public void GivenScriptWithMaliciousLinqQuery_WhenOnlyDefaultAssembliesAreAllowed_ThenTheVerificationShouldFail()
{
// Arrange
var script = @"
using System;
using System.Collections.Generic;
using System.Linq;
var numbers = new List<int> { 1, 2, 3, 4, 5 };
var result = numbers
.Where(x =>
{
var fileClass = Type.GetType(""System.IO.File, System.IO.FileSystem"");
var method = fileClass!.GetMethod(""Exists"");
var methodResult = method!.Invoke(null, new object[] { @""d:\passwd.txt""});
var exist = (bool)methodResult!;
// no do something malicious ...
return x > 3;
})
.ToList();
";
// Act
var compilerSetup = new DefaultCompilerSetup();
var verifier = new Verifier(compilerSetup);
Action call = () => verifier.Verify(script);
// Assert
call.Should().Throw <ScriptVerificationException>()
.WithMessage("Not allowed type 'System.Type' used at location ': (9,8)-(9,76)''");
}
public void GivenHelloWorldScript_WhenConsoleTypeAndAssembliesAreAllowed_ThenTheVerificationShouldBeOk()
{
// Arrange
var script = @"
namespace HelloWorld
{
class Hello {
static void Main(string[] args)
{
System.Console.WriteLine(""Hello World!"");
}
}
}
";
// Act
var compilerSetup = new DefaultCompilerSetup();
compilerSetup.AddAllowedTypes(new List <Type> {
typeof(Console)
}, true);
var verifier = new Verifier(compilerSetup);
Action call = () => verifier.Verify(script);
// Assert
call.Should().NotThrow();
}
public void GivenHelloWorldScript_WhenOnlyConsoleTypeIsAllowed_ThenTheVerificationShouldFail()
{
// Arrange
var script = @"
namespace HelloWorld
{
class Hello {
static void Main(string[] args)
{
System.Console.WriteLine(""Hello World!"");
}
}
}
";
// Act
var compilerSetup = new DefaultCompilerSetup();
compilerSetup.AddAllowedTypes(new List <Type> {
typeof(Console)
}, false);
var verifier = new Verifier(compilerSetup);
Action call = () => verifier.Verify(script);
// Assert
call.Should().Throw <ScriptVerificationException>().WithMessage(
"(7,13): error CS0234: Der Typ- oder Namespacename \"Console\" ist im Namespace \"System\" nicht vorhanden. (Möglicherweise fehlt ein Assemblyverweis.)");
}
private static void TestScriptWithPermittedTypes()
{
var script = @"
using System;
var i = 42;
i = 42 + 42;
Console.WriteLine(""Result was: "" + i);
";
var compilerSetup = new DefaultCompilerSetup();
compilerSetup.AddAllowedType(typeof(Console));
RunVerification(script, compilerSetup);
// OK
}
public void GivenScriptWithType_AndTypePatternIsAllowed_ThenTheVerificationShouldBeOk()
{
// Arrange
var script = @"
using System;
var t = typeof(int);
var name = AppDomain.CurrentDomain.FriendlyName;
";
// Act
var compilerSetup = new DefaultCompilerSetup();
compilerSetup.AddAllowedTypePattern("^System");
var verifier = new Verifier(compilerSetup);
Action call = () => verifier.Verify(script);
// Assert
call.Should().NotThrow();
}
public void GivenScriptWithLinqQuery_WhenOnlyDefaultAssembliesAreAllowed_ThenTheVerificationShouldBeOk()
{
// Arrange
var script = @"
using System;
using System.Collections.Generic;
using System.Linq;
var numbers = new List<int> {1, 2, 3, 4, 5};
var result = numbers
.Where(x => x > 3)
.ToList();
";
// Act
var compilerSetup = new DefaultCompilerSetup();
var verifier = new Verifier(compilerSetup);
Action call = () => verifier.Verify(script);
// Assert
call.Should().NotThrow();
}
public void GivenUnsafeScript_WhenUnsafeCodeIsAllowedAndOnlyDefaultAssembliesAreAllowed_ThenTheVerificationShouldBeOk()
{
// Arrange
var script = @"
int a = 42;
unsafe
{
int *p = &a;
p = p + 1;
}
";
// Act
var compilerSetup = new DefaultCompilerSetup {
AllowUnsafeCode = true
};
var verifier = new Verifier(compilerSetup);
Action call = () => verifier.Verify(script);
// Assert
call.Should().NotThrow();
}
