Open CustosClarus opened 4 years ago
stephendv1
commented
4 years ago This could be something to do with your environment (OS, JRE etc). You could try to create a new blank java project. Then use the same version of Selenium and try to write a very simple program that just starts web driver with chrome. If that works, then you'll need to troubleshoot in BDD-Security.
What's the config file you're using?
CustosClarus
commented
4 years ago Thanks for reply.
I have made a new application, defined out /example directory, here is the .java. Also loading of driver is done in config.xml and has not been called explicitly in java code anywhere. I have pasted both .java and .config contents below:-
package net.continuumsecurity;
import net.continuumsecurity.Config;
import net.continuumsecurity.Credentials;
import net.continuumsecurity.UserPassCredentials;
import net.continuumsecurity.behaviour.ILogin;
import net.continuumsecurity.behaviour.ILogout;
import net.continuumsecurity.behaviour.INavigable;
import net.continuumsecurity.web.WebApplication;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.Keys;
public class CustomApplication extends WebApplication implements ILogin,INavigable {
public CustomApplication() {
super();
//driver.manage().timeouts().implicitlyWait(30, TimeUnit.SECONDS);
}
@Override
public void openLoginPage() {
driver.get(Config.getInstance().getBaseUrl() + "/login");
findAndWaitForElement(By.xpath("/html/body/div[1]/div/div/div/form/div[1]/input"));
}
@Override
public void login(Credentials credentials) {
UserPassCredentials creds = new UserPassCredentials(credentials);
driver.findElement(By.xpath("/html/body/div[1]/div/div/div/form/div[1]/input")).clear();
driver.findElement(By.xpath("/html/body/div[1]/div/div/div/form/div[1]/input")).sendKeys(creds.getUsername());
driver.findElement(By.xpath("/html/body/div[1]/div/div/div/form/div[2]/input")).clear();
driver.findElement(By.xpath("/html/body/div[1]/div/div/div/form/div[2]/input")).sendKeys(creds.getPassword());
driver.findElement(By.tagName("button")).click();
}
// Convenience method
public void login(String username, String password) {
login(new UserPassCredentials(username, password));
}
@Override
public boolean isLoggedIn() {
driver.get(Config.getInstance().getBaseUrl()+"dashboard/11");
if (driver.getPageSource().contains("test2")) {
return true;
} else {
return false;
}
}
/* public void viewProfile() {
driver.findElement(By.linkText("/html/body/app-shell/nav/div/ul[1]/li[2]/ul/li[1]/a")).click();
}
public void viewAlicesProfile() {
viewProfile();
}
public void viewBobsProfile() {
viewProfile();
}
@Override
public void logout() {
driver.findElement(By.linkText("Logout")).click();
}
*/
public void search(String query) {
//findAndWaitForElement(By.queryEnter("/trend-analysis/tag-search")).click();
//driver.findElement(By.xpath('/html/body/app-shell/app-router/app-route[5]/view-trend-analysis/div[1]/div/div/div[2]/input')).click();
//driver.find_elements_by_class("form-control style-scope view-trend-analysis").click();
//driver.find_element_by_css_selector("element.style");.click()
driver.findElement(By.cssSelector("input[name='trendSearchTag_trendAnalysis']")).click();
driver.findElement(By.id("trendSearchTag_trendAnalysis")).clear();
driver.findElement(By.id("trendSearchTag_trendAnalysis")).sendKeys(query);
//WebElement textbox = driver.findElement(By.id("trendSearchTag_trendAnalysis"));
//textbox.sendKeys(query);
//textbox.sendKeys(Keys.ENTER);
//WebElement searchBtn = driver.findElement(By.name("search-button"));
//searchBtn.click();
}
/*
public void viewAllUsers() {
driver.get(Config.getInstance().getBaseUrl() + "admin/list");
}
*/
public void navigate() {
openLoginPage();
login(Config.getInstance().getDefaultCredentials());
// viewProfile();
search("test");
}
}
CONFIG.XML
<?xml version="1.0" encoding="ISO-8859-1" ?>
<web-app>
<!-- The settings in this file are for the demo ropey-tasks vulnerable web app available at: https://github.com/stephendv/RopeyTasks,
which is included in the bdd-security framework for demo purposes. -->
<!-- The web driver to use, can be either Firefox, Chrome or HtmlUnit. Optionally specify path to the driver (required for linux)
Some drivers require a path to the platform specific driver binary, for example chrome needs chromedriver. If these values are not specified, we'll use HtmlUnit-->
<!--<defaultDriver>firefox</defaultDriver>-->
<defaultDriver path="src/test/resources/drivers/chromedriver">chrome</defaultDriver>
<!-- Base URL of the application to test -->
<baseUrl>https://abc-preprod.com</baseUrl>
<!-- A Java class to hold the Selenium steps to test the application in depth. Optionally required for in-depth authn/z and session management testing. -->
<class>net.continuumsecurity.CustomApplication</class>
<!--apt-get update
apt-get install python-pip
pip install sslyze
-->
<sslyze>
<path>sslyze</path>
<option>--regular</option>
<targetHost>https://abc-preprod.com</targetHost>
<targetPort>443</targetPort>
</sslyze>
<!-- Optional names of the session ID cookies for session management testing. -->
<sessionIds>
<name>JSESSIONID</name>
</sessionIds>
<!-- the default user to use when logging in to the app -->
<defaultUsername>demouser</defaultUsername>
<defaultPassword>demouser</defaultPassword>
<scanner>
<ignoreUrl>.*logout.*</ignoreUrl>
<spiderUrl>baseUrl</spiderUrl>
<maxDepth>5</maxDepth>
</scanner>
<!-- An upstream proxy through which all HTTP traffic must pass before hitting the target
application under test. The framework will configure both the WebDriver instance and ZAP to use this proxy. Note that non-HTTP traffic will not use this proxy. -->
<upstreamProxy>
<host></host>
<port></port>
<noProxyHosts></noProxyHosts><!-- ie: localhost,127.0.0.1,192.168.10.2 -->
</upstreamProxy>
<incorrectPassword>SDFsdfwjx1</incorrectPassword>
<incorrectUsername>bobbles</incorrectUsername>
<!-- Optional login credentials for the Nessus server, the server location is specified in the nessus_scan.story file -->
<nessus>
<username>admin</username>
<password>admin</password>
</nessus>
<!-- Optional location of a running OWASP ZAP instance. Either an external- already running ZAP instance must be specified here, or the zapPath must be specified to launch ZAP
<proxy>
<host>127.0.0.1</host>
<port>8888</port>
<api></api>
</proxy> -->
<zapPath>/usr/local/bin/zap.sh</zapPath>
</web-app>
I got it working, by adding
ChromeOptions opt = new ChromeOptions();
opt.addArguments("--no-sandbox");
//opt.setBinary("/usr/bin/google-chrome");
opt.addArguments("--headless") public WebDriver createChromeDriver(DesiredCapabilities capabilities) {
System.setProperty("webdriver.chrome.driver", Config.getInstance().getDefaultDriverPath());
if (capabilities != null) {
capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
ChromeOptions options = new ChromeOptions();
options.addArguments("--test-type");
capabilities.setCapability(ChromeOptions.CAPABILITY,options);
return new ChromeDriver(capabilities);
} else return new ChromeDriver();
and removing the If block, but now I'm getting error
FAILED
org.openqa.selenium.NoSuchElementException: Expected condition failed: waiting for visibility of element located by By.name: user_id (tried for 100 second(s) with 500 milliseconds interval)That's a common selenium error when it can't find the element on the web page. Usually because the element hasn't loaded yet, or the ID is not correct.
CustosClarus
commented
4 years ago Thanks Stephen,
I believe, something is wrong with the implementation of findandwait
I made the changes for google.com and it worked but only when I replaced the function with this
@Override
public void openLoginPage() {
driver.get(Config.getInstance().getBaseUrl() + "/");
// findAndWaitForElement(By.name("q"));
driver.get("http://www.google.com/");
///Thread.sleep(5000); // Let the user actually see something!
WebElement searchBox = driver.findElement(By.name("q"));
searchBox.sendKeys("ChromeDriver");
searchBox.submit();
// Thread.sleep(5000);
}
I was able to crawl the rest of code before that I was getting same error even on google search tag
net.continuumsecurity.junit.SecurityTest > Scenario: The application should not contain SQL injection vulnerabilities.And the application is navigated FAILED
org.openqa.selenium.NoSuchElementException: Expected condition failed: waiting for visibility of element located by By.name: q (tried for 100 second(s) with 500 milliseconds interval)
For documentation on this error, please visit: http://seleniumhq.org/exceptions/no_such_element.html
Build info: version: '3.12.0', revision: '7c6e0b3', time: '2018-05-08T14:04:26.12Z'
System info: host: 'test-virtual-machine', ip: '127.0.1.1', os.name: 'Linux', os.arch: 'amd64', os.version: '5.4.0-47-generic', java.version: '1.8.0_265'
Driver info: driver.version: unknown
I'm using BDD-security
Error FAILED java.lang.RuntimeException: org.openqa.selenium.WebDriverException: Timed out waiting for driver server to start.
Description
I have to spend around 1 week on this troubleshooting but to no success, appreciate assistance/help here. Thanks.