I need to write an automated test for an application that uses the device's camera from the browser. For that I'll need to deny the permission to the camera and upload an image, otherwise the browser displays the prompt asking for camera access and that blocks the automated test. On Playwright's documentation, I have only seen the grantPermissions and clearPermissions methods. Is it currently possible to deny access to the camera so I can automate this test case with Playwright? I haven't found anything on the web, on Stack Overflow or on SQA Stack Exchange.
Don't look for anything difficult in it. If you don't grant permissions, then they are denied.
If you want to be explicit to make for example it easier for other people to understand your intent, you can use an empty array.
An example when creating a new context could be:
context = await browser.newContext({
...options.contextConfig(),
permissions: [],
});
Related
I am trying to collect all active TIs via the Beta Graph API by following this. But it doesn't return anything. Here is what I use in Postman:
https://graph.microsoft.com/beta/security/tiIndicators
Response (200):
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#security/tiIndicators",
"value": []
}
A bit of context for the environment I work in.
The tenant has multiple Sentinel workspaces & resource groups.
The application I use has the correct permissions:
ThreatIndicators.Read.All
ThreatIndicators.ReadWrite.OwnedBy
ThreatSubmission.Read.All
ThreatSubmission.ReadWrite.All
It is my current belief that this might be due to the limitations of the Beta API. My reasoning is that accourding to this documentation you need the ThreatIndicators.ReadWrite.OwnedBy permission to access the API. This would suggest that currently you can only view TI's that the resource itself created.
If more info is needed just ask.
According to the documentation, ThreatIndicators.ReadWrite.OwnedBy permission allow you to manage threat indicators your app creates or owns.
If you want to read all the threat indicators for your organization then your app needs ThreatIndicators.Read.All permission.
Although this is not a solution to the question it is a workaround. By using the Log Analytics API you can get the TI via a KQL.
ThreatIntelligenceIndicator
| where ExpirationDateTime > now() and
NetworkIP matches regex #"^(?:(?:25[0-5]|(?:2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$" and
ConfidenceScore > 25
| summarize by NetworkIP
This is probably better as you can also use a watchlist to exclude specific IP addresses with one request.
One thing I struggled with this was Authorization. You must give your Application permission to use the api.loganalytics.io API, and the application needs the Log Analytics Reader role in the Log Analytic workspace you want to use.
Clicking a mailto: link will open my default mail client. In a similar manner, I would like to launch an Electron app with my-app:. What is the best way to achieve this and gracefully fallback to a standard http link if the app isn't installed?
Furthermore, I would also like to be able to pass through some extra details my-app:foo/bar. How would this be intercepted inside of Electron when it launches?
I have read some docs on what I think might be relevant stuff: http://electron.atom.io/docs/v0.36.0/api/protocol/ however as a frontend dev there's some gaps in my understanding of how the overarching process works. Any help much appreciated!
Electron has evolved quite a bit since this question was first posted.
You no longer have to dive quite as deep and can skip the Electron protocol API. Instead, use the app.setAsDefaultProtocolClient(protocol[, path, args]) interface and its siblings app.removeAsDefaultProtocolClient(protocol[, path, args]) and app.isDefaultProtocolClient(protocol[, path, args]).
These enable you to register a protocol identifier your-protocol:// and receive arguments:
The whole link, including protocol, will be passed to your application
as a parameter. Electron API docs
I'm not sure if it is possible to do what you want to do. Depending on whether you want to launch your Electron app from an actual browser window or simply from another Electron instance.
I found this other Stack Overflow post link that shows a workaround (though I'm afraid it won't graciously default to anything) and explains how it could be dangerous to launch programs directly from the browser.
If you want to launch your Electron app from another Electron app however you might want to check this out link.
I want to modify the registry value at run time in an application and should make sure that user has permission to do that.
Is it possible to check if the user has permission to write into registry before editing the registry values?
This is certainly possible using the AccessCheck Win32 API. However, it's not very easy to implement. You'll find many examples online and you'll soon discover that Windows security is tricky.
On the other hand it is trivially easy to attempt to write a value and check for ERROR_ACCESS_DENIED. That is the recommended way to deal with access rights.
Note that you typically do not need to modify a value to ascertain whether or not the user has sufficient rights. Generally it suffices to attempt to open the containing key for writing. If that fails, you won't be able to modify the value.
Is there an API call to check if the current user has write access to the registry?
We have an older program which sadly stores several critical values in HKLM that must be updated when the application starts and ends (there is a service which picks these up).
Elevating the user is not an option and running as admin is also not an option.
We just need to check if we can write (and no, writing a key and catching the exception is not what im looking for).
The Win32 API function that you ask for is AccessCheck. However, it's not the easiest function to use.
The commonly accepted way to do what you are attempting is to write the value without performing any checks beforehand. If the write fails with ERROR_ACCESS_DENIED, then you don't have rights. It's better to ask forgiveness than permission, certainly when it comes to Windows security!
I am convinced that I want to use Glimpse for my project, but I would like to learn a bit more about the security model.
From what I can tell, when you turn Glimpse on, it simply writes a set of cookies to the client. When Glimpse receives these cookies, Glimpse begins to record information for the request and then sends it to the client.
Seems like I could just set the cookies for a site I know uses Glimpse and I would then be able to see their information.
I highly doubt this is how it works, so I would like to know what features are in place to prevent exposing server information.
Glimpse uses a collection of configurable Runtime Policies (http://getglimpse.com/Help/Custom-Runtime-Policy) that dictate how Glimpse responds to any given HTTP request.
Glimpse already adds some Runtime Policies out of the box that filter requests based on content types, http status codes, remote or local access, Uri's...
You can also build your own by implementing the IRuntimePolicy and check for instance if a user is authenticated and member of a specific group and based on that allow Glimpse to gather and return data or not. Such an example can be found at the link above.