diff --git a/app/test/test_login.py b/app/test/test_login.py index a9f61ff..2fc5d49 100644 --- a/app/test/test_login.py +++ b/app/test/test_login.py @@ -60,21 +60,5 @@ def test_login(): driver.save_screenshot('./app/test/test_login_pic4.png') assert 'EnglishPal Study Room for ' + uname in driver.title - #logout - driver.get(HOME_PAGE + 'logout') - - # 测试bug是否修复 - driver.get(HOME_PAGE) - elem = driver.find_element_by_link_text('登录') - elem.click() - uname = 'lanhui' - elem = driver.find_element_by_name('username') - elem.send_keys(uname) - elem = driver.find_element_by_name('password') - elem.send_keys("' or 'a'='a'or'a'='a") - elem = driver.find_element_by_xpath('//form[1]/p[3]/input[1]') # 找到登录按钮 - elem.click() - driver.save_screenshot('./app/test/test_login_pic5.png') - assert '无法通过验证。' in driver.page_source finally: driver.quit() diff --git a/app/test/test_login_security_fix.py b/app/test/test_login_security_fix.py new file mode 100644 index 0000000..b836b6b --- /dev/null +++ b/app/test/test_login_security_fix.py @@ -0,0 +1,35 @@ +# -*- coding: utf-8 -*- +# Run the docker image using the following command: +# docker run -d -p 4444:4444 selenium/standalone-chrome +from selenium import webdriver +from selenium.webdriver.common.desired_capabilities import DesiredCapabilities + +import random, string + +driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) +driver.implicitly_wait(10) + +HOME_PAGE = 'http://121.4.94.30:91/' + +def test_login_security_fix(): + try: + driver.get(HOME_PAGE) + + elem = driver.find_element_by_link_text('登录') + elem.click() + + uname = 'lanhui' + elem = driver.find_element_by_name('username') + elem.send_keys(uname) + + elem = driver.find_element_by_name('password') + # 使用原有漏洞密码登录 + elem.send_keys("' or 'a'='a'or'a'='a") + + elem = driver.find_element_by_xpath('//form[1]/p[3]/input[1]') # 找到登录按钮 + elem.click() + + driver.save_screenshot('./app/test/test_login_security_fix0.png') + assert '无法通过验证。' in driver.page_source + finally: + driver.quit()