public void VerifyMaliciousApplicationIdIsTruncated() { // 50 character string. var testApplicationId = "a123456789b123546789c123456789d123456798e123456789"; // An arbitrary string that is expected to be truncated. var malicious = "00000000000000000000000000000000000000000000000000000000000"; var testFormattedApplicationId = ApplicationIdHelper.ApplyFormatting(testApplicationId); var mockProfileServiceWrapper = GenerateMockServiceWrapper(HttpStatusCode.OK, testApplicationId + malicious); var aiApplicationIdProvider = new ApplicationInsightsApplicationIdProvider(mockProfileServiceWrapper); // first request expected to fail Assert.IsFalse(aiApplicationIdProvider.TryGetApplicationId(testInstrumentationKey, out string ignore)); // wait for async tasks to complete while (aiApplicationIdProvider.IsFetchAppInProgress(testInstrumentationKey)) { Console.WriteLine("wait"); Thread.Sleep(taskWaitMilliseconds); } Assert.IsTrue(aiApplicationIdProvider.TryGetApplicationId(testInstrumentationKey, out string actual)); Assert.AreEqual(testFormattedApplicationId, actual); }
/// <summary> /// Format and store an Instrumentation Key and Application Id pair into the dictionary of known Application Ids. /// </summary> /// <param name="instrumentationKey">Instrumentation Key is expected to be a Guid string.</param> /// <param name="applicationId">Application Id is expected to be a Guid string. </param> private void FormatAndAddToDictionary(string instrumentationKey, string applicationId) { if (!string.IsNullOrEmpty(instrumentationKey) && !string.IsNullOrEmpty(applicationId)) { this.knownApplicationIds.TryAdd(instrumentationKey, ApplicationIdHelper.ApplyFormatting(applicationId)); } }
private void Verify(string input, string expectedSanitizedOutput) => Assert.AreEqual(expectedSanitizedOutput, ApplicationIdHelper.SanitizeString(input));