Page tree
Skip to end of metadata
Go to start of metadata

Last updated: Dec 31, 2018 16:26

Introduction

When applications require certain levels of secure input over the network, for example when sending a user's password to the bank server, the communication between the application (client) and the service provider (server) will usually employ some level of encryption for the information passed between these two entities. Similarly, when automating an application over the network, for example as performed when using Selenium/Appium in the Perfecto CQ Lab, there may be a requirement to only transfer encrypted strings between the automation script and the device at the other side of the network divide. This requirement may apply to certain sensitive input strings provided by the automation script, such as user names and passwords.

Perfecto's String Encoder

Perfecto is very aware of the requirement to transfer encrypted text from the automation scripts to the controlled devices. Therefore, both the IDE and Selenium/Appium plugins provide a String Encoder tool. The tool allows the tester to generate encrypted string versions of the input strings, that can then be transmitted by the automation script to the application on the device, using the sendKeys() method of the UI Element.

Incorporating Secure Strings into Selenium/Appium Scripts

As a best practice:

  1. Prepare your encrypted strings as private static final String variables -
    1. Activate the String Encoder tool from the plugin's Command Sidebar at the bottom
    2. Enter the string to encrypt, activate the encryption, and copy to the clipboard -
    3. Paste the string as the value of a static variable.
      Important Note: Prefix the string with "secured.", this indicates to the Selenium server that the string in encrypted and the server will decrypt the string prior to transmitting it to the UI Text Field on device.

      private static final String Secured_uname = "secured.SfmvKka20FP+V77HFThFSA==";
      private static final String Secured_pw = "secured.cJiPYMXBxIx4WogfiHIjQg==";
  2. Use these String variables as the strings that are transmitted as part of the automation.

    1. When using the secured string with the PerfectoMobile value of the automationName capability

      driver.findElementByName("username").sendKeys(Secured_uname);
      driver.findElementByName("password").sendKeys(Secured_pw);
    2. When using the secured string with the Appium or XCUITest value of the automationName capability

      //declare the Map for script parameters
      Map<String, Object> params = new HashMap<>();
      
      params.put("text", Secured_uname);
      params.put("by", "Name");
      params.put("value", "username");
      driver.executeScript("mobile:application.element:set", params);
    3. When using a secured string for Desktop Web Selenium testing:

      //declare the Map for script parameters
      Map<String, Object> params = new HashMap<>();
      
      params.put("value", Secured_uname);
      params.put("label", "username");
      driver.executeScript("mobile:edit-text:set", params);
  3. Wrap the code within a Reporting Step to quickly identify the execution when looking at your automation's test report.
    The complete snippet (based on option 2a above) would look something like this:

    // encoded strings:
    private static final String Secured_uname = "secured.SfmvKka20FP+V77HFThFSA==";
    private static final String Secured_pw = "secured.cJiPYMXBxIx4WogfiHIjQg==";
    ...
        reportiumClient.stepStart("Send secured strings as username and password fields");
        driver.get("myApp URL");
        driver.findElementByName("username").sendKeys(Secured_uname);
        driver.findElementByName("password").sendKeys(Secured_pw);
        driver.findElementByName("loginBtn").click();
        reportiumClient.stepEnd();
        ...

Secure Strings in the Test Report

When viewing the Single Test Report (STR) of the automation execution any string values sent to the device as a Secured String will be displayed as "***":