The Appium team makes every effort to ensure the security of the Appium server. This is especially important when Appium is run in a multitenant environment, or when multiple users are running sessions on the same Appium server. In general, if you’re running your own Appium server locally, and not sharing it with anyone else, and don’t expose Appium’s port to the wider internet, you should have nothing to worry about, and can safely enable all Appium’s features.
Appium团队竭尽全力确保Appium服务器的安全.
特别重要的是运行在多种工作环境中,
或当用户数量较多运行会话在同一个Appium server中.
一般来说,如果你的运行正在运行你自己的本地Appium server,
并且不与任何人共享,也不将Appium的端口在互联网中暴露,
你不必担心,并且可以安全启用所有Appium的功能.
But because many Appium users might not be able to guarantee such a safe environment, the Appium team puts many features behind a security protection mechanism which forces system admins (the people that are in charge of starting the Appium server) to opt-in to these features explicitly.
但由于很多Appium用户可能无法保证这样一个安全环境,
Appium team将一些特别的部分在一种安全保护装置后
该机制强制系统管理员(Appium server负责启动的人员)明确选择使用这些特别的功能
For security reasons, Appium client sessions can not request feature enablement via capabilities. This is the responsibility of the one who launches the Appium server.
为了安全的原因,
Appium client 会话没有请求功能启用.
这是Appium server的负责启动的那个人的责任.
Security Server Args
The server args doc outlines three relevant arguments which may be passed to Appium when starting it from the command line:
server args doc概述了从命令行启动Appium时可能传递给Appium的三个相关参数:
--relaxed-security: Setting this flag turns on all insecure features (unless blocked by--deny-insecure; see below)
设置此标志将启动所有不安全的功能
除非被“--deny unsecure”阻止);(见下文)
--allow-insecure: Setting this flag to a comma-separated list of feature names or a path to a file containing a feature list (each name on a separate line) will allow only the features listed. For example,--allow-insecure=adb_shellwill cause only the ADB shell execution feature to be enabled. This is true unless--relaxed-securityis also used, in which case all features will still be enabled. It makes no sense to combine this flag with--relaxed-security.
设置此标记为以逗号分隔的要素名称列表或包含要素列表
或一个包含要素文件的路径(每个名称在单独的行上)
将只允许列出的功能.
例如:'--allow-insecure=adb_shell'将导致仅在ADB shell中执行待启用功能.
正确的是除非在'--relaxed-security'也使用的,
在这种情况下,
所有特性仍将启用.
将此标志与'-relaxed security'结合使用是没有意义的.
--deny-insecure: This flag can likewise be set to a comma-separated list of feature names, or a path to a feature file. Any features listed here will be disabled, regardless of whether --relaxed-security is set and regardless of whether the names are also listed with --allow-insecure.
此标志同样可以设置为以逗号分隔的表格的要素名称,
或要素文件的一个路径.
任何要素列表这里都将禁用,
不管是否设置了'--relaxed-security'
和不管这些名字是否也用'--allow-insecure'.
Insecure Features
Each Appium driver is responsible for its own security, and can create its own feature names. These are the features and names we know about for the officially-supported Appium drivers.
每个Appium driver都负责自己的安全,
并可以创建它自己的功能名称.
这些我们知道的功能和名称关于officially-supported(官方支持)
的Appium驱动程序.
| Feature Name | Description | AutomationName |
|---|---|---|
get_server_logs | Allows retrieving of Appium server logs via the Webdriver log interface | IOS, XCUITest, Android, UiAutomator2, Espresso |
adb_shell | Allows execution of arbitrary shell commands via ADB, using the mobile: shell command | Android, UiAutomator2, Espresso |
shutdown_other_sims | Allow any session to use a capability to shutdown any running simulators on the host | XCUITest |
perf_record | Allow recording the system performance and other metrics of the simulator | XCUITest |
record_audio | Allow recording of host machine audio inputs | XCUITest |
chromedriver_autodownload | Allow to download ChromeDriver automatically if Appium does not have proper the version | Android, UiAutomator2, Espresso |
execute_driver_script | Allows to send a request which has multiple Appium commands. Read documentation for more details | All |
Please see also below links. They might have additional flags.
参阅以下链接
- appium-android-driver
- appium-xcuitest-driver
- appium-mac-driver
- appium-windows-driver
For Driver Developers
2 methods exist on objects of classes which extend BaseDriver, which make the life of the driver developer easier when checking availability of insecure features:
两种方法在扩展BaseDriver的累对象上,
这可以让开发人员在检查不安全功能的可用性时的工作变得更加轻松.
this.isFeatureEnabled(name): returns true or false depending on whether the server security flags combine to allow the feature in question.
返回真或假取决于服务器安全标记是否组合在一起以允许所有问题的功能.
this.ensureFeatureEnabled(name): throws an error with the feature name and a link to this doc if the feature in question is not allowed.
如果问题的功能是不允许的则使用功能名称和一个链接到这个文件时抛出错误.
扫一扫
154
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
