingScan(TestStep testStep,
                              com.eviware.soapui.config.SecurityScanConfig config,
                              ModelItem parent,
                              java.lang.String icon)
Method Detail

initAssertions

protected void initAssertions()
Overrides:
initAssertions in class AbstractSecurityScan

updateSecurityConfig

public void updateSecurityConfig(com.eviware.soapui.config.SecurityScanConfig config)
Specified by:
updateSecurityConfig in interface SecurityScan
Overrides:
updateSecurityConfig in class AbstractSecurityScanWithProperties

execute

protected void execute(SecurityTestRunner securityTestRunner,
                       TestStep testStep,
                       SecurityTestRunContext context)
Description copied from class: AbstractSecurityScan
should be implemented in every particular scan it executes one request, modified by securityScan if necessary and internally adds messages for logging to SecurityScanRequestResult

Specified by:
execute in class AbstractSecurityScan

getComponent

public javax.swing.JComponent getComponent()
Description copied from class: AbstractSecurityScan
Overide if SecurityScan have Optional component

Specified by:
getComponent in interface SecurityScan
Overrides:
getComponent in class AbstractSecurityScan
Returns:

getType

public java.lang.String getType()
Description copied from interface: SecurityScan
The type of this check

Specified by:
getType in interface SecurityScan
Specified by:
getType in class AbstractSecurityScan
Returns:

hasNext

protected boolean hasNext(TestStep testStep,
                          SecurityTestRunContext context)
Description copied from class: AbstractSecurityScan
checks if specific SecurityScan still has modifications left

Specified by:
hasNext in class AbstractSecurityScan

getConfigDescription

public java.lang.String getConfigDescription()
Specified by:
getConfigDescription in interface SecurityScan
Specified by:
getConfigDescription in class AbstractSecurityScan

getConfigName

public java.lang.String getConfigName()
Specified by:
getConfigName in interface SecurityScan
Specified by:
getConfigName in class AbstractSecurityScan

getHelpURL

public java.lang.String getHelpURL()
Specified by:
getHelpURL in interface SecurityScan
Specified by:
getHelpURL in class AbstractSecurityScan

getAdvancedSettingsPanel

public javax.swing.JComponent getAdvancedSettingsPanel()
Description copied from class: AbstractSecurityScan
Overide if SecurityScan needs advanced settings

Specified by:
getAdvancedSettingsPanel in interface SecurityScan
Overrides:
getAdvancedSettingsPanel in class AbstractSecurityScan
Returns:

release

public void release()
Specified by:
release in interface SecurityScan
Overrides:
release in class AbstractSecurityScanWithProperties
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2005-2011 eviware.com. All Rights Reserved.