seleniumsecuritygitlabgitlab-cipenetration-testing

run selenium testing in Gitlab CI

With gitlab pipeline, can I achieve the following?

stages:
 - run-dvwa       # where I launch a web target using image of https://hub.docker.com/r/vulnerables/web-dvwa
 - run-selenium   # where I launch selenium using image selenium/standalone-firefox:latest
 - run-python     # where I run some py script to crawl dvwa end points

can I run the above in sequence, which also means the container 'run-dvwa' and 'run-selenium' can't exit while it moves on to stage 'run-python'?

thank you for your suggestions or samples!

my 1st version (2021.07.26.v1)


python-test:
  services:
    - name: registry.gitlab.com/xxxx-yyy-demo/zzzzz-demo/dvwa-devops-demo
      alias: dvwa
      entrypoint: ["/main.sh"]
    - name: selenium/standalone-firefox:latest
      alias: selenium
  stage: run
  image: python:3
  script:
    - curl http://dvwa:80/login.php
    - curl http://selenium:4444/wd/hub
    - pip install selenium
    - python tests.py

my test.py

driver = webdriver.Remote("http://selenium:4444/wd/hub", DesiredCapabilities.FIREFOX)
server = 'http://dvwa:80'
driver.get(server + '/login.php')

from my testing, everything passes until the driver.get(...) line, and I got a

Traceback (most recent call last):
  File "/builds/xxxx-yyy-demo/zzzzz-demo/dvwa-devops-demo/xxxx-yyy-demo/tests.py", line 42, in <module>
    driver.get(server + '/login.php')
  File "/usr/local/lib/python3.9/site-packages/selenium/webdriver/remote/webdriver.py", line 333, in get
    self.execute(Command.GET, {'url': url})
  File "/usr/local/lib/python3.9/site-packages/selenium/webdriver/remote/webdriver.py", line 321, in execute
    self.error_handler.check_response(response)
  File "/usr/local/lib/python3.9/site-packages/selenium/webdriver/remote/errorhandler.py", line 242, in check_response
    raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.WebDriverException: Message: Reached error page: about:neterror?e=dnsNotFound&u=http%3A//dvwa/login.php&c=UTF-8&d=We%20can%E2%80%99t%20connect%20to%20the%20server%20at%20dvwa.
Solution

  • In GitLab CI, stages are meant to be executed sequentially. The next stage is only entered if the previous stage completed successfully.

    Your use case sounds more like you could benefit from services, e.g. like so:

    python-test:
  stage: test
  image: python:3
  variables:
    FF_NETWORK_PER_BUILD: 1
  services:
    - name: vulnerables/web-dvwa:latest
      alias: dvwa
    - name: selenium/standalone-firefox:latest
      alias: selenium
  before_script:
    - pip install selenium
  script:
    - python tests.py

    Note that you have to enable the network per-build feature (FF_NETWORK_PER_BUILD feature flag) so that the selenium container can connect to the dvwa container.