Test Web applications using Selenium
Outline q Uniqueness of web app testing Q Q Heterogonous system Dynamic pages Performance testing Security testing q Selenium Web. Driver
Web application architecture q Heterogeneous system Q Front end v Browser: IE, Firefox, Chrome, Safari… Q Server side v Application Server v Database Server v File System v ……
Heterogeneous system q Front end Q HTML, Java. Script, Adobe Flash…… HTML Java. Script Source behind Page in Browser
Uniqueness 1: Heterogeneous system q Server side Q Can be written in PHP, Java, C#. . . Q Communicate with Database server in SQL PHP Script PHP SQL HTML SQL
Heterogeneous System q Need to test all sub-components Q Anything could go wrong… q However, only front end is accessible for testing Q Can not directly test the Server code and SQL Q Have to drive the test execution v Frontend n HTML: Malformed HTML page? n Java. Script: Runtime Errors? (demo) v Server script n PHP, Java…: Runtime Errors? (demo) n SQL: Malformed SQL query string? (demo)
Test from the front end q Pros Q Hide the complexity of the backend Q Uniform interface Q Can use a robot to automate test execution q Cons Q The front end is not trustable v Crafted malicious requests
Selenium q A tool set that automates web app testing across platforms q Can simulate user interactions in browser q Two components Q Selenium IDE Q Selenium Web. Driver (aka. Selenium 2)
Selenium IDE q Firefox extension q Easy record and replay q Debug and set breakpoints q Save tests in HTML, Web. Driver and other formats.
Selenium IDE test cases q Selenium saves all information in an HTML table format q Each record consists of: Q Command – tells Selenium what to do (e. g. “open”, “type”, “click”, “verify. Text”) Q Target – tells Selenium which HTML element a command refers to (e. g. textbox, header, table) Q Value – used for any command that might need a value of some kind (e. g. type something into a textbox)
How to record/replay with Selenium IDE 1. Start recording in Selenium IDE 2. Execute scenario on running web application 3. Stop recording in Selenium IDE 4. Verify / Add assertions 5. Replay the test. Selenium IDE Demo……
Bad things of testing from the front end q The front end is not trustable Q Front end code can be accessed by anybody Q Malicious users can infer the input parameters Q Crafted requests! q Demo Q Front end limits the length of the input values Q Front end limits the content of the input values Q Front end limits the combination of the input values
Uniqueness 2: Dynamic pages q Client page could be dynamic Q Q It can change itself at runtime HTML can be modified by Java. Script can modify itself Demo q Server script could be dynamic Q Client pages are constructed at runtime Q The same server script can produce completely different client pages Q Demo v School. Mate
Uniqueness 3: Performance q Performance is crucial to the success of a web app Q Recall the experience to register for a class in the first days of the semester… q Performance testing evaluates system performance under normal and heavy usage Q Volume testing v For expected concurrent number of users Q Stress testing v To understand the upper limits of capacity q Performance testing can be automated
Uniqueness 4: Security q Web app usually deals with sensitive info, e. g. Q Credit card number Q SSN Q Billing / Shipping address q Security is the biggest concern q Security testing should simulate possible attacks
Uniqueness 4: Security q SQL Injection Q The untrusted input is used to construct dynamic SQL queries. Q E. g, update my own password $str = "UPDATE users SET password = ” “. $_POST['new. Pass’]. “” WHERE username =”“. $_POST['username']. “””; mysql_query( $str ); $_POST['new. Pass’] = pass, $_POST['username'] = me PHP Script Normal Case Query String: UPDATE users SET password = “pass” WHERE username =“me” $_POST['new. Pass’] = pass, $_POST['username'] = “ OR 1=1 -- Attack Query String: UPDATE users SET password = “pass” WHERE username =“” OR 1=1 --”
Uniqueness 4: Security q Cross Site Scripting (XSS) Q The untrusted input is used to construct dynamic HTML pages. Q The malicious JS injected executes in victim’s browser Q The malicious JS can steal sensitive info Q Demo q Solution: Never trust user inputs q Design test cases to simulate attacks
Outline q Uniqueness of web app testing Q Q Heterogonous system Dynamic pages Performance testing Security testing q Selenium Web. Driver
Selenium Web. Driver (Selenium 2) q Selenium-Web. Driver Q Write a program to control the test execution of a web app Q More flexible and powerful than IDE q Selenium-Web. Driver supports multiple browsers in multiple platforms Q Q Q Q Google Chrome 12. 0. 712. 0+ Internet Explorer 6+ Firefox 3. 0+ Opera 11. 5+ Android – 2. 3+ for phones and tablets i. OS 3+ for phones i. OS 3. 2+ for tablets
Selenium Web. Driver q Web. Driver is designed to providing a simpler and uniform programming interface Q Same Web. Driver script runs for different platforms q Support multiple programming languages: Q Java, C#, Python, Ruby, PHP, Perl… q It’s efficient Q Web. Driver leverages each browser’s native support for automation.
How to use Selenium Web. Driver (1) Go to a page (2) Locate an element (3) Do something with that element . . . (i) Locate an element (i+1) Do something with that element (i+2) Verify / Assert the result
![Demo: Verify page title public static void main( String[] args ) { // Create](https://present5.com/presentation/fbaa375e2ab163e24b911b7517b2267d/image-22.jpg "Demo: Verify page title public static void main( String[] args ) { // Create")
Demo: Verify page title public static void main( String[] args ) { // Create a new instance of the Firefox driver Web. Driver driver = new Firefox. Driver(); // (1) Go to a page driver. get("http: //www. google. com"); // (2) Locate an element Web. Element element = driver. find. Element(By. name("q")); // (3 -1) Enter something to search for element. send. Keys("Purdue Univeristy"); // (3 -2) Now submit the form. Web. Driver will find the form for us from the element. submit(); // (3 -3) Wait up to 10 seconds for a condition Web. Driver. Wait waiting = new Web. Driver. Wait(driver, 10); waiting. until( Expected. Conditions. presence. Of. Element. Located( By. id("pnnext") ) ); // (4) Check the title of the page if( driver. get. Title(). equals("purdue univeristy - Google Search") ) System. out. println("PASS"); else System. err. println("FAIL"); } //Close the browser driver. quit();
How to locate an element q By id Q HTML: <div id="coolest. Widget. Evah">. . . </div> Q Web. Driver: driver. find. Element( By. id("coolest. Widget. Evah") ); q By name Q HTML: <input name="cheese" type="text"/> Q Web. Driver: driver. find. Element( By. name("cheese") ); q By Xpath Q HTML <html> <input type="text" name="example" /> <input type="text" name="other" /> </html> Web. Driver: driver. find. Elements( By. xpath("//input") ); Q Q There are plug-ins for firefox/chrome to automatically display the Xpath
Timing issue q There are delays between submitting a request and receiving the response q We can wait until the response page is loaded q Robot doesn’t know! q In Web. Driver, sometimes it doesn’t work if Q Submit a request Q Verify the response immediately q Solution: Q Simulate the wait. Wait until some HTML object appears
Summary: What Selenium can do q A solution for the automated testing Q Simulate user actions Q Functional testing v One could even program BVA in a test script v Create regression tests to verify functionality and user acceptance. Q Browser compatibility testing v The same script can run on any Selenium platform Q Volume testing Q Stress testing
Скачать презентацию Test Web applications using Selenium Outline q
fbaa375e2ab163e24b911b7517b2267d.ppt