qa360 2.3.0 → 2.3.2

package/dist/core/crawler/trusted-types-handler.js

@@ -0,0 +1,413 @@
+/**
+ * Trusted Types Handler
+ *
+ * P1 - Trusted Types API for XSS prevention
+ *
+ * Supports:
+ * - Trusted Types detection
+ * - CSP trusted-types directive parsing
+ * - Trusted type policy creation
+ * - XSS sink monitoring
+ * - Trusted types violation tracking
+ *
+ * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/trusted-types
+ */
+/**
+ * Trusted Types Handler class
+ */
+export class TrustedTypesHandler {
+    page;
+    violations = [];
+    constructor(page) {
+        this.page = page;
+    }
+    /**
+     * Check if Trusted Types is supported
+     */
+    async isSupported() {
+        return await this.page.evaluate(() => {
+            return typeof window.TrustedTypes !== 'undefined' &&
+                typeof window.TrustedTypePolicyFactory !== 'undefined';
+        });
+    }
+    /**
+     * Get Trusted Types CSP directive
+     */
+    async getTrustedTypesDirective() {
+        return await this.page.evaluate(async () => {
+            try {
+                const response = await fetch(window.location.href, { method: 'HEAD' });
+                const csp = response.headers.get('Content-Security-Policy');
+                if (!csp)
+                    return null;
+                // Parse CSP for trusted-types directive
+                const parts = csp.split(';');
+                for (const part of parts) {
+                    const trimmed = part.trim();
+                    if (trimmed.startsWith('trusted-types')) {
+                        return trimmed.slice('trusted-types'.length).trim();
+                    }
+                }
+                return null;
+            }
+            catch {
+                return null;
+            }
+        });
+    }
+    /**
+     * Parse Trusted Types CSP directive
+     */
+    parseTrustedTypesDirective(directive) {
+        if (!directive) {
+            return {
+                directiveValues: [],
+                policyNames: [],
+                allowsNone: false,
+                allowsAll: false,
+            };
+        }
+        const values = directive.split(/\s+/).filter(Boolean);
+        const policyNames = [];
+        let allowsNone = false;
+        let allowsAll = false;
+        for (const value of values) {
+            if (value === "'none'") {
+                allowsNone = true;
+            }
+            else if (value === '*' || value === "'*'") {
+                allowsAll = true;
+            }
+            else if (value.startsWith("'")) {
+                // Other quoted value
+            }
+            else {
+                policyNames.push(value);
+            }
+        }
+        return {
+            directiveValues: values,
+            policyNames,
+            allowsNone,
+            allowsAll,
+        };
+    }
+    /**
+     * Get existing Trusted Type policies
+     */
+    async getExistingPolicies() {
+        return await this.page.evaluate(() => {
+            if (typeof window.trustedTypes === 'undefined') {
+                return [];
+            }
+            // Try to get exposed policy names
+            // Note: Policy names are not directly enumerable, but we can check
+            // if certain operations create trusted types
+            const policies = [];
+            // Check if we can detect any policy by attempting to create a trusted type
+            try {
+                const tt = window.trustedTypes;
+                if (tt.createPolicy) {
+                    // The existence of createPolicy means trusted types is active
+                    policies.push('default');
+                }
+            }
+            catch {
+                // Ignore
+            }
+            return policies;
+        });
+    }
+    /**
+     * Detect XSS sinks in the page
+     */
+    async detectXSSSinks() {
+        return await this.page.evaluate(() => {
+            const sinks = [];
+            // Common XSS sinks to check
+            const sinkSelectors = [
+                { selector: '*', property: 'innerHTML', type: 'innerHTML' },
+                { selector: '*', property: 'outerHTML', type: 'outerHTML' },
+                { selector: 'a[href]', property: 'href', type: 'location' },
+                { selector: 'area[href]', property: 'href', type: 'location' },
+                { selector: 'form[action]', property: 'action', type: 'location' },
+                { selector: 'input[formaction]', property: 'formAction', type: 'location' },
+                { selector: 'button[formaction]', property: 'formAction', type: 'location' },
+                { selector: 'iframe[src]', property: 'src', type: 'location' },
+                { selector: 'object[data]', property: 'data', type: 'location' },
+                { selector: 'embed[src]', property: 'src', type: 'location' },
+                { selector: 'link[href]', property: 'href', type: 'location' },
+            ];
+            for (const sink of sinkSelectors) {
+                const elements = document.querySelectorAll(sink.selector);
+                for (const el of Array.from(elements)) {
+                    try {
+                        const value = el[sink.property];
+                        if (value !== undefined && value !== null) {
+                            sinks.push({
+                                type: sink.type,
+                                element: el.tagName.toLowerCase() + (el.id ? '#' + el.id : ''),
+                                value: String(value).substring(0, 100),
+                                isXSSSink: true,
+                            });
+                        }
+                    }
+                    catch {
+                        // Property might not be readable
+                    }
+                }
+            }
+            return sinks;
+        });
+    }
+    /**
+     * Create a test Trusted Type policy
+     */
+    async createTestPolicy(policyName) {
+        return await this.page.evaluate((name) => {
+            try {
+                if (typeof window.trustedTypes === 'undefined') {
+                    return false;
+                }
+                const policy = window.trustedTypes.createPolicy(name, {
+                    createHTML: (input) => input,
+                    createScriptURL: (input) => input,
+                    createScript: (input) => input,
+                });
+                return policy !== undefined;
+            }
+            catch {
+                return false;
+            }
+        }, policyName);
+    }
+    /**
+     * Test if a sink requires Trusted Type
+     */
+    async testSinkRequiresTrustedType(sinkType) {
+        return await this.page.evaluate((type) => {
+            try {
+                const testDiv = document.createElement('div');
+                switch (type) {
+                    case 'innerHTML':
+                        testDiv.innerHTML = '<span>test</span>';
+                        break;
+                    case 'outerHTML':
+                        // Can't easily test outerHTML without replacing
+                        break;
+                    case 'src':
+                        const img = document.createElement('img');
+                        img.src = 'about:blank';
+                        break;
+                }
+                // If we got here without error, check if trusted types is enforced
+                return typeof window.trustedTypes !== 'undefined';
+            }
+            catch {
+                // Error might indicate trusted types enforcement
+                return true;
+            }
+        }, sinkType);
+    }
+    /**
+     * Setup violation monitoring
+     */
+    async setupViolationMonitoring() {
+        await this.page.evaluate(() => {
+            // Listen for Trusted Types violations
+            const originalHandler = window.trustedTypes?.createPolicy;
+            if (!originalHandler)
+                return;
+            // Store violations
+            if (!window.__ttViolations) {
+                window.__ttViolations = [];
+            }
+            // Override console.error to catch Trusted Types violations
+            const originalError = console.error;
+            console.error = function (...args) {
+                const message = args.join(' ');
+                if (message.includes('Failed to set') ||
+                    message.includes('Trusted Types') ||
+                    message.includes('This document requires')) {
+                    window.__ttViolations.push({
+                        message,
+                        timestamp: Date.now(),
+                    });
+                }
+                originalError.apply(console, args);
+            };
+        });
+        // Listen for console messages
+        this.page.on('console', (msg) => {
+            if (msg.type() === 'error') {
+                const text = msg.text();
+                if (text.includes('Trusted Types') || text.includes('Failed to set')) {
+                    this.violations.push({
+                        message: text,
+                        sink: 'unknown',
+                        value: 'unknown',
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Get collected violations
+     */
+    getViolations() {
+        return [...this.violations];
+    }
+    /**
+     * Clear violations
+     */
+    clearViolations() {
+        this.violations = [];
+    }
+    /**
+     * Generate full Trusted Types report
+     */
+    async generateReport() {
+        const supported = await this.isSupported();
+        const directive = await this.getTrustedTypesDirective();
+        const config = this.parseTrustedTypesDirective(directive);
+        const policies = await this.getExistingPolicies();
+        const xssSinks = await this.detectXSSSinks();
+        // Get violations from page context
+        const pageViolations = await this.page.evaluate(() => {
+            return window.__ttViolations || [];
+        });
+        const allViolations = [
+            ...this.violations,
+            ...pageViolations.map((v) => ({
+                message: v.message,
+                sink: 'detected',
+                value: 'unknown',
+            })),
+        ];
+        // Calculate security score
+        let score = 0;
+        if (supported) {
+            score += 20;
+        }
+        if (directive) {
+            score += 30;
+        }
+        if (config.allowsNone && xssSinks.length === 0) {
+            score += 50; // Strictest configuration
+        }
+        else if (config.policyNames.length > 0) {
+            score += 30; // Named policies
+        }
+        else if (config.allowsAll) {
+            score += 10; // Any policy allowed
+        }
+        // Deduct for XSS sinks without protection
+        if (xssSinks.length > 0 && !supported) {
+            score -= 20;
+        }
+        // Generate recommendations
+        const recommendations = [];
+        if (!supported) {
+            recommendations.push('Trusted Types not supported in this browser');
+        }
+        else if (!directive) {
+            recommendations.push('Add "trusted-types" CSP directive to enable XSS protection');
+            recommendations.push('Consider "trusted-types \'none\'" for strictest security');
+        }
+        else if (config.allowsAll) {
+            recommendations.push('Replace "*" with specific policy names for better security');
+        }
+        if (xssSinks.length > 0 && supported) {
+            recommendations.push('Ensure all XSS sinks use Trusted Types');
+        }
+        if (!config.allowsNone && supported) {
+            recommendations.push('Consider using "trusted-types \'none\'" to disable default policy');
+        }
+        return {
+            supported,
+            config,
+            policies,
+            xssSinks,
+            violations: allViolations,
+            securityScore: Math.max(0, Math.min(100, score)),
+            recommendations,
+        };
+    }
+    /**
+     * Validate Trusted Types configuration
+     */
+    async validate() {
+        const report = await this.generateReport();
+        const errors = [];
+        const warnings = [];
+        if (!report.supported) {
+            warnings.push('Trusted Types not supported');
+            return { valid: true, errors, warnings };
+        }
+        if (!report.config.directiveValues.length) {
+            errors.push('No trusted-types CSP directive found');
+        }
+        if (report.xssSinks.length > 0 && !report.config.allowsNone) {
+            warnings.push('XSS sinks detected without strict Trusted Types policy');
+        }
+        if (report.violations.length > 0) {
+            errors.push(`Trusted Types violations detected: ${report.violations.length}`);
+        }
+        return {
+            valid: errors.length === 0,
+            errors,
+            warnings,
+        };
+    }
+    /**
+     * Generate recommended CSP snippet for Trusted Types
+     */
+    generateRecommendedCSP(policyNames = ['default'], requireTrustedTypesFor = ['script']) {
+        const ttDirective = policyNames.length > 0
+            ? `trusted-types ${policyNames.join(' ')};`
+            : "trusted-types 'none';";
+        const requireDirectives = requireTrustedTypesFor.map(feature => `require-trusted-types-for '${feature}'`).join('; ');
+        return `${ttDirective} ${requireDirectives}`;
+    }
+    /**
+     * Test if a string passes Trusted Types validation
+     */
+    async testTrustedString(policyName, input, type = 'createHTML') {
+        return await this.page.evaluate((data) => {
+            try {
+                if (typeof window.trustedTypes === 'undefined') {
+                    return { success: false, error: 'Trusted Types not supported' };
+                }
+                const policy = window.trustedTypes.createPolicy(data.policy, {
+                    createHTML: (s) => s,
+                    createScriptURL: (s) => s,
+                    createScript: (s) => s,
+                });
+                const result = policy[data.type](data.input);
+                return {
+                    success: true,
+                    result: String(result),
+                };
+            }
+            catch (e) {
+                return {
+                    success: false,
+                    error: e instanceof Error ? e.message : String(e),
+                };
+            }
+        }, { policyName, input, type });
+    }
+    /**
+     * Get documentation URL
+     */
+    getDocumentation() {
+        return 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/trusted-types';
+    }
+}
+/**
+ * Factory function to create Trusted Types Handler
+ */
+export function createTrustedTypesHandler(page) {
+    return new TrustedTypesHandler(page);
+}
+export default TrustedTypesHandler;

package/{cli/dist → dist}/core/crawler/types.d.ts

@@ -31,6 +31,53 @@ export interface CrawlOptions {
     headless?: boolean;
     /** Wait for network idle before analysis (default: true) */
     waitForNetworkIdle?: boolean;
+    /** Preset for platform-specific crawling (Phase 1) */
+    preset?: CrawlPresetConfig;
+    /** Focused scenario for crawling (Phase 1) */
+    scenario?: 'login' | 'browse' | 'search' | 'checkout' | 'dashboard' | 'profile';
+    /** Only crawl URLs matching these patterns */
+    onlyPatterns?: string[];
+}
+/**
+ * Crawler preset with platform-specific selectors and strategies (Phase 1)
+ */
+export interface CrawlPresetConfig {
+    /** Preset identifier */
+    id: string;
+    /** Preset name */
+    name: string;
+    /** Platform-specific selectors */
+    selectors?: {
+        /** Login form selectors */
+        login?: {
+            email?: string[];
+            password?: string[];
+            submit?: string[];
+            /** Success indicators (visible after successful login) */
+            successSelectors?: string[];
+        };
+        /** Action selectors (add, remove, edit, delete) */
+        actions?: {
+            add?: string[];
+            remove?: string[];
+            edit?: string[];
+            delete?: string[];
+            buy?: string[];
+            cart?: string[];
+        };
+        /** Content selectors */
+        content?: {
+            title?: string[];
+            body?: string[];
+            price?: string[];
+        };
+        /** Navigation selectors */
+        navigation?: {
+            next?: string[];
+            prev?: string[];
+            menu?: string[];
+        };
+    };
 }
 /**
  * Authentication for crawling
@@ -40,8 +87,10 @@ export interface CrawlAuth {
     type: 'basic' | 'form' | 'bearer' | 'cookie';
     /** URL for login form (for type: 'form') */
     loginUrl?: string;
-    /** Username */
+    /** Username or email */
     username?: string;
+    /** Email (alias for username, commonly used) */
+    email?: string;
     /** Password */
     password?: string;
     /** Username selector (for type: 'form') */
@@ -131,6 +180,21 @@ export interface LinkInfo extends ElementInfo {
     /** Whether link was visited */
     visited: boolean;
 }
+/**
+ * Iframe information (Part 5)
+ */
+export interface IframeInfo extends ElementInfo {
+    /** Frame URL (src attribute) */
+    src?: string;
+    /** Frame title for accessibility */
+    title?: string;
+    /** Frame name attribute */
+    name?: string;
+    /** Whether frame has same origin (accessible) */
+    sameOrigin: boolean;
+    /** Frame selector for Playwright (iframe selector) */
+    frameSelector: string;
+}
 /**
  * Page definition after crawling
  */
@@ -167,6 +231,8 @@ export interface PageDefinition {
         checkboxes: ElementInfo[];
         /** Radio buttons */
         radios: ElementInfo[];
+        /** Iframes on the page (Part 5) */
+        iframes: IframeInfo[];
     };
     /** Navigation elements detected */
     navigation: {
@@ -271,7 +337,7 @@ export interface JourneyStep {
 /**
  * Journey action types
  */
-export type JourneyAction = 'navigate' | 'click' | 'fill' | 'select' | 'check' | 'uncheck' | 'upload' | 'hover' | 'press' | 'waitFor' | 'waitForNavigation' | 'scroll';
+export type JourneyAction = 'navigate' | 'click' | 'fill' | 'select' | 'check' | 'uncheck' | 'upload' | 'hover' | 'press' | 'waitFor' | 'waitForSelector' | 'waitForLoadState' | 'waitForNavigation' | 'scroll';
 /**
  * Site map structure
  */

package/dist/core/crawler/wait-strategies.d.ts

@@ -0,0 +1,108 @@
+/**
+ * Wait Strategies
+ *
+ * P1 - Advanced wait conditions for E2E tests
+ *
+ * Supports:
+ * - Network idle (no active network requests)
+ * - Element stable (position/size not changing)
+ * - DOM content loaded
+ * - Custom condition polling
+ * - Multiple wait strategies with timeout
+ *
+ * @see https://playwright.dev/docs/actionability
+ */
+export interface WaitConfig {
+    /** Timeout in milliseconds */
+    timeout?: number;
+    /** Poll interval in milliseconds */
+    interval?: number;
+}
+export interface NetworkIdleConfig extends WaitConfig {
+    /** Minimum idle time (ms) before considering network idle */
+    idleTime?: number;
+    /** Ignore certain URLs */
+    ignoreUrls?: (string | RegExp)[];
+}
+export interface StabilityConfig extends WaitConfig {
+    /** Minimum stable time (ms) */
+    stableTime?: number;
+    /** Check tolerance for position/size changes (pixels) */
+    tolerance?: number;
+}
+export interface WaitResult {
+    success: boolean;
+    duration?: number;
+    error?: string;
+}
+/**
+ * Wait Strategies class
+ */
+export declare class WaitStrategies {
+    private defaultTimeout;
+    private defaultInterval;
+    constructor(config?: WaitConfig);
+    /**
+     * Wait for network to be idle
+     */
+    waitForNetworkIdle(page: any, config?: NetworkIdleConfig): Promise<WaitResult>;
+    /**
+     * Wait for element to be stable (position/size not changing)
+     */
+    waitForStable(page: any, selector: string, config?: StabilityConfig): Promise<WaitResult>;
+    /**
+     * Wait for DOM content to be loaded
+     */
+    waitForDOMContent(page: any, config?: WaitConfig): Promise<WaitResult>;
+    /**
+     * Wait for network to be mostly idle (allows some background requests)
+     */
+    waitForNetworkMostlyIdle(page: any, config?: NetworkIdleConfig): Promise<WaitResult>;
+    /**
+     * Wait for element to be visible and stable
+     */
+    waitForVisibleAndStable(page: any, selector: string, config?: StabilityConfig): Promise<WaitResult>;
+    /**
+     * Wait for custom condition
+     */
+    waitForCondition(page: any, condition: () => boolean | Promise<boolean>, config?: WaitConfig): Promise<WaitResult>;
+    /**
+     * Wait for any element in a list to be visible
+     */
+    waitForAnyElement(page: any, selectors: string[], config?: WaitConfig): Promise<WaitResult>;
+    /**
+     * Wait for text to appear in element
+     */
+    waitForText(page: any, selector: string, text: string | RegExp, config?: WaitConfig): Promise<WaitResult>;
+    /**
+     * Wait for element count to match expected
+     */
+    waitForElementCount(page: any, selector: string, count: number, config?: WaitConfig): Promise<WaitResult>;
+    /**
+     * Wait for URL to match pattern
+     */
+    waitForURL(page: any, pattern: string | RegExp, config?: WaitConfig): Promise<WaitResult>;
+    /**
+     * Wait for console message matching pattern
+     */
+    waitForConsoleMessage(page: any, pattern: string | RegExp, config?: WaitConfig & {
+        type?: 'log' | 'error' | 'warning' | 'info';
+    }): Promise<WaitResult>;
+    /**
+     * Wait for page title
+     */
+    waitForTitle(page: any, title: string | RegExp, config?: WaitConfig): Promise<WaitResult>;
+    /**
+     * Wait for multiple conditions (all must be true)
+     */
+    waitForAll(page: any, conditions: Array<() => boolean | Promise<boolean>>, config?: WaitConfig): Promise<WaitResult>;
+    /**
+     * Wait for multiple conditions (any can be true)
+     */
+    waitForAny(page: any, conditions: Array<() => boolean | Promise<boolean>>, config?: WaitConfig): Promise<WaitResult>;
+}
+/**
+ * Factory function to create Wait Strategies
+ */
+export declare function createWaitStrategies(config?: WaitConfig): WaitStrategies;
+export default WaitStrategies;