Enterprise Library Test Guide - Willy .Net
Enterprise Library Test Guide - Willy .Net
Enterprise Library Test Guide - Willy .Net
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
144<br />
<strong>Enterprise</strong> <strong>Library</strong> <strong>Test</strong> <strong>Guide</strong><br />
Check<br />
Yes<br />
Description<br />
Assemblies can include declarative security attributes that are implemented with the<br />
.NET Framework SecurityAction.RequestMinimum enumeration. This enumeration<br />
requests the minimum permissions required for the code to run. The run time loads the<br />
assemblies only if the security policy can grant them the permissions they need. Additionally,<br />
specifying the necessary permission level in the code lets administrators know<br />
what the application needs to successfully load. The following example shows how the<br />
Logging Application Block’s AssemblyInfo.cs file requests permissions.<br />
[assembly: ReflectionPermission(SecurityAction.RequestMinimum, Flags =<br />
ReflectionPermissionFlag.MemberAccess)]<br />
[assembly: FileIOPermission(SecurityAction.RequestMinimum)]<br />
[assembly: EventLogPermission(SecurityAction.RequestMinimum)]<br />
[assembly: MessageQueuePermission(SecurityAction.RequestMinimum, Unrestricted<br />
= true)]<br />
[assembly: PerformanceCounterPermission(SecurityAction.RequestMinimum)]<br />
Class-level Checklist<br />
Table 33 lists the class-level recommendations.<br />
Table 33: Class-level Checklist<br />
Check<br />
Yes<br />
Yes<br />
Yes<br />
Description<br />
Restrict the visibility of classes and their members. Use the most restrictive access<br />
modifier you can. Use private where possible.<br />
Seal non-base classes.<br />
Validate all input that originates outside of the current trust boundary. Check the input<br />
to see that it is the proper type, length, format, and range. The following example shows<br />
how the Logging Application Block checks the input for non-NULL values and valid files.<br />
Public FileConfigurationSource(string configurationFilepath)<br />
{<br />
if (string.IsNullOrEmpty(configurationFilepath)) throw new<br />
ArgumentException(Resources.ExceptionStringNullOrEmpty,<br />
"configurationFilepath");<br />
this.configurationFilepath =<br />
RootConfigurationFilePath(configurationFilepath);<br />
}<br />
if (!File.Exists(this.configurationFilepath)) throw new<br />
FileNotFoundException(string.Format(Resources.Culture,<br />
Resources.ExceptionConfigurationLoadFileNotFound,<br />
this.configurationFilepath));<br />
EnsureImplementation(this.configurationFilepath);