Using the Selenium Command

After creating and testing the Selenium command, you can use it to run a scan using WI.exe or create a macro using the API.

Important! When you conduct a scan using a Selenium command, a log directory is created in one of the following locations:

C:\Users\<UserName>\AppData\Local\Temp\

C:\Windows\Temp (when the Fortify WebInspect REST API is running under the system user)

If you end the geckodriver.exe or chromedriver.exe process while the scan is running, these temporary files will not be removed. You must manually remove these files.

Running a Scan Using WI.exe

For the command-line interface (CLI), WI.exe includes a -selenium_workflow parameter that accepts an XML object called ArrayOfSeleniumCommand as a file or a string.

Important! If you run a command as a string rather than a file, and the command contains the double-quotation mark character ("), then the character must be escaped with the backslash character (\) when you save it in the <Command> tag. For example, if the command includes spaces in the path, and you use double-quotation marks to pass the path in the Command, then the quotation marks must be escaped as shown here:

<Command>\"C:\Program Files\nunit\nunit3-console.ex\"  
C:\Projects\Tests\bin\TestHomepage_unittest.dll 
\"C:\Projects\Tests Main\bin\AddCart_unittest.dll\"</Command>

You place the Selenium command you created previously in the Command tag in the following syntax. For more information, see Creating a Selenium Command. 

<ArrayOfSeleniumCommand>
    <SeleniumCommand>
        <Command>"Commands"</Command>
        <AllowedHosts>
            <string>http://hostname/</string>
        </AllowedHosts>
        <WorkingDirectory>C:\pathtoprojectfolder\</WorkingDirectory>
    </SeleniumCommand>
    <SeleniumCommand>
        ...
    </SeleniumCommand>
    ...
</ArrayOfSeleniumCommand>

To pass the command as a file, use the following syntax:

-selenium_workflow "@PathToFile"

The following sample code pass a file named wd_firefox.txt as the command:

-selenium_workflow "@D:\tmp\selenium_wd\wd_firefox.txt"

For more information, see Using wi.exe.

Creating a Macro Using the API

To create a macro using the API, use the following endpoint:

POST /configuration/selenium/macro

The following sample code adds a macro using cURL:

curl -X POST --header "Content-Type: application/json" -d 
"{\"VerifyMacro\":true,\"name\": \"test\",\"command\": 
\"D:\\tmp\\selenium_wd\\bin\\net35\\nunit3-console.exe 
\\\"D:\\tmp\\selenium_wd\\selenium_c_sharp-master\\Selenium\\
bin\\Debug\\Selenium.dll\\\"\",\"allowedHosts\": 
[\"http://zero.webappsecurity.com\"]}" 
http://localhost:8083/webinspect/configuration/selenium/macro

The following sample code starts a scan using cURL:

curl.exe -X POST --header "Content-Type: application/json" 
--header "Accept: application/json" -d "{\"settingsName\": 
\"Default\", \"overrides\": { \"startOption\": \"macro\", 
\"workflowMacros\": [\"test \"],\"AllowedHosts\":[\"\\*\"] , 
\"crawlAuditMode\": \"auditOnly\"  } }" 
http://localhost:8083/webinspect/scanner/scans

Complete usage information and sample code are included in the Swagger UI, and objects are similar to those described in Running a Scan Using WI.exe. For more information, see Using the Swagger UI.

The WorkingDirectory and AllowedHosts arguments are optional. In some cases, AllowedHosts can be determined automatically. However, Fortify recommends that you set AllowedHosts for each macro.

In some cases, you must set the Working Directory path, which is the "current working directory," for the WorkingDirectory argument.