From c9cb3e3b9f5addf57e617a564b92d886b3de7b68 Mon Sep 17 00:00:00 2001 From: thc202 Date: Fri, 6 Dec 2024 16:57:21 +0000 Subject: [PATCH] Update Selenium library Update Selenium library to version 4.27.0. Address deprecation warnings in `authhelper` and `domxss`. Signed-off-by: thc202 --- addOns/authhelper/CHANGELOG.md | 1 + .../zaproxy/addon/authhelper/AuthUtils.java | 20 +++++++++---------- .../addon/authhelper/AuthUtilsUnitTest.java | 18 +++++++++++------ addOns/domxss/CHANGELOG.md | 1 + .../zap/extension/domxss/DomXssScanRule.java | 8 ++++---- addOns/selenium/CHANGELOG.md | 2 +- addOns/selenium/selenium.gradle.kts | 2 +- 7 files changed, 30 insertions(+), 22 deletions(-) diff --git a/addOns/authhelper/CHANGELOG.md b/addOns/authhelper/CHANGELOG.md index e5bc18f58d7..f2e8107430d 100644 --- a/addOns/authhelper/CHANGELOG.md +++ b/addOns/authhelper/CHANGELOG.md @@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed - Depend on Passive Scanner add-on (Issue 7959). +- Address deprecation warnings with newer Selenium version (4.27). ## [0.16.0] - 2024-11-06 ### Fixed diff --git a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java index 0f6abe6fc29..a2ee9530e0e 100644 --- a/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java +++ b/addOns/authhelper/src/main/java/org/zaproxy/addon/authhelper/AuthUtils.java @@ -146,10 +146,10 @@ static WebElement getUserField(List inputElements) { inputElements.stream() .filter( elem -> - "text".equalsIgnoreCase(elem.getAttribute("type")) + "text".equalsIgnoreCase(elem.getDomAttribute("type")) || "email" .equalsIgnoreCase( - elem.getAttribute("type"))) + elem.getDomAttribute("type"))) .collect(Collectors.toList()); if (!filteredList.isEmpty()) { @@ -161,27 +161,27 @@ static WebElement getUserField(List inputElements) { || attributeContains(we, "name", USERNAME_FIELD_INDICATORS)) { LOGGER.debug( "Choosing 'best' user field: name={} id={}", - we.getAttribute("name"), - we.getAttribute("id")); + we.getDomAttribute("name"), + we.getDomAttribute("id")); return we; } LOGGER.debug( "Not yet choosing user field: name={} id={}", - we.getAttribute("name"), - we.getAttribute("id")); + we.getDomAttribute("name"), + we.getDomAttribute("id")); } } LOGGER.debug( "Choosing first user field: name={} id={}", - filteredList.get(0).getAttribute("name"), - filteredList.get(0).getAttribute("id")); + filteredList.get(0).getDomAttribute("name"), + filteredList.get(0).getDomAttribute("id")); return filteredList.get(0); } return null; } static boolean attributeContains(WebElement we, String attribute, String[] strings) { - String att = we.getAttribute(attribute); + String att = we.getDomAttribute(attribute); if (att == null) { return false; } @@ -196,7 +196,7 @@ static boolean attributeContains(WebElement we, String attribute, String[] strin static WebElement getPasswordField(List inputElements) { for (WebElement element : inputElements) { - if ("password".equalsIgnoreCase(element.getAttribute("type"))) { + if ("password".equalsIgnoreCase(element.getDomAttribute("type"))) { return element; } } diff --git a/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/AuthUtilsUnitTest.java b/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/AuthUtilsUnitTest.java index a1b3a292687..ac62514c9b9 100644 --- a/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/AuthUtilsUnitTest.java +++ b/addOns/authhelper/src/test/java/org/zaproxy/addon/authhelper/AuthUtilsUnitTest.java @@ -108,7 +108,7 @@ void shouldReturnUserTextField() throws Exception { // Then assertThat(field, is(notNullValue())); - assertThat(field.getAttribute("type"), is(equalTo("text"))); + assertThat(field.getDomAttribute("type"), is(equalTo("text"))); } @Test @@ -124,7 +124,7 @@ void shouldReturnUserEmailField() throws Exception { // Then assertThat(field, is(notNullValue())); - assertThat(field.getAttribute("type"), is(equalTo("email"))); + assertThat(field.getDomAttribute("type"), is(equalTo("email"))); } @Test @@ -141,7 +141,7 @@ void shouldReturnUserEmailFieldById() throws Exception { // Then assertThat(field, is(notNullValue())); - assertThat(field.getAttribute("id"), is(equalTo("email"))); + assertThat(field.getDomAttribute("id"), is(equalTo("email"))); } @Test @@ -158,7 +158,7 @@ void shouldReturnUserEmailFieldByName() throws Exception { // Then assertThat(field, is(notNullValue())); - assertThat(field.getAttribute("name"), is(equalTo("username"))); + assertThat(field.getDomAttribute("name"), is(equalTo("username"))); } @Test @@ -189,7 +189,7 @@ void shouldReturnPasswordField() throws Exception { // Then assertThat(field, is(notNullValue())); - assertThat(field.getAttribute("type"), is(equalTo("password"))); + assertThat(field.getDomAttribute("type"), is(equalTo("password"))); } @Test @@ -666,7 +666,7 @@ public String getTagName() { } @Override - public String getAttribute(String name) { + public String getDomAttribute(String name) { switch (name) { case "id": return id; @@ -679,6 +679,12 @@ public String getAttribute(String name) { } } + @Override + @Deprecated + public String getAttribute(String name) { + return null; + } + @Override public boolean isSelected() { return false; diff --git a/addOns/domxss/CHANGELOG.md b/addOns/domxss/CHANGELOG.md index 2edcb2f384c..1c6bc162820 100644 --- a/addOns/domxss/CHANGELOG.md +++ b/addOns/domxss/CHANGELOG.md @@ -5,6 +5,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased ### Changed +- Address deprecation warnings with newer Selenium version (4.27). - Include the whole HTTP message in the raised alerts. - Include the steps to reproduce the DOM XSS in the other info of the alert. - Do not request URLs explicitly excluded from the context or global excludes diff --git a/addOns/domxss/src/main/java/org/zaproxy/zap/extension/domxss/DomXssScanRule.java b/addOns/domxss/src/main/java/org/zaproxy/zap/extension/domxss/DomXssScanRule.java index 1c8022bb458..19b42089b09 100644 --- a/addOns/domxss/src/main/java/org/zaproxy/zap/extension/domxss/DomXssScanRule.java +++ b/addOns/domxss/src/main/java/org/zaproxy/zap/extension/domxss/DomXssScanRule.java @@ -543,8 +543,8 @@ private DomAlertInfo scanHelper(String attackVector, String url) { try { // Save for the evidence tagName = element.getTagName(); - attributeId = element.getAttribute("id"); - attributeName = element.getAttribute("name"); + attributeId = element.getDomAttribute("id"); + attributeName = element.getDomAttribute("name"); if (tagName.equals("input")) { steps.add( @@ -611,8 +611,8 @@ private DomAlertInfo scanHelper(String attackVector, String url) { try { // Save for the evidence tagName = element.getTagName(); - attributeId = element.getAttribute("id"); - attributeName = element.getAttribute("name"); + attributeId = element.getDomAttribute("id"); + attributeName = element.getDomAttribute("name"); addClickStep(xpath); element.click(); diff --git a/addOns/selenium/CHANGELOG.md b/addOns/selenium/CHANGELOG.md index 076cc023c1e..fa53b021542 100644 --- a/addOns/selenium/CHANGELOG.md +++ b/addOns/selenium/CHANGELOG.md @@ -6,7 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Changed -- Update Selenium to version 4.26.0. +- Update Selenium to version 4.27.0. ## [15.30.0] - 2024-09-24 ### Changed diff --git a/addOns/selenium/selenium.gradle.kts b/addOns/selenium/selenium.gradle.kts index fd6a04f4dd1..8c65238e3e5 100644 --- a/addOns/selenium/selenium.gradle.kts +++ b/addOns/selenium/selenium.gradle.kts @@ -36,7 +36,7 @@ zapAddOn { } dependencies { - var seleniumVersion = "4.26.0" + var seleniumVersion = "4.27.0" selenium("org.seleniumhq.selenium:selenium-java:$seleniumVersion") selenium("org.seleniumhq.selenium:htmlunit3-driver:$seleniumVersion") implementation(libs.log4j.slf4j) {