SeleniumHQ / selenium

A browser automation framework and ecosystem.
https://selenium.dev
Apache License 2.0
30.63k stars 8.18k forks source link

[🐛 Bug]: Warning: Potential Security Risk Ahead #13141

Closed Yurnerosk closed 9 months ago

Yurnerosk commented 11 months ago

What happened?

Hello,

I've been trying to automate a login process to a website to order some items.

However, according to Firefox the site is suspicious, and instead of logging in, will show "Warning: Potential Security Risk Ahead", and mess with the process.

"Websites prove their identity via certificates. Firefox does not trust WEBSITE because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates." Error code: SEC_ERROR_UNKNOWN_ISSUER

The website is actually safe.

From my perspective, it seems that the option 'accept_untrusted_certs' = True was the salvation for the whole internet, but since there were a syntax change, everything seems not to work now.

I've tried:

How can we reproduce the issue?

import selenium
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
from selenium.webdriver.firefox.options import Options
# from selenium.webdriver.support.ui import WebDriverWait
# from selenium.webdriver.support import expected_conditions as EC
# from selenium.common.exceptions import TimeoutException

from selenium.webdriver.common.action_chains import ActionChains
def main():
    print('ok')
    driver = webdriver.Firefox(   
    )
    sites = [
        r'https://www.coke.net/FEMSA/ccrz__CCPage?pageKey=LandingPage',

    ]
    driver.get(sites[0])    
    driver.implicitly_wait(10)
    assert 'Coke.Net' in driver.title
    print(driver.title)
    login = driver.find_elements(By.CLASS_NAME,"cc-subheader-secondary")[4]
    login.click()

    email = driver.find_element(By.ID,"emailField")
    email.send_keys("lol@123.com")

    senha = driver.find_element(By.ID,"passwordField")
    senha.send_keys("levia")

    actions = ActionChains(driver)
    actions.send_keys(Keys.ENTER)
    actions.perform()

if __name__ == '__main__':
    main()

Relevant log output

Error code: SEC_ERROR_UNKNOWN_ISSUER

Operating System

Ubuntu 22.04.3 LTS

Selenium version

Selenium 4.15.2

What are the browser(s) and version(s) where you see this issue?

Firefox 119.0.1

What are the browser driver(s) and version(s) where you see this issue?

geckodriver 0.33.0

Are you using Selenium Grid?

None

github-actions[bot] commented 11 months ago

@Yurnerosk, thank you for creating this issue. We will troubleshoot it as soon as we can.


Info for maintainers

Triage this issue by using labels.

If information is missing, add a helpful comment and then I-issue-template label.

If the issue is a question, add the I-question label.

If the issue is valid but there is no time to troubleshoot it, consider adding the help wanted label.

If the issue requires changes or fixes from an external project (e.g., ChromeDriver, GeckoDriver, MSEdgeDriver, W3C), add the applicable G-* label, and it will provide the correct link and auto-close the issue.

After troubleshooting the issue, please add the R-awaiting answer label.

Thank you!

Yurnerosk commented 11 months ago

Forgot to mention that I've been thinking about the creating a FF profile for automation option. But I really didn't want to do that.

github-actions[bot] commented 11 months ago

Hi, @Yurnerosk. Please follow the issue template, we need more information to reproduce the issue.

Either a complete code snippet and URL/HTML (if more than one file is needed, provide a GitHub repo and instructions to run the code), the specific versions used, or a more detailed description to help us understand the issue.

Note: If you cannot share your code and URL/HTML, any complete code snippet and URL/HTML that reproduces the issue is good enough.

Reply to this issue when all information is provided, thank you.

Yurnerosk commented 11 months ago

Hi, @Yurnerosk. Please follow the issue template, we need more information to reproduce the issue.

Either a complete code snippet and URL/HTML (if more than one file is needed, provide a GitHub repo and instructions to run the code), the specific versions used, or a more detailed description to help us understand the issue.

Note: If you cannot share your code and URL/HTML, any complete code snippet and URL/HTML that reproduces the issue is good enough.

Reply to this issue when all information is provided, thank you.

ok, provided the code to reproduce the event.

github-actions[bot] commented 11 months ago

@Yurnerosk, thank you for creating this issue. We will troubleshoot it as soon as we can.


Info for maintainers

Triage this issue by using labels.

If information is missing, add a helpful comment and then I-issue-template label.

If the issue is a question, add the I-question label.

If the issue is valid but there is no time to troubleshoot it, consider adding the help wanted label.

If the issue requires changes or fixes from an external project (e.g., ChromeDriver, GeckoDriver, MSEdgeDriver, W3C), add the applicable G-* label, and it will provide the correct link and auto-close the issue.

After troubleshooting the issue, please add the R-awaiting answer label.

Thank you!

diemol commented 11 months ago

You need to use acceptInsecureCerts, and set it to true.

titusfortner commented 11 months ago

We set it to true by default for Firefox, so if it is failing then that isn't working or something else is going on. It is worth someone trying to duplicate it in Python.

Yurnerosk commented 11 months ago

You need to use acceptInsecureCerts, and set it to true.

I have tried this several times, however it is not clear of how to set this option to True... @diemol could you give me a clue?

titusfortner commented 10 months ago

I could not reproduce your issue with the code provided. It worked just fine for me for Firefox 121 / Selenium 4.16

Does it work for you in Chrome when you use options.accept_insecure_certs = True?

titusfortner commented 9 months ago

closing as did not hear back. We can re-open if this is still an issue.

github-actions[bot] commented 8 months ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.