forked from zzzprojects/System.Linq.Dynamic.Core
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSecurityTests.cs
More file actions
67 lines (56 loc) · 2.43 KB
/
SecurityTests.cs
File metadata and controls
67 lines (56 loc) · 2.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
using System.IO;
using System.Linq.Dynamic.Core.Exceptions;
using System.Net;
using System.Reflection;
using FluentAssertions;
using Xunit;
namespace System.Linq.Dynamic.Core.Tests;
public class SecurityTests
{
class Message
{
public string Sender { get; }
public string Receiver { get; }
public Message(string sender, string receiver)
{
Sender = sender;
Receiver = receiver;
}
}
[Fact]
public void MethodsShouldOnlyBeCallableOnPredefinedTypes_Test1()
{
// Arrange
var baseQuery = new[] { 1, 2, 3 }.AsQueryable();
string predicate = "\"\".GetType().Assembly.DefinedTypes.Where(it.name == \"Assembly\").First().DeclaredMethods.Where(it.Name == \"GetName\").First().Invoke(\"\".GetType().Assembly, new Object[] {} ).Name.ToString() != \"Test\"";
// Act
Action action = () => baseQuery.OrderBy(predicate);
// Assert
action.Should().Throw<ParseException>().WithMessage("Methods on type 'MethodBase' are not accessible");
}
[Fact]
public void MethodsShouldOnlyBeCallableOnPredefinedTypes_Test2()
{
// Arrange
var messages = new[]
{
new Message("Alice", "Bob"),
new Message("Bob", "Alice")
}.AsQueryable();
Action action = () => messages.Where(
"\"\".GetType().Assembly.GetType(\"System.AppDomain\").GetMethods()[104].Invoke(\"\".GetType().Assembly.GetType(\"System.AppDomain\").GetProperty(\"CurrentDomain\").GetValue(null), \"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;System.Diagnostics.Process\".Split(\";\".ToCharArray())).GetType().GetMethods()[80].Invoke(null, \"cmd;/T:4A /K whoami && echo was HACKED\".Split(\";\".ToCharArray()))"
);
// Assert
action.Should().Throw<ParseException>().WithMessage($"Methods on type 'Assembly' are not accessible");
}
[Theory]
[InlineData(typeof(FileStream), "Close()", "Stream")]
[InlineData(typeof(Assembly), "GetName().Name.ToString()", "Assembly")]
public void DynamicExpressionParser_ParseLambda_IllegalMethodCall_ThrowsException(Type itType, string expression, string type)
{
// Act
Action action = () => DynamicExpressionParser.ParseLambda(itType, null, expression);
// Assert
action.Should().Throw<ParseException>().WithMessage($"Methods on type '{type}' are not accessible");
}
}