1

I am trying to prevent the credit card number from displaying in the screen while playing the selenium webdriver test. I am pulling the credit card number from central database, and is not found in the test. To make it secure, I want to mask the card number while selenium tries to sendKeys the number in credit card number input field. I tried different options, but they tend to change the actual value of the card which throws card number error in the page. Are there any ideas on how can I mask actual card without impacting the real value in selenium.

Here is what I did: 

String creditCardNumber = "1234567891234567";
driver.findElement(By.id("label")).sendKeys(
    maskCardNumber(creditCardNumber, "xxxxxxxxxxxxxxx"));

public static String maskCardNumber(String cardNumber, String maskedCard) {
    // format the number
    int index = 0;
    StringBuilder maskedCardNumber = new StringBuilder();
    for (int i = 0; i < maskedCard.length(); i++) {
        char c = maskedCard.charAt(i);
        if (c == '#') {
            maskedCardNumber.append(cardNumber.charAt(index));
            index++;
        } else if (c == 'x') {
            maskedCardNumber.append(c);
            index++;
        } else {
            maskedCardNumber.append(c);
        }
    }

    // return the masked number
    return maskedCardNumber.toString();
}
budi
  • 6,351
  • 10
  • 55
  • 80
Automation
  • 11
  • 2
  • 2
    The safest way is to only use test card numbers - that way even if someone inserts a keylogger in your tests you are not exposing card numbers. A typical test card number (VISA) is `4444333322221111`. No bank will ever authorise a transaction with that number. Do not **ever** use real card numbers in tests. – OldCurmudgeon Oct 14 '14 at 22:22
  • Best thing is you do not want to use real card numbers. If that's not possible, then you can simply read the card number from the database and store it to a variable and pass the variable, it makes at least someone who do not touches your code cannot see the card number by passing over your monitor :) – Vignesh Paramasivam Oct 15 '14 at 05:05
  • Thanks @OldCurmudgeon and Vignesh for the prompt response. This is actually for production validation test, I have fake card for qa environment. Instead of performing manual prod validation every time, I want the automated test to do it. Does it makes sense? – Automation Oct 15 '14 at 15:00

1 Answers1

0
  • Best solution is to use a test number or a disposable card
  • If you have access to the web page DOM, just change the input type form "text" to "password"
Jan Hertsens
  • 323
  • 2
  • 3