Enterprise Library Test Guide - Willy .Net
Enterprise Library Test Guide - Willy .Net
Enterprise Library Test Guide - Willy .Net
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
150<br />
<strong>Enterprise</strong> <strong>Library</strong> <strong>Test</strong> <strong>Guide</strong><br />
Delegates Checklist<br />
Table 37 lists the delegates recommendations.<br />
Table 37: Delegates Checklist<br />
Check<br />
Yes<br />
Description<br />
Delegates should not be accepted from untrusted sources. In <strong>Enterprise</strong> <strong>Library</strong>, it is<br />
possible to use external configuration sources. This threat is documented in the code<br />
so that users are aware of it. The following code example shows this documentation.<br />
LogEntry log = new LogEntry();<br />
log.Message = "memory leak";<br />
log.Categories.Add(DropDownList1.SelectedValue);<br />
log.Priority = 0;<br />
log.EventId = 100;<br />
log.Severity = TraceEventType.Information;<br />
FileConfigurationSource source = new<br />
// This configuration source comes from an external source.<br />
// Only use configuration sources that come from<br />
// trusted sources.<br />
FileConfigurationSource(@"c:\pag\FileSource.config");<br />
LogWriterFactory factory = new LogWriterFactory(source);<br />
LogWriter writer = factory.Create();<br />
writer.Write(log);<br />
writer.Dispose();<br />
Serialization Checklist<br />
Table 38 lists the serialization recommendations.<br />
Table 38: Serialization Checklist<br />
Check<br />
Yes<br />
Description<br />
Any type that implements the ISerializable interface or derives from such a type should<br />
protect the GetObjectData method with a serialization formatter security action. In the<br />
Security Application Block, the SyntaxException type implements the GetObjectData<br />
method and protects it with the SecurityAction.Demand enumeration. This means that<br />
all callers higher in the call stack must have been granted the permission specified by<br />
the current permission object. The following example shows how the Security Application<br />
Block protects the GetObjectData method.<br />
public class SyntaxException : Exception<br />
{<br />
[SecurityPermission(SecurityAction.Demand, SerializationFormatter=true)]<br />
public override void GetObjectData(SerializationInfo info, StreamingContext<br />
context)<br />
{<br />
base.GetObjectData(info, context);<br />
info.AddValue(IndexKey, this.index);<br />
}