Skip to content

Feature/improve autocomplete js#18552

Open
Q-back wants to merge 14 commits intodevelopfrom
feature/improve-autocomplete_js
Open

Feature/improve autocomplete js#18552
Q-back wants to merge 14 commits intodevelopfrom
feature/improve-autocomplete_js

Conversation

@Q-back
Copy link
Copy Markdown
Collaborator

@Q-back Q-back commented May 13, 2020
edited
Loading

  • autocomplete_js is able to detect more inputs/buttons with common CSS selectors (check dom_analyzer.js)
  • autocomplete_js runs has_active_session method using the same chrome instance as _do_login() method to preserve already logged in instance
  • added new options to autocomplete_js config, so user can provide his own CSS selectors to find login button and username input. It should cover edge cases when we're not able to automatically detect them:
    • username_field_css_selector
    • login_button_css_selector
  • added new option to autocomplete_js config, so user can provide CSS selector for button that needs to be clicked to display login form:
    • login_form_activator_css_selector

@Q-back Q-back requested a review from andresriancho May 19, 2020 01:39
andresriancho
andresriancho reviewed May 27, 2020
View reviewed changes
Comment thread w3af/core/controllers/chrome/js/dom_analyzer.js Outdated
result = [];
let buttons = document.querySelectorAll('button', parentElement);
for (let button of buttons) {
if (button.innerText.toLocaleLowerCase().includes('log')) {
Copy link
Copy Markdown
Owner

@andresriancho andresriancho May 27, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I usually dislike code that is tied to a specific language. log might work for login and logga (which I believe is login in .se) but... for sites developed in other languages (spanish, polish, etc.) this will not work.

Also, sign-in will not be found.

Can we find an alternative?

Copy link
Copy Markdown
Collaborator Author

@Q-back Q-back Jun 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only thing that comes into my mind is to return all buttons located inside parentNode. Hopefully there will be login button.

andresriancho
andresriancho reviewed May 27, 2020
View reviewed changes
Comment thread w3af/plugins/auth/autocomplete_js.py Outdated
andresriancho
andresriancho reviewed May 27, 2020
View reviewed changes
Comment thread w3af/plugins/auth/autocomplete_js.py
andresriancho
andresriancho requested changes May 27, 2020
View reviewed changes
Copy link
Copy Markdown
Owner

@andresriancho andresriancho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code is really good! 💯

Just minor changes and comments.

@Q-back Q-back marked this pull request as draft May 27, 2020 22:31
@andresriancho
Copy link
Copy Markdown
Owner

andresriancho commented Jun 4, 2020

This pull request is still a work in progress

@Q-back is this ready for a second review?

@Q-back
Copy link
Copy Markdown
Collaborator Author

Q-back commented Jun 5, 2020

@andresriancho Thanks for activity 😉 . There's one new improvement which I'd like to finish before review.

@Q-back Q-back marked this pull request as ready for review June 10, 2020 11:36
@Q-back
Copy link
Copy Markdown
Collaborator Author

Q-back commented Jun 10, 2020

@andresriancho PR is ready for second review

@Q-back Q-back requested a review from andresriancho June 10, 2020 15:44
andresriancho
andresriancho reviewed Jun 16, 2020
View reviewed changes
Comment thread w3af/core/controllers/chrome/instrumented/main.py
return result['result']['result']['value']
runtime_exception = result.get('result', {}).get('exceptionDetails')
if runtime_exception:
raise ChromeScriptRuntimeException(
Copy link
Copy Markdown
Owner

@andresriancho andresriancho Jun 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is new! Are you sure it is handled in all calls to this method? In the past we were returning None and now we raise an exception. Make sure to search all calls for this method and modify error handling appropiately.

Copy link
Copy Markdown
Collaborator Author

@Q-back Q-back Jun 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I have added few more fixes in this PR.
This works for sure. It's additional (new) exception which is raised when underlying script throws internal JS exception. We still return None in other cases here https://github.com/andresriancho/w3af/pull/18552/files/8d520bc067455089a9fccac9c395f9114f521e8a#diff-4a954d4e5c6123fad237c66f5399b9dfR617

@Q-back Q-back requested a review from andresriancho June 16, 2020 16:14
@Q-back Q-back changed the base branch from feature/js to develop June 17, 2020 09:00
@Q-back Q-back mentioned this pull request Jun 26, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andresriancho andresriancho Awaiting requested review from andresriancho

Assignees

No one assigned

Labels

improvement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Q-back @andresriancho