// // MonoTests.System.Security.Policy.FileCodeGroupTest // // Author: // Sebastien Pouliot // // (C) 2004 Motus Technologies Inc. (http://www.motus.com) // Copyright (C) 2004 Novell, Inc (http://www.novell.com) // // Permission is hereby granted, free of charge, to any person obtaining // a copy of this software and associated documentation files (the // "Software"), to deal in the Software without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Software, and to // permit persons to whom the Software is furnished to do so, subject to // the following conditions: // // The above copyright notice and this permission notice shall be // included in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // using NUnit.Framework; using System; using System.Collections; using System.Security; using System.Security.Policy; using System.Security.Permissions; namespace MonoTests.System.Security.Policy { [TestFixture] public class FileCodeGroupTest { [Test] [ExpectedException (typeof (ArgumentNullException))] public void Constructor_MembershipConditionNullFileIOPermissionAccess () { FileCodeGroup cg = new FileCodeGroup (null, FileIOPermissionAccess.AllAccess); } [Test] public void Constructor_AllAccess () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); Assert.IsNotNull (cg.MembershipCondition, "MembershipCondition"); Assert.IsNull (cg.PolicyStatement, "PolicyStatement"); // documented as always null Assert.IsNull (cg.AttributeString, "AttributeString"); Assert.IsNotNull (cg.PermissionSetName, "PermissionSetName"); } [Test] public void Constructor_Append () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.Append); Assert.IsNotNull (cg.MembershipCondition, "MembershipCondition"); Assert.IsNull (cg.PolicyStatement, "PolicyStatement"); // documented as always null Assert.IsNull (cg.AttributeString, "AttributeString"); Assert.IsNotNull (cg.PermissionSetName, "PermissionSetName"); } [Test] public void Constructor_NoAccess () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.NoAccess); Assert.IsNotNull (cg.MembershipCondition, "MembershipCondition"); Assert.IsNull (cg.PolicyStatement, "PolicyStatement"); // documented as always null Assert.IsNull (cg.AttributeString, "AttributeString"); Assert.IsNotNull (cg.PermissionSetName, "PermissionSetName"); } [Test] public void Constructor_PathDiscovery () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.PathDiscovery); Assert.IsNotNull (cg.MembershipCondition, "MembershipCondition"); Assert.IsNull (cg.PolicyStatement, "PolicyStatement"); // documented as always null Assert.IsNull (cg.AttributeString, "AttributeString"); Assert.IsNotNull (cg.PermissionSetName, "PermissionSetName"); } [Test] public void Constructor_Read () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.Read); Assert.IsNotNull (cg.MembershipCondition, "MembershipCondition"); Assert.IsNull (cg.PolicyStatement, "PolicyStatement"); // documented as always null Assert.IsNull (cg.AttributeString, "AttributeString"); Assert.IsNotNull (cg.PermissionSetName, "PermissionSetName"); } [Test] public void Constructor_Write () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.Write); Assert.IsNotNull (cg.MembershipCondition, "MembershipCondition"); Assert.IsNull (cg.PolicyStatement, "PolicyStatement"); // documented as always null Assert.IsNull (cg.AttributeString, "AttributeString"); Assert.IsNotNull (cg.PermissionSetName, "PermissionSetName"); } [Test] public void MergeLogic () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); Assert.AreEqual ("Union", cg.MergeLogic, "MergeLogic"); } [Test] public void Copy () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); FileCodeGroup cg2 = (FileCodeGroup) cg.Copy (); Assert.AreEqual (cg.AttributeString, cg2.AttributeString, "AttributeString"); Assert.AreEqual (cg.Children.Count, cg2.Children.Count, "Children"); Assert.AreEqual (cg.Description, cg2.Description, "Description"); Assert.AreEqual (cg.MergeLogic, cg2.MergeLogic, "MergeLogic"); Assert.AreEqual (cg.Name, cg2.Name, "Name"); Assert.AreEqual (cg.PermissionSetName, cg2.PermissionSetName, "PermissionSetName"); Assert.AreEqual (cg.ToXml ().ToString (), cg2.ToXml ().ToString (), "ToXml"); } [Test] public void CopyWithChildren () { FileCodeGroup cgChild = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); cg.AddChild (cgChild); FileCodeGroup cg2 = (FileCodeGroup) cg.Copy (); Assert.AreEqual (cg.Children.Count, cg2.Children.Count, "Children"); Assert.AreEqual (cg.ToXml ().ToString (), cg2.ToXml ().ToString (), "ToXml"); } [Test] [ExpectedException (typeof (ArgumentNullException))] public void Resolve_Null () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); cg.Resolve (null); } [Test] public void Resolve_NoMatch () { FileCodeGroup cg = new FileCodeGroup (new ZoneMembershipCondition (SecurityZone.Untrusted), FileIOPermissionAccess.AllAccess); Assert.IsNull (cg.Resolve (new Evidence ())); } [Test] public void Resolve_AllMembershipCondition_NoAccess () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.NoAccess); PolicyStatement result = cg.Resolve (new Evidence ()); Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Attributes"); Assert.AreEqual (String.Empty, result.AttributeString, "AttributeString"); Assert.IsFalse (result.PermissionSet.IsUnrestricted (), "IsUnrestricted"); Assert.AreEqual (0, result.PermissionSet.Count, "Count"); } [Test] public void Resolve_AllMembershipCondition_AllAccess () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); PolicyStatement result = cg.Resolve (new Evidence ()); Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Attributes"); Assert.AreEqual (String.Empty, result.AttributeString, "AttributeString"); Assert.IsFalse (result.PermissionSet.IsUnrestricted (), "IsUnrestricted"); Assert.AreEqual (0, result.PermissionSet.Count, "Count"); } [Test] public void Resolve_ZoneMembershipCondition_Internet () { IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.Internet); PermissionSet pset = new PermissionSet (PermissionState.Unrestricted); FileCodeGroup cg = new FileCodeGroup (mc, FileIOPermissionAccess.AllAccess); Evidence e = new Evidence (); e.AddHost (new Zone (SecurityZone.Internet)); PolicyStatement result = cg.Resolve (e); Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Internet-Attributes"); Assert.AreEqual (String.Empty, result.AttributeString, "Internet-AttributeString"); Assert.IsFalse (result.PermissionSet.IsUnrestricted (), "Internet-IsUnrestricted"); Assert.AreEqual (0, result.PermissionSet.Count, "Internet-Count"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Intranet)); Assert.IsNull (cg.Resolve (e), "Intranet"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.MyComputer)); Assert.IsNull (cg.Resolve (e), "MyComputer"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.NoZone)); Assert.IsNull (cg.Resolve (e), "NoZone"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Trusted)); Assert.IsNull (cg.Resolve (e), "Trusted"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Untrusted)); Assert.IsNull (cg.Resolve (e), "Untrusted"); } [Test] public void Resolve_ZoneMembershipCondition_Intranet () { IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.Intranet); PermissionSet pset = new PermissionSet (PermissionState.None); FileCodeGroup cg = new FileCodeGroup (mc, FileIOPermissionAccess.AllAccess); Evidence e = new Evidence (); e.AddHost (new Zone (SecurityZone.Intranet)); PolicyStatement result = cg.Resolve (e); Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Internet-Attributes"); Assert.AreEqual (String.Empty, result.AttributeString, "Internet-AttributeString"); Assert.IsFalse (result.PermissionSet.IsUnrestricted (), "Intranet-IsUnrestricted"); Assert.AreEqual (0, result.PermissionSet.Count, "Intranet-Count"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Internet)); Assert.IsNull (cg.Resolve (e), "Internet"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.MyComputer)); Assert.IsNull (cg.Resolve (e), "MyComputer"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.NoZone)); Assert.IsNull (cg.Resolve (e), "NoZone"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Trusted)); Assert.IsNull (cg.Resolve (e), "Trusted"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Untrusted)); Assert.IsNull (cg.Resolve (e), "Untrusted"); } [Test] public void Resolve_ZoneMembershipCondition_MyComputer () { IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.MyComputer); PermissionSet pset = new PermissionSet (PermissionState.Unrestricted); FileCodeGroup cg = new FileCodeGroup (mc, FileIOPermissionAccess.AllAccess); Evidence e = new Evidence (); e.AddHost (new Zone (SecurityZone.MyComputer)); PolicyStatement result = cg.Resolve (e); Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Internet-Attributes"); Assert.AreEqual (String.Empty, result.AttributeString, "Internet-AttributeString"); Assert.IsFalse (result.PermissionSet.IsUnrestricted (), "MyComputer-IsUnrestricted"); Assert.AreEqual (0, result.PermissionSet.Count, "MyComputer-Count"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Internet)); Assert.IsNull (cg.Resolve (e), "Internet"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Intranet)); Assert.IsNull (cg.Resolve (e), "Intranet"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.NoZone)); Assert.IsNull (cg.Resolve (e), "NoZone"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Trusted)); Assert.IsNull (cg.Resolve (e), "Trusted"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Untrusted)); Assert.IsNull (cg.Resolve (e), "Untrusted"); } [Test] [ExpectedException (typeof (ArgumentException))] public void Resolve_ZoneMembershipCondition_NoZone () { IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.NoZone); } [Test] public void Resolve_ZoneMembershipCondition_Trusted () { IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.Trusted); PermissionSet pset = new PermissionSet (PermissionState.Unrestricted); FileCodeGroup cg = new FileCodeGroup (mc, FileIOPermissionAccess.AllAccess); Evidence e = new Evidence (); e.AddHost (new Zone (SecurityZone.Trusted)); PolicyStatement result = cg.Resolve (e); Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Internet-Attributes"); Assert.AreEqual (String.Empty, result.AttributeString, "Internet-AttributeString"); Assert.IsFalse (result.PermissionSet.IsUnrestricted (), "Trusted-IsUnrestricted"); Assert.AreEqual (0, result.PermissionSet.Count, "Trusted-Count"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Internet)); Assert.IsNull (cg.Resolve (e), "Internet"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Intranet)); Assert.IsNull (cg.Resolve (e), "Intranet"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.MyComputer)); Assert.IsNull (cg.Resolve (e), "MyComputer"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.NoZone)); Assert.IsNull (cg.Resolve (e), "NoZone"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Untrusted)); Assert.IsNull (cg.Resolve (e), "Untrusted"); } [Test] public void Resolve_ZoneMembershipCondition_Untrusted () { IMembershipCondition mc = new ZoneMembershipCondition (SecurityZone.Untrusted); PermissionSet pset = new PermissionSet (PermissionState.None); FileCodeGroup cg = new FileCodeGroup (mc, FileIOPermissionAccess.AllAccess); Evidence e = new Evidence (); e.AddHost (new Zone (SecurityZone.Untrusted)); PolicyStatement result = cg.Resolve (e); Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Untrusted-Attributes"); Assert.AreEqual (String.Empty, result.AttributeString, "Untrusted-AttributeString"); Assert.IsFalse (result.PermissionSet.IsUnrestricted (), "Untrusted-IsUnrestricted"); Assert.AreEqual (0, result.PermissionSet.Count, "Untrusted-Count"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Internet)); Assert.IsNull (cg.Resolve (e), "Internet"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Intranet)); Assert.IsNull (cg.Resolve (e), "Intranet"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.MyComputer)); Assert.IsNull (cg.Resolve (e), "MyComputer"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.NoZone)); Assert.IsNull (cg.Resolve (e), "NoZone"); e = new Evidence (); e.AddHost (new Zone (SecurityZone.Trusted)); Assert.IsNull (cg.Resolve (e), "Trusted"); } [Test] [ExpectedException (typeof (ArgumentNullException))] public void ResolveMatchingCodeGroups_Null () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); cg.ResolveMatchingCodeGroups (null); } [Test] public void ResolveMatchingCodeGroups_NoMatch () { FileCodeGroup cg = new FileCodeGroup (new ZoneMembershipCondition (SecurityZone.Untrusted), FileIOPermissionAccess.AllAccess); Assert.IsNull (cg.ResolveMatchingCodeGroups (new Evidence ())); } [Test] public void ResolveMatchingCodeGroups_OneLevel () { FileCodeGroup level1 = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); CodeGroup match = level1.ResolveMatchingCodeGroups (new Evidence ()); Assert.IsNotNull (match, "Match"); Assert.IsTrue (match.Equals (level1, false), "Equals(false)"); Assert.IsTrue (match.Equals (level1, true), "Equals(true)"); } [Test] public void ResolveMatchingCodeGroups_TwoLevel () { FileCodeGroup level1 = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); CodeGroup level2 = level1.Copy (); level1.AddChild (level2); CodeGroup match = level1.ResolveMatchingCodeGroups (new Evidence ()); Assert.IsNotNull (match, "Match"); Assert.IsTrue (match.Equals (level1, false), "Equals(false)"); Assert.IsTrue (match.Equals (level1, true), "Equals(true)"); FileCodeGroup level2b = new FileCodeGroup (new ZoneMembershipCondition (SecurityZone.Untrusted), FileIOPermissionAccess.AllAccess); level1.AddChild (level2b); CodeGroup match2 = level1.ResolveMatchingCodeGroups (new Evidence ()); Assert.IsNotNull (match2, "Match2"); Assert.IsTrue (match2.Equals (level1, false), "Equals(false)"); Assert.IsTrue (!match2.Equals (level1, true), "Equals(true)"); } [Test] public void ResolveMatchingCodeGroups_ThreeLevel () { FileCodeGroup level1 = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); CodeGroup level2 = level1.Copy (); level1.AddChild (level2); FileCodeGroup level3 = new FileCodeGroup (new ZoneMembershipCondition (SecurityZone.Untrusted), FileIOPermissionAccess.AllAccess); level2.AddChild (level3); CodeGroup match = level1.ResolveMatchingCodeGroups (new Evidence ()); Assert.IsNotNull (match, "Match"); Assert.IsTrue (match.Equals (level1, false), "Equals(false)"); // Equals (true) isn't a deep compare (just one level) Assert.IsTrue (match.Equals (level1, true), "Equals(true)"); } [Test] public void ToXml () { FileIOPermissionAccess access = FileIOPermissionAccess.Read | FileIOPermissionAccess.Write; FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), access); string s = cg.ToXml ().ToString (); Assert.IsTrue (s.IndexOf ("Access=\"Read, Write\"") > 0, "Access='Read, Write'"); } [Test] public void ToFromXmlRoundtrip () { FileCodeGroup cg = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.AllAccess); cg.Name = "SomeName"; cg.Description = "Some Description"; Assert.IsTrue (cg.Equals (cg), "Equals (itself)"); SecurityElement se = cg.ToXml (); FileCodeGroup cg2 = new FileCodeGroup (new AllMembershipCondition (), FileIOPermissionAccess.NoAccess); cg2.Name = "SomeOtherName"; cg2.Description = "Some Other Description"; Assert.IsFalse (cg.Equals (cg2), "Equals (another)"); cg2.FromXml (se); Assert.IsTrue (cg.Equals (cg2), "Equals (FromXml)"); } } }