Example #1
0
        public void GivenScriptWithMaliciousLinqQuery_WhenOnlyDefaultAssembliesAreAllowed_ThenTheVerificationShouldFail()
        {
            // Arrange
            var script = @"
using System;
using System.Collections.Generic;
using System.Linq;

var numbers = new List<int> { 1, 2, 3, 4, 5 };
var result = numbers
    .Where(x =>
    {
        var fileClass = Type.GetType(""System.IO.File, System.IO.FileSystem"");
        var method = fileClass!.GetMethod(""Exists"");
        var methodResult = method!.Invoke(null, new object[] { @""d:\passwd.txt""});
        var exist = (bool)methodResult!;
        // no do something malicious ...

        return x > 3;
    })
    .ToList();
";

            // Act
            var    compilerSetup = new DefaultCompilerSetup();
            var    verifier      = new Verifier(compilerSetup);
            Action call          = () => verifier.Verify(script);

            // Assert
            call.Should().Throw <ScriptVerificationException>()
            .WithMessage("Not allowed type 'System.Type' used at location ': (9,8)-(9,76)''");
        }
Example #2
0
        public void GivenHelloWorldScript_WhenConsoleTypeAndAssembliesAreAllowed_ThenTheVerificationShouldBeOk()
        {
            // Arrange
            var script = @"
namespace HelloWorld
{
    class Hello {         
        static void Main(string[] args)
        {
            System.Console.WriteLine(""Hello World!"");
        }
    }
}
";

            // Act
            var compilerSetup = new DefaultCompilerSetup();

            compilerSetup.AddAllowedTypes(new List <Type> {
                typeof(Console)
            }, true);

            var    verifier = new Verifier(compilerSetup);
            Action call     = () => verifier.Verify(script);

            // Assert
            call.Should().NotThrow();
        }
Example #3
0
        public void GivenHelloWorldScript_WhenOnlyConsoleTypeIsAllowed_ThenTheVerificationShouldFail()
        {
            // Arrange
            var script = @"
namespace HelloWorld
{
    class Hello {         
        static void Main(string[] args)
        {
            System.Console.WriteLine(""Hello World!"");
        }
    }
}
";

            // Act
            var compilerSetup = new DefaultCompilerSetup();

            compilerSetup.AddAllowedTypes(new List <Type> {
                typeof(Console)
            }, false);

            var    verifier = new Verifier(compilerSetup);
            Action call     = () => verifier.Verify(script);

            // Assert
            call.Should().Throw <ScriptVerificationException>().WithMessage(
                "(7,13): error CS0234: Der Typ- oder Namespacename \"Console\" ist im Namespace \"System\" nicht vorhanden. (Möglicherweise fehlt ein Assemblyverweis.)");
        }
Example #4
0
        private static void TestScriptWithPermittedTypes()
        {
            var script = @"
using System;

var i = 42;
i = 42 + 42;

Console.WriteLine(""Result was: "" + i);
";

            var compilerSetup = new DefaultCompilerSetup();

            compilerSetup.AddAllowedType(typeof(Console));

            RunVerification(script, compilerSetup);

            // OK
        }
Example #5
0
        public void GivenScriptWithType_AndTypePatternIsAllowed_ThenTheVerificationShouldBeOk()
        {
            // Arrange
            var script = @"
using System;

var t = typeof(int);
var name = AppDomain.CurrentDomain.FriendlyName;
";

            // Act
            var compilerSetup = new DefaultCompilerSetup();

            compilerSetup.AddAllowedTypePattern("^System");
            var    verifier = new Verifier(compilerSetup);
            Action call     = () => verifier.Verify(script);

            // Assert
            call.Should().NotThrow();
        }
Example #6
0
        public void GivenScriptWithLinqQuery_WhenOnlyDefaultAssembliesAreAllowed_ThenTheVerificationShouldBeOk()
        {
            // Arrange
            var script = @"
using System;
using System.Collections.Generic;
using System.Linq;

var numbers = new List<int> {1, 2, 3, 4, 5};
var result = numbers
    .Where(x => x > 3)
    .ToList();
";

            // Act
            var    compilerSetup = new DefaultCompilerSetup();
            var    verifier      = new Verifier(compilerSetup);
            Action call          = () => verifier.Verify(script);

            // Assert
            call.Should().NotThrow();
        }
Example #7
0
        public void GivenUnsafeScript_WhenUnsafeCodeIsAllowedAndOnlyDefaultAssembliesAreAllowed_ThenTheVerificationShouldBeOk()
        {
            // Arrange
            var script = @"
int a = 42;
unsafe
{
    int *p = &a;
    p = p + 1;
}
";

            // Act
            var compilerSetup = new DefaultCompilerSetup {
                AllowUnsafeCode = true
            };
            var    verifier = new Verifier(compilerSetup);
            Action call     = () => verifier.Verify(script);

            // Assert
            call.Should().NotThrow();
        }