0

I am trying to iterate over the list of SQL Security Scan strings available by default from soapUI. (it's a workaround due to using soapUI community version)

I can get the Security Scan Config object successfully, but I'm just having an XML parsing issue.

def securityTest = testRunner.testCase.getSecurityTestByName("Accounts Security")
def stepId = testRunner.testCase.getTestStepByName("Create Account").getId()
def sql = securityTest.getTestStepSecurityScanByName(stepId, "SQL Injection")


def sqlConfig = sql.getConfig()    // line 1

//def list = new XmlSlurper().parseText(sqlConfig) // line 2 <---- getting type error shown below

Line 1 returns:

<xml-fragment type="SQLInjectionScan" name="SQL Injection" id="41af9018-f35a-4fce-9e99-b80ab27cc7ca" applyForFailedStep="false" disabled="false" runOnlyOnce="true" xmlns:con="http://eviware.com/soapui/config">
  <con:settings/>
  <con:config xsi:type="con:SQLInjectionScan" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <con:sqlInjectionStrings>' or '1'='1</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>'--</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>1'</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>admin'--</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>/*!10000%201/0%20*/</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>/*!10000 1/0 */</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>1/0</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>'%20o/**/r%201/0%20--</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>' o/**/r 1/0 --</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>;</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>'%20and%201=2%20--</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>' and 1=2 --</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>test�%20UNION%20select%201,%20@@version,%201,%201;�</con:sqlInjectionStrings>
    <con:sqlInjectionStrings>test� UNION select 1, @@version, 1, 1;�</con:sqlInjectionStrings>
  </con:config>
  <con:assertion type="Valid HTTP Status Codes" id="da2f60e8-6e19-40a2-aa06-2b6d6a2476a4" name="Valid HTTP Status Codes">
    <con:configuration>
      <codes>200</codes>
    </con:configuration>
  </con:assertion>
  <con:testStep xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
  <con:checkedParameters xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <con:parameters label="ss" parameterName="lastName" xpath="" checked="true"/>
  </con:checkedParameters>
  <con:executionStrategy xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <con:strategy>ONE_BY_ONE</con:strategy>
    <con:delay>100</con:delay>
  </con:executionStrategy>
</xml-fragment>

Trying to run line 2, I get 

groovy.lang.MissingMethodException: No signature of method: groovy.util.XmlSlurper.parseText() is applicable for argument types: (com.eviware.soapui.config.impl.SecurityScanConfigImpl) values: [       ' or '1'='1   '--   1'   admin'--   /*!10000%201/0%20*/   /*!10000 1/0 */   1/0   '%20o/**/r%201/0%20--   ' o/**/r 1/0 --   ;   '%20and%201=2%20--   ' and 1=2 --   test�%20UNION%20select%201,%20@@version,%201,%201;�   test� UNION select 1, @@version, 1, 1;�         200                 ONE_BY_ONE   100     ] Possible solutions: parseText(java.lang.String), parse(java.io.File), parse(java.io.InputStream), parse(java.io.Reader), parse(java.lang.String), parse(org.xml.sax.InputSource) error at line: 10

getConfig returns an XMLObject.

What am I doing wrong?

Guy
  • 666
  • 1
  • 10
  • 34
  • `new XmlSlurper().parseText(...)` expects string as a parameter. try to convert `sqlConfig.toString()` – daggett Jan 01 '20 at 15:00
  • @daggett. I ended up using closures and node methods. Thank you for your response. – Guy Jan 02 '20 at 15:25

0 Answers0