Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Some helpers for poking around at your Capybara driven browser's cookies in integration tests.
Provides drivers for rack-test and selenium-webdriver.
You can add new drivers to your application by implementing an adapter class and calling ShowMeTheCookies.register_adapter in your test code (e.g. a spec/support file). But in that case you might prefer to skip this gem and use your driver's api directly.
# puts a string summary of the cookie
show_me_the_cookie(cookie_name)
# returns a hash of the cookie
# form: {:name, :domain, :value, :expires, :path}
get_me_the_cookie(cookie_name)
# puts a string summary of all cookies
show_me_the_cookies
# returns an array of cookie hashes
# form: [{:name, :domain, :value, :expires, :path, :secure}]
get_me_the_cookies
# deletes the named cookie
delete_cookie(cookie_name)
# removes session cookies and expired persistent cookies
expire_cookies
# creates a cookie
create_cookie(cookie_name, cookie_value)
# creates a cookie for the path or domain
create_cookie(cookie_name, cookie_value, :path => "...", :domain => "...")
Add to your gemfile's test group:
gem "show_me_the_cookies"
in spec_helper/rails_helper or your required support directory:
RSpec.configure do |config|
config.include ShowMeTheCookies, :type => :feature
end
Then, in a feature spec using Capybara:
specify "user login is remembered across browser restarts" do
log_in_as_user
should_be_logged_in
#browser restart = session cookie is lost
expire_cookies
should_be_logged_in
end
Install by loading the gem and adding the following to your stepdefs or support files
World(ShowMeTheCookies)
@javascript
Scenario: remembering users so they don't have to log in again for a while
Given I am a site member
When I go to the dashboard
And I log in with the Remember Me option checked
Then I should see "Welcome back"
When I close my browser (clearing the session)
And I return to the dashboard url
Then I should see "Welcome back"
@rack_test
Scenario: don't remember users across browser restarts if they don't want it
Given I am a site member
When I go to the dashboard
And I log in without the Remember Me option checked
Then I should see "Welcome back"
When I close my browser (clearing the session)
And I return to the dashboard url
Then I should see the log-in screen
Then /^show me the cookies!$/ do
show_me_the_cookies
end
Then /^show me the "([^"]*)" cookie$/ do |cookie_name|
show_me_the_cookie(cookie_name)
end
Given /^I close my browser \(clearing the session\)$/ do
expire_cookies
end
Register your adapter class in your test setup after loading the library.
ShowMeTheCookies.register_adapter(driver, adapter)
for example
ShowMeTheCookies.register_adapter(:custom_selenium_a, ShowMeTheCookies::Selenium)
which indicates how to use the selenium adapter with a custom selenium testing profile.
This software is provided free of charge for use at your own risk, see MIT License. If you have trouble making the software work try posting on stackoverflow. If you find a bug or don't understand the documentation open a github issue.
Bugs should be raised in the issue tracker.
Code contributions should be sent as Github pull requests, or by messaging me with a link to your repository branch. Please run the tests, and add new ones.
New drivers will be selectively accepted. Be sure that the api spec passes. If you prefer to keep the driver in your own repository send me the address and I'll add a link in the docs.
bundle install
bundle exec rspec
If you get DNS lookup failures try this in the terminal
host lvh.me
You should get a quick response of
lvh.me has address 127.0.0.1
If you don't see this your router or similar is interfering with the DNS for security reasons, blocking a loopback lookup result. You can get around this by changing your DNS server to Google's public DNS service 8.8.8.8 to run the tests. You can turn this off again afterwards. Alternatively you can add an /etc/hosts entry looping back lvh.me to 127.0.0.1.
Original development took place when testing Devise 0.1's "Remember me" functionality under rails 2.3.x with capybara rack-test and/or selenium. Initial release as a gist here. Development sponsored by Medify.
Contributions outside of github have been made by:
FAQs
Unknown package
We found that show_me_the_cookies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.