Skip to content

Commit

Permalink
Wait for alerts using ExpectedConditions
Browse files Browse the repository at this point in the history 
(see http:https://stackoverflow.com/questions/31667573/how-to-click-ok-in-alert-box-using-protractor)
  • Loading branch information
@bkimminich
bkimminich committed Sep 5, 2016
1 parent d5bbdc7 commit 11e6495
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 31 deletions.
13 changes: 4 additions & 9 deletions test/e2e/contactSpec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,31 +66,26 @@ describe('/#/contact', function () {
describe('challenge "xss3"', function () {

it('should be possible to trick the sanitization with a masked XSS attack', function () {
var EC = protractor.ExpectedConditions;

comment.sendKeys('<<script>Foo</script>script>alert("XSS3")<</script>/script>');
rating.click();

submitButton.click();

browser.ignoreSynchronization = true;

browser.get('/#/about');
browser.driver.sleep(1000);

browser.wait(EC.alertIsPresent(), 5000, "'XSS3' alert is not present");
browser.switchTo().alert().then(function (alert) {
expect(alert.getText()).toEqual('XSS3');
alert.accept();
browser.driver.sleep(1000);
});

browser.get('/#/administration');
browser.driver.sleep(1000);

browser.wait(EC.alertIsPresent(), 5000, "'XSS3' alert is not present");
browser.switchTo().alert().then(function (alert) {
expect(alert.getText()).toEqual('XSS3');
alert.accept();
element.all(by.repeater('feedback in feedbacks')).last().element(by.css('.fa-trash')).click();
browser.driver.sleep(1000);
browser.ignoreSynchronization = false;
});

});
Expand Down
9 changes: 3 additions & 6 deletions test/e2e/registerSpec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,16 @@ describe('/#/register', function () {
describe('challenge "xss2"', function () {

it('should be possible to bypass validation by directly using Rest API', function () {
browser.ignoreSynchronization = true;
var EC = protractor.ExpectedConditions;

browser.executeScript('var $http = angular.injector([\'juiceShop\']).get(\'$http\'); $http.post(\'/api/Users\', {email: \'<script>alert("XSS2")</script>\', password: \'xss\'});');
browser.driver.sleep(1000);

browser.get('/#/administration');
browser.driver.sleep(1000);

browser.wait(EC.alertIsPresent(), 5000, "'XSS2' alert is not present");
browser.switchTo().alert().then(function (alert) {
expect(alert.getText()).toEqual('XSS2');
alert.accept();
browser.executeScript('var $http = angular.injector([\'juiceShop\']).get(\'$http\'); $http.put(\'/api/Users/4\', {email: \'alert disabled\'});');
browser.driver.sleep(1000);
browser.ignoreSynchronization = false;
});

});
Expand Down
17 changes: 2 additions & 15 deletions test/e2e/restApiSpec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,32 +7,19 @@ describe('/rest', function () {
protractor.beforeEach.login({email: '[email protected]', password: 'admin123'});

it('should be possible to create a new product when logged in', function () {
var EC = protractor.ExpectedConditions;

browser.ignoreSynchronization = true;
browser.executeScript('var $http = angular.injector([\'juiceShop\']).get(\'$http\'); $http.post(\'/api/Products\', {name: \'XSS4\', description: \'<script>alert("XSS4")</script>\', price: 47.11});');
browser.driver.sleep(2000);

browser.get('/#/search');
browser.driver.sleep(3000);

browser.wait(EC.alertIsPresent(), 5000, "'XSS4' alert is not present");
browser.switchTo().alert().then(
function (alert) {
expect(alert.getText()).toEqual('XSS4');
alert.accept();
browser.executeScript('var $http = angular.injector([\'juiceShop\']).get(\'$http\'); $http.put(\'/api/Products/12\', {description: \'alert disabled\'});');
browser.driver.sleep(3000);
browser.ignoreSynchronization = false;
});

browser.switchTo().alert().then(
function (alert) {
alert.accept();
},
function(err) {
console.log('Second alert did not trigger. No big deal.');
}
);

});

protractor.expect.challengeSolved({challenge: 'xss4'});
Expand Down
4 changes: 3 additions & 1 deletion test/e2e/searchSpec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,11 @@ describe('/#/search', function () {
describe('challenge "xss1"', function () {

it('search query should be susceptible to reflected XSS attacks', function () {
var EC = protractor.ExpectedConditions;

searchQuery.sendKeys('<script>alert("XSS1")</script>');
searchButton.click();

browser.wait(EC.alertIsPresent(), 5000, "'XSS1' alert is not present");
browser.switchTo().alert().then(function (alert) {
expect(alert.getText()).toEqual('XSS1');
alert.accept();
Expand Down

0 comments on commit 11e6495

Please sign in to comment.