Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
webdriverajax
Advanced tools
🕸 Capture and assert HTTP ajax calls in webdriver.io
This is a plugin for webdriver.io. If you don't know it yet, check it out, it's pretty cool.
Although selenium and webdriver are used for e2e and especially UI testing, you might want to assess HTTP requests done by your client code (e.g. when you don't have immediate UI feedback, like in metrics or tracking calls). With webdriverajax you can intercept ajax HTTP calls initiated by some user action (e.g. a button press, etc.) and make assertions about the request and corresponding resposes later.
There's one catch though: you can't intercept HTTP calls that are initiated on page load (like in most SPAs), as it requires some setup work that can only be done after the page is loaded (due to limitations in selenium). That means you can just capture requests that were initiated inside a test. If you're fine with that, this plugin might be for you, so read on.
Heads up! If you're still using webdriver.io v3, please use the v1.x branch of this plugin!
Use yarn:
yarn add webdriverajax -D
npm works as well:
npm install webdriverajax -D
wdio
If you use the integrated test-runner (wdio
) it's as easy as adding webdriverajax to your wdio.conf.js
:
plugins: {
webdriverajax: {}
}
and you're all set.
Once initialized, some related functions are added to your browser command chain (see API).
Example usage:
browser.url('http://foo.bar');
browser.setupInterceptor(); // capture ajax calls
browser.expectRequest('GET', '/api/foo', 200); // expect GET request to /api/foo with 200 statusCode
browser.expectRequest('POST', '/api/foo', 400); // expect POST request to /api/foo with 400 statusCode
browser.expectRequest('GET', /\/api\/foo/, 200); // can validate a URL with regex, too
browser.click('#button'); // button that initiates ajax request
browser.pause(1000); // maybe wait a bit until request is finished
browser.assertRequests(); // validate the requests
Get details about requests:
browser.url('http://foo.bar')
browser.setupInterceptor();
browser.click('#button')
browser.pause(1000);
var request = browser.getRequest(0);
assert.equal(request.method, 'GET');
assert.equal(request.response.headers['content-length'], '42');
It should work with somewhat newer versions of all browsers. Please report an issue if it doesn't seem to work with yours.
Captures ajax calls in the browser. You always have to call the setup function in order to assess requests later.
Make expectations about the ajax requests that are going to be initiated during the test. Can (and should) be chained. The order of the expectations should map to the order of the requests being made.
method
(String
): http method that is expected. Can be anything xhr.open()
accepts as first argument.url
(String
|RegExp
): exact URL that is called in the request as a string or RegExp to matchstatusCode
(Number
): expected status code of the responseCall this method when all expected ajax requests are finished. It compares the expectations to the actual requests made and asserts the following:
To make more sophisticated assertions about a specific request you can get details for a specific request after it is finished. You have to provide the index of the request you want to access in the order the requests were initiated (starting with 0).
index
(Number
): number of the request you want to accessReturns request
object:
request.url
: requested URLrequest.method
: used HTTP methodrequest.body
: payload/body data used in requestrequest.headers
: request http headers as JS objectrequest.response.headers
: response http headers as JS objectrequest.response.body
: response body (will be parsed as JSON if possible)request.response.statusCode
: response status codeA note on request.body
: webdriverajax will try to parse the request body as follows:
'value'
)JSON.parse()
(({ key: value })
){ key: [value1, value2, ...] }
JSON.stringify()
on your data. Good luck!Get all captured requests as an array.
Returns array of request
objects.
A compatible browser (Firefox, Chrome) has to be installed. Also install selenium standalone via:
node_modules/.bin/selenium-standalone install
then
yarn test # npm test works as well :)
I'm happy for every contribution. Just open an issue or directly file a PR.
MIT
FAQs
Capture and assert HTTP ajax calls in webdriver.io 🕸
The npm package webdriverajax receives a total of 4,160 weekly downloads. As such, webdriverajax popularity was classified as popular.
We found that webdriverajax demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.