From b83b64ce13e72af27e7fc4c4df7ab74aeb28ba8d Mon Sep 17 00:00:00 2001 From: Kentaro Ohkouchi Date: Thu, 17 Feb 2022 14:38:10 +0900 Subject: [PATCH 1/2] =?UTF-8?q?proxy=20=E3=81=AE=E7=92=B0=E5=A2=83?= =?UTF-8?q?=E5=A4=89=E6=95=B0=E3=81=AF=E4=B8=8D=E8=A6=81=E3=81=AB=E3=81=AA?= =?UTF-8?q?=E3=81=A3=E3=81=9F=E3=81=9F=E3=82=81=E5=89=8A=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - refs #5282 --- zap/selenium/ci/TypeScript/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/zap/selenium/ci/TypeScript/README.md b/zap/selenium/ci/TypeScript/README.md index 86b78f9f13c..57cc0f29119 100644 --- a/zap/selenium/ci/TypeScript/README.md +++ b/zap/selenium/ci/TypeScript/README.md @@ -42,10 +42,10 @@ docker-compose up -d ec-cube ## yarn でテストを実行します。 cd zap/selenium/ci/TypeScript yarn install && yarn playwright install # (初回のみ) -HTTP_PROXY=127.0.0.1:8090 HTTPS_PROXY=127.0.0.1:8090 yarn playwright test +yarn playwright test ## (Optional) 個別にテストする場合は、テストのファイル名を指定してください。 -HTTP_PROXY=127.0.0.1:8090 HTTPS_PROXY=127.0.0.1:8090 yarn playwright test test/front_guest/contact.test.ts +yarn playwright test test/front_guest/contact.test.ts ``` #### 実行中に OWASP ZAP を操作したい場合 @@ -69,7 +69,7 @@ HTTP_PROXY=127.0.0.1:8090 HTTPS_PROXY=127.0.0.1:8090 yarn playwright test test/f 以下のように playwright に `--headed` オプションを付与することで Chrome が実際に起動し、実行状況を確認できます。 ``` shell -HTTP_PROXY=127.0.0.1:8090 HTTPS_PROXY=127.0.0.1:8090 yarn playwright test test/front_guest/contact.test.ts --headed +yarn playwright test test/front_guest/contact.test.ts --headed ``` また、 [`page.pause()`](https://playwright.dev/docs/api/class-page#page-pause)をテストコードに埋め込めばステップ実行も可能です。 From 4f2024a2ce9edb9b9758ee09a8bb800c72d56001 Mon Sep 17 00:00:00 2001 From: Kentaro Ohkouchi Date: Thu, 17 Feb 2022 14:39:45 +0900 Subject: [PATCH 2/2] =?UTF-8?q?=E8=84=86=E5=BC=B1=E6=80=A7=E5=AF=BE?= =?UTF-8?q?=E5=BF=9C=E5=8B=89=E5=BC=B7=E4=BC=9A=E3=81=AE=E8=B3=87=E6=96=99?= =?UTF-8?q?=E3=81=B8=E3=81=AE=E3=83=AA=E3=83=B3=E3=82=AF=E3=82=92=E8=BF=BD?= =?UTF-8?q?=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- zap/selenium/ci/TypeScript/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/zap/selenium/ci/TypeScript/README.md b/zap/selenium/ci/TypeScript/README.md index 57cc0f29119..9fcc153cb9f 100644 --- a/zap/selenium/ci/TypeScript/README.md +++ b/zap/selenium/ci/TypeScript/README.md @@ -93,4 +93,5 @@ GitHub Actions のワークフローが完了すると、 OWASP ZAP のセッシ ## 参考 - EC-CUBE開発者向けドキュメントの [EC-CUBE Penetration Testing with OWASP ZAP](https://doc4.ec-cube.net/penetration-testing) も併わせてお読みください +- [脆弱性対応勉強会Expansion 第05回(OWASP ZAP&EC-CUBE)発表資料](https://zenn.dev/nanasess/articles/vulnstudy05-owasp-and-eccube) - [Driving OWASP ZAP with Selenium](https://owasp.org/www-chapter-london/assets/slides/OWASPLondon-OWASP-ZAP-Selenium-20180830-PDF.pdf)