public void Controller_Methods_Are_EntryPoints()
{
const string code = @"
public class Foo : System.Web.Mvc.Controller
{
public void PublicFoo() { }
}
public class Controller
{
public void PublicBar() { }
}
public class MyController : Controller
{
public void PublicDiz() { }
}
";
var compilation = TestHelper.Compile(code, Verifier.SystemWebMvcAssembly);
var publicFoo = compilation.GetMethodSymbol("PublicFoo");
var publicBar = compilation.GetMethodSymbol("PublicBar");
var publicDiz = compilation.GetMethodSymbol("PublicDiz");
TaintAnalysisEntryPointDetector.IsEntryPoint(publicFoo).Should().Be(true);
TaintAnalysisEntryPointDetector.IsEntryPoint(publicBar).Should().Be(false);
TaintAnalysisEntryPointDetector.IsEntryPoint(publicDiz).Should().Be(false);
}
public void Public_Controller_Methods_Are_EntryPoints()
{
const string code = @"
public class Foo : System.Web.Mvc.Controller
{
public void PublicFoo() { }
protected void ProtectedFoo() { }
internal void InternalFoo() { }
private void PrivateFoo() { }
private class Bar : System.Web.Mvb.Controller
{
public void InnerFoo() { }
}
}
";
var compilation = TestHelper.Compile(code, Verifier.SystemWebMvcAssembly);
var publicFoo = compilation.GetMethodSymbol("PublicFoo");
var protectedFoo = compilation.GetMethodSymbol("ProtectedFoo");
var internalFoo = compilation.GetMethodSymbol("InternalFoo");
var privateFoo = compilation.GetMethodSymbol("PrivateFoo");
var innerFoo = compilation.GetMethodSymbol("InnerFoo");
TaintAnalysisEntryPointDetector.IsEntryPoint(publicFoo).Should().Be(true);
TaintAnalysisEntryPointDetector.IsEntryPoint(protectedFoo).Should().Be(false);
TaintAnalysisEntryPointDetector.IsEntryPoint(internalFoo).Should().Be(false);
TaintAnalysisEntryPointDetector.IsEntryPoint(privateFoo).Should().Be(false);
TaintAnalysisEntryPointDetector.IsEntryPoint(innerFoo).Should().Be(false);
}
public void Controller_Methods_Are_EntryPoints(string aspNetMvcVersion)
{
const string code = @"
public class Foo : System.Web.Mvc.Controller
{
public void PublicFoo() { }
}
public class Controller
{
public void PublicBar() { }
}
public class MyController : Controller
{
public void PublicDiz() { }
}
";
var compilation = TestHelper.Compile(code,
references: AssemblyReference.FromNuGet("System.Web.Mvc.dll", "Microsoft.AspNet.Mvc", aspNetMvcVersion));
var publicFoo = compilation.GetMethodSymbol("PublicFoo");
var publicBar = compilation.GetMethodSymbol("PublicBar");
var publicDiz = compilation.GetMethodSymbol("PublicDiz");
TaintAnalysisEntryPointDetector.IsEntryPoint(publicFoo).Should().Be(true);
TaintAnalysisEntryPointDetector.IsEntryPoint(publicBar).Should().Be(false);
TaintAnalysisEntryPointDetector.IsEntryPoint(publicDiz).Should().Be(false);
}
public void Public_Controller_Methods_Are_EntryPoints(string aspNetMvcVersion)
{
const string code = @"
public class Foo : System.Web.Mvc.Controller
{
public void PublicFoo() { }
protected void ProtectedFoo() { }
internal void InternalFoo() { }
private void PrivateFoo() { }
private class Bar : System.Web.Mvb.Controller
{
public void InnerFoo() { }
}
}
";
var compilation = TestHelper.Compile(code,
references: AssemblyReference.FromNuGet("System.Web.Mvc.dll", "Microsoft.AspNet.Mvc", aspNetMvcVersion));
var publicFoo = compilation.GetMethodSymbol("PublicFoo");
var protectedFoo = compilation.GetMethodSymbol("ProtectedFoo");
var internalFoo = compilation.GetMethodSymbol("InternalFoo");
var privateFoo = compilation.GetMethodSymbol("PrivateFoo");
var innerFoo = compilation.GetMethodSymbol("InnerFoo");
TaintAnalysisEntryPointDetector.IsEntryPoint(publicFoo).Should().Be(true);
TaintAnalysisEntryPointDetector.IsEntryPoint(protectedFoo).Should().Be(false);
TaintAnalysisEntryPointDetector.IsEntryPoint(internalFoo).Should().Be(false);
TaintAnalysisEntryPointDetector.IsEntryPoint(privateFoo).Should().Be(false);
TaintAnalysisEntryPointDetector.IsEntryPoint(innerFoo).Should().Be(false);
}
public void Methods_In_Classes_With_ControllerAttribute_Are_EntryPoints()
{
const string code = @"
// The Attribute suffix is required because we don't have a reference
// to ASP.NET Core and we cannot do type checking in the test project.
// We will need to convert this test project to .NET Core to do that.
[Microsoft.AspNetCore.Mvc.ControllerAttribute]
public class Foo
{
public void PublicFoo() { }
}
";
var compilation = TestHelper.Compile(code, Verifier.SystemWebMvcAssembly);
var publicFoo = compilation.GetMethodSymbol("PublicFoo");
TaintAnalysisEntryPointDetector.IsEntryPoint(publicFoo).Should().Be(true);
}
public void Methods_In_Classes_With_NonControllerAttribute_Are_Not_EntryPoints(string aspNetMvcVersion)
{
const string code = @"
// The Attribute suffix is required because we don't have a reference
// to ASP.NET Core and we cannot do type checking in the test project.
// We will need to convert this test project to .NET Core to do that.
[Microsoft.AspNetCore.Mvc.NonControllerAttribute]
public class Foo : Microsoft.AspNetCore.Mvc.ControllerBase
{
public void PublicFoo() { }
}
";
var compilation = TestHelper.Compile(code,
references: AssemblyReference.FromNuGet("System.Web.Mvc.dll", "Microsoft.AspNet.Mvc", aspNetMvcVersion));
var publicFoo = compilation.GetMethodSymbol("PublicFoo");
TaintAnalysisEntryPointDetector.IsEntryPoint(publicFoo).Should().Be(false);
}