Polymorphic security measure could be a pain for Selenium if running tests with that enabled

7 Oct

Came across this site today:

https://www.shapesecurity.com/technology/

Interesting technology. But if the site to be tested uses real time obfuscation of the (form) element IDs, names, classes, etc. that could be a pain to automate tests against since you’d have to get a handle on the element location to perform the automation. Perhaps one would need or use a backdoor option to disable the obfuscation when running automation to test the site normally.

Either that or utilize an API provided by that solution perhaps that lets you real time map original element location identifiers to the obfuscated ones to use with Selenium at run time.

Be interesting to hear of anyone automate testing of a site that uses such technology.

Advertisements

2 Responses to “Polymorphic security measure could be a pain for Selenium if running tests with that enabled”

  1. Peter Jeffrey Gale October 7, 2014 at 8:52 am #

    Seems a futile technology to me. It’s usually easy enough to write XPath expressions that can identify elements reliably without resorting to id and name attributes, which the real end user doesn’t see anyway unless he digs into the source html. I’m sure that whatever “malware” that is trying to be defeated could easily get round such measures in simialr ways.

    It would seem to make the pages totally inaccessible for screenreaders though, which is perhaps not are desireable aim,

    And if it did manage to succeed in defeating any automation attempts, then sites using such technology would be required to resort to only manual testing techniques, removing any savings that test automation could give.

    • autumnator October 7, 2014 at 6:02 pm #

      Thanks for the comment.

      I do wonder though, an XPath (or CSS) workaround to locate the elements must be quite ugly (like what Firebug/FirePath/Firefinder tools return you) in such a case since you can’t key off some (may even any/all) attributes (ID, name, class at least). So it resorts to specific DOM hierarchy of element structure and node index positioning. The only saving grace may be text contains matching in XPath since I assume such technology won’t obfuscate text on page.

      Also wish the company elaborated a bit on the simple example that depicts a form. Do they obfuscate certain areas of a page like the form or the whole page.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

ÜberDev

open notebook

a happy knockout mouse.

my journey into computer science

Perl 6 Advent Calendar

Something cool about Perl 6 every day

technolinchpin

Inspire and spread the power of collaboration

Niraj Bhatt - Architect's Blog

Ruminations on .NET, Architecture & Design

Pete Zybrick

Bell Labs to Big Data

Seek Nuance

Python, technology, Seattle, careers, life, et cetera...

TELLURIUM

New Era of Test Automation

Der Flounder

Seldom updated, occasionally insightful.

The 4T - Trail, Tram, Trolley, Train

Exploring Portland with the 4T

Midnight Musings

Thoughts on making art

Automation Guide

The More You Learn The More You Play...!

The Performance Engineer

Code.Test.Tune.Optimize.

humblesoftwaredev

Thoughts related to software development

Yi Wang's Tech Notes

A blog ported from http://cxwangyi.blogspot.com

Appium Tutorial

Technical…..Practical…..Theoretically Interesting

%d bloggers like this: