public void testFieldLeafDenialNoExceptionForUserGuide() { //create sensitive data LogonDetailsUserguideTestData sensitiveData = new LogonDetailsUserguideTestData(); sensitiveData.password = "******"; sensitiveData.username = "******"; Object2Json o2j = new Object2Json(); o2j.NodeExpander = new FieldReflectionNodeExpander(); // inject a simple security check string[] currentPermissions = null; Func <string, bool> permissionCheck = (permission) => { return(currentPermissions.Contains(permission)); }; bool throwExceptionOnPermissionDenial = false; o2j.injectPermissionFilter(permissionCheck, throwExceptionOnPermissionDenial); currentPermissions = new string[] { "ViewUsernames" }; string json = o2j.toJson(sensitiveData); System.Console.WriteLine("json=" + json); Assert.IsTrue(json.IndexOf(sensitiveData.username) > 0); Assert.IsTrue(json.IndexOf(sensitiveData.password) < 0); currentPermissions = new string[] { "ViewUsernames", "ViewPasswords" }; //create simple permission check for test purposes json = o2j.toJson(sensitiveData); System.Console.WriteLine("json=" + json); Assert.IsTrue(json.IndexOf(sensitiveData.username) > 0); Assert.IsTrue(json.IndexOf(sensitiveData.password) > 0); }
public void testFieldLeafDenialNoExceptionForUserGuide() { //create sensitive data LogonDetailsUserguideTestData sensitiveData = new LogonDetailsUserguideTestData(); sensitiveData.password = "******"; sensitiveData.username = "******"; Object2Json o2j = new Object2Json(); o2j.NodeExpander = new FieldReflectionNodeExpander(); // inject a simple security check string[] currentPermissions=null; Func<string, bool> permissionCheck = (permission) => { return currentPermissions.Contains(permission); }; bool throwExceptionOnPermissionDenial = false; o2j.injectPermissionFilter(permissionCheck, throwExceptionOnPermissionDenial); currentPermissions = new string[] { "ViewUsernames" }; string json = o2j.toJson(sensitiveData); System.Console.WriteLine("json=" + json); Assert.IsTrue(json.IndexOf(sensitiveData.username)>0); Assert.IsTrue(json.IndexOf(sensitiveData.password) < 0); currentPermissions = new string[] { "ViewUsernames", "ViewPasswords" }; //create simple permission check for test purposes json = o2j.toJson(sensitiveData); System.Console.WriteLine("json=" + json); Assert.IsTrue(json.IndexOf(sensitiveData.username) > 0); Assert.IsTrue(json.IndexOf(sensitiveData.password) > 0); }
public void testFieldLeafDenialWithExceptionForUserGuide() { //create sensitive data LogonDetailsUserguideTestData sensitiveData = new LogonDetailsUserguideTestData(); sensitiveData.password = "******"; sensitiveData.username = "******"; Object2Json o2j = new Object2Json(); o2j.NodeExpander = new FieldReflectionNodeExpander(); // inject a simple security check string[] currentPermissions = null; Func <string, bool> permissionCheck = (permission) => { return(currentPermissions.Contains(permission)); }; bool throwExceptionOnPermissionDenial = true; o2j.injectPermissionFilter(permissionCheck, throwExceptionOnPermissionDenial); currentPermissions = new string[] { "ViewUsernames" }; Exception exception; object returnValue; TestUtil.run(out returnValue, out exception, () => { string json = o2j.toJson(sensitiveData); return(null); }); /*expecting an exception like this: * cannot access property com.houseelectrics.serializer.test.security.SecurityTest+LogonDetailsUserguideTestData.password * without permisson ViewPasswords */ Assert.AreEqual(typeof(SecurityException), exception.GetType(), "expect security exception"); Assert.IsTrue(exception.Message.IndexOf("ViewPasswords") >= 0); System.Console.WriteLine("failed with exception: " + exception.Message); }
public void testFieldLeafDenialWithExceptionForUserGuide() { //create sensitive data LogonDetailsUserguideTestData sensitiveData = new LogonDetailsUserguideTestData(); sensitiveData.password = "******"; sensitiveData.username = "******"; Object2Json o2j = new Object2Json(); o2j.NodeExpander = new FieldReflectionNodeExpander(); // inject a simple security check string[] currentPermissions=null; Func<string, bool> permissionCheck = (permission) => { return currentPermissions.Contains(permission); }; bool throwExceptionOnPermissionDenial = true; o2j.injectPermissionFilter(permissionCheck, throwExceptionOnPermissionDenial); currentPermissions = new string[] { "ViewUsernames" }; Exception exception; object returnValue; TestUtil.run(out returnValue, out exception, () => { string json = o2j.toJson(sensitiveData); return null; }); /*expecting an exception like this: cannot access property com.houseelectrics.serializer.test.security.SecurityTest+LogonDetailsUserguideTestData.password * without permisson ViewPasswords */ Assert.AreEqual(typeof(SecurityException), exception.GetType(), "expect security exception"); Assert.IsTrue(exception.Message.IndexOf("ViewPasswords") >= 0); System.Console.WriteLine("failed with exception: " + exception.Message); }