tags:

views:

465

answers:

3
+5  Q: 

How to Automate Testing of Medium Trust Code

I would like to write automated tests that run in medium trust and fail if they require full trust.

I am writing a library where some functionality is only available in full trust scenarios and I want to verify that the code I wish to run in medium trust will work fine. If also want to know that if I change a class that requires full trust, that my tests will fail.

I have tried creating another AppDomain and loading the medium trust PolicyLevel, but I always get an error with assembly or its dependency could not be loaded while trying to run the cross AppDomain callback.

Is there a way to pull this off?

UPDATE: Based replies, here is what I have. Note that your class being tested must extend MarshalByRefObject. This is very limiting, but I don't see a way around it.


using System;
using System.Reflection;
using System.Security;
using System.Security.Permissions;
using Xunit;

namespace PartialTrustTest
{
    [Serializable]
    public class ClassUnderTest : MarshalByRefObject
    {
        public void PartialTrustSuccess()
        {
            Console.WriteLine( "partial trust success #1" );
        }

        public void PartialTrustFailure()
        {
            FieldInfo fi = typeof (Int32).GetField( "m_value", BindingFlags.Instance | BindingFlags.NonPublic );
            object value = fi.GetValue( 1 );
            Console.WriteLine( "value: {0}", value );
        }
    }

    public class Test
    {
        [Fact]
        public void MediumTrustWithExternalClass()
        {
            // ClassUnderTest must extend MarshalByRefObject
            var classUnderTest = MediumTrustContext.Create<ClassUnderTest>();

            classUnderTest.PartialTrustSuccess();
            Assert.Throws<FieldAccessException>( classUnderTest.PartialTrustFailure );
        }
    }

    internal static class MediumTrustContext
    {
        public static T Create<T>()
        {
            AppDomain appDomain = CreatePartialTrustDomain();
            var t = (T) appDomain.CreateInstanceAndUnwrap( typeof (T).Assembly.FullName, typeof (T).FullName );
            return t;
        }

        public static AppDomain CreatePartialTrustDomain()
        {
            var setup = new AppDomainSetup {ApplicationBase = AppDomain.CurrentDomain.BaseDirectory};
            var permissions = new PermissionSet( null );
            permissions.AddPermission( new SecurityPermission( SecurityPermissionFlag.Execution ) );
            permissions.AddPermission( new ReflectionPermission( ReflectionPermissionFlag.RestrictedMemberAccess ) );
            return AppDomain.CreateDomain( "Partial Trust AppDomain: " + DateTime.Now.Ticks, null, setup, permissions );
        }
    }
}
A: 

I have never attempted to do this, but in general, to handle assembly load failures from custom AppDomains, you can use the AppDomain.AssemblyResolve event.

Although totally unrelated, here's an example of using AppDomain.AssemblyResolve.

Mark Seemann  2009-08-12 08:38:49
A: 

The answer depends on what your code does when someone with medium trust privilege attempts to access a full trust feature. I assume some kind of exception will be thrown.

In that case, write a unit test that runs in medium trust context, attempts to access a full trust feature, and expects the exception to be thrown. If you've never written a test like this, one common way to do it that most testing frameworks will support is this:

testMediumTrustUserWontAccessFeatureX()
{
    // set up the context of your test ...

    try
    {
        accessFullTrustFeature();
        fail("Test failed - Medium trust user can access full trust feature");
    }
    catch( SomeKindOfException e )
    {
        // Success - feature was denied to the untrusted user 
    }
}

If the exception is caught, it means your untrusted user didn't get to access the feature (and the test passes) but if the exception is never caught, the test fails (we expected an exception and didn't get it).

This is java-esque pseudo code but this pattern should work in whatever language you are using assuming it support exception handling.

Justin Standard  2009-10-21 22:12:04
Yes, I expect that an exception will be thrown when code that requires full trust is run. I have not been able to implement the "// set up the context of your test ..." part of the test to establish a medium trust context for the code to run in. I have written a library and I want to verify that all of its routines will run successfully in medium trust environments.
Ian Davis  2009-10-22 13:33:20
+2  A: 

Shamelessly stolen from How to Host a Partial Trust Sandbox – #7, but reimplemented (along with a simple test case) in F# just for kicks :-)

open System
open System.Reflection
open System.Security
open System.Security.Permissions
open System.Security.Policy

type Program() =
    inherit System.MarshalByRefObject()
    member x.PartialTrustSuccess() =
        Console.WriteLine("foo")
    member x.PartialTrustFailure() =
        let field = typeof<Int32>.GetField("m_value", BindingFlags.Instance ||| BindingFlags.NonPublic)
        let value = field.GetValue(1)
        Console.WriteLine("value: {0}", value)

[<EntryPoint>]
let main _ =
    let appDomain =
        let setup = AppDomainSetup(ApplicationBase = AppDomain.CurrentDomain.BaseDirectory)
        let permissions = PermissionSet(null)
        permissions.AddPermission(SecurityPermission(SecurityPermissionFlag.Execution)) |> ignore
        permissions.AddPermission(ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess)) |> ignore
        AppDomain.CreateDomain("Partial Trust AppDomain", null, setup, permissions)

    let program = appDomain.CreateInstanceAndUnwrap(
                      typeof<Program>.Assembly.FullName,
                      typeof<Program>.FullName) :?> Program

    program.PartialTrustSuccess()

    try
        program.PartialTrustFailure()
        Console.Error.WriteLine("partial trust test failed")
    with
        | :? FieldAccessException -> ()

    0

And a C# version:

using System;
using System.Reflection;
using System.Security;
using System.Security.Permissions;
using System.Security.Policy;

namespace PartialTrustTest
{
    internal class Program : MarshalByRefObject
    {
        public void PartialTrustSuccess()
        {
            Console.WriteLine("partial trust success #1");
        }

        public void PartialTrustFailure()
        {
            FieldInfo fi = typeof(Int32).GetField("m_value", BindingFlags.Instance | BindingFlags.NonPublic);
            object value = fi.GetValue(1);
            Console.WriteLine("value: {0}", value);
        }

        private static AppDomain CreatePartialTrustDomain()
        {
            AppDomainSetup setup = new AppDomainSetup() { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory };
            PermissionSet permissions = new PermissionSet(null);
            permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
            permissions.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess));
            return AppDomain.CreateDomain("Partial Trust AppDomain", null, setup, permissions);
        }

        static void Main(string[] args)
        {
            AppDomain appDomain = CreatePartialTrustDomain();

            Program program = (Program)appDomain.CreateInstanceAndUnwrap(
                typeof(Program).Assembly.FullName,
                typeof(Program).FullName);

            program.PartialTrustSuccess();

            try
            {
                program.PartialTrustFailure();
                Console.Error.WriteLine("!!! partial trust test failed");
            }
            catch (FieldAccessException)
            {
                Console.WriteLine("partial trust success #2");
            }
        }
    }
}

 C:\temp\PartialTrustTest\bin\Debug>PartialTrustTest.exe
 partial trust success #1
 partial trust success #2
Nathan Howell  2009-11-19 07:24:06
Tried for a while, could not get a working unit test based on your code or the source material. Have you had success in putting it into a c# unit test and get tests to pass and fail appropriately?
Ian Davis  2009-11-23 22:20:14
Edited with a working C# app... tested with 3.5 SP1 and 4.0
Nathan Howell  2009-11-24 01:53:39

related questions

Reset changepassword control in ASP.Net under medium trust
ASP.NET MVC in Medium Trust
Send Email on GMail SMTP under medium trust
Running ASP.Net websites in Medium Trust environments
What application trust level is need for ASP.NET MVC framework?
NHibernate 2 + Fluent Nhibernate medium trust
Simulating Shared Hosting Trust Levels
Problems with MVC Controllers + Dependency Injection (Ninject) in medium trust
.Net Hosting (Flexable Medium Trust)
RDLC Medium Trust
nhibernate proxy generator
Redirecting from Global.asax in Medium Trust
Why does simple array and Linq generate VerificationException: Operation could destabilize the runtime
Exception When Using Entity Framework On GoDaddy
How can I hook into the current FormsAuthenticationModule in a Medium Trust environment?
What are the most common, typical things to AVOID coding into my ASP.NET app in order for it to run under Medium Trust on a shared host?
Storing temporary user files in ASP.NET in medium trust
Calling internal methods in Medium Trust
Can I make a folder writeable in Medium trust?
.NET 2.0 and MySql in medium trust mode
Options for in-process databases under medium trust
Subtext install gives error in Medium trust level.
ASP.Net Medium Trust setup
How can I determine whether a given date is in Daylight Saving Time for a given timezone in .NET 2.0?
How to write to Web.Config in Medium Trust ?