msu-natsci / domainaccessibilityaudit Goto Github PK

Would be great to be able to test pages over time. If MD5 hashes were captured and stored for each page in a review, then it would be possible to skip a re-test if the content hadn't changed.

Mostly it is about trying to narrow in on what has changed. Are there less errors? Are pages that have changed gotten better/worse?

I've been working on my own tool, similar to yours, which uses @axe-core:puppeteer, but it is more of a proof of concept and it is becoming too much to manage myself. I was wondering if you are accepting contributors so we could, perhaps pool our efforts. What I've been working on has some features that I'd want in any tool, such as (among others) allowing users to:

• choose Chrome device profiles to use when running scans
• limit axe rules that are used based on category tags
• provide a list of URLS to scan, in addition to using sitemaps and crawling
• save what I call scan configurations

Would you be receptive to working together or should I just fork?

I run
sudo docker-compose up -d

and it throws the error -

domainaccessibilityaudit_mongodb_1 is up-to-date
Starting accessibility_audit ... 
Starting accessibility_audit ... error

ERROR: for accessibility_audit  Cannot start service accessibility_audit: driver failed programming external connectivity on endpoint accessibility_audit (485d0fd6c8a014ea59922afc03f6534e4ebd59795f61c7255a451056eadf606c): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use

ERROR: for accessibility_audit  Cannot start service accessibility_audit: driver failed programming external connectivity on endpoint accessibility_audit (485d0fd6c8a014ea59922afc03f6534e4ebd59795f61c7255a451056eadf606c): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use
ERROR: Encountered errors while bringing up the project.

I understand that it says port 80 is in use, and it is indeed in use by the apache server. Since I am not at all familiar with docker, could someone tell me how I can start it on another port?

Thank you !

It should be possible to just provide a external link to a Google search like:
https://www.google.com/search?q=site%3Aaccessibility.gov

So we can roughly see how many pages there should be available to scan.

If Google thinks there are 600, but Domain Access only scans 50, then you know there's a problem.

This could just be a link from the list of domains here - http://localhost/audits/

I'm having trouble logging in after Docker is installed. I didn't create the .env first. I've tried removing & re-installing this, but it doesn't seem to be working.

I'll keep trying, but wanting to know why the .env isn't just shipped with a admin/admin type of u/p. Yes, this would be bad if it were a public site, but most won't be at first. And we can put many warnings into the README so folks are reminded to change the password.

Worth highlighting https://github.com/GovTechSG/purple-hats & https://github.com/alphagov/accessibility-monitoring both of which are trying to do similar things.

EDIT: Also https://github.com/benbalter/Site-Inspector

When I try to run an audit I get this in Docker:

aXe analyze error this.driver.switchTo(...).parentFrame is not a function

and in Audit Status I get scan errors on every URL.

Thoughts?

I tried updating Axe, made no difference. Ultimately, I had to go back to a version from February and that seems to work.

Thanks!

Axe-core is being actively updated and this library needs to keep up.

https://www.deque.com/blog/deque-releases-axe-core-4-1/

backend/package.json uses
"axe-webdriverjs": "^2.2.0",

but that package has been depreciated. People are encouraged to use @axe-core/webdriverjs.

Install Selenium Webdriver: npm install selenium-webdriver --no-save

Install @axe-core/webdriverjs and its dependencies: npm install @axe-core/webdriverjs

Hello, I created a .env file in the root folder with these informations:

ADMIN_USERNAME=giulio
ADMIN_PASSWORD=12345

And restarted the service with:

docker-compose up -d

Everything starts and it doesn't complain about missing admin password as it would if I don't compile an .env file:

WARNING: The SAML_ENTRYPOINT variable is not set. Defaulting to a blank string.
WARNING: The SAML_ISSUER variable is not set. Defaulting to a blank string.
WARNING: The SAML_CERT variable is not set. Defaulting to a blank string.
WARNING: The SAML_PRIVATE_CERT variable is not set. Defaulting to a blank string.
domainaccessibilityaudit-master_mongodb_1 is up-to-date
Recreating domainaccessibilityaudit-master_accessibility_audit_1 ... done

The problem is that whatever admin user + password I use I cannot login.

Would be great to have a field to allow this tool to exclude URLs like:

?page=
?external_url=
?sort_bef_combine=
?search_api_fulltext=
?f%5B0%5D=

So that they aren't treated as new pages. These generally aren't but are features of many dynamic CMS tools.

Would be nice to be able to quickly export the accessibility report in a format that could be easily shared with a client.

Basic HTML (or .mhtml) would be good, but even CSV could be very useful. Pushing it up to a Google Spreadsheet would be a bonus too.

Each one of the errors in axe is described in more detail in Deque University:
https://dequeuniversity.com/rules/axe/4.1/image-alt

It is useful to provide a link so that a reviewer can learn more specifically about the error in question.

Executor error during find command :: caused by :: Sort operation used more than the maximum 33554432 bytes of RAM. Add an index, or specify a smaller limit.

Not sure how to fix this problem. I was crawling mec.ca as an example.

Would be more semantic of the report just used HTML/CSS rather than JS to expand/collapse the violations:

<button title="See affected pages" type="button" class="btn btn-info btn-xs"><svg aria-hidden="true" focusable="false" data-prefix="fas" data-icon="plus-square" class="svg-inline--fa fa-plus-square fa-w-14 " role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path fill="currentColor" d="M400 32H48C21.5 32 0 53.5 0 80v352c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48V80c0-26.5-21.5-48-48-48zm-32 252c0 6.6-5.4 12-12 12h-92v92c0 6.6-5.4 12-12 12h-56c-6.6 0-12-5.4-12-12v-92H92c-6.6 0-12-5.4-12-12v-56c0-6.6 5.4-12 12-12h92v-92c0-6.6 5.4-12 12-12h56c6.6 0 12 5.4 12 12v92h92c6.6 0 12 5.4 12 12v56z"></path></svg></button>

If you save the HTML as a .mhtml format the expand/collapse function is lost.

This is defined here:
client/src/audits/ViolationStats.test.js

Mike

I tried to run the latest from github & got this error:

38.42 gyp verb build type Release
38.42 gyp verb architecture arm64
38.42 gyp verb node dev dir /home/node/.cache/node-gyp/12.22.12
38.42 gyp ERR! build error
38.42 gyp ERR! stack Error: not found: make
38.42 gyp ERR! stack at getNotFoundError (/app/client/node_modules/node-gyp/node_modules/which/which.js:10:17)
38.42 gyp ERR! stack at /app/client/node_modules/node-gyp/node_modules/which/which.js:57:18
38.42 gyp ERR! stack at new Promise ()
38.42 gyp ERR! stack at step (/app/client/node_modules/node-gyp/node_modules/which/which.js:54:21)
38.42 gyp ERR! stack at /app/client/node_modules/node-gyp/node_modules/which/which.js:71:22
38.42 gyp ERR! stack at new Promise ()
38.42 gyp ERR! stack at subStep (/app/client/node_modules/node-gyp/node_modules/which/which.js:69:33)
38.42 gyp ERR! stack at /app/client/node_modules/node-gyp/node_modules/which/which.js:80:22
38.42 gyp ERR! stack at /app/client/node_modules/isexe/index.js:42:5
38.42 gyp ERR! stack at /app/client/node_modules/isexe/mode.js:8:5
38.42 gyp ERR! System Linux 5.15.49-linuxkit-pr
38.42 gyp ERR! command "/usr/bin/node" "/app/client/node_modules/node-gyp/bin/node-gyp.js" "rebuild" "--verbose" "--libsass_ext=" "--libsass_cflags=" "--libsass_ldflags=" "--libsass_library="
38.42 gyp ERR! cwd /app/client/node_modules/node-sass
38.42 gyp ERR! node -v v12.22.12
38.42 gyp ERR! node-gyp -v v7.1.2
38.42 gyp ERR! not ok
38.43 Build failed with error code: 1
38.94 npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/webpack-dev-server/node_modules/fsevents):
38.94 npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"arm64"})
38.94 npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/watchpack-chokidar2/node_modules/fsevents):
38.94 npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"arm64"})
38.95 npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/fsevents):
38.95 npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"arm64"})
38.95
38.96 npm ERR! code ELIFECYCLE
38.96 npm ERR! errno 1
38.96 npm ERR! [email protected] postinstall: node scripts/build.js
38.96 npm ERR! Exit status 1
38.96 npm ERR!
38.96 npm ERR! Failed at the [email protected] postinstall script.
38.96 npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
38.97
38.97 npm ERR! A complete log of this run can be found in:
38.97 npm ERR! /home/node/.npm/_logs/2023-09-14T14_24_10_724Z-debug.log
39.01 npm ERR! code ELIFECYCLE
39.01 npm ERR! errno 1
39.01 npm ERR! [email protected] postinstall: cd backend && npm install && cd ../client && npm install
39.01 npm ERR! Exit status 1
39.01 npm ERR!
39.01 npm ERR! Failed at the [email protected] postinstall script.
39.01 npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
39.01
39.01 npm ERR! A complete log of this run can be found in:
39.01 npm ERR! /home/node/.npm/_logs/2023-09-14T14_24_10_766Z-debug.log

I just spent a bunch of time trying to recover a docker instance. Finally got it back.

Must remember never to change the name of the Docker folder!

Anyways, would be good if there was an easy way to export all of the scans on mass (and possibly even encrypted).

Robots have rights too. Well, ok, not yet, but we can get into trouble by ignoring the robots.txt files that some sites use.

Would be great if by default the scanner respected the wishes of the site owner.