public void testFieldLeafDenialNoExceptionForUserGuide()
{
//create sensitive data
LogonDetailsUserguideTestData sensitiveData = new LogonDetailsUserguideTestData();
sensitiveData.password = "******";
sensitiveData.username = "******";
Object2Json o2j = new Object2Json();
o2j.NodeExpander = new FieldReflectionNodeExpander();
// inject a simple security check
string[] currentPermissions = null;
Func <string, bool> permissionCheck = (permission) => { return(currentPermissions.Contains(permission)); };
bool throwExceptionOnPermissionDenial = false;
o2j.injectPermissionFilter(permissionCheck, throwExceptionOnPermissionDenial);
currentPermissions = new string[] { "ViewUsernames" };
string json = o2j.toJson(sensitiveData);
System.Console.WriteLine("json=" + json);
Assert.IsTrue(json.IndexOf(sensitiveData.username) > 0);
Assert.IsTrue(json.IndexOf(sensitiveData.password) < 0);
currentPermissions = new string[] { "ViewUsernames", "ViewPasswords" };
//create simple permission check for test purposes
json = o2j.toJson(sensitiveData);
System.Console.WriteLine("json=" + json);
Assert.IsTrue(json.IndexOf(sensitiveData.username) > 0);
Assert.IsTrue(json.IndexOf(sensitiveData.password) > 0);
}
public void testFieldLeafDenialNoExceptionForUserGuide()
{
//create sensitive data
LogonDetailsUserguideTestData sensitiveData = new LogonDetailsUserguideTestData();
sensitiveData.password = "******";
sensitiveData.username = "******";
Object2Json o2j = new Object2Json();
o2j.NodeExpander = new FieldReflectionNodeExpander();
// inject a simple security check
string[] currentPermissions=null;
Func<string, bool> permissionCheck = (permission) => { return currentPermissions.Contains(permission); };
bool throwExceptionOnPermissionDenial = false;
o2j.injectPermissionFilter(permissionCheck, throwExceptionOnPermissionDenial);
currentPermissions = new string[] { "ViewUsernames" };
string json = o2j.toJson(sensitiveData);
System.Console.WriteLine("json=" + json);
Assert.IsTrue(json.IndexOf(sensitiveData.username)>0);
Assert.IsTrue(json.IndexOf(sensitiveData.password) < 0);
currentPermissions = new string[] { "ViewUsernames", "ViewPasswords" };
//create simple permission check for test purposes
json = o2j.toJson(sensitiveData);
System.Console.WriteLine("json=" + json);
Assert.IsTrue(json.IndexOf(sensitiveData.username) > 0);
Assert.IsTrue(json.IndexOf(sensitiveData.password) > 0);
}
public void testFieldLeafDenialWithExceptionForUserGuide()
{
//create sensitive data
LogonDetailsUserguideTestData sensitiveData = new LogonDetailsUserguideTestData();
sensitiveData.password = "******";
sensitiveData.username = "******";
Object2Json o2j = new Object2Json();
o2j.NodeExpander = new FieldReflectionNodeExpander();
// inject a simple security check
string[] currentPermissions = null;
Func <string, bool> permissionCheck = (permission) => { return(currentPermissions.Contains(permission)); };
bool throwExceptionOnPermissionDenial = true;
o2j.injectPermissionFilter(permissionCheck, throwExceptionOnPermissionDenial);
currentPermissions = new string[] { "ViewUsernames" };
Exception exception;
object returnValue;
TestUtil.run(out returnValue, out exception, () =>
{
string json = o2j.toJson(sensitiveData);
return(null);
});
/*expecting an exception like this:
* cannot access property com.houseelectrics.serializer.test.security.SecurityTest+LogonDetailsUserguideTestData.password
* without permisson ViewPasswords
*/
Assert.AreEqual(typeof(SecurityException), exception.GetType(), "expect security exception");
Assert.IsTrue(exception.Message.IndexOf("ViewPasswords") >= 0);
System.Console.WriteLine("failed with exception: " + exception.Message);
}
public void testFieldLeafDenialWithExceptionForUserGuide()
{
//create sensitive data
LogonDetailsUserguideTestData sensitiveData = new LogonDetailsUserguideTestData();
sensitiveData.password = "******";
sensitiveData.username = "******";
Object2Json o2j = new Object2Json();
o2j.NodeExpander = new FieldReflectionNodeExpander();
// inject a simple security check
string[] currentPermissions=null;
Func<string, bool> permissionCheck = (permission) => { return currentPermissions.Contains(permission); };
bool throwExceptionOnPermissionDenial = true;
o2j.injectPermissionFilter(permissionCheck, throwExceptionOnPermissionDenial);
currentPermissions = new string[] { "ViewUsernames" };
Exception exception;
object returnValue;
TestUtil.run(out returnValue, out exception, () =>
{
string json = o2j.toJson(sensitiveData);
return null;
});
/*expecting an exception like this:
cannot access property com.houseelectrics.serializer.test.security.SecurityTest+LogonDetailsUserguideTestData.password
* without permisson ViewPasswords
*/
Assert.AreEqual(typeof(SecurityException), exception.GetType(), "expect security exception");
Assert.IsTrue(exception.Message.IndexOf("ViewPasswords") >= 0);
System.Console.WriteLine("failed with exception: " + exception.Message);
}
