/*
* soapUI, copyright (C) 2004-2011 eviware.com
*
* soapUI is free software; you can redistribute it and/or modify it under the
* terms of version 2.1 of the GNU Lesser General Public License as published by
* the Free Software Foundation.
*
* soapUI is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU Lesser General Public License for more details at gnu.org.
*/
package com.eviware.soapui.security.scan;
import javax.swing.JComponent;
import com.eviware.soapui.config.FuzzerScanConfig;
import com.eviware.soapui.config.SecurityScanConfig;
import com.eviware.soapui.config.StrategyTypeConfig;
import com.eviware.soapui.impl.wsdl.support.HelpUrls;
import com.eviware.soapui.model.ModelItem;
import com.eviware.soapui.model.iface.MessageExchange;
import com.eviware.soapui.model.security.SecurityCheckedParameter;
import com.eviware.soapui.model.testsuite.TestCaseRunner;
import com.eviware.soapui.model.testsuite.TestStep;
import com.eviware.soapui.security.SecurityTestRunContext;
import com.eviware.soapui.security.SecurityTestRunner;
import com.eviware.soapui.security.ui.FuzzerScanAdvancedConfigPanel;
import com.eviware.soapui.support.SecurityScanUtil;
import com.eviware.soapui.support.types.StringToStringMap;
import com.eviware.soapui.support.xml.XmlObjectTreeModel;
import com.eviware.soapui.support.xml.XmlObjectTreeModel.XmlTreeNode;
import com.eviware.x.impl.swing.JFormDialog;
import org.apache.commons.lang.RandomStringUtils;
public class FuzzerSecurityScan extends AbstractSecurityScanWithProperties
{
public static final String TYPE = "FuzzingScan";
public static final String NAME = "Fuzzing Scan";
public static final int DEFAULT_MINIMAL = 5;
public static final int DEFAULT_MAXIMAL = 15;
public static final int DEFAULT_NUMBER_OF_REQUESTS = 100;
private JFormDialog dialog;
private FuzzerScanConfig fuzzerScanConfig;
private Integer numberOfRequests;
private int minimal;
private int maximal;
public FuzzerSecurityScan( TestStep testStep, SecurityScanConfig config, ModelItem parent, String icon )
{
super( testStep, config, parent, icon );
if( config.getConfig() == null || !( config.getConfig() instanceof FuzzerScanConfig ) )
{
initConfig();
}
else
{
fuzzerScanConfig = ( FuzzerScanConfig )getConfig().getConfig();
}
getExecutionStrategy().setStrategy( StrategyTypeConfig.ALL_AT_ONCE );
getExecutionStrategy().setImmutable( true );
}
private void initConfig()
{
getConfig().setConfig( FuzzerScanConfig.Factory.newInstance() );
fuzzerScanConfig = ( FuzzerScanConfig )getConfig().getConfig();
fuzzerScanConfig.setMinimal( DEFAULT_MINIMAL );
fuzzerScanConfig.setMaximal( DEFAULT_MAXIMAL );
fuzzerScanConfig.setNumberOfRequest( DEFAULT_NUMBER_OF_REQUESTS );
}
@Override
protected void execute( SecurityTestRunner runner, TestStep testStep, SecurityTestRunContext context )
{
StringToStringMap parameters = new StringToStringMap();
XmlObjectTreeModel model = null;
for( SecurityCheckedParameter scp : getParameterHolder().getParameterList() )
{
if( scp.isChecked() )
{
if( scp.getXpath().trim().length() > 0 )
{
model = SecurityScanUtil.getXmlObjectTreeModel( testStep, scp );
XmlTreeNode[] treeNodes = null;
treeNodes = model.selectTreeNodes( context.expand( scp.getXpath() ) );
if( treeNodes.length > 0 )
{
XmlTreeNode mynode = treeNodes[0];
String fuzzed = fuzzedValue();
mynode.setValue( 1, fuzzed );
parameters.put( scp.getLabel(), fuzzed );
}
updateRequestProperty( testStep, scp.getName(), model.getXmlObject().toString() );
}
else
{
String fuzzed = fuzzedValue();
parameters.put( scp.getLabel(), fuzzed );
updateRequestProperty( testStep, scp.getName(), fuzzed );
}
}
MessageExchange message = ( MessageExchange )testStep.run( ( TestCaseRunner )runner, context );
createMessageExchange( parameters, message, context );
}
}
private String fuzzedValue()
{
int count = ( int )( Math.random() * ( maximal + 1 - minimal ) ) + minimal;
return RandomStringUtils.randomAlphanumeric( count );
}
private void updateRequestProperty( TestStep testStep, String propertyName, String propertyValue )
{
testStep.getProperty( propertyName ).setValue( propertyValue );
}
@Override
protected boolean hasNext( TestStep testStep2, SecurityTestRunContext context )
{
if( numberOfRequests == null )
{
numberOfRequests = fuzzerScanConfig.getNumberOfRequest();
minimal = fuzzerScanConfig.getMinimal();
maximal = fuzzerScanConfig.getMaximal();
}
if( numberOfRequests > 0 )
{
numberOfRequests-- ;
return true;
}
else
{
numberOfRequests = null;
return false;
}
}
@Override
public JComponent getAdvancedSettingsPanel()
{
FuzzerScanAdvancedConfigPanel configPanel = new FuzzerScanAdvancedConfigPanel( fuzzerScanConfig );
dialog = configPanel.getDialog();
return dialog.getPanel();
}
@Override
public void release()
{
if( dialog != null )
dialog.release();
super.release();
}
@Override
public String getConfigDescription()
{
return "Configuration for Fuzzing Security Scan";
}
@Override
public String getConfigName()
{
return "Configuration for Fuzzing Security Scan";
}
@Override
public String getHelpURL()
{
// TODO: change to proper help url
return HelpUrls.SECURITY_SCANS_OVERVIEW;
}
@Override
public String getType()
{
return TYPE;
}
protected void clear()
{
numberOfRequests = null;
}
}