[Owasp-webscarab] NG: support for complex types
Rogan Dawes
lists at dawes.za.net
Wed Sep 3 10:06:06 EDT 2008
Arnout Engelen wrote:
> Hello,
>
> WebScarab is a great tool for manually calling/testing web services.
>
> For some reason, the original webscarab didn't parse a WSDL I came
> across correctly. WebScarab-NG, however, supports it fine.
>
> The wikipage at
> http://www.owasp.org/index.php/OWASP_WebScarab_Differences_(Classic_vs_NG)
> mentions that support for complex types 'could easily be added if
> desired'. I would certainly desire this feature, and am willing to dig
> in a bit. The comment seems to suggest the author (probably Rogan) had a
> solution in mind - does anyone have any pointers that could be useful?
>
> Kind regards,
>
> Arnout
I didn't have a particular solution in mind, but the basic approach
would be to recursively add the necessary elements according to the schema.
The method to look at is:
src/main/java/org/owasp/webscarab/plugins/webservices/Wsdl.java
private Document createSOAPMessage(Definition definition, Operation
operation, String targetNS, String style, String use) throws
ParserConfigurationException
which does:
List<Part> parts = input.getMessage().getOrderedParts(null);
Iterator<Part> it = parts.iterator();
while(it.hasNext()) {
Part part = it.next();
Element element = createElement(actionElem, part.getName()); // *1*
if (style.equals("rpc")) {
Attr typeAttr = document.createAttributeNS(XSI_NS, "xsi:type");
QName type = part.getTypeName();
String prefix = getPrefix(nameSpaces, type.getNamespaceURI());
typeAttr.setValue(prefix + ":" + type.getLocalPart());
element.setAttributeNodeNS(typeAttr);
}
// *2*
}
Either update createElement() (*1*) to recurse into the schema and add
the necessary child elements for "part.getName()", or add a call at
(*2*) to do that.
I think that the approach that SOAPUI takes, by adding a comment w.r.t
the optional status of elements is a good one.
Regards,
Rogan
More information about the Owasp-webscarab
mailing list