Testing Web-Services with bdd-security ?

[gkoukou...@twelvesec.com]

Hi Stephen,

is testing web-services feasible now with the new Cucumber-JVM version?

I'm guessing that it is. After all there are some examples included in folder `ropeytasks/webservice`. 

However I can't find any instructions on how to run the examples. Also the corresponding link in the repo's main page is broken:

> Support for testing non-browser based web services and APIs. See the getting started guide for more details. 

Thanks!

[gkoukou...@twelvesec.com]

Hi again.

I am using bdd-security to test a REST API, according to the Ropey sample.

Unfortunately a strange error messes up with my tests, and I haven't been able to figure out the cause.

I'm testing web services using the authorization story, and the error occurs in method `getProxy().makeRequest(...)` . 

I'm really stuck in this one, and somewhat desperate. Any kind of hints/ideas/suggestions would be appreciated!

Thanks!

```

net.continuumsecurity.proxy.ProxyException: org.zaproxy.clientapi.core.ClientApiException: org.codehaus.jackson.JsonParseException: First element must be "log"

 at [Source: java.io.ByteArrayInputStream@9fe720a; line: 1, column: 10]

at net.continuumsecurity.proxy.ZAProxyScanner.makeRequest(ZAProxyScanner.java:339)

at net.continuumsecurity.steps.WebApplicationSteps.checkNotAuthorizedAccessToResource(WebApplicationSteps.java:525)

at ✽.Then the string: 401 should be present in all of the HTTP responses(rest_authorization.feature:32)

Caused by: org.zaproxy.clientapi.core.ClientApiException: org.codehaus.jackson.JsonParseException: First element must be "log"

 at [Source: java.io.ByteArrayInputStream@9fe720a; line: 1, column: 10]

at net.continuumsecurity.proxy.ZAProxyScanner$ClientApiUtils.createHarLog(ZAProxyScanner.java:1663)

at net.continuumsecurity.proxy.ZAProxyScanner$ClientApiUtils.getHarEntries(ZAProxyScanner.java:1668)

at net.continuumsecurity.proxy.ZAProxyScanner.makeRequest(ZAProxyScanner.java:334)

at net.continuumsecurity.steps.WebApplicationSteps.checkNotAuthorizedAccessToResource(WebApplicationSteps.java:525)

at sun.reflect.GeneratedMethodAccessor19.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at cucumber.runtime.Utils$1.call(Utils.java:37)

at cucumber.runtime.Timeout.timeout(Timeout.java:13)

at cucumber.runtime.Utils.invoke(Utils.java:31)

at cucumber.runtime.java.JavaStepDefinition.execute(JavaStepDefinition.java:38)

at cucumber.runtime.StepDefinitionMatch.runStep(StepDefinitionMatch.java:37)

at cucumber.runtime.Runtime.runStep(Runtime.java:299)

at cucumber.runtime.model.StepContainer.runStep(StepContainer.java:44)

at cucumber.runtime.model.StepContainer.runSteps(StepContainer.java:39)

at cucumber.runtime.model.CucumberScenario.run(CucumberScenario.java:44)

at cucumber.runtime.junit.ExecutionUnitRunner.run(ExecutionUnitRunner.java:91)

at org.junit.runners.Suite.runChild(Suite.java:127)

at org.junit.runners.Suite.runChild(Suite.java:26)

at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)

at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)

at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)

at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)

at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)

at org.junit.runners.ParentRunner.run(ParentRunner.java:309)

at cucumber.runtime.junit.ExamplesRunner.run(ExamplesRunner.java:59)

at org.junit.runners.Suite.runChild(Suite.java:127)

at org.junit.runners.Suite.runChild(Suite.java:26)

at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)

at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)

at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)

at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)

at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)

at org.junit.runners.ParentRunner.run(ParentRunner.java:309)

at cucumber.runtime.junit.ScenarioOutlineRunner.run(ScenarioOutlineRunner.java:53)

at cucumber.runtime.junit.FeatureRunner.runChild(FeatureRunner.java:63)

at cucumber.runtime.junit.FeatureRunner.runChild(FeatureRunner.java:18)

at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)

at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)

at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)

at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)

at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)

at org.junit.runners.ParentRunner.run(ParentRunner.java:309)

at cucumber.runtime.junit.FeatureRunner.run(FeatureRunner.java:70)

at cucumber.api.junit.Cucumber.runChild(Cucumber.java:93)

at cucumber.api.junit.Cucumber.runChild(Cucumber.java:37)

at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)

at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)

at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)

at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)

at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)

at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)

at org.junit.runners.ParentRunner.run(ParentRunner.java:309)

at cucumber.api.junit.Cucumber.run(Cucumber.java:98)

at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)

at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)

Caused by: org.codehaus.jackson.JsonParseException: First element must be "log"

 at [Source: java.io.ByteArrayInputStream@9fe720a; line: 1, column: 10]

at edu.umass.cs.benchlab.har.HarLog.<init>(HarLog.java:110)

at edu.umass.cs.benchlab.har.tools.HarFileReader.readHarFile(HarFileReader.java:149)

at net.continuumsecurity.proxy.ZAProxyScanner$ClientApiUtils.createHarLog(ZAProxyScanner.java:1661)

... 59 more

```