sipwise
/
ngcp-csc-ui
mirror of https://github.com/sipwise/ngcp-csc-ui.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MT#57776 fix csc security tests

Browse Source 
Change-Id: Ibcf03b806f99b3cd0ae62d0a88fe90117e479ee6
mr12.0
Nico Schedel 2 years ago
parent a618ad9f88
commit 90387d0368
1 changed files with 7 additions and 71 deletions
Show Stats Download Patch File Download Diff File

78
t/selenium/testrun.py
Unescape View File

@ -625,92 +625,28 @@ class testrun(unittest.TestCase):
time.sleep(1)
click_js(driver, '/html/body/div[3]/div/div[3]')
print("OK")
print("Try to edit all 'forwared to...' numbers...", end="")
wait_for_invisibility(driver, '//*[@id="csc-page-call-forwarding"]/div[1]/button/span[3]/svg[@class="q-spinner text-primary"]')
wait_for_invisibility(driver, '//*[@id="csc-page-call-forwarding"]//button[contains(., "Add forwarding")]/span/svg')
driver.find_element(By.XPATH, '//*[@id="csc-wrapper-call-forwarding"]/div[1]//div/span[contains(., "Number")]').click()
fill_element(driver, "/html/body//label//div//input", "checking <script>alert('test')</script> asdфывфів123!@#$%^&*()_+[]\|}{;'\":,./?><EOL")
driver.find_element(By.XPATH, '/html/body//div/button[contains(., "Set")]').click()
wait_for_invisibility(driver, '//*[@id="csc-wrapper-call-forwarding"]/div/div[2]/div[4]/svg')
driver.find_element(By.XPATH, '//*[@id="csc-main-menu-top"]//div/a[contains(., "Voicebox")]').click()
WebDriverWait(driver, 10).until(EC.element_to_be_clickable((By.XPATH, '//*[@id="csc-page-voicebox"]//div//input[@aria-label="Change PIN"]')))
driver.find_element(By.XPATH, '//*[@id="csc-main-menu-top"]//div/a[contains(., "Forwarding")]').click()
self.assertTrue(
len(driver.find_elements(By.XPATH, '//*[@id="csc-page-call-forwarding"]')) > 0, "Conference page wasnt opened")
print("OK")
print("Create a call forwarding 'if available'...", end="")
print("Add test string to all call forwardings", end="")
wait_for_invisibility(driver, '//*[@id="csc-page-call-forwarding"]/div[1]/button/span[3]/svg[@class="q-spinner text-primary"]')
wait_for_invisibility(driver, '//*[@id="csc-page-call-forwarding"]//button[contains(., "Add forwarding")]/span/svg')
wait_for_invisibility(driver, '//*[@id="csc-wrapper-call-forwarding"]/div/div[2]/div[4]/svg')
driver.find_element(By.XPATH, '//*[@id="csc-wrapper-call-forwarding"]/div[1]//div/span[contains(., "Number")]').click()
fill_element(driver, "/html/body//label//div//input", "checking <script>alert('test')</script> asdфывфів123!@#$%^&*()_+[]\|}{;'\":,./?><EOL")
driver.find_element(By.XPATH, '/html/body//div/button[contains(., "Set")]').click()
self.assertTrue(
len(driver.find_elements(By.XPATH, '/html/body//div[@role="alert"]//div[contains(., "Failed to create cfdestinationset.")]')) > 0, "Illegal call foward was created")
wait_for_invisibility(driver, '//*[@id="csc-wrapper-call-forwarding"]/div/div[2]/div[4]/svg')
driver.find_element(By.XPATH, '//*[@id="csc-wrapper-call-forwarding"]/div[2]//div/span[contains(., "Number")]').click()
fill_element(driver, "/html/body//label//div//input", "checking <script>alert('test')</script> asdфывфів123!@#$%^&*()_+[]\|}{;'\":,./?><EOL")
driver.find_element(By.XPATH, '/html/body//div/button[contains(., "Set")]').click()
self.assertTrue(
len(driver.find_elements(By.XPATH, '/html/body//div[@role="alert"]//div[contains(., "Failed to create cfdestinationset.")]')) > 0, "Illegal call foward was created")
wait_for_invisibility(driver, '//*[@id="csc-wrapper-call-forwarding"]/div/div[2]/div[4]/svg')
driver.find_element(By.XPATH, '//*[@id="csc-wrapper-call-forwarding"]/div[3]//div/span[contains(., "Number")]').click()
fill_element(driver, "/html/body//label//div//input", "checking <script>alert('test')</script> asdфывфів123!@#$%^&*()_+[]\|}{;'\":,./?><EOL")
driver.find_element(By.XPATH, '/html/body//div/button[contains(., "Set")]').click()
wait_for_invisibility(driver, '//*[@id="csc-wrapper-call-forwarding"]/div/div[2]/div[4]/svg')
print("OK")
print("Go to Admin Panel...", end="")
logout_csc(driver)
login_panel(driver)
print("OK")
print("Open Subscriber and check if Call forwarding doesn't execute malicious code...", end="")
driver.find_element(By.XPATH, '//*[@id="main-nav"]/li//span[contains(., "Settings")]').click()
driver.find_element(By.XPATH, '//*[@id="main-nav"]//li/a[contains(., "Customers")]').click()
fill_element(driver, '//*[@id="Customer_table_filter"]/label/input', self.key)
WebDriverWait(driver, 10).until(EC.visibility_of_element_located((By.XPATH, '//*[@id="Customer_table"]//tr[1]/td[2][contains(., "' + self.key + '")]')))
click_js(driver, '//*[@id="Customer_table"]/tbody/tr[1]/td//a[contains(., "Details")]')
driver.find_element(By.XPATH, '//*[contains(., "Expand Groups")]').click()
driver.find_element(By.XPATH, '//*[contains(., "Expand Groups")]').click()
scroll_to_element(driver, 'Subscribers')
click_js(driver, '//*[@id="subscribers_table"]/tbody/tr[1]//td//a[contains(., "Preferences")]')
try:
alert_obj = Alert(driver)
self.assertTrue(alert_obj.text != 'test', "JavaScript Code was executed")
alert_obj.accept()
alert_obj.accept()
alert_obj.accept()
except selenium.common.exceptions.NoAlertPresentException:
pass
driver.find_element(By.XPATH, '//*[@id="preference_groups"]/div[contains(., "Call Forwards")]').click()
driver.find_element(By.XPATH, '//*[@id="preferences_table_cf"]/tbody/tr[1]/td[6]/a').click()
self.assertTrue(
"checking <script>alert('test')</script> asdфывфів123!@#$%^&*()_+[]\|}{;'\":,./?><EOL" in driver.find_element(By.XPATH, '//div[@id="collapse_cf"]//table//tr[1]/td[6]/div/div[2]').text,
"Didn't match test string")
driver.find_element(By.XPATH, '//div[@id="collapse_cf"]/div/table/tbody/tr[1]/td[6]//div/button').click()
driver.find_element(By.XPATH, '//*[@id="preferences_table_cf"]/tbody/tr[2]/td[6]/a').click()
self.assertTrue(
"checking <script>alert('test')</script> asdфывфів123!@#$%^&*()_+[]\|}{;'\":,./?><EOL" in driver.find_element(By.XPATH, '//div[@id="collapse_cf"]//table//tr[2]/td[6]/div/div[2]').text,
"Didn't match test string")
driver.find_element(By.XPATH, '//div[@id="collapse_cf"]/div/table/tbody/tr[2]/td[6]//div/button').click()
driver.find_element(By.XPATH, '//*[@id="preferences_table_cf"]/tbody/tr[4]/td[6]/a').click()
self.assertTrue(
"checking <script>alert('test')</script> asdфывфів123!@#$%^&*()_+[]\|}{;'\":,./?><EOL" in driver.find_element(By.XPATH, '//div[@id="collapse_cf"]//table//tr[4]/td[6]/div/div[2]').text,
"Didn't match test string")
driver.find_element(By.XPATH, '//div[@id="collapse_cf"]/div/table/tbody/tr[4]/td[6]//div/button').click()
print("OK")
print("Try to delete call forwarding...", end="")
click_js(driver, '//*[@id="preferences_table_cf"]/tbody/tr[1]/td[8]//a[contains(., "Delete")]')
driver.find_element(By.XPATH, '//*[@id="dataConfirmOK"]').click()
click_js(driver, '//*[@id="preferences_table_cf"]/tbody/tr[2]/td[8]//a[contains(., "Delete")]')
driver.find_element(By.XPATH, '//*[@id="dataConfirmOK"]').click()
click_js(driver, '//*[@id="preferences_table_cf"]/tbody/tr[4]/td[8]//a[contains(., "Delete")]')
driver.find_element(By.XPATH, '//*[@id="dataConfirmOK"]').click()
print("OK")
print("Go back to CSC Panel Call Fowarding page...", end="")
logout_panel(driver)
login_csc(driver, "testuser@" + self.domainname, 'testpasswd')
self.assertTrue(
len(driver.find_elements(By.XPATH, '//*[@id="csc-header-toolbar-main"]')) > 0, "Login wasnt successful")
driver.find_element(By.XPATH, '//*[@id="csc-main-menu-top"]//div[contains(., "Call Settings")]').click()
driver.find_element(By.XPATH, '//*[@id="csc-main-menu-top"]//div/a[contains(., "Forwarding")]').click()
self.assertTrue(
len(driver.find_elements(By.XPATH, '//*[@id="csc-page-call-forwarding"]')) > 0, "Conference page wasnt opened")
len(driver.find_elements(By.XPATH, '/html/body//div[@role="alert"]//div[contains(., "Failed to create cfdestinationset.")]')) > 0, "Illegal call foward was created")
wait_for_invisibility(driver, '//*[@id="csc-wrapper-call-forwarding"]/div/div[2]/div[4]/svg')
print("OK")
filename = 0

Write Preview
Loading…
Cancel
Save