Update workflow for PRs to require safe-to-test label to run BrowserStack tests

Merge pull request #3502 from beefproject/dependabot/npm_and_yarn/lodash-4.17.23
Bump lodash from 4.17.21 to 4.17.23
2026-01-27 09:05:28 +10:00 · 2026-01-21 23:06:10 +00:00 · 2026-01-21 23:03:34 +00:00 · 2026-01-19 14:54:05 +00:00 · 2026-01-19 14:51:26 +00:00 · 2026-01-19 14:50:21 +00:00
8 changed files with 119 additions and 82 deletions
--- a/.github/workflows/github_actions.yml
+++ b/.github/workflows/github_actions.yml
@@ -2,18 +2,34 @@ name: 'BrowserStack Test'

 on:
  pull_request_target:
+    types: [opened, synchronize, reopened, labeled]
    branches: [ master ]
-      
+
 jobs:    
  ubuntu-job:
    name: 'BrowserStack Test on Ubuntu'
+    if: contains(github.event.pull_request.labels.*.name, 'safe-to-test')
    runs-on: ubuntu-latest  # Can be self-hosted runner also
+    permissions:
+      contents: read
+      pull-requests: write
    environment:
      name: Integrate Pull Request
    env: 
      GITACTIONS: true
    steps:

+      - name: 'Remove safe-to-test label'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.removeLabel({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              name: 'safe-to-test'
+            })
+
      - name: 'BrowserStack Env Setup'  # Invokes the setup-env action
        uses: browserstack/github-actions/setup-env@master
        with:
--- a/11
+++ b/11
@@ -78,9 +78,20 @@ RUN adduser --home /beef --gecos beef --disabled-password beef \
    zlib1g \
    bison \
    nodejs \
+    firefox-esr \
 && apt-get -y clean \
 && rm -rf /var/lib/apt/lists/*

+# Install geckodriver for Selenium tests
+# Pin version and verify checksum to mitigate supply chain attacks
+ENV GECKODRIVER_VERSION=v0.36.0
+ENV GECKODRIVER_SHA256=0bde38707eb0a686a20c6bd50f4adcc7d60d4f73c60eb83ee9e0db8f65823e04
+RUN wget -q "https://github.com/mozilla/geckodriver/releases/download/${GECKODRIVER_VERSION}/geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" \
+ && echo "${GECKODRIVER_SHA256}  geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" | sha256sum -c - \
+ && tar -xzf "geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz" -C /usr/local/bin \
+ && chmod +x /usr/local/bin/geckodriver \
+ && rm "geckodriver-${GECKODRIVER_VERSION}-linux64.tar.gz"
+
 # Use gemset created by the builder above
 COPY --chown=beef:beef . /beef
 COPY --from=builder /usr/local/bundle /usr/local/bundle
--- a/6
+++ b/6
@@ -63,11 +63,11 @@ end
 group :test do
  gem 'test-unit-full', '~> 0.0.5'
  gem 'rspec', '~> 3.13'
-  gem 'rdoc', '~> 7.0'
+  gem 'rdoc', '~> 7.1'
  gem 'browserstack-local', '~> 1.4'

  gem 'irb', '~> 1.16'
-  gem 'pry-byebug', '~> 3.11'
+  gem 'pry-byebug', '~> 3.12'

  gem 'rest-client', '~> 2.1.0'
  gem 'websocket-client-simple', '~> 0.6.1'
@@ -79,7 +79,7 @@ group :test do
  # Note: selenium-webdriver 3.x is incompatible with Firefox version 48 and prior
  # gem 'selenium' # Requires old version of selenium which is no longer available
  gem 'geckodriver-helper', '~> 0.24.0'
-  gem 'selenium-webdriver', '~> 4.39'
+  gem 'selenium-webdriver', '~> 4.40'

  # Note: nokogiri is needed by capybara which may require one of the below commands
  # sudo apt-get install libxslt-dev libxml2-dev
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,13 +1,13 @@
 GEM
  remote: https://rubygems.org/
  specs:
-    activemodel (8.1.1)
-      activesupport (= 8.1.1)
-    activerecord (8.1.1)
-      activemodel (= 8.1.1)
-      activesupport (= 8.1.1)
+    activemodel (8.1.2)
+      activesupport (= 8.1.2)
+    activerecord (8.1.2)
+      activemodel (= 8.1.2)
+      activesupport (= 8.1.2)
      timeout (>= 0.4.0)
-    activesupport (8.1.1)
+    activesupport (8.1.2)
      base64
      bigdecimal
      concurrent-ruby (~> 1.0, >= 1.3.1)
@@ -34,9 +34,10 @@ GEM
      async
      io-endpoint
    base64 (0.3.0)
-    bigdecimal (3.3.1)
+    bigdecimal (4.0.1)
    browserstack-local (1.4.3)
-    byebug (12.0.0)
+    byebug (13.0.0)
+      reline (>= 0.6.0)
    capybara (3.40.0)
      addressable
      matrix
@@ -47,8 +48,8 @@ GEM
      regexp_parser (>= 1.5, < 3.0)
      xpath (~> 3.2)
    coderay (1.1.3)
-    concurrent-ruby (1.3.5)
-    connection_pool (2.5.4)
+    concurrent-ruby (1.3.6)
+    connection_pool (3.0.2)
    console (1.34.0)
      fiber-annotation
      fiber-local (~> 1.1)
@@ -78,7 +79,7 @@ GEM
    http-cookie (1.0.8)
      domain_name (~> 0.5)
    http_parser.rb (0.8.0)
-    i18n (1.14.7)
+    i18n (1.14.8)
      concurrent-ruby (~> 1.0)
    io-console (0.8.2)
    io-endpoint (0.15.2)
@@ -99,7 +100,8 @@ GEM
      mime-types-data (~> 3.2025, >= 3.2025.0507)
    mime-types-data (3.2025.0902)
    mini_mime (1.1.5)
-    minitest (5.26.1)
+    minitest (6.0.1)
+      prism (~> 1.5)
    mojo_magick (0.6.8)
    msfrpc-client (1.1.2)
      msgpack (~> 1)
@@ -140,12 +142,13 @@ GEM
      prettyprint
    prettyprint (0.2.0)
    prism (1.7.0)
-    pry (0.15.2)
+    pry (0.16.0)
      coderay (~> 1.1)
      method_source (~> 1.0)
-    pry-byebug (3.11.0)
-      byebug (~> 12.0)
-      pry (>= 0.13, < 0.16)
+      reline (>= 0.6.0)
+    pry-byebug (3.12.0)
+      byebug (~> 13.0)
+      pry (>= 0.13, < 0.17)
    psych (5.3.1)
      date
      stringio
@@ -166,7 +169,7 @@ GEM
      rack (>= 1.3)
    rainbow (3.1.1)
    rake (13.3.1)
-    rdoc (7.0.3)
+    rdoc (7.1.0)
      erb
      psych (>= 4.0.0)
      tsort
@@ -215,7 +218,7 @@ GEM
      json
      rest-client
    securerandom (0.4.1)
-    selenium-webdriver (4.39.0)
+    selenium-webdriver (4.40.0)
      base64 (~> 0.2)
      logger (~> 1.4)
      rexml (~> 3.2, >= 3.2.5)
@@ -264,7 +267,7 @@ GEM
      logger
      rack (>= 1, < 4)
    tilt (2.6.1)
-    timeout (0.4.4)
+    timeout (0.6.0)
    timers (4.4.0)
    tins (1.43.0)
      bigdecimal
@@ -320,18 +323,18 @@ DEPENDENCIES
  net-smtp
  otr-activerecord (~> 2.6.0)
  parseconfig (~> 1.1, >= 1.1.2)
-  pry-byebug (~> 3.11)
+  pry-byebug (~> 3.12)
  qr4r (~> 0.6.1)
  rack (~> 3.2)
  rack-protection (~> 4.2.1)
  rake (~> 13.3)
-  rdoc (~> 7.0)
+  rdoc (~> 7.1)
  rest-client (~> 2.1.0)
  rspec (~> 3.13)
  rubocop (~> 1.82.1)
  rubyzip (~> 3.2)
  rushover (~> 0.3.0)
-  selenium-webdriver (~> 4.39)
+  selenium-webdriver (~> 4.40)
  sinatra (~> 4.1)
  slack-notifier (~> 2.4)
  sqlite3 (~> 2.9)
--- a/modules/social_engineering/gmail_phishing/command.js
+++ b/modules/social_engineering/gmail_phishing/command.js
--- a/package-lock.json
+++ b/package-lock.json
@@ -666,10 +666,11 @@
            }
        },
        "node_modules/lodash": {
-            "version": "4.17.21",
-            "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-            "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
-            "dev": true
+            "version": "4.17.23",
+            "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+            "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+            "dev": true,
+            "license": "MIT"
        },
        "node_modules/lodash.camelcase": {
            "version": "4.3.0",
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -229,8 +229,7 @@ require 'socket'
    @host = '127.0.0.1'

    unless port_available?
-      print_error "Port #{@port} is already in use. Exiting."
-      exit
+      raise "Port #{@port} is already in use. Cannot start BeEF server."
    end
    load_beef_extensions_and_modules
    
@@ -317,11 +316,9 @@ require 'socket'
  end

  def stop_beef_server(pid)
-    exit if pid.nil?
-    # Shutting down server
+    return if pid.nil?
    Process.kill("KILL", pid) unless pid.nil?
    Process.wait(pid) unless pid.nil? # Ensure the process has exited and the port is released 
-    pid = nil       
  end

 end
--- a/spec/support/ui_support.rb
+++ b/spec/support/ui_support.rb
@@ -10,29 +10,36 @@ require 'spec/support/constants.rb'
 def start_beef_and_hook_browser()
    reset_beef_db
    pid = start_beef_server_and_wait
-    beef_session = BeefTest.login
-    hooked_browser = BeefTest.new_victim

-    expect(hooked_browser).not_to be_nil
-    expect(hooked_browser).to be_a(Capybara::Session)
-    expect(hooked_browser).to have_content('BeEF', wait: PAGE_LOAD_TIMEOUT)
+    begin
+        beef_session = BeefTest.login
+        hooked_browser = BeefTest.new_victim

-    expect(beef_session).not_to be_nil
-    expect(beef_session).to be_a(Capybara::Session)
-    expect(beef_session).to have_content('Hooked Browsers', wait: PAGE_LOAD_TIMEOUT)
+        expect(hooked_browser).not_to be_nil
+        expect(hooked_browser).to be_a(Capybara::Session)
+        expect(hooked_browser).to have_content('BeEF', wait: PAGE_LOAD_TIMEOUT)

-    navigate_to_hooked_browser(beef_session)
+        expect(beef_session).not_to be_nil
+        expect(beef_session).to be_a(Capybara::Session)
+        expect(beef_session).to have_content('Hooked Browsers', wait: PAGE_LOAD_TIMEOUT)

-    expect(beef_session).to have_content('Commands', wait: PAGE_LOAD_TIMEOUT)
-    beef_session.click_on('Commands')
+        navigate_to_hooked_browser(beef_session)

-    return pid, beef_session, hooked_browser
+        expect(beef_session).to have_content('Commands', wait: PAGE_LOAD_TIMEOUT)
+        beef_session.click_on('Commands')
+
+        return pid, beef_session, hooked_browser
+    rescue => e
+        # If setup fails, cleanup the server before re-raising
+        stop_beef_server(pid)
+        raise e
+    end
 end

 def stop_beef_and_unhook_browser(pid, beef_session, hooked_browser)
    stop_beef_server(pid)
-    beef_session.driver.browser.close
-    hooked_browser.driver.browser.close
+    beef_session.driver.browser.close if beef_session
+    hooked_browser.driver.browser.close if hooked_browser
 end

 def navigate_to_hooked_browser(session, hooked_browser_text = nil)
Author	SHA1	Message	Date
zinduolis	2b653a982f	Update workflow for PRs to require safe-to-test label to run BrowserStack tests	2026-01-27 09:05:28 +10:00
github-actions[bot]	ddc27c8880	Merge pull request #3502 from beefproject/dependabot/npm_and_yarn/lodash-4.17.23 Bump lodash from 4.17.21 to 4.17.23	2026-01-21 23:06:10 +00:00
dependabot[bot]	ff281344d8	Bump lodash from 4.17.21 to 4.17.23 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-21 23:03:34 +00:00
github-actions[bot]	5cec161a7b	Merge pull request #3500 from beefproject/dependabot/bundler/pry-byebug-3.12.0 Bump pry-byebug from 3.11.0 to 3.12.0	2026-01-19 14:54:05 +00:00
dependabot[bot]	75f169e318	Bump pry-byebug from 3.11.0 to 3.12.0 Bumps [pry-byebug](https://github.com/deivid-rodriguez/pry-byebug) from 3.11.0 to 3.12.0. - [Release notes](https://github.com/deivid-rodriguez/pry-byebug/releases) - [Changelog](https://github.com/deivid-rodriguez/pry-byebug/blob/master/CHANGELOG.md) - [Commits](https://github.com/deivid-rodriguez/pry-byebug/compare/v3.11.0...v3.12.0) --- updated-dependencies: - dependency-name: pry-byebug dependency-version: 3.12.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-19 14:51:26 +00:00
github-actions[bot]	dadae2a79c	Merge pull request #3501 from beefproject/dependabot/bundler/selenium-webdriver-4.40.0 Bump selenium-webdriver from 4.39.0 to 4.40.0	2026-01-19 14:50:21 +00:00
dependabot[bot]	ccda2a49f3	Bump selenium-webdriver from 4.39.0 to 4.40.0 Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.39.0 to 4.40.0. - [Release notes](https://github.com/SeleniumHQ/selenium/releases) - [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES) - [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.39.0...selenium-4.40.0) --- updated-dependencies: - dependency-name: selenium-webdriver dependency-version: 4.40.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-19 14:47:50 +00:00
github-actions[bot]	15095d2037	Merge pull request #3499 from beefproject/dependabot/bundler/rdoc-7.1.0 Bump rdoc from 7.0.3 to 7.1.0	2026-01-14 13:05:38 +00:00
dependabot[bot]	7efeef2fb7	Bump rdoc from 7.0.3 to 7.1.0 Bumps [rdoc](https://github.com/ruby/rdoc) from 7.0.3 to 7.1.0. - [Release notes](https://github.com/ruby/rdoc/releases) - [Changelog](https://github.com/ruby/rdoc/blob/master/History.rdoc) - [Commits](https://github.com/ruby/rdoc/compare/v7.0.3...v7.1.0) --- updated-dependencies: - dependency-name: rdoc dependency-version: 7.1.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-14 13:03:07 +00:00
Kaito Ozawa	113b154043	Merge pull request #3489 from kaitozaw/issue/3488-long-tests Fixes issue/long-tests (#3488)	2026-01-14 15:31:23 +10:00
kaitoozawa	fe897906a3	add checksum in dockerfile	2026-01-13 10:06:49 +10:00
kaitoozawa	065c7adf03	fix test cleanup and install firefox dependencies	2026-01-12 16:57:12 +10:00
github-actions[bot]	53c97721e1	Merge pull request #3490 from beefproject/dependabot/bundler/activerecord-8.1.2 Bump activerecord from 8.1.1 to 8.1.2	2026-01-09 13:03:47 +00:00
dependabot[bot]	721f1e790d	Bump activerecord from 8.1.1 to 8.1.2 Bumps [activerecord](https://github.com/rails/rails) from 8.1.1 to 8.1.2. - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v8.1.2/activerecord/CHANGELOG.md) - [Commits](https://github.com/rails/rails/compare/v8.1.1...v8.1.2) --- updated-dependencies: - dependency-name: activerecord dependency-version: 8.1.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-01-09 13:01:19 +00:00
Kaito Ozawa	334b0c7e06	Merge pull request #3478 from kaitozaw/issue/3073-fix-google-phishing-module Fixes issue/fix-google-phishing-module (#3073)	2026-01-09 17:14:13 +10:00
kaitoozawa	9eca144092	change indentation from space2 to tab/space4	2026-01-08 10:25:12 +10:00
kaitoozawa	15d2acf52a	move functions inside beef.execute	2026-01-03 09:34:04 +10:00