public void GivenScriptWithMaliciousLinqQuery_WhenOnlyDefaultAssembliesAreAllowed_ThenTheVerificationShouldFail() { // Arrange var script = @" using System; using System.Collections.Generic; using System.Linq; var numbers = new List<int> { 1, 2, 3, 4, 5 }; var result = numbers .Where(x => { var fileClass = Type.GetType(""System.IO.File, System.IO.FileSystem""); var method = fileClass!.GetMethod(""Exists""); var methodResult = method!.Invoke(null, new object[] { @""d:\passwd.txt""}); var exist = (bool)methodResult!; // no do something malicious ... return x > 3; }) .ToList(); "; // Act var compilerSetup = new DefaultCompilerSetup(); var verifier = new Verifier(compilerSetup); Action call = () => verifier.Verify(script); // Assert call.Should().Throw <ScriptVerificationException>() .WithMessage("Not allowed type 'System.Type' used at location ': (9,8)-(9,76)''"); }
public void GivenHelloWorldScript_WhenConsoleTypeAndAssembliesAreAllowed_ThenTheVerificationShouldBeOk() { // Arrange var script = @" namespace HelloWorld { class Hello { static void Main(string[] args) { System.Console.WriteLine(""Hello World!""); } } } "; // Act var compilerSetup = new DefaultCompilerSetup(); compilerSetup.AddAllowedTypes(new List <Type> { typeof(Console) }, true); var verifier = new Verifier(compilerSetup); Action call = () => verifier.Verify(script); // Assert call.Should().NotThrow(); }
public void GivenHelloWorldScript_WhenOnlyConsoleTypeIsAllowed_ThenTheVerificationShouldFail() { // Arrange var script = @" namespace HelloWorld { class Hello { static void Main(string[] args) { System.Console.WriteLine(""Hello World!""); } } } "; // Act var compilerSetup = new DefaultCompilerSetup(); compilerSetup.AddAllowedTypes(new List <Type> { typeof(Console) }, false); var verifier = new Verifier(compilerSetup); Action call = () => verifier.Verify(script); // Assert call.Should().Throw <ScriptVerificationException>().WithMessage( "(7,13): error CS0234: Der Typ- oder Namespacename \"Console\" ist im Namespace \"System\" nicht vorhanden. (Möglicherweise fehlt ein Assemblyverweis.)"); }
private static void TestScriptWithPermittedTypes() { var script = @" using System; var i = 42; i = 42 + 42; Console.WriteLine(""Result was: "" + i); "; var compilerSetup = new DefaultCompilerSetup(); compilerSetup.AddAllowedType(typeof(Console)); RunVerification(script, compilerSetup); // OK }
public void GivenScriptWithType_AndTypePatternIsAllowed_ThenTheVerificationShouldBeOk() { // Arrange var script = @" using System; var t = typeof(int); var name = AppDomain.CurrentDomain.FriendlyName; "; // Act var compilerSetup = new DefaultCompilerSetup(); compilerSetup.AddAllowedTypePattern("^System"); var verifier = new Verifier(compilerSetup); Action call = () => verifier.Verify(script); // Assert call.Should().NotThrow(); }
public void GivenScriptWithLinqQuery_WhenOnlyDefaultAssembliesAreAllowed_ThenTheVerificationShouldBeOk() { // Arrange var script = @" using System; using System.Collections.Generic; using System.Linq; var numbers = new List<int> {1, 2, 3, 4, 5}; var result = numbers .Where(x => x > 3) .ToList(); "; // Act var compilerSetup = new DefaultCompilerSetup(); var verifier = new Verifier(compilerSetup); Action call = () => verifier.Verify(script); // Assert call.Should().NotThrow(); }
public void GivenUnsafeScript_WhenUnsafeCodeIsAllowedAndOnlyDefaultAssembliesAreAllowed_ThenTheVerificationShouldBeOk() { // Arrange var script = @" int a = 42; unsafe { int *p = &a; p = p + 1; } "; // Act var compilerSetup = new DefaultCompilerSetup { AllowUnsafeCode = true }; var verifier = new Verifier(compilerSetup); Action call = () => verifier.Verify(script); // Assert call.Should().NotThrow(); }