Skip to content

Commit

Permalink
Added DelegateValidator and unit tests for it.
Browse files Browse the repository at this point in the history
  • Loading branch information
yallie committed Apr 25, 2018
1 parent e143fe7 commit 288224c
Show file tree
Hide file tree
Showing 11 changed files with 398 additions and 0 deletions.
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
bin
obj
packages
.vs
*.suo
*.user
58 changes: 58 additions & 0 deletions SafeDeserializationHelpers.Tests/DelegateValidatorTests.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
namespace SafeDeserializationHelpers.Tests
{
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Text;
using Microsoft.VisualStudio.TestTools.UnitTesting;

[TestClass]
public class DelegateValidatorTests
{
[TestMethod]
public void NullDelegateIsValid()
{
// Assert.DoesNotThrow
new DelegateValidator().ValidateDelegate(null);
}

[TestMethod]
public void DelegateIsValidUnlessBlacklisted()
{
new DelegateValidator().ValidateDelegate(new Action<int>(x => { }));
}

[TestMethod, ExpectedException(typeof(UnsafeDeserializationException))]
public void SystemDiagnosticsDelegatesAreNotValid()
{
var del = new Func<string, string, Process>(Process.Start);
new DelegateValidator().ValidateDelegate(del);
}

[TestMethod, ExpectedException(typeof(UnsafeDeserializationException))]
public void SystemIODelegatesAreNotValid()
{
var del = new Action<string>(File.Delete);
new DelegateValidator().ValidateDelegate(del);
}

[TestMethod]
public void MulticastDelegatesAreValidated()
{
var del = new Func<string, string, Process>((a, b) => null);
del = Delegate.Combine(del, del, del) as Func<string, string, Process>;
new DelegateValidator().ValidateDelegate(del);
}

[TestMethod, ExpectedException(typeof(UnsafeDeserializationException))]
public void MulticastDelegatesWithSystemDiagnosticsMethodsAreNotValid()
{
var del = new Func<string, string, Process>((a, b) => null);
var start = new Func<string, string, Process>(Process.Start);
del = Delegate.Combine(del, del, start, del, del) as Func<string, string, Process>;
new DelegateValidator().ValidateDelegate(del);
}
}
}
36 changes: 36 additions & 0 deletions SafeDeserializationHelpers.Tests/Properties/AssemblyInfo.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;

// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("SafeDeserializationHelpers.Tests")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("SafeDeserializationHelpers.Tests")]
[assembly: AssemblyCopyright("Copyright © 2018")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]

// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]

// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("c808ddee-be52-4384-8376-d4966fff9438")]

// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{C808DDEE-BE52-4384-8376-D4966FFF9438}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>SafeDeserializationHelpers.Tests</RootNamespace>
<AssemblyName>SafeDeserializationHelpers.Tests</AssemblyName>
<TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<TargetFrameworkProfile />
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<Prefer32Bit>false</Prefer32Bit>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<Prefer32Bit>false</Prefer32Bit>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualStudio.QualityTools.UnitTestFramework, Version=10.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL" />
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="DelegateValidatorTests.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\SafeDeserializationHelpers\SafeDeserializationHelpers.csproj">
<Project>{06ede6b8-ff31-45e3-9efb-7c92292d2404}</Project>
<Name>SafeDeserializationHelpers</Name>
</ProjectReference>
</ItemGroup>
<ItemGroup>
<Service Include="{82A7F48D-3B50-4B1E-B82E-3ADA8210C358}" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>
31 changes: 31 additions & 0 deletions SafeDeserializationHelpers.sln
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 15
VisualStudioVersion = 15.0.27428.2027
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SafeDeserializationHelpers", "SafeDeserializationHelpers\SafeDeserializationHelpers.csproj", "{06EDE6B8-FF31-45E3-9EFB-7C92292D2404}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SafeDeserializationHelpers.Tests", "SafeDeserializationHelpers.Tests\SafeDeserializationHelpers.Tests.csproj", "{C808DDEE-BE52-4384-8376-D4966FFF9438}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{06EDE6B8-FF31-45E3-9EFB-7C92292D2404}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{06EDE6B8-FF31-45E3-9EFB-7C92292D2404}.Debug|Any CPU.Build.0 = Debug|Any CPU
{06EDE6B8-FF31-45E3-9EFB-7C92292D2404}.Release|Any CPU.ActiveCfg = Release|Any CPU
{06EDE6B8-FF31-45E3-9EFB-7C92292D2404}.Release|Any CPU.Build.0 = Release|Any CPU
{C808DDEE-BE52-4384-8376-D4966FFF9438}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{C808DDEE-BE52-4384-8376-D4966FFF9438}.Debug|Any CPU.Build.0 = Debug|Any CPU
{C808DDEE-BE52-4384-8376-D4966FFF9438}.Release|Any CPU.ActiveCfg = Release|Any CPU
{C808DDEE-BE52-4384-8376-D4966FFF9438}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {6815B225-79EF-41D2-B260-4279E8EA5E82}
EndGlobalSection
EndGlobal
66 changes: 66 additions & 0 deletions SafeDeserializationHelpers/DelegateValidator.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
namespace SafeDeserializationHelpers
{
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

/// <summary>
/// Blacklist-based delegate validator.
/// </summary>
public class DelegateValidator
{
/// <summary>
/// The default blacklist of the namespaces.
/// </summary>
private static readonly string[] DefaultBlacklistedNamespaces = new[]
{
"System.IO",
"System.Diagnostics",
};

/// <summary>
/// Initializes a new instance of the <see cref="DelegateValidator"/> class.
/// </summary>
/// <param name="blacklistedNamespaces">Namespace blacklist.</param>
public DelegateValidator(params string[] blacklistedNamespaces)
{
if (blacklistedNamespaces == null || blacklistedNamespaces.Length == 0)
{
blacklistedNamespaces = DefaultBlacklistedNamespaces;
}

BlacklistedNamespaces = new HashSet<string>(blacklistedNamespaces, StringComparer.OrdinalIgnoreCase);
}

private HashSet<string> BlacklistedNamespaces { get; }

/// <summary>
/// Validates the given delegates.
/// Throws exceptions for methods defined in the blacklisted namespaces.
/// </summary>
/// <param name="del">The delegate to validate.</param>
public void ValidateDelegate(Delegate del)
{
if (del == null)
{
return;
}

foreach (var d in del.GetInvocationList())
{
if (d == null)
{
continue;
}

var type = d.Method.DeclaringType;
if (BlacklistedNamespaces.Contains(type.Namespace))
{
var msg = $"Deserializing delegates for {type.FullName} may be unsafe.";
throw new UnsafeDeserializationException(msg);
}
}
}
}
}
9 changes: 9 additions & 0 deletions SafeDeserializationHelpers/GlobalSuppressions.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
// This file is used by Code Analysis to maintain SuppressMessage
// attributes that are applied to this project.
// Project-level suppressions either have no target or are given
// a specific target and scoped to a namespace, type, member, etc.

[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("StyleCop.CSharp.ReadabilityRules", "SA1101:Prefix local calls with this", Justification = "This is a visual garbage", Scope = "member", Target = "~M:SafeDeserializationHelpers.DelegateValidator.#ctor(System.String[])")]
[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("StyleCop.CSharp.DocumentationRules", "SA1633:File should have header", Justification = "Not necessary for this project")]
[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("StyleCop.CSharp.ReadabilityRules", "SA1101:Prefix local calls with this", Justification = "<Pending>", Scope = "member", Target = "~M:SafeDeserializationHelpers.DelegateValidator.ValidateDelegate(System.Delegate)")]

36 changes: 36 additions & 0 deletions SafeDeserializationHelpers/Properties/AssemblyInfo.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;

// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("SafeDeserializationHelpers")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("SafeDeserializationHelpers")]
[assembly: AssemblyCopyright("Copyright © 2018")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]

// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]

// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("06ede6b8-ff31-45e3-9efb-7c92292d2404")]

// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
55 changes: 55 additions & 0 deletions SafeDeserializationHelpers/SafeDeserializationHelpers.csproj
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{06EDE6B8-FF31-45E3-9EFB-7C92292D2404}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>SafeDeserializationHelpers</RootNamespace>
<AssemblyName>SafeDeserializationHelpers</AssemblyName>
<TargetFrameworkVersion>v3.5</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<RunCodeAnalysis>true</RunCodeAnalysis>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="DelegateValidator.cs" />
<Compile Include="GlobalSuppressions.cs" />
<Compile Include="UnsafeDeserializationException.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<None Include="packages.config" />
</ItemGroup>
<ItemGroup>
<Analyzer Include="..\packages\StyleCop.Analyzers.1.1.0-beta006\analyzers\dotnet\cs\StyleCop.Analyzers.CodeFixes.dll" />
<Analyzer Include="..\packages\StyleCop.Analyzers.1.1.0-beta006\analyzers\dotnet\cs\StyleCop.Analyzers.dll" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>
Loading

0 comments on commit 288224c

Please sign in to comment.