Scripts for security tests are a convenient way to improve and tailor the execution of a security test to your specific needs. Use these scripts to perform various actions depending on the goals you need to achieve.
There are two basic types of scripts for security tests:
-
Setup scripts are executed before the security test run. For example, they create shared objects and make them available to other scripts.
-
TearDown scripts are executed after the security test run. Their main purpose is cleaning up – closing connections, logging the results and so on.
To create and edit these scripts directly from the UI, use drop-down menus in the security test inspector.
To learn about common objects available to security test scripts, see below.
To learn more about ReadyAPI scripting in general, see Scripting.
ReadyAPI uses a number of third-party libraries. It is quite possible that we will update some of these libraries or even remove them from ReadyAPI. If you use classes from these libraries, you will have to update your scripts. See a list of third-party libraries updated in ReadyAPI 3.57.0. |
Setup scripts
Security test setup scripts perform actions before starting the security test run.
To open the setup script editor, click Setup Script in the security test inspector:
Tip: | If the font of the editor is not comfortable for you, change it by using Ctrl + mouse wheel. |
Use the setup scripts to:
-
Create shared objects that will be available to other tests.
-
Initialize external resources to use them in your test.
-
Clear or remove log files.
-
Prepare databases or your operating system for testing.
-
Initialize shared data and objects and save them to the context interface.
Teardown scripts
Security test teardown scripts perform actions after the test run is over.
To open the teardown script editor, click TearDown Script in the security test inspector:
Tip: | If the font of the editor is not comfortable for you, change it by using Ctrl + mouse wheel. |
Use teardown scripts to:
-
Send notification emails.
-
Cancel a test run if some condition is not met.
-
Display total execution time or the state of external resources.
-
Close database collections or Postman connections.
-
Fail a test by using the
SecurityTestRunner.fail()
method.
Objects
Both the setup and teardown scripts have access to the following objects:
Object | Description |
---|---|
log |
A standard Log4j logger that writes to the script log. To learn more about the class, see javadoc. |
context |
An instance of the SecurityTestContext class. Use it to access context properties and related methods. To learn more about the class, see javadoc. |
securityTestRunner |
An instance of the SecurityTestRunner class. Use it to access the object that controls the security test execution (see javadoc). Keep in mind that you can access the underlying security test model. |