Friday, 29 November 2013

Handling Invalid Certificate Errors in Internet Explorer using Selenium

Internet Explorer uses the System's default Certificates.Below is an image where the website has an invalid certificate and IE gives us a warning message.



























This problem is common across QA environments where the end application is not properly configured with CA and security restrictions are a bit relaxed.

If you inspect the HTML of this page,it is very neat and all the elements have ID's with them.So what is the big deal here,just work on those ID's and get past them i.e click on 'Continue to this website(not recommended)' and it has a ID ='overridelink' inside an anchor tag.Noticing closely we can see that this page is actually generated by IE itself and not by the application's web server and selenium does not recognize the DOM at all.

There are ways of solving this by adding this SSL certificate as trusted or adding an exception to this particular certificate in IE's cert store. But for those who cannot do this, below is a solution.

So now selenium cannot help us,we have to use some external solution to this such as Java AWT. But since this page has a DOM we can use direct Javascript execution,and it turns out to be a very stable solution.

Link to the code:
https://github.com/Madusudanan/Selenium/blob/master/SSLErrorHandlerForIE.java

But we must use this code only when we are absolutely sure that this error will come up,because if it doesn't then this piece of code will be running forever looking for that particular element in the DOM.

We can overcome this by looking for some other element in the application's home page i.e the page that is launched once we bypass this warning and if the element is not present then we can know for sure that this warning message is present and we can add this handler code at that particular place.



Tuesday, 29 October 2013

Cleaning up tests in selenium - Killing processes and clearing temporary files

All selenium tests create profiles on the temp folder(temporary directory) and browsers apart from firefox spawn separate processes(.exe's) that are not tied with the java process that spawns selenium.

driver.quit() usually does the trick of clearing the temp folders and kills the processes associated with the tests.But there has been several issues around this and it does not work particularly with older versions of selenium webdriver.

As per Issue 1934 the firefox problem of deleting the temp folders seems to have been solved.But it does not work in standard manner for other browsers. Stackoverflow has many questions related to this and the only reasonable way to solve this is to clear the temp folder and kill the process by external means.

Again if we write boilerplate code using Java File I/O to delete files in temp folder, it is a pain to recurse and delete all the files and also the folders. Fortunately Apache Commons IO has a way to deal with this.I have a made a test cleanup method of my own which deletes all files from temp ignoring the ones that cannot be deleted and kills the process names that you specify to it.


Link to the code : 
https://github.com/Madusudanan/Selenium/blob/master/TestCleanup.java

Let me know in case of any suggestions or issues.


Tuesday, 8 October 2013

Selenium Webdriver : Multiple Locators for a Single Element

We all have had dealings with Selenium locators and many times we face with issues with flaky scripts due to flaky locators. The flakiness of the scripts is directly dependent upon the Application Under Test (AUT) .

There might be some situations where one locator might work for an element and the other does not.The natural way that comes to our mind is to use a simple if-else construct and then choose the one that works. This will definitely work, but it's not an elegant solution.

Selenium webdriver has in-built methods to handle this situation and it works for CSS and XPath locator strategy.

XPath

Suppose we have an element with an id = 'login-button' and a name='login-homepage' and lets assume they come under the same div.The way we would write locators using Xpath are as follows.

Using ID : //div[@id='login-button']

Using Name: //div[@name='login-homepage']

Combining both : //div[@id='login-button' or @name='login-homepage']

Ok. It wasn't that hard.Now how it will work is that we have the parent element as the same.But we are not dependent on the locator of the parent Div , but we take the fact that Id , Name are unique for the same web element and work on that.

CSS

CSS also has provisions to combine two locators. Let us assume we have an image with the following HTML

<img src="images/selenium-ide-logo.png" class="icon" alt="Selenium IDE Logo" style="background-color: transparent;">

Using Class : img[class='icon']

Using alt     : img[alt='Selenium IDE Logo']

Combining both : img[class='icon'],img[alt='Selenium IDE Logo']

We can verify the functionality by purposely giving the first locator wrongly,then see whether the second locator works correctly or not and vice versa.

In this way we can combine many locators into one single place in our code such as

String Image_In_Home_Page_Locator = "img[class='icon'],img[alt='Selenium IDE Logo']";

This looks a lot more neater than using if-else conditions.


Monday, 5 August 2013

Evil User Interfaces

When we think about the term evil user interfaces,normally what comes to mind is a malicious web site design.The actual meaning is pretty close,a bad design is done by mistake,but an evil design is carefully crafted and designed to trick viewers into doing things that they normally wont do.

An example of normal human psychology is to get things done fast.When we go to websites to download something,there has been numerous instances that I have faced personally,like some ten buttons pop up for download and the user does not know which to click,some users might accidentally click the ads and the sites make money out of this.

Eventually these kind of sites form a pattern.Some call it evil design,some call it dark patterns.



                           
http://darkpatterns.org/ is definitely an interesting read.

When you come across any sites that use these,make sure you put it up at darkpatterns web-site so that many come to know and it spreads awareness.





Thursday, 25 July 2013

Security Tips #1 : Making your online presence safe




Here is my first blog article on security.It has been much of a question nowadays that what is the amount of security that is needed to prevent attackers/hackers.There is no answer to this question since absolutely security cannot be guaranteed.But,below are some measures that we can take to protect us from obvious risks


1) Having a strong password and changing it frequently


This has been suggested for the past many years and a very controversial one.But this might be a little outdated.


Following is a research paper from microsoft which outlies all these in an excellent manner.


http://research.microsoft.com/pubs/74162/hotsec07.pdf


Considering the attacks done on hacking user accounts having strong passwords alone does not much accomplish anything and also being a burden on the user to remember the password.Instead we can focus on having a password that we can remember and being a little different from obvious passwords such as 'password' or having your phone number as a password,which is vulnerable for guessing attacks.


In addition to this,many systems have a 'Three Strike' rule,when you enter your password wrong,security system activates and it comes up with a captcha,which prevents automatic scripts from performing brute force attacks.Facebook and most others usually send the user an e-mail notifying them that there has been recent attempts to access your account with failures and shall we help with your password reset.


But there are some sites which do not offer any kind of protection agains brute force,i.e no captcha or other security measures are provided,in such a case a strong password does help in a very great manner.

2)Reviewing recent login information


In addition to passwords, reviewing recent account activity is a great way to keep your account safe.Some like facebook offer real time login information to your mobiles through ways of an SMS and in GMail you can actually view which systems accessed your account by means of IP address and locations.This can help us keep track of who is logging in and when.


Some hacking mechanisms actually involve stealing your login cookie rather than knowing your password,so when you encounter suspicious activity in your account you change your password and it would void the cookie so that the supposed attackers cannot login anymore using the same cookie.Of course it depends on the application's architecture you are using,but most popular sites tend to have this built in.The more quicker we do this,the more damage we prevent.


3) Using modern browsers


IE6 is probably the worst browser you can use in terms of Usability and Security.It has many security related issues and many companies such as Google have dropped support for this browser.If you are using this version of IE,its high time you update your browser to either IE 8 or later if you are very specific with Internet Explorer,if not any latest version of Firefox or Chrome is good.


Basically the idea is to use something latest and well supported,and fixes in Chrome,Firefox are lot quicker.But that does not mean you do not have to use IE,we can always use it as long as it is updated with the latest patches/updates. 


4) Using HTTPS for sites


Many popular web platforms that we use such as Gmail,Yahoo,Facebook have options to enable HTTPS for all sessions/actions.HTTPS prevents people from Sniffing your traffic,most vulnerable when you are browsing over a public Wi-fi.


Gmail has HTTPS enabled by default.Yahoo mail does not have it by default but we can change that by a simple configuration change in account settings.Same goes for Facebook and LinkedIn and many other sites.It offers security against basic Man in the middle attack(MITM),there are many other sophisticated attacks that can be performed to break/bypass HTTPS,but as a user enabling HTTPS elevates the security to a considerable level.


Points to note in an HTTPS Session :     

    (i) Making sure that the HTTPS is not broken is a good thing.Most browsers have a lock symbol indicating this.If you do not have a lock symbol and the URL is still HTTPS,then you have a broken HTTPS session,we should avoid doing critical transactions in a broken session.

    (ii) Certificate Authority (CA) is a certificate issued by a trusted third party to verify the site's identity.Each browser has their own list.Some of them are listed below,although it is difficult to validate each and every CA,its a good practice just to check who has verified the site.In case of something fishy,you can always look up your browser list for the CA or google it,if you don't find them then probably you are using a manually enforced/installed certificate or possibilities are there that the HTTPS session is compromised.

Chrome and  IE's root CA list : http://support.microsoft.com/kb/931125

Firefox root CA list : http://www.mozilla.org/projects/security/certs/included/

Apple's root CA list : http://www.apple.com/certificateauthority/

The following link will help us understand why SSL certficates are required and what they are used for

http://security.stackexchange.com/questions/6737/what-is-an-ssl-certificate-intended-to-prove-and-how-does-it-do-it



5) Two-factor Authentication


Two-factor authentication is the process of adding another system into the picture to enhance security,i.e you have two levels of security,one is obviously your machine and the next can be something like security tokens.They are basically of two types Hard and Soft tokens.But we are concerned with Soft tokens.


Gmail,Yahoo,Facebook all have facilities for Two-factor authentication which will be turned off by default.But we can enable them using the help of our mobile phones.Whenever we login we get a Soft token in the form of an SMS,this is apart from the password authentication and it is usually a One Time Password(OTP).


This makes things difficult for hackers,even if they know your password they have to know the OTP to take over your account,which is in general very difficult.


Caveat : Make sure you have backup codes noted somewhere safe in case you lose your phone,without which it is very difficult access/recover your account.


These security tips are the ones that most users are not aware of,and it applies across many sites in a generic manner.It can be thought of some kind of a must have.But,of course the best place you can get more security tips are from the web site help pages themselves.

Gmail : http://www.google.co.in/goodtoknow/online-safety/


Facebook : https://www.facebook.com/help/ and then navigate to security


Yahoo : http://security.yahoo.com/ 


Linkedin : http://help.linkedin.com/app/answers/detail/a_id/267


and the list goes on.


Note : The above links might change,so make sure you google it if it is broken or something.

Do follow up with latest security practices on any sites that you are using.







Thursday, 18 July 2013

Highlighting a Web Element in Selenium

Highlighting web elements comes in very handy when we are doing validations on web elements using selenium.It is also useful for debugging purposes when webdriver actually selects the element and we dont want to go in and use Selenium IDE each and everytime to visually find the element.

Link to the code : 
https://github.com/Madusudanan/Selenium/blob/master/WebElementHighlighter.java

The above code is kind of raw and is suitable if you are implementing it in a selector method in a framework of your own.But there is another way of doing this with the help of AbstractWebDriverEventLister.This is a utility class that was developed by the selenium folks that can be used for logging and other purposes.

AbstractWebDriverEventListener has a problem,it does not have listener methods for isDisplayed(), where we can verify if some text is displayed on the page,we cannot use click() here since it is just text.We can overcome this by putting our highlighter code inside the beforeFindBy method of the EventListener, so that all element FindBy's trigger the highlighter listener method.

I though this is the best way to implement it,but I would definitely welcome if there are better ways of implementing it inside the EventListener class,if you come across any,do let me know.

Link to the EventListener implementation code :
https://github.com/Madusudanan/Selenium/blob/master/WebElementHighlighterAsEventListener.java



Code in action : 



Please let me know in case of any issues you face with the code.

Tuesday, 9 July 2013

Getting Parsed Page Content Using Selenium

There might come several situations where need to extract particular page content using selenium.This is different from getting the page source using 'driver.getPageSource()' which gives raw HTML code.

Suppose we want the entire text from a particular area from a web page Selenium provides an excellent way to do that.

'String required_text=driver.findElement(By.tagName("put the HTML tag here")).getText();'

This gives you the required text of the particular web element.We can also use By.id or By.xpath or other locator strategies whichever works for us.But this usually does the trick.It comes useful when we want the page content for logging purposes, plain text parsing of the required text from the DOM is usually difficult and not recommended. 



Saturday, 6 July 2013

Learning Math

Learning math and its real world applications has always been a difficult task for all of us.But thanks to MIT, they now have Open Courseware in which we can learn math from them for free.

Below are the links for the courses.Start with Single Variable Calculus and then move to Mathematics for Computer Science and then Introduction to Algorithms.

This is truly some serious stuff.

Single Variable Calculus : 
http://ocw.mit.edu/courses/mathematics/18-01-single-variable-calculus-fall-2006/index.htm

Mathematics for Computer Science(Discrete Math) :
http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-042j-mathematics-for-computer-science-fall-2010/index.htm

Introduction to Algorithms :
http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-046j-introduction-to-algorithms-sma-5503-fall-2005/index.htm





You can always make a donation to support them for making these excellent stuff for free.

There are also other excellent courses that you can view in your subject/field of choice.

Happy Learning :)

Tuesday, 4 June 2013

Windows authentication login using Selenium

Handling Javascript windows with selenium is not much of a problem since selenium has an inbuilt driver to it.But the problem with websites that use windows authentication is that they are neither Javascript popups nor they can be controlled by Java AWT Robot individually.

To overcome the trickyness, we use selenium to first recognize the pop up as as Javascript pop-up and then use Java AWT Robot to enter the password.

Why use Java AWT?
Well selenium by itself cannot handle this situation.It can enter the username but cannot make a tab switch and enter the password.

Below is an image of the login ( Windows authentication ) using ASP.NET

















Github link to the code : 

https://github.com/Madusudanan/Selenium/blob/master/WindowsAuthHandler.java

It can also be used to handle windows of similar nature that pops up out of a browser.Usually these kinds are associated with Domain/Active directory authentication.

Code is commented for understanding.Let me know in case of any doubts or issues that you face.

Edit : As of September 26 , the above piece of code works only with Internet Explorer Driver. For other browsers we have to resort to libraries such Auto IT or Sikuli

Thursday, 18 April 2013

Getting XPath of Web Elements in Internet Explorer

Testing applications in Internet explorer can be tricky,for one it does not have a tool like Firebug and hence XPath finding can be difficult.But since Javascript has full power over the DOM we can write some scripts to get the element XPath by ourselves.

1)Open Internet Exploer
2)Type about:blank in the address bar and hit enter
3)From Favorites main menu select--->Add favorites
4)In the Add a favorite popup window enter name GetXPATH1.
5)Click add button in the add a favorite popup window.
6)Open the Favorites menu and right click the newly added favorite and select properties option.
7)GetXPATH1 Properties will open up. Select the web Document Tab.
8)Copy and Paste the JavaScript Snippet one code from my Git hub repository in the URL field.

9)Click Ok. Click YES on the popup alert.
10)Add another favorite by following steps 3 to 5, Name this favorite GetXPATH2 (step4)
11)Repeat steps 6 and 7 for GetXPATH2 that you just created.
12)Copy and Paste the JavaScript Snippet two code from my Git hub repository in the URL field for GetXPATH2.

13)Repeat Step 9.
 


Javascript Snippet one code:

https://github.com/Madusudanan/Selenium/blob/master/GetXPATH_init.js

Javascript Snippet two code :
https://github.com/Madusudanan/Selenium/blob/master/GetXPATH_final.js

 

You are all done!!

Now to get the XPATH of an element just select the element with your mouse. This would involve clicking the left mouse button just before the element (link, button, image, checkbox, text etc) begins and dragging it till the element ends. Once you do this first select the favorite GetXPATH1 from the favorites menu and then select the second favorite GetXPATH2. At his point you will get a confirmation, hit allow access button. Now open up a notepad file, right click and select paste option. This will give you the XPATH of the element you seek.


This has a limitation however on selecting web elements which  are like menu elements within a drop down box,hidden elements etc.But comes in very handy on a general usage scenario.

By no means this is the best way to work with locators in IE.Good stable locators are often hand crafted and carefully chosen using Xpath functions and other advanced strategies.But this is good as a starting point and to build upon further


 

Wednesday, 17 April 2013

Using Apache POI for Data driven testing in Selenium Webdriver

Selenium is probably the most famous open source tool for Web testing.This blog post is how to use POI in selenium web driver so that data driven testing can be performed.

Why Excel?

Excel is probably the most commonly used tool for working with test data.


You can find more about Apache POI at http://poi.apache.org/












Code is self-explanatory,documented for understanding and is hosted at Github


Code for XLS files:

https://github.com/Madusudanan/Selenium/blob/master/readExcel.java



Code for XLSX files : 

https://github.com/Madusudanan/Selenium/blob/master/readExcelXLSX.java

The above code assumes that you have a structure to your excel files.The two-dimensional array gives you great control over the way you can iterate over the rows and columns of the excel file and this control comes when you have structure to your test data file,but if there is any blank cell in the middle, there is a null pointer exception that is thrown since the code assumes that the file is structured.We can add a handler here by means of a missing cell policy, but that would make the very purpose of using the two dimensional array as a backend structure meaningless.


If you dig into Apache POI a little more, you would be tempted to use its capabilities such ignoring blank cells and so on,but its a lot easier to maintain the excel file in a specified format rather than writing code to handle the brittleness of the excel file itself.The two dimensional structure forms a model through which you can build a data driven framework on top of excel using Apache POI.


If you face any issues,do let me know by commenting here or dropping me an email.