Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
webdriverajax
Advanced tools
Capture and assert HTTP ajax calls in webdriver.io
This is a plugin for webdriver.io. If you don't know it yet, check it out, it's pretty cool.
Although selenium and webdriver are used for e2e and especially UI testing, you might want to assess HTTP requests done by your client code (e.g. when you don't have immediate UI feedback, like in metrics or tracking calls). With webdriverajax you can intercept ajax HTTP calls initiated by some user action (e.g. a button press, etc.) and make assertions about the request and corresponding resposes later.
There's one catch though: you can't intercept HTTP calls that are initiated on page load (like in most SPAs), as it requires some setup work that can only be done after the page is loaded (due to limitations in selenium). That means you can just capture requests that were initiated inside a test. If you're fine with that, this plugin might be for you, so read on.
Use npm:
npm install webdriverajax
wdio
If you use the integrated test-runner (wdio
) it's as easy as adding webdriverajax to your wdio.conf.js
:
plugins: {
webdriverajax: {}
}
and you're all set.
You should require the package and call the config function with your webdriver-instance (client
or browser
or whatever you call it) before you initialize it with .init()
. So for example (using mocha):
var wdajax = require('webdriverajax');
var client = webdriverio.remote({
desiredCapabilities: {
browserName: 'firefox'
}
});
before(function() {
wdajax.init(client);
return client.init();
});
Once initialized, some related functions are added to you browser command chain (see API).
Example usage (promise-style):
browser
.url('http://foo.bar')
.setupInterceptor() // capture ajax calls
.expectRequest('GET', '/api/foo', 200) // expect GET request to /api/foo with 200 statusCode
.expectRequest('POST', '/api/foo', 400) // expect POST request to /api/foo with 400 statusCode
.expectRequest('GET', /\/api\/foo/, 200) // can validate a URL with regex, too
.click('#button') // button that initiates ajax request
.pause(1000) // maybe wait a bit until request is finished
.assertRequests(); // validate the requests
Get details about requests (generator-style):
yield browser.url('http://foo.bar')
.setupInterceptor()
.click('#button')
.pause(1000);
var request = yield browser.getRequest(0);
assert.equal(request.method, 'GET');
assert.equal(request.response.headers['content-length'], '42');
It should work with somewhat newer versions of all browsers.
Captures ajax calls in the browser. You always have to call the setup function in order to assess requests later.
Make expectations about the ajax requests that are going to be initiated during the test. Can (and should) be chained. The order of the expectations should map to the order of the requests being made.
method
(String
): http method that is expected. Can be anything xhr.open()
accepts as first argument.url
(String
|RegExp
): exact URL that is called in the request as a string or RegExp to matchstatusCode
(Number
): expected status code of the responseCall this method when all expected ajax requests are finished. It compares the expectations to the actual requests made and asserts the following:
To make more sophisticated assertions about a specific request you can get details for a specific request after it is finished. You have to provide the index of the request you want to access in the order the requests were initiated (starting with 0).
index
(Number
): number of the request you want to accessReturns: Promise that resolves to request
object:
request.url
: requested URLrequest.method
: used HTTP methodrequest.response.headers
: response http headers as JS objectrequest.response.body
: response body (will be parsed as JSON if possible)request.response.statusCode
: response status codeGet all captured requests as an array.
Returns: Promise that resolves to an array of request
objects.
Firefox has to be installed. Also install selenium standalone via:
node_modules/.bin/selenium-standalone install
then
npm test
I'm happy for every contribution. Just open an issue or directly file a PR.
MIT
[ > ] 1.0.2 / 01.11.2015
FAQs
Capture and assert HTTP ajax calls in webdriver.io 🕸
The npm package webdriverajax receives a total of 4,160 weekly downloads. As such, webdriverajax popularity was classified as popular.
We found that webdriverajax demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.