Nick Coblentz: Web Application Vulnerability Unit Testing Cheat Sheet (Capybara and Watir-WebDriver)

Wednesday, November 30, 2011

Web Application Vulnerability Unit Testing Cheat Sheet (Capybara and Watir-WebDriver)

For an example template for Watir-WebDriver/RSpec or Capybara Test Case, start here:

http://nickcoblentz.blogspot.com/2011/11/using-watir-webdriver-or-capybara-for.html

For common questions with Watir-WebDriver or Capybara, look here next:

http://watirwebdriver.com/web-elements/ (and the "advanced interactions" items)
https://github.com/jnicklas/capybara

Finally, refer to the cheat sheet below for issues I came across while trying to write test case for web application vulnerabilities:

Detect and Close JavaScript Alert Boxes:
Watir-WebDriver



begin

browser.driver.switch_to.alert.accept #raises an exception if no alert is present

puts 'alert box found'

rescue

puts 'alert box not found'

end

Capybara:
page.driver.browser.switch_to.alert.accept

Perform Arbitrary HTTP POST Requests:
Watir-WebDriver

Send Keyboard Commands:
Watir-WebDriver
browser.text_field(:name,/login/i).send_keys(:arrow_down)

Capybara:


page.find_field('login').native.send_keys(:arrow_down)

Search For Text/HTML Within a Nested Frame:
Watir-WebDriver

Returning Content From Javascript:
Watir-WebDriver
browser.execute_script(‘return “asdf”’) #=> returns “asdf” to ruby

Include JQuery: Watir-WebDriver


browser.execute_script(%q|
var el = document.createElement("script");
el.setAttribute("src","http://code.jquery.com/jquery-1.6.4.min.js");
document.body.appendChild(el);|)

Return HTTP Headers:
Watir-WebDriver