SOAPUIOS-497 add-option-to-disable-project-save-and-load-scrypts

AlexanderYeremeyev · AlexanderYeremeyev · commit a2f7a074afd1 · 2020-07-02T12:44:29.000+03:00
diff --git a/RELEASENOTES.txt b/RELEASENOTES.txt
@@ -20,6 +20,8 @@
 
 * SoapUI 5.5.0 will not run project or suites - Toolkit not initialized error
 
+* Add setting to enable/disable load script/save script execution.
+
 -------------------------------------------------------------------------------
 
 # SoapUI Open Source 5.5.0
diff --git a/soapui/src/main/java/com/eviware/soapui/DefaultSoapUICore.java b/soapui/src/main/java/com/eviware/soapui/DefaultSoapUICore.java
@@ -1,17 +1,17 @@
 /*
  * SoapUI, Copyright (C) 2004-2019 SmartBear Software
  *
- * Licensed under the EUPL, Version 1.1 or - as soon as they will be approved by the European Commission - subsequent 
- * versions of the EUPL (the "Licence"); 
- * You may not use this work except in compliance with the Licence. 
- * You may obtain a copy of the Licence at: 
- * 
- * http://ec.europa.eu/idabc/eupl 
- * 
- * Unless required by applicable law or agreed to in writing, software distributed under the Licence is 
- * distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 
- * express or implied. See the Licence for the specific language governing permissions and limitations 
- * under the Licence. 
+ * Licensed under the EUPL, Version 1.1 or - as soon as they will be approved by the European Commission - subsequent
+ * versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ *
+ * http://ec.europa.eu/idabc/eupl
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence is
+ * distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the Licence for the specific language governing permissions and limitations
+ * under the Licence.
  */
 
 package com.eviware.soapui;
@@ -279,7 +279,7 @@ protected Settings initSettings(String fileName) {
                     } catch (Exception e) {
                         log.warn("Wrong password.");
                         JOptionPane.showMessageDialog(null, "Wrong password, creating backup settings file [ "
-                                + settingsFile.getAbsolutePath() + ".bak.xml. ]\nSwitch to default settings.",
+                                        + settingsFile.getAbsolutePath() + ".bak.xml. ]\nSwitch to default settings.",
                                 "Error - Wrong Password", JOptionPane.ERROR_MESSAGE);
                         settingsDocument.save(new File(settingsFile.getAbsolutePath() + ".bak.xml"));
                         throw e;
@@ -355,6 +355,7 @@ protected Settings initSettings(String fileName) {
             settings.setBoolean(ProxySettings.AUTO_PROXY, true);
             settings.setBoolean(ProxySettings.ENABLE_PROXY, true);
         }
+        setIfNotSet(SecuritySettings.DISABLE_PROJECT_LOAD_SAVE_SCRIPTS, true);
 
         boolean setWsiDir = false;
         String wsiLocationString = settings.getString(WSISettings.WSI_LOCATION, null);
diff --git a/soapui/src/main/java/com/eviware/soapui/impl/wsdl/WsdlProject.java b/soapui/src/main/java/com/eviware/soapui/impl/wsdl/WsdlProject.java
@@ -76,6 +76,7 @@
 import com.eviware.soapui.model.testsuite.TestSuite;
 import com.eviware.soapui.model.testsuite.TestSuite.TestSuiteRunType;
 import com.eviware.soapui.settings.ProjectSettings;
+import com.eviware.soapui.settings.SecuritySettings;
 import com.eviware.soapui.settings.UISettings;
 import com.eviware.soapui.settings.WsdlSettings;
 import com.eviware.soapui.support.SoapUIException;
@@ -131,6 +132,11 @@
 
 public class WsdlProject extends AbstractTestPropertyHolderWsdlModelItem<ProjectConfig> implements Project,
         PropertyExpansionContainer, PropertyChangeListener, TestRunnable {
+    /*???*/ // %s - the project name
+    private final static String LOAD_SCRYPT_EXECUTION_WARNING_MESSAGE = "In project '%s' we have detected Load script that may contain malicious code, if you do not want to receive this message please change the setting in preferences.";
+    /*???*/ // %s - the project name
+    private final static String SAVE_SCRYPT_EXECUTION_WARNING_MESSAGE = "In project '%s' we have detected Save script that may contain malicious code, if you do not want to receive this message please change the setting in preferences.";
+
     public final static String AFTER_LOAD_SCRIPT_PROPERTY = WsdlProject.class.getName() + "@setupScript";
     public final static String BEFORE_SAVE_SCRIPT_PROPERTY = WsdlProject.class.getName() + "@tearDownScript";
     public final static String RESOURCE_ROOT_PROPERTY = WsdlProject.class.getName() + "@resourceRoot";
@@ -1503,6 +1509,11 @@ public Object runAfterLoadScript() throws Exception {
             return null;
         }
 
+        if (isLoadSaveScriptsDisabled()) {
+            log.warn(String.format(LOAD_SCRYPT_EXECUTION_WARNING_MESSAGE, getName()));
+            return null;
+        }
+
         if (afterLoadScriptEngine == null) {
             afterLoadScriptEngine = SoapUIScriptEngineRegistry.create(this);
             afterLoadScriptEngine.setScript(script);
@@ -1520,6 +1531,11 @@ public Object runBeforeSaveScript() throws Exception {
             return null;
         }
 
+        if (isLoadSaveScriptsDisabled()) {
+            log.warn(String.format(SAVE_SCRYPT_EXECUTION_WARNING_MESSAGE, getName()));
+            return null;
+        }
+
         if (beforeSaveScriptEngine == null) {
             beforeSaveScriptEngine = SoapUIScriptEngineRegistry.create(this);
             beforeSaveScriptEngine.setScript(script);
@@ -2037,4 +2053,8 @@ public boolean isFromReadyApi() {
         }
         return false;
     }
+
+    private boolean isLoadSaveScriptsDisabled() {
+        return SoapUI.getSoapUICore().getSettings().getBoolean(SecuritySettings.DISABLE_PROJECT_LOAD_SAVE_SCRIPTS);
+    }
 }
diff --git a/soapui/src/main/java/com/eviware/soapui/settings/SecuritySettings.java b/soapui/src/main/java/com/eviware/soapui/settings/SecuritySettings.java
@@ -21,5 +21,8 @@
 public interface SecuritySettings {
 
     @Setting(name = "Password", description = "password for shadowing proxy password in settings file", type = SettingType.PASSWORD)
-    public final static String SHADOW_PASSWORD = SecuritySettings.class.getSimpleName() + "@" + "shadowProxyPassword";
+    String SHADOW_PASSWORD = SecuritySettings.class.getSimpleName() + "@" + "shadowProxyPassword";
+
+    @Setting(name = "Disable the Load and Save scripts", description = "Do not run the Load and Save scripts on opening and saving projects", type = SettingType.BOOLEAN)
+    String DISABLE_PROJECT_LOAD_SAVE_SCRIPTS = SecuritySettings.class.getSimpleName() + "@disable_project_load_save_scripts";
 }

Original file line number	Diff line number	Diff line change
`@@ -21,5 +21,8 @@`
`21`	`21`	`public interface SecuritySettings {`
`22`	`22`
`23`	`23`	`@Setting(name = "Password", description = "password for shadowing proxy password in settings file", type = SettingType.PASSWORD)`
`24`		`- public final static String SHADOW_PASSWORD = SecuritySettings.class.getSimpleName() + "@" + "shadowProxyPassword";`
	`24`	`+ String SHADOW_PASSWORD = SecuritySettings.class.getSimpleName() + "@" + "shadowProxyPassword";`
	`25`	`+`
	`26`	`+ @Setting(name = "Disable the Load and Save scripts", description = "Do not run the Load and Save scripts on opening and saving projects", type = SettingType.BOOLEAN)`
	`27`	`+ String DISABLE_PROJECT_LOAD_SAVE_SCRIPTS = SecuritySettings.class.getSimpleName() + "@disable_project_load_save_scripts";`
`25`	`28`	`}`