Class | Description |
---|---|
BrowserstackCredential |
Retrieves, validates, supplies Browserstack Credential.
|
BrowserstackCredentialSecrets |
If you must use inline credentials, put them in this file
and ensure it does not get into source control.
|
CredentialGetter |
Utility class to retrieve credential from disk.
|
WebDriverWrapper |
Provides Selenium WebDriver.
|
Enum | Description |
---|---|
BrowserstackCredential.Mode |
Enumeration enumerates supported ways to retrieve credential.
|
WebDriverWrapper.Browser |
Enumerates browser options for Browserstack.
|
Exception | Description |
---|---|
BrowserstackAutomateKeyException |
At some point the Browserstack Automate key will
be entered incorrectly or refused by the host.
|
BrowserstackCredential.UsingRecycledCredentialInstance |
Problem of using a recycled credential.
|
CredentialRetrievalException |
Gathers data related to a problem retrieving
credential information from local filesystem.
|
WebDriverWrapperReinstantiationException |
Thrown if wrapper is re-instantiated with out quitting previous.
|
BrowserstackCredential.Mode
for supported
credential storage approaches: "local file"
, "embedded in source"
, and "console prompt"
.
As regards the Selenium webdriver authentication mechanism, it is what it is. The best we can do is ensure that the user ID and automate key are protected. Were PCI certification required here, it would need to address two kinds of secrets:
Credentials are the keys to the servers and services. Per the specification:
8.2.1 Using strong cryptography, render all authentication credentials (such as passwords/phrases) unreadable during transmission and storage on all system components.
— PCI DSS v 3.2
The most egregious risk at this point is the possibility of transmitting the credential to Bitbucket or Github, where it can be read by all the world.
As a start, I've just put in a couple of controls to get me closer to the specification:
To block this, the code references a file called .bsc in the user's home directory. See README.md in the project for how to set this up.
The console prompts for user ID and key, and the secret information remains safely off of the system and out of the source code. This works when running the product from the command line but not from maven.
3/5/2018 there is a problem with prompting not happening automatically. Until this is fixed the .bsc file is the only way to automate connectivity to Browserstack.
Browserstack has a 'build name' field that is set once per Selenium WebDriver session and that can be used to look up test results on their website. For working through new tests, I'm putting the integration test method name into this field so that I can identify tests that are erroring. This means I am instatiating a new webdriver each time I run a test.
Some classes I plan to build for the testing of the site Tester is coming together in a Bitbucket git repository. As of 10/25/17 you can run this yourself if you copy the BrowserstackCredentials file to the testSite package directory and update it with your own secret browserstack credentials.
Copyright © 2018. All rights reserved.