locust icon indicating copy to clipboard operation
locust copied to clipboard
verified publisher icon buttercup

Form fields not recognized correctly

Open christianschneider89 opened this issue 6 years ago • 3 comments

On the URL https://www.postfinance.ch/ap/ba/fp/html/e-finance/home?login the form is not recognized correctly. As you can see in the screenshot locust recognizes the second and the third field. The first two fields are mandatory, the third is optional.

image

christianschneider89 avatar Nov 22 '19 12:11 christianschneider89

Looking the HTML, the not recognized input is: <input name="p_username" class="text_input--field" id="text_input_narrow-u4" placeholder="" type="text" value="" maxlength="23" autocomplete="off" data-bcup-score="10">

Here another page where locust doesn't recognize correctly: https://admin.cdmon.com/en/access

Captura de Pantalla 2020-03-31 a les 11 01 56

Looking the HTML, the input fragment is: <input name="dades[usuario]" id="usuario" autofocus="true">

Regarding the repo structure, I guess that the solution is to add some lines in testing scripts: https://github.com/buttercup/locust/blob/master/source/inputs.js#L5

@perry-mitchell , Shall I do a PR adding name="p_username" and id="usuario" ??

Thanks for all buttercup environment!

situplastik avatar Mar 31 '20 09:03 situplastik

Hi @situplastik - Thanks for the detailed report, and sorry on the huge delay. Has been a busy Q1 for me.

The issue here is that the detection is imperfect, of course, but one aspect of this is that it relies currently on language-specific terms like username and password. Having this functionality internationalised would be a nightmare.. so I'm not entirely sure of the best way to move forward here. There's no standard way to build a login/registration form, so there's nothing to lean on here. We could try to set an example here by allowing internationalised form detection, but then I think we'd better redesign the detection method to allow for simpler transation support of keywords into all languages. Any suggestions on this point are very welcome.

perry-mitchell avatar Apr 19 '20 13:04 perry-mitchell

Hi @perry-mitchell , don't worry about the delay, sometimes is hard to find a good moment to spend with ;)

Yes, I totally agree with you and the solution must be as easy and maintainable possible.

To solve the @christianschneider89 initial issue, a non-complex solution would be to edit regex testing with "%LIKE%" before & after "username" as /name=".*username.*"/ . I'm not really confident with REGEX expression, so maybe someone with more acknowledge must review it. That solution would solve as well if some input have a array field as name="data[username]".

Looking my example, no good idea (beside your suggestion of doing some i18n detection structure) appear in my mind... Maybe if a form only have 2 fields and the second field pass the password check, locust could presume that the other field is an username, but I'm quite sure that the cure will be worse than the disease... many bugs or non-expected results could be appear :(

situplastik avatar Apr 19 '20 20:04 situplastik