com.eviware.soapui.security.scan

Class CrossSiteScriptingScan

java.lang.Object

com.eviware.soapui.model.support.AbstractModelItem

com.eviware.soapui.model.support.AbstractAnimatableModelItem<ModelItemConfig>

com.eviware.soapui.impl.wsdl.AbstractWsdlModelItem<SecurityScanConfig>

com.eviware.soapui.security.scan.AbstractSecurityScan

com.eviware.soapui.security.scan.AbstractSecurityScanWithProperties

com.eviware.soapui.security.scan.CrossSiteScriptingScan

All Implemented Interfaces:

ModelItem, SecurityScan, XPathReferenceContainer, Assertable, ResponseAssertion, PropertyChangeNotifier

public class CrossSiteScriptingScan
extends AbstractSecurityScanWithProperties

This checks whether any parameters sent in the request are included in the response, If they do appear, this is a good parameter to look at as a possible attack vector for XSS

Author:

nebojsa.tasic

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected static interface	CrossSiteScriptingScan.AdvancedSettings

Nested classes/interfaces inherited from interface com.eviware.soapui.model.testsuite.Assertable

Assertable.AssertionStatus

Field Summary

Fields

Modifier and Type	Field and Description
static String	NAME
static String	PARAMETER_EXPOSURE_SCAN_CONFIG
static String	TEST_CASE_RUNNER
static String	TEST_STEP
static String	TYPE

Fields inherited from class com.eviware.soapui.security.scan.AbstractSecurityScanWithProperties

SECURITY_CHANGED_PARAMETERS

Fields inherited from class com.eviware.soapui.security.scan.AbstractSecurityScan

assertionsSupport

Fields inherited from interface com.eviware.soapui.model.security.SecurityScan

SECURITY_CHECK_RESPONSE_RESULT, SECURITY_SCAN_REQUEST_RESULT, STATUS_PROPERTY

Fields inherited from interface com.eviware.soapui.model.ModelItem

DESCRIPTION_PROPERTY, ICON_PROPERTY, LABEL_PROPERTY, NAME_PROPERTY

Constructor Summary

Constructors

Constructor and Description
CrossSiteScriptingScan(TestStep testStep, SecurityScanConfig config, ModelItem parent, String icon)

Method Summary

Methods

Modifier and Type	Method and Description
protected void	execute(SecurityTestRunner securityTestRunner, TestStep testStep, SecurityTestRunContext context) should be implemented in every particular scan it executes one request, modified by securityScan if necessary and internally adds messages for logging to SecurityScanRequestResult
JComponent	getAdvancedSettingsPanel() Overide if SecurityScan needs advanced settings
JComponent	getComponent() Overide if SecurityScan have Optional component
String	getConfigDescription()
String	getConfigName()
String	getHelpURL()
String	getType() The type of this check
protected boolean	hasNext(TestStep testStep, SecurityTestRunContext context) checks if specific SecurityScan still has modifications left
protected void	initAssertions()
void	release()
void	updateSecurityConfig(SecurityScanConfig config)

Methods inherited from class com.eviware.soapui.security.scan.AbstractSecurityScanWithProperties

copyConfig, createMessageExchange, getParameterAt, getParameterByLabel, getParameterHolder, getXPathReferences, importParameter, setParameterHolder

Methods inherited from class com.eviware.soapui.security.scan.AbstractSecurityScan

addAssertion, addAssertionsListener, addPropertyChangeListener, addWsdlAssertion, assertResponse, clear, cloneAssertion, getAssertableContent, getAssertableType, getAssertionAt, getAssertionByName, getAssertionCount, getAssertionList, getAssertions, getAssertionsSupport, getAssertionStatus, getDefaultAssertableContent, getExecutionStrategy, getInterface, getModelItem, getOriginalResult, getRequest, getSecurityScanRequestResult, getSecurityScanResult, getSecurityStatus, getTestStep, isApplyForFailedStep, isConfigurable, isDisabled, isRunOnlyOnce, isSecurable, isSkipFurtherRunning, moveAssertion, removeAssertion, removeAssertionsListener, removePropertyChangeListener, reportSecurityScanException, run, setApplyForFailedTestStep, setDisabled, setExecutionStrategy, setRunOnlyOnce, setSecurityScanRequestResult, setSkipFurtherRunning, setTestStep

Methods inherited from class com.eviware.soapui.impl.wsdl.AbstractWsdlModelItem

addExternalDependencies, afterLoad, beforeSave, dependsOn, getConfig, getDescription, getExternalDependencies, getIcon, getId, getName, getParent, getSettings, getWsdlModelItemByName, resolve, setConfig, setDescription, setIcon, setName, setSettings

Methods inherited from class com.eviware.soapui.model.support.AbstractModelItem

addPropertyChangeListener, fireIndexedPropertyChange, fireIndexedPropertyChange, fireIndexedPropertyChange, getChildren, notifyPropertyChanged, notifyPropertyChanged, notifyPropertyChanged, notifyPropertyChanged, removePropertyChangeListener

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.eviware.soapui.model.security.SecurityScan

getConfig

Methods inherited from interface com.eviware.soapui.model.ModelItem

getChildren, getDescription, getIcon, getId, getName, getParent, getSettings

Methods inherited from interface com.eviware.soapui.support.PropertyChangeNotifier

addPropertyChangeListener, removePropertyChangeListener

Field Detail

TYPE

public static final String TYPE

See Also:

Constant Field Values

NAME

public static final String NAME

See Also:

Constant Field Values

PARAMETER_EXPOSURE_SCAN_CONFIG

public static final String PARAMETER_EXPOSURE_SCAN_CONFIG

See Also:

Constant Field Values

TEST_CASE_RUNNER

public static final String TEST_CASE_RUNNER

See Also:

Constant Field Values

TEST_STEP

public static final String TEST_STEP

See Also:

Constant Field Values

Constructor Detail

CrossSiteScriptingScan

public CrossSiteScriptingScan(TestStep testStep,
                      SecurityScanConfig config,
                      ModelItem parent,
                      String icon)

Method Detail

initAssertions

protected void initAssertions()

Overrides:

initAssertions in class AbstractSecurityScan

updateSecurityConfig

public void updateSecurityConfig(SecurityScanConfig config)

Specified by:

updateSecurityConfig in interface SecurityScan

Overrides:

updateSecurityConfig in class AbstractSecurityScanWithProperties

execute

protected void execute(SecurityTestRunner securityTestRunner,
           TestStep testStep,
           SecurityTestRunContext context)

Description copied from class: AbstractSecurityScan

should be implemented in every particular scan it executes one request, modified by securityScan if necessary and internally adds messages for logging to SecurityScanRequestResult

Specified by:

execute in class AbstractSecurityScan

getComponent

public JComponent getComponent()

Description copied from class: AbstractSecurityScan

Overide if SecurityScan have Optional component

Specified by:

getComponent in interface SecurityScan

Overrides:

getComponent in class AbstractSecurityScan

Returns:

getType

public String getType()

Description copied from interface: SecurityScan

The type of this check

Specified by:

getType in interface SecurityScan

Specified by:

getType in class AbstractSecurityScan

Returns:

hasNext

protected boolean hasNext(TestStep testStep,
              SecurityTestRunContext context)

Description copied from class: AbstractSecurityScan

checks if specific SecurityScan still has modifications left

Specified by:

hasNext in class AbstractSecurityScan

getConfigDescription

public String getConfigDescription()

Specified by:

getConfigDescription in interface SecurityScan

Specified by:

getConfigDescription in class AbstractSecurityScan

getConfigName

public String getConfigName()

Specified by:

getConfigName in interface SecurityScan

Specified by:

getConfigName in class AbstractSecurityScan

getHelpURL

public String getHelpURL()

Specified by:

getHelpURL in interface SecurityScan

Specified by:

getHelpURL in class AbstractSecurityScan

getAdvancedSettingsPanel

public JComponent getAdvancedSettingsPanel()

Description copied from class: AbstractSecurityScan

Overide if SecurityScan needs advanced settings

Specified by:

getAdvancedSettingsPanel in interface SecurityScan

Overrides:

getAdvancedSettingsPanel in class AbstractSecurityScan

Returns:

release

public void release()

Specified by:

release in interface SecurityScan

Overrides:

release in class AbstractSecurityScanWithProperties