Testing the Methods and Properties That Should Be Protected

for RuBoard

Testing the Methods and Properties That Should Be Protected

This fourth step for testing a secured assembly is the culmination of work for the first three steps:

  1. Define what is being protected as specifically as possible.

  2. Understand how resources are being protected.

  3. Test any custom permissions that are used to protect resources.

This step asks how well the assembly design was implemented in the secured assembly. To address this point, it is especially important that you have the list of methods and properties being protected from the first step.

To test the methods and properties that should be protected, there are two primary actions that must occur. First, the methods and properties should be checked to see if they implement the minimum specified security checks. Second, those same methods and properties should be checked to make sure there aren't additional, unintentional (or undocumented) permission requirements.

Checking Minimal Protection on Methods and Properties

Checking if a documented method is properly protected is generally a straightforward process for Demand s. You can just modify a small, positive test case that you already have. Listing 26.6 shows a complete example for the System.IO.File.OpenRead() method.

Listing 26.6 Test for Minimal Permission Demands on System.IO.File.OpenRead()
 using System; using System.IO; using System.Security; using System.Security.Permissions; public class FileIOTest {   public static void Main() {     try {       if (RunTest()) {         Console.WriteLine("Pass: File.OpenRead properly protected");       } else {         Console.WriteLine("Fail: File.OpenRead not properly protected");       }     }     catch (Exception e) {       Console.WriteLine("Unexpected error occurred.");       Console.WriteLine(e.ToString());     }   }   public static bool RunTest() {     new FileIOPermission(FileIOPermissionAccess.Read, @"C:\ test.txt").Deny();     try {       FileStream fs = File.OpenRead(@"C:\ test.txt");       return false;     }     catch (SecurityException se) {       return true;     }   } } 

For code in the secured assembly protected by LinkDemand s or InheritanceDemand s, checking for minimal protection is a little more complex. LinkDemands and InheritanceDemands check permission grants on assemblies that call the protected code. Thus, you will need to ensure your test assemblies explicitly do not have the required permissions. Also, because these kinds of errors are generated at JIT time instead of runtime, the test code will need an extra level of indirection to properly catch any SecurityException s. Listing 26.7 shows an example of how this might be done.

Listing 26.7 Example of How to Test Minimal Protection of a Method with a LinkDemand
 // This example assumes Foo.LinkDemandProtectedMethod() has a LinkDemand for //   some FileIOPermission // The expected output on the command line for this scenario is the following: //   Inside Main //   Caught exception in Main //   System.Security.SecurityException: Request for the permission of type //   System.Security.Permissions.FileIOPermission, mscorlib, //   Version=1.0.????.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 //   failed. //   at TestLinkDemand.CallProtectedMethod() //   at TestLinkDemand.Main() using System; using System.Security; using System.Security.Permissions; [assembly:FileIOPermission(SecurityAction.RequestRefuse, Unrestricted=true)] public class TestLinkDemand {   public static void Main() {     Console.WriteLine("Inside Main");     try {       CallProtectedMethod();     }     catch (Exception e) {       Console.WriteLine("Caught exception in Main");       Console.WriteLine(e.ToString());     }   }   public static void CallProtectedMethod() {     Console.WriteLine("Inside CallProtectedMethod");     Foo f = new Foo();     f.LinkDemandProtectedMethod();     Console.WriteLine("Finished calling LinkDemandProtectedMethod");   } } 

Testing a class or method protected by an InheritanceDemand is very similar to testing protection by LinkDemand s. In the code from Listing 26.7, two changes would need to be made. First, a class would need to be defined that overrides the protected class or method. Second, the call to f.LinkDemandProtectedMethod would need to change to a call to the overridden class or method you just defined in the first step.

Testing If Undocumented Protection Exists on Methods and Properties

After you know that the necessary permission requirements are in place, you should ensure that there are not additional permission restrictions. In the case of testing Demand s, you can simply replace calls to Deny with calls to PermitOnly and reverse your expected outcome. Listing 26.8 shows these changes made on Listing 26.6.

Listing 26.8 Test for Undocumented Permission Demands on System.IO.File.OpenRead()
 using System; using System.IO; using System.Security; using System.Security.Permissions; public class FileIOTest {   public static void Main() {     try {       if (RunTest()) {         Console.WriteLine("Pass: File.OpenRead properly protected");       } else {         Console.WriteLine("Fail: File.OpenRead not properly protected");       }     }     catch (Exception e) {       Console.WriteLine("Unexpected error occurred.");       Console.WriteLine(e.ToString());     }   }   public static bool RunTest() {     new FileIOPermission(FileIOPermissionAccess.Read, @"C:\ test.txt"). PermitOnly();     try {       FileStream fs = File.OpenRead(@"C:\ test.txt");       return true;     }     catch (SecurityException se) {       return false;     }   } } 

If both the Deny case and the PermitOnly test cases pass, you know that the secure library method needs the correct permissions and only the correct permissions to access the protected resources.

For testing LinkDemand s and InheritanceDemand s, you can modify the minimal permission test cases to replace the RequestRefuse request with a RequestMinimum request. Listing 26.9 shows an example of how Listing 26.7 could be modified to perform this testing.

Listing 26.9 Example of How to Test for Undocumented Protection of a Method with a LinkDemand
 // This example assumes Foo.LinkDemandProtectedMethod() has a LinkDemand for //   some FileIOPermission // The expected output on the command line for this scenario is the following: //   Inside Main //   Inside CallProtectedMethod //   Finished calling LinkDemandProtectedMethod using System; using System.Security; using System.Security.Permissions; [assembly:FileIOPermission(SecurityAction.RequestMinimum, Read=@"C:\ test.txt")] // The next two assembly permission requests are necessary to execute and get // a grant set only containing the right to execute and the right to read // "C:\ test.txt". [assembly:SecurityPermission(SecurityAction.RequestMinimum, Execution=true)] [assembly:PermissionSet(SecurityAction.RequestOptional, Name="Nothing")] public class TestLinkDemand {   public static void Main() {     Console.WriteLine("Inside Main");     try {       CallProtectedMethod();     }     catch (Exception e) {       Console.WriteLine("Caught exception in Main");       Console.WriteLine(e.ToString());     }   }   public static void CallProtectedMethod() {     Console.WriteLine("Inside CallProtectedMethod");     Foo f = new Foo();     f.LinkDemandProtectedMethod();     Console.WriteLine("Finished calling LinkDemandProtectedMethod");   } } 

CAUTION

The examples in Listings 26.8 and 26.9 may not work for you because you may have other test code that needs additional permissions to run. For example, your test may try to log results to a file but fail to do so because the necessary FileIOPermission was excluded in the assembly requests. If you run into this problem, try separating the core test code that calls the secured assembly methods/properties into a separate assembly. Then you can place the assembly permission requests on just the small test assembly instead of the entire test code.


for RuBoard


. NET Framework Security
.NET Framework Security
ISBN: 067232184X
EAN: 2147483647
Year: 2000
Pages: 235

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net