Release date: October 12, 2021

Native Penetration Testing Support

Parasoft SOAtest now supports native penetration testing of API test scenarios. You can efficiently take your existing API functional testing scenarios and create security tests, adding penetration testing into your automated CI process. By leveraging already-existing functional tests for security scenarios, teams can approach security testing earlier, and address critical security defects before they are buried deep in the release.

OpenAPI Validation

You can now perform well-formedness and semantic validation on OpenAPI and Swagger definitions. This helps ensure that your services can be properly consumed by other applications and is an important step toward better API governance.

See Open API and Swagger Validator for additional information.

Custom Test Configurations for the SOAtest and Virtualize Server Web Archive

You can now create custom test configurations in the SOAvirt.war workspace and use them to exercise your tests using different configurations.

As part of this change, the correct test configuration must be specified. The server will no longer substitute the default test configuration if no configuration or the incorrect configuration is specified.    

Ability to Register SOAtest and Virtualize Server from the CTP UI

CTP administrators can now connect servers to CTP from the Virtualize Servers screen in CTP. 

Read Operation Added to Native CRUD Tool

The native create, read, update, delete (CRUD) tool is now functionally complete. The addition of the Read operation enables you to copy (or extract) values from a data set record and update a record in the data repository. 

Streamlined Test Impact Analysis

You can now generate the baseline coverage report by configuring and running a test configuration.

Publishing Results from CTP Jobs to DTP

You can now configure your CTP jobs to send results to DTP.

Ability to Generate Parameterized Messages From RESTful Service Definitions  

You can now specify a RESTful service definition without recorded traffic to create parameterized clients and responders in the traffic wizard. This allows users to generate parameterized messages based solely on the service definition when recorded traffic is not available. It also allows users to easily update an existing template when a new resource is introduced to a service definition.

  • You can now select Empty Groups to enable the traffic wizard to allow message groups defined in a service definition or template file to be created even if the groups do not contain messages from a traffic file.

Report Updates

  • The format of HTML, PDF, and XML reports produced by desktop installations is now consistent with the reports produced by the WAR deployment, with a more modern look and feel. Note: There are some limitations in the updated reports produced by desktop installations.

  • Introduced an option in the WAR deployment to add details to the XML report about the active environment used during test execution.

  • Introduced an option in the WAR deployment to add details to the XML report about the results of individual assertions run by the JSON Assertor and XML Assertor tools.

Additional Updates

  • Ability to share URLs to .tst and .pva files in CTP.

  • Right-click action menus on Test Scenario and Virtual Asset trees in CTP.
  • The Parasoft Search can now search for tools and test suite variables by name.
  • Internet Explorer 11 (IE11) will no longer be supported beyond this release (2021.2).
  • CTP integration with SOAtest & Virtualize 9.10 will no longer be supported beyond this release (2021.2).
  • Ability to create message proxies and modify HTTP, JMS, and MQ connection settings from CTP.
  • Ability to configure localsettings properties in the SOAtest server REST API used for executing tests (/testExecutions).
  • Addressed log4j vulnerability CVE-2021-44228 in version 2021.2.1.

Breaking Changes

  • Silent installs of SOAtest and Virtualize on Linux or Mac in non-interactive mode will fail unless --accept-eula yes is also passed as a command-line argument.
  • WAR deployment requires acceptance of the Parasoft End User License Agreement. See Configuring Virtualize Server for more details.
  • The extension for SOA policy configuration files has been changed from .policy to .soapolicy. To open existing policy files in the Policy Configuration panel, rename existing policy files to use the extension .soapolicy.

  • Associations between tests and development artifacts no longer support specification of an individual URL for each association. Now, a URL template for each type of association must be configured for links to the artifacts to appear in generated reports. After SOAtest upgrade, you need to do one of the following in order for links to continue to appear in the reports:
    • Specify URL templates for the associations.

    • Enable the legacy report format.

Resolved PRs and FRs

IDDescription
CTP-6061Subscribe to CTP jobs to receive an email on job completion.
CTP-7460CTP server pages loading slowly.
CTP-7505Jobs get stuck in queue but stopping and starting the server fixes it
CTP-7589Excel data source files are corrupted after CTP upload.
SOA-3280Show all assertions used during test in report xml
SOA-8013Database Tool Returns zero or empty string for null values
SOA-12197Support for MongoDB 4.0 in the MongoDB Query Tool
SOA-13005Full support for suppressions in SOAtest desktop
SOA-13515Update Parasoft Findings for TeamCity to Accept SOAtest Reports from WAR Deployment
SOA-13641Document which proxy settings (Eclipse or SOAtest) to use for which purpose
SOA-13936Headless SOAtest Fails to Update Offline from 2020.2 to 2021.1 on Windows
SOA-13964SOAtest started with IBM java throws error with xlsx excel files
SOA-14014multipart/form-data table writes text parts using platform default charset
SOA-14057DB Tool appears to hang for certain SQL queries
VIRT-2588Custom Listeners Display Warnings When Not In Use
VIRT-3541Parameterized traffic wizard use service definition for grouping and Data Repository
VIRT-4146Create data repository from payload ability to name root record type
VIRT-4641Data Repository CRUD Tool Read Operation
VIRT-4759Parasoft search by tool name
VIRT-4760Parasoft search by test suite variable name
VIRT-4781NPE when attempting to get to parameterized traffic wizard from Desktop UI
VIRT-4876MIME Type hal+json Does Not Appear for Responders
VIRT-4880Database data source does not report failure event
VIRT-4892ISO8583 Extension support relative path for Packager Path
VIRT-4893Double byte numbers not handled correctly in data repository column names
VIRT-4894Documentation for HTTPS on SOAVirt WAR file is inaccurate


 

  • No labels