nightwatchjs/nightwatch

password visible in html output

Open

Aperta il 16 ott 2023

Vedi su GitHub
 (6 commenti) (0 reazioni) (0 assegnatari)JavaScript (11.707 star) (1289 fork)batch import
enhancementhelp wanted

Descrizione

Description of the bug/issue

When using setValue in tests, and also ´setPassword`, the field is visible in the html, json and xml reports.

I found an old issue regarding this that was closed with a reference to a Browserstack configuration. But as far as I understand, that is not applicable if you're not using Browserstack.

Here is the issue I refer to: https://github.com/nightwatchjs/nightwatch/issues/758

Our solution to this was to do a string replace in the final report. We found it simpler than creating custom reporter since we wanted all the features of the standrad html report. Maybe there is a simpler more standard way of doing this? But ideally, Nightwatch shouldn't put values in the report if setPassword is used.

Steps to reproduce

  1. Use setValue or setPassword etc in a test
  2. Run the test with the html reporter
  3. Check the report for where the password field is set, it will display something like:
setValue('<selector>,<password in cleartext>)

Sample test

this.navigate()
        .isVisible('@userNameField')
        .setValue('@userNameField', username)
        .setPassword('@passWordField', password)
        .click('@signInButton')

Command to run

nightwatch --reporter html

Verbose Output

No response

Nightwatch Configuration

No response

Nightwatch.js Version

3.2.1

Node Version

19.9.0

Browser

Chrome 117.0.5938

Operating System

MacOS Ventura

Additional Information

No response

Guida contributor

Tech stack
javascriptnodejshtml
Dominio
testing
Tipo issue
bug
DifficoltàQuanto dovrebbe essere impegnativa per un nuovo contributor.
3
Tempo stimatoTempo stimato per completare e verificare uno scope piccolo.
1-3 hours
Stato attivitàQuanto è probabile che la issue sia ancora attiva e reviewable.
needs maintainer response
ChiarezzaQuanto chiaramente la issue descrive problema, scope e risultato atteso.
clear
Prerequisiti
Basic understanding of Nightwatch.js
Adatta ai principiantiQuanto la issue è adatta a contributor alla prima esperienza.
50
Direzione di ricerca
Investigate the HTML reporter source code, likely in `lib/reporter/html.js` or similar. Look for where the step details (including `setValue` and `setPassword` arguments) are rendered. The goal is to mask password values from the output. Check existing issue #758 for prior context. Consider adding a configuration option or automatic detection of `setPassword` to redact the value.