Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/improve autocomplete js #18552

Open
wants to merge 14 commits into
base: develop
Choose a base branch
from
Open

Feature/improve autocomplete js #18552

wants to merge 14 commits into from

Conversation

Q-back
Copy link
Collaborator

@Q-back Q-back commented May 13, 2020
edited

  • autocomplete_js is able to detect more inputs/buttons with common CSS selectors (check dom_analyzer.js)
  • autocomplete_js runs has_active_session method using the same chrome instance as _do_login() method to preserve already logged in instance
  • added new options to autocomplete_js config, so user can provide his own CSS selectors to find login button and username input. It should cover edge cases when we're not able to automatically detect them:
    • username_field_css_selector
    • login_button_css_selector
  • added new option to autocomplete_js config, so user can provide CSS selector for button that needs to be clicked to display login form:
    • login_form_activator_css_selector

@Q-back Q-back requested a review from andresriancho May 19, 2020 01:39
andresriancho
andresriancho reviewed May 27, 2020
View reviewed changes
w3af/core/controllers/chrome/js/dom_analyzer.js Outdated
result = [];
let buttons = document.querySelectorAll('button', parentElement);
for (let button of buttons) {
if (button.innerText.toLocaleLowerCase().includes('log')) {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I usually dislike code that is tied to a specific language. log might work for login and logga (which I believe is login in .se) but... for sites developed in other languages (spanish, polish, etc.) this will not work.

Also, sign-in will not be found.

Can we find an alternative?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only thing that comes into my mind is to return all buttons located inside parentNode. Hopefully there will be login button.

andresriancho
andresriancho requested changes May 27, 2020
View reviewed changes
Copy link
Owner

@andresriancho andresriancho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code is really good! 💯

Just minor changes and comments.

@Q-back Q-back marked this pull request as draft May 27, 2020 22:31
@andresriancho
Copy link
Owner

This pull request is still a work in progress

@Q-back is this ready for a second review?

@Q-back
Copy link
Collaborator Author

Q-back commented Jun 5, 2020

@andresriancho Thanks for activity 😉 . There's one new improvement which I'd like to finish before review.

@Q-back Q-back marked this pull request as ready for review June 10, 2020 11:36
@Q-back
Copy link
Collaborator Author

Q-back commented Jun 10, 2020

@andresriancho PR is ready for second review

andresriancho
andresriancho reviewed Jun 16, 2020
View reviewed changes
w3af/core/controllers/chrome/instrumented/main.py
return result['result']['result']['value']
runtime_exception = result.get('result', {}).get('exceptionDetails')
if runtime_exception:
raise ChromeScriptRuntimeException(
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is new! Are you sure it is handled in all calls to this method? In the past we were returning None and now we raise an exception. Make sure to search all calls for this method and modify error handling appropiately.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I have added few more fixes in this PR.
This works for sure. It's additional (new) exception which is raised when underlying script throws internal JS exception. We still return None in other cases here https://github.com/andresriancho/w3af/pull/18552/files/8d520bc067455089a9fccac9c395f9114f521e8a#diff-4a954d4e5c6123fad237c66f5399b9dfR617

@Q-back Q-back changed the base branch from feature/js to develop June 17, 2020 09:00
@Q-back Q-back mentioned this pull request Jun 26, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andresriancho andresriancho Awaiting requested review from andresriancho

Assignees
No one assigned
Labels
improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Q-back @andresriancho