I want to assert multiple variables in one single Response Assertion pattern. A method exists to verify an OR of multiple values, but i haven't found one for AND.
For example, to assert values v1, v2, or v3 - you could add in the
Response Assertion > Patterns to Test >Add : v1|v2|v31. The test will pass if any one of them is found in the response. This also works with the || operator.
I need something that gives me the same flexibility with an AND condition. I'm currently having to add one pattern for each value I want to assert, and this is extremely painful to do, especially with a long assertion list.
Does anyone know of a way to combine assertion patterns using some kind of an AND operator? I have tried obvious ones, &, &&, ., +,etc. but no luck thus far.
When you add multiple lines to the Response Assertion the default operation is to AND the lines.
A separate line for each V1, V2, V3 equals V1&V2&V3.
This means you can also mix. A line for V1 and a line for V2|V3 equals V1&(V2|V3).
I thinks that Beanshell Assertion is that what you're looking for, it gives as much flexibility as you can think of.
Example AND-based assertion code will look like:
String response = new String(ResponseData);
if (response.contains(vars.get("v1")) && response.contains(vars.get("v2"))) {
Failure = false;
} else {
Failure = true;
FailureMessage = "Specified conditions were not met";
}
You can refer to How to use BeanShell: JMeter's favorite built-in component guide for more detailed explanation and kind of cookbook.
Related
There are many questions on this topic, but I'm not sure if my regex is vulnerable or not.
The following regex is what I use for email validation:
/^\w+([\.-]?\w+)*#\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(email)
Because I'm using a * in a few places, I suspect it could be.
I'd like to be able to test any number of occurrences in my code for problems.
I'm using Node.js so this could shut down my server entirely given the single threaded nature of the event loop.
Good question. Yes, given the right input, it's vulnerable and a runaway regex is able to block the entire node process, making the service unavailable.
The basic example of a regex prone to catastrophic backtracking looks like
^(\w+)*$
a pattern which can be found multiple times in the given regex.
When the regex contains optional quantifiers and the input contains long sequences that cannot be matched in the end the JS regex engine has to backtrack a lot and burns CPU. Potentially ad infinitum if the input is long enough. (You can play with this on regex101 as well using your regex by adjusting the timeout value in the settings.)
In general,
avoid monstrosities,
use HTML5 input validation whenever possible (in the front-end),
use established validation libraries for common input, e.g. validator.js,
try to detect potentially catastrophic exponential-time regular expressions ahead of time using tools like safe-regex & vuln-regex-detector (those offer pretty much what you had in mind),
and know your stuff 1, 2, 3 (I think the third link explains the issue best).
More drastic approaches to mitigate catastrophic backtracking in node.js are wrapping your regex efforts in a child process or vm context and set a meaningful timeout. (In a perfect world JavaScript's RegExp constructor would have a timeout param, maybe someday.)
The approach of using a child process is described here on SO.
The VM context (sandboxing) approach is described here.
const Joi = require('#hapi/joi');
function isEmail(emailAsStr) {
const schema = Joi.object({ email: Joi.string().email() });
const result = schema.validate({ email: emailAsStr });
const validated = result.error ? false : true;
if (validated) return true;
return [false, result.error.details[0].message];
}
Here's another way to do it - use a library! :)
I tested it against common catastrophic backtrack regex.
The answer to my original question is to use the npm lib. safe-regex, but I thought I'd share another example of how to resolve this problem w/o regex.
I use DDMathParser to solver formula expressions using Swift. The following code works fine, however, implicit multiplication doesn't. Reading the docs it should work... So, what do I miss here?
my code:
...
substitutions.updateValue(3, forKey: "x")
let myString = "3$x"
do{
let expression = try Expression(string: myString, operatorSet: operatorSet, options: myTRO, locale: myLocale)
let result = try evaluator.evaluate(expression, substitutions: substitutions)
print("expression is: \(expression), the result is : \(result)")
} catch {
print("Error")
}
...
The code throws the "Error". Using the string "3*$x" the expression is calculated as expected.
DDMathParser author here.
So, the .invalidFormat error is thrown when the framework has a sequence of tokens and is looking for an operator in order to figure out what goes around it. If it can't find an operator but still has tokens to resolve but no operator, then it throws the .invalidFormat error.
This implies that you have a 3.0 number token and a $x variable token, but no × multiplication token.
I see also that you're passing in a custom set of TokenResolverOptions (the myTRO variable). I'd guess that you're passing in an option set that does not include the .allowImplicitMultiplication value. If I try to parse 3$x without the .allowImplicitMultiplication resolver option, then I get the .invalidFormat error thrown.
Ok, got it myself. As Dave DeLong mentioned .allowImplicitMultiplication is included by default in the options but will get ignored when creating custom options. Since I want to use localized expressions (decimal separator within expression string is local) I need to use the advanced definition of Expression:
let expression = try Expression(string: ..., operatorSet: ..., options: ..., locale: ...)
In order to use the localized string option I defined let myLocale = NSLocale.current but accidentally also created a new operatorSet new options and passed it to the expression definition. The right way is not to create custom operatorSet and options but to use the defaults within the Expression definition:
let expression = try Expression(string: expressionString, operatorSet: OperatorSet.default, options: TokenResolverOptions.default, locale: myLocale)
Dave DeLong did a really great job in creating the DDMatParser framework. For newbies it is very hard to get started with. The wiki section at DDMathParser is pretty basic and doesn't give some details or examples for all the other great functionality DDMatParser is providing.
i really tried to find an answer but i couldn't.
I try to use the regex reference_matchNr to increment a user defined variable.
But i get always the following error msg:
${__intSum(${summe},${count1},summe)};
jmeter.assertions.BeanShellAssertion: java.lang.NumberFormatException: For input string: "${count1}"
or
${__intSum(${summe},"${count1}",summe)};
jmeter.assertions.BeanShellAssertion: java.lang.NumberFormatException: For input string: ""${count1}""
or
${__intSum(${summe},count1,summe)};
jmeter.assertions.BeanShellAssertion: java.lang.NumberFormatException: For input string: "count1"
I used the following code to get the matchNr value:
int count1 = Integer.parseInt(vars.get("status_matchNr"));
The strange thing is i'm able to write the value in the jmeter log(log.info) or in a file.
Thanks in advance.
My expectation is that you're using __intSum() function inside the Beanshell Assertion to add 2 values.
This is not gonna work as the function gets interpreted before the assertion hence your count1 variable is not defined by the moment of function execution.
So workarounds are:
Use "Parameters" input for function evaluation prior interpreting the assertion. You ain't gonna need to convert your "status_matchNr" variable to integer, intSum function will do it for you. So if you put the following line to "Parameters"
${__intSum(${summe},${status_matchNr},summe)};
It assumes that "summe" variable is defined and can be cast to an integer
Go the "code only" way - perform sum of 2 integers purely in Beanshell code like:
int count1 = Integer.parseInt(vars.get("status_matchNr"));
int summe = Integer.parseInt(vars.get("summe"));
summe += count1;
vars.put("summe", String.valueOf(summe));
//your assertion logic here
May I also recommend considering switching from Beanshell to JSR223 Assertion and groovy language as Beanshell has performance problems and may become a bottleneck if your load is high. See Beanshell vs JSR223 vs Java JMeter Scripting: The Performance-Off You've Been Waiting For! guide for details, groovy scripting engine installation instructions and different scripting approaches benchmark.
i am quite confused about how the Criteria API does build the final query.
Here's some code :
someCriteria.add(
Restrictions.and(
Restrictions.or(Restrictions.gt(a,b),Restrictions.isNull(a)),
Restrictions.ge(d,e)
)
I was expecting something like
SELECT.. FROM...
WHERE (A > B or A IS NULL) AND (D > E)
But when I inspect my criteria entries, I see instead something like :
SELECT.. FROM...
WHERE A > B or A IS NULL AND D > E
thus leading in unexpected result.
I am quite sure I could rewrite the query so that it is no more a problem, but since the application I am about to develop for is based on such queries, I need to understand the problem.
So, anyone could explain why I dot not get expected parentheses around the part of the query generated by the "Restrictions.or(...)"?
Thanks in advance.
PS : Hibernate core 4.3.4.Final
So the problem was not with "Criteria", but with my excessive trust in the debugging tools : the Criteria does actually match the first solution, ie adds parentheses around each generated restriction.
But when I tried to log or watch the criterion entries inside the Criteria object, some parentheses were just not displayed, leading me into misinterpreting my problem.
So the solution to understand the problem was to log the actual request (eg using property "show_sql" in the sessionFactoryBean and setting log4j.logger.org.hibernate.sql to TRACE level).
I am new to grails and so far i have only been able to use simple filters. I want to use filter in an efficient manner.
(I am using grails 2.4.3, with jdk_1.6)
I want to create a filter to allow accessing AppName/ and AppName/user/login and i could not get it right! I wanted to use regex but i am not getting it right!
i tried this
loggedInOnly(uri:'/**',uriExclude :"*.css|*.js|*image*|/|/user/login"){
before = {
println "### ###### #### #"
}
}
and i also tried to revers the regex parameter, but i am getting no luck! I searched all of google but i could not find a single thread to tell me how filter regex work!
i know i could create xxxx(controller:'*', action:'*') filter then use the controllerName and actionName parameters to check! But there gotta be a better way!
My question in a nutshell: How does regex work in filters?
First, take a closer look at the documentation. Notice that uri and uriExclude are ant paths and not regular expressions. Keeping that in mind if you look how ant paths function you will see they aren't capable of logical ors.
So, with all of that in mind it's back to using enabling regex and using the find attribute instead.
loggedInOnly(regex: true, find: '(.*.css|.*.js|.*image.*|\\/|\\/user\\/login)', invert: true){
before = {
...
}
}
Notice I hae used invert to have this filter apply to anything that doesn't match any of the patterns inside the find. Also, I wrote this off the top of my head so you may have to spot check the regular expression in your application (I did check it using groovy web console to make sure I didn't really mess up the syntax).
Hope this helps.