Added new resources and improved interaction script and custom python endpoint

bci/browser/configuration/browser.py

@@ -115,6 +115,10 @@ def _get_terminal_args(self) -> list[str]:
     def get_navigation_sleep_duration(self) -> int:
         pass
 
+    @abstractmethod
+    def get_open_console_hotkey(self) -> list[str]:
+        pass
+
     @staticmethod
     def get_browser(
         browser_config: BrowserConfiguration, eval_config: EvaluationConfiguration, state: State

bci/browser/configuration/chromium.py

@@ -35,6 +35,9 @@ class Chromium(Browser):
     def get_navigation_sleep_duration(self) -> int:
         return 1
 
+    def get_open_console_hotkey(self) -> list[str]:
+        return ["ctrl", "shift", "j"]
+
     def _get_terminal_args(self) -> list[str]:
         assert self._profile_path is not None
 

bci/browser/configuration/firefox.py

@@ -23,6 +23,9 @@ class Firefox(Browser):
     def get_navigation_sleep_duration(self) -> int:
         return 2
 
+    def get_open_console_hotkey(self) -> list[str]:
+        return ["ctrl", "shift", "k"]
+
     def _get_terminal_args(self) -> list[str]:
         assert self._profile_path is not None
 

bci/browser/interaction/simulation.py

@@ -29,6 +29,7 @@ class Simulation:
         'report_leak',
         'assert_file_contains',
         'open_file',
+        'open_console',
     ]
 
     def __init__(self, browser_config: BrowserConfig, params: TestParameters):
@@ -54,9 +55,9 @@ def navigate(self, url: str):
         self.browser_config.terminate()
         self.browser_config.open(url)
         self.sleep(str(self.browser_config.get_navigation_sleep_duration()))
+        self.click_position("100", "50%")   # focus the browser window
 
     def new_tab(self, url: str):
-        self.click_position("100", "50%")   # focus the browser window
         self.hotkey("ctrl", "t")
         self.sleep("0.5")
         self.write(url)
@@ -112,3 +113,7 @@ def assert_file_contains(self, filename: str, content: str):
 
     def open_file(self, filename: str):
         self.navigate(f'file:///root/Downloads/{filename}')
+
+    def open_console(self):
+        self.hotkey(*self.browser_config.get_open_console_hotkey())
+        self.sleep("1.5")

bci/evaluations/custom/default_files/py

@@ -1,10 +1,10 @@
 from flask import Request
+from typing import Callable
 
-# Make sure that your page directory starts with 'py-'
-
-def main(req: Request):
+def main(req: Request, report_leak: Callable[[], None]):
     # TODO - implement your functionality and return a Flask response
-
+    # If you need to report a leak, call report_leak()
+
     return {
         "agent": req.headers.get("User-Agent"),
         "cookies": req.cookies,

bci/evaluations/custom/default_files/script.cmd

@@ -17,4 +17,5 @@
 
 ### Debugging commands
 # SCREENSHOT file_name
-# OPEN_FILE file
+# OPEN_FILE file
+# OPEN_CONSOLE

bci/web/blueprints/experiments.py

@@ -157,4 +157,15 @@ def python_evaluation(project: str, experiment: str, file_name: str):
     sys.modules[module_name] = module
     spec.loader.exec_module(module)
 
-    return module.main(request)
+    def report_leak() -> None:
+        remote_ip = request.headers.get("X-Real-IP")
+        response_data = {
+            "url": url_for("experiments.report_endpoint", leak=experiment),
+            "method": request.method,
+            "headers": dict(request.headers),
+            "content": request.data.decode("utf-8"),
+        }
+
+        requests.post(f"http://{remote_ip}:5001/report/", json=response_data, timeout=5)
+
+    return module.main(request, report_leak)

bci/web/vue/src/interaction_script_mode.js

@@ -1,4 +1,4 @@
-const KEYWORDS = "NAVIGATE|NEW_TAB|CLICK_POSITION|CLICK|WRITE|PRESS|HOLD|RELEASE|HOTKEY|SLEEP|SCREENSHOT|REPORT_LEAK|ASSERT_FILE_CONTAINS|OPEN_FILE";
+const KEYWORDS = "NAVIGATE|NEW_TAB|CLICK_POSITION|CLICK|WRITE|PRESS|HOLD|RELEASE|HOTKEY|SLEEP|SCREENSHOT|REPORT_LEAK|ASSERT_FILE_CONTAINS|OPEN_FILE|OPEN_CONSOLE";
 
 ace.define("ace/mode/interaction_script_highlight_rules",["require","exports","module","ace/lib/oop","ace/mode/text_highlight_rules"], function(require, exports, module){"use strict";
     const oop = require("../lib/oop");

experiments/pages/Support/AutoGUI/script.cmd

@@ -1,5 +1,7 @@
 NAVIGATE https://a.test/Support/AutoGUI/main
 
+OPEN_CONSOLE
+
 SCREENSHOT click1
 CLICK one
 WRITE AutoGUI

experiments/pages/Support/PythonServer/a.test/main/index.html

@@ -2,7 +2,7 @@
     <body>
         <script>
             (async () => {
-                const res = await fetch('https://a.test/Support/PythonServer/py-server/');
+                const res = await fetch('https://a.test/Support/PythonServer/server.py?leaked_secret');
                 const x = await res.text();
                 document.location = `https://a.test/report/?leak=PythonServer&response=${encodeURIComponent(JSON.stringify(x))}`;
             })();

experiments/pages/Support/PythonServer/a.test/server.py

@@ -1,9 +1,9 @@
 from flask import Request
+from typing import Callable
 
-# Make sure that your file ends with '.py'
-
-def main(req: Request):
-    # TODO - implement your functionality and return a Flask response
+def main(req: Request, report_leak: Callable[[], None]):
+    if "leaked_secret" in req.url:
+        report_leak()
 
     return {
         "agent": req.headers.get("User-Agent"),

experiments/res/subtitles.vtt

@@ -0,0 +1,21 @@
+WEBVTT
+
+1
+00:00:00.000 --> 00:00:01.000
+LOREM
+
+2
+00:00:01.000 --> 00:00:02.000
+IPSUM
+
+3
+00:00:02.000 --> 00:00:03.000
+DOLOR
+
+4
+00:00:03.000 --> 00:00:04.000
+SIT
+
+5
+00:00:04.000 --> 00:00:59.000
+AMET