-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
968dbec
commit 907e6f7
Showing
5 changed files
with
130 additions
and
3 deletions.
There are no files selected for viewing
4 changes: 2 additions & 2 deletions
4
...firefox/test/HeadlessFirefoxDemoTest.java → ...firefox/test/HeadlessFirefoxDemoTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...fox/firefox/utils/FirefoxManipulator.java → ...lessfirefox/utils/FirefoxManipulator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
package gui.xss.pages; | ||
|
||
import org.fluentlenium.core.FluentPage; | ||
import org.fluentlenium.core.annotation.PageUrl; | ||
import org.fluentlenium.core.domain.FluentWebElement; | ||
import org.openqa.selenium.TimeoutException; | ||
import org.openqa.selenium.support.FindBy; | ||
import org.openqa.selenium.support.ui.ExpectedConditions; | ||
import org.openqa.selenium.support.ui.WebDriverWait; | ||
|
||
import java.util.concurrent.TimeUnit; | ||
|
||
@PageUrl("https://xss-game.appspot.com/level1/frame") | ||
public class XssGameLevelOnePage extends FluentPage { | ||
|
||
@FindBy(id = "level1") | ||
private FluentWebElement body; | ||
|
||
@FindBy(id = "query") | ||
private FluentWebElement queryInput; | ||
|
||
@FindBy(id = "button") | ||
private FluentWebElement sarchButton; | ||
|
||
@Override | ||
public void isAt() { | ||
await().atMost(5, TimeUnit.SECONDS).until(body).displayed(); | ||
} | ||
|
||
public void searchFor(String content) { | ||
queryInput.fill().with(content); | ||
sarchButton.click(); | ||
} | ||
|
||
public boolean isAlertDisplayed() { | ||
boolean foundAlert; | ||
WebDriverWait wait = new WebDriverWait(getDriver(), 2); | ||
try { | ||
wait.until(ExpectedConditions.alertIsPresent()); | ||
foundAlert = true; | ||
} catch (TimeoutException e) { | ||
foundAlert = false; | ||
} | ||
return foundAlert; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
package gui.xss.test; | ||
|
||
import gui.xss.pages.XssGameLevelOnePage; | ||
import gui.xss.utils.XssDisabledChromeConfig; | ||
import org.apache.commons.lang3.SystemUtils; | ||
import org.fluentlenium.core.annotation.Page; | ||
import org.testng.annotations.BeforeTest; | ||
import org.testng.annotations.Test; | ||
|
||
import java.util.concurrent.TimeUnit; | ||
|
||
import static org.assertj.core.api.Assertions.assertThat; | ||
|
||
/** | ||
* See more at http://awesome-testing.com | ||
*/ | ||
public class XssGameTest extends XssDisabledChromeConfig { | ||
|
||
private static final String MY_CHROME_PATH = "C:\\drivers\\chromedriver.exe"; | ||
|
||
private static final String XSS_CONTENT = "<script>alert(\"1\");</script>"; | ||
|
||
@BeforeTest | ||
public void setUp() { | ||
if (SystemUtils.IS_OS_WINDOWS) { | ||
System.setProperty("webdriver.chrome.driver", MY_CHROME_PATH); | ||
} | ||
} | ||
|
||
@Page | ||
private XssGameLevelOnePage xssGameLevelOnePage; | ||
|
||
@Test | ||
public void xssShouldNotWork() { | ||
goTo(xssGameLevelOnePage).isAt(); | ||
|
||
xssGameLevelOnePage.searchFor(XSS_CONTENT); | ||
|
||
assertThat(xssGameLevelOnePage.isAlertDisplayed()).isFalse(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package gui.xss.utils; | ||
|
||
import org.fluentlenium.adapter.testng.FluentTestNg; | ||
import org.openqa.selenium.WebDriver; | ||
import org.openqa.selenium.chrome.ChromeDriver; | ||
import org.openqa.selenium.chrome.ChromeOptions; | ||
import org.openqa.selenium.remote.DesiredCapabilities; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
public class XssDisabledChromeConfig extends FluentTestNg { | ||
|
||
private static final String DISABLE_XSS_AUDITOR = "--disable-xss-auditor"; | ||
|
||
@Override | ||
public WebDriver newWebDriver() { | ||
return new ChromeDriver(getChromeCapabilities()); | ||
} | ||
|
||
private DesiredCapabilities getChromeCapabilities() { | ||
DesiredCapabilities capabilities = DesiredCapabilities.chrome(); | ||
capabilities.setCapability(ChromeOptions.CAPABILITY, getChromeOptions()); | ||
return capabilities; | ||
} | ||
|
||
private ChromeOptions getChromeOptions() { | ||
ChromeOptions options = new ChromeOptions(); | ||
options.addArguments(getChromeSwitches()); | ||
return options; | ||
} | ||
|
||
private List<String> getChromeSwitches() { | ||
List<String> chromeSwitches = new ArrayList<>(); | ||
chromeSwitches.add(DISABLE_XSS_AUDITOR); | ||
return chromeSwitches; | ||
} | ||
|
||
} |