Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
appium-safari-driver
Advanced tools
This is Appium driver for automating Safari on macOS and iOS since version 13.
The driver only supports Safari automation using W3C WebDriver protocol.
Under the hood this driver is a wrapper/proxy over Apple's safaridriver
binary. Check the output of man safaridriver
command to get more details on the supported features and possible pitfalls.
Note
Since version 3.0.0 Safari driver has dropped the support of Appium 1, and is only compatible to Appium 2. Use the
appium driver install safari
command to add it to your Appium 2 dist.
It is mandatory to run the safaridriver --enable
command from the macOS terminal and provide your administrator password before any automated session will be executed.
In order to automate Safari on real devices it is also necessary to enable Remote Automation switch in Settings → Safari → Advanced → Remote Automation
for these particular devices.
Then you need to decide where the automated test is going to be executed. Safari driver supports the following target platforms:
Safari driver allows to define multiple criterions for platform selection and also to fine-tune your automation session properties. This could be done via the following session capabilities:
Capability Name | Description |
---|---|
platformName | safaridriver binary can only create WebDriver sessions for desktop or mobile Safari and can only run on macOS. Value of platformName could equal to 'Mac' or 'iOS' in order to start Safari driver session for the corresponding platform. Values of platformName are compared case-insensitively. |
automationName | Value of automationName must equal to 'Safari' in order to start Safari driver session. Values of automationName are compared case-insensitively. |
browserName | safaridriver can only create WebDriver sessions for Safari. Any value passed to this capability will be changed to 'Safari'. |
browserVersion | safaridriver will only create a session using hosts whose Safari version matches the value of browserVersion. Browser version numbers are prefix-matched. For example, if the value of browserVersion is '12', this will allow hosts with a Safari version of '12.0.1' or '12.1'. |
acceptInsecureCerts | Makes the browser to ignore the appropriate security warning and thus allows navigation to web sites having invalid or expired TLS certificates. The capability is supported since safaridriver v15.4. |
safari:platformVersion | safaridriver will only create a session using hosts whose OS version matches the value of safari:platformVersion. OS version numbers are prefix-matched. For example, if the value of safari:platformVersion is '12', this will allow hosts with an OS version of '12.0' or '12.1' but not '10.12'. |
safari:platformBuildVersion | safaridriver will only create a session using hosts whose OS build version matches the value of safari:platformBuildVersion. example of a macOS build version is '18E193'. On macOS, the OS build version can be determined by running the sw_vers(1) utility. |
safari:useSimulator | If the value of safari:useSimulator is true, safaridriver will only use iOS Simulator hosts. If the value of safari:useSimulator is false, safaridriver will not use iOS Simulator hosts. NOTE: An Xcode installation is required in order to run WebDriver tests on iOS Simulator hosts. |
safari:deviceType | If the value of safari:deviceType is 'iPhone', safaridriver will only create a session using an iPhone device or iPhone simulator. If the value of safari:deviceType is 'iPad', safaridriver will only create a session using an iPad device or iPad simulator. Values of safari:deviceType are compared case-insensitively. |
safari:deviceName | safaridriver will only create a session using hosts whose device name matches the value of safari:deviceName. Device names are compared case-insensitively. NOTE: Device names for connected devices are shown in iTunes. If Xcode is installed, device names for connected devices are available via the output of instruments(1) and in the Devices and Simulators window (accessed in Xcode via "Window > Devices and Simulators"). |
safari:deviceUDID | safaridriver will only create a session using hosts whose device UDID matches the value of safari:deviceUDID. Device UDIDs are compared case-insensitively. NOTE: If Xcode is installed, UDIDs for connected devices are available via the output of instruments(1) and in the Devices and Simulators window (accessed in Xcode via "Window > Devices and Simulators"). |
safari:automaticInspection | This capability instructs Safari to preload the Web Inspector and JavaScript debugger in the background prior to returning a newly-created window. To pause the test's execution in JavaScript and bring up Web Inspector's Debugger tab, you can simply evaluate a debugger; statement in the test page. |
safari:automaticProfiling | This capability instructs Safari to preload the Web Inspector and start a Timeline recording in the background prior to returning a newly-created window. To view the recording, open the Web Inspector through Safari's Develop menu. |
webkit:WebRTC | This capability allows a test to temporarily change Safari's policies for WebRTC and Media Capture. The value of the webkit:WebRTC capability is a dictionary with the following sub-keys, all of which are optional: DisableInsecureMediaCapture - Normally, Safari refuses to allow media capture over insecure connections. This restriction is relaxed by default for WebDriver sessions for testing purposes (for example, a test web server not configured for HTTPS). When this capability is specified, Safari will revert to the normal behavior of preventing media capture over insecure connections. DisableICECandidateFiltering - To protect a user's privacy, Safari normally filters out WebRTC ICE candidates that correspond to internal network addresses when capture devices are not in use. This capability suppresses ICE candidate filtering so that both internal and external network addresses are always sent as ICE candidates. |
# Python3 + PyTest
import pytest
import time
from appium import webdriver
# Options are available in Python client since v2.6.0
from appium.options.ios import SafariOptions
from selenium.webdriver.common.by import By
def generate_options():
common_caps = {
# It does not really matter what to put there, although setting 'Safari' might cause a failure
# depending on the particular client library
'browserName': 'AppiumSafari',
}
real_device_opts = SafariOptions().load_capabilities(common_caps)
# This is optional
real_device_opts.device_type = 'iPhone'
# Do not forget to verify that Remote Automation is enabled for this device
real_device_opts.device_udid = '<MyDeviceUDID>'
real_device_opts.use_simulator = False
simulator_opts = SafariOptions().load_capabilities(common_caps)
simulator_opts.platform_version = '14.1'
simulator_opts.device_name = 'iPad Air 2'
simulator_opts.use_simulator = True
desktop_browser_opts = SafariOptions().load_capabilities({
**common_caps,
'platformName': 'Mac',
})
return [real_device_opts, simulator_opts, desktop_browser_opts]
@pytest.fixture(params=generate_options())
def driver(request):
# The default URL is http://127.0.0.1:4723/wd/hub in Appium1
drv = webdriver.Remote('http://127.0.0.1:4723', options=request.param)
yield drv
drv.quit()
class TimeoutError(Exception):
pass
def wait_until_truthy(func, timeout_sec=5.0, interval_sec=0.5):
started = time.time()
original_error = None
while time.time() - started < timeout_sec:
original_error = None
try:
result = func()
if result:
return result
except Exception as e:
original_error = e
time.sleep(interval_sec)
if original_error is None:
raise TimeoutError(f'Condition unmet after {timeout_sec}s timeout')
raise original_error
def test_feature_status_page_search(driver):
driver.get('https://webkit.org/status/')
# Enter "CSS" into the search box.
# Ensures that at least one result appears in search
# !!! Remember there are no ID and NAME locators in W3C standard
# These two have been superseded by CSS ones
search_box = driver.find_element_by_css('#search')
search_box.send_keys('CSS')
value = search_box.get_attribute('value')
assert len(value) > 0
search_box.submit()
# Count the visible results when filters are applied
# so one result shows up in at most one filter
assert wait_until_truthy(lambda: len(driver.execute_script("return document.querySelectorAll('li.feature:not(.is-hidden)')")) > 0)
def test_feature_status_page_filters(driver):
driver.get('https://webkit.org/status/')
assert wait_until_truthy(lambda: len(driver.execute_script("return document.querySelectorAll('.filter-toggle')")) == 7)
# Make sure every filter is turned off.
for checked_filter in filter(lambda f: f.is_selected(), filters):
checked_filter.click()
# Make sure you can select every filter.
for filt in filters:
filt.click()
assert filt.is_selected()
filt.click()
# clone repo, then in repo dir:
npm install
npm run lint
npm run test
FAQs
Appium driver for Safari browser
The npm package appium-safari-driver receives a total of 64,821 weekly downloads. As such, appium-safari-driver popularity was classified as popular.
We found that appium-safari-driver demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.