From 0306acdbe6a34f322777afc81a81ac70e99c2f42 Mon Sep 17 00:00:00 2001 From: MaxXor Date: Fri, 31 Jul 2015 10:01:41 +0200 Subject: [PATCH] Improved validating of executable files - improved unit tests with categories - removed validating of batch files, we can not really validate them --- Client.Tests/Client.Tests.csproj | 2 +- .../Core/Commands/MiscHandler.Tests.cs | 48 ------------------- .../Core/Compression/JpgCompression.Tests.cs | 2 +- .../Core/Compression/SafeQuickLZ.Tests.cs | 12 ++--- Client.Tests/Core/Encryption/AES.Tests.cs | 4 +- Client.Tests/Core/Encryption/SHA256.Tests.cs | 2 +- Client.Tests/Core/Helper/FileHelper.Tests.cs | 38 +++++++++++++++ Client/Core/Commands/MiscHandler.cs | 13 +---- Client/Core/Helper/FileHelper.cs | 6 +++ Server/Forms/FrmMain.cs | 2 +- 10 files changed, 56 insertions(+), 73 deletions(-) delete mode 100644 Client.Tests/Core/Commands/MiscHandler.Tests.cs create mode 100644 Client.Tests/Core/Helper/FileHelper.Tests.cs diff --git a/Client.Tests/Client.Tests.csproj b/Client.Tests/Client.Tests.csproj index bf332bf1..5b750f9b 100644 --- a/Client.Tests/Client.Tests.csproj +++ b/Client.Tests/Client.Tests.csproj @@ -54,7 +54,7 @@ - + diff --git a/Client.Tests/Core/Commands/MiscHandler.Tests.cs b/Client.Tests/Core/Commands/MiscHandler.Tests.cs deleted file mode 100644 index 682e1778..00000000 --- a/Client.Tests/Core/Commands/MiscHandler.Tests.cs +++ /dev/null @@ -1,48 +0,0 @@ -using Microsoft.VisualStudio.TestTools.UnitTesting; -using xClient.Core.Commands; - -namespace xClient.Tests.Core.Compression -{ - [TestClass] - public class MiscHandlerTests - { - [TestMethod] - public void UploadValidBatch() - { - var bytes = new byte[2]; - bytes[0] = 101; - bytes[1] = 99; - var command = new xClient.Core.Packets.ServerPackets.DoUploadAndExecute(1, "bat.bat", bytes, 100, 0, false); - - var result = CommandHandler.IsValidExecuteFile(command); - - Assert.IsTrue(result, "Uploading a .bat file failed!"); - } - - [TestMethod] - public void UploadValidExe() - { - var bytes = new byte[2]; - bytes[0] = 77; - bytes[1] = 90; - var command = new xClient.Core.Packets.ServerPackets.DoUploadAndExecute(1, "bat.bat", bytes, 100, 0, false); - - var result = CommandHandler.IsValidExecuteFile(command); - - Assert.IsTrue(result, "Uploading a .exe file failed!"); - } - - [TestMethod] - public void UploadInValidFile() - { - var bytes = new byte[2]; - bytes[0] = 22; - bytes[1] = 93; - var command = new xClient.Core.Packets.ServerPackets.DoUploadAndExecute(1, "bat.bat", bytes, 100, 0, false); - - var result = CommandHandler.IsValidExecuteFile(command); - - Assert.IsFalse(result, "Uploading an invalid file worked!"); - } - } -} \ No newline at end of file diff --git a/Client.Tests/Core/Compression/JpgCompression.Tests.cs b/Client.Tests/Core/Compression/JpgCompression.Tests.cs index 17cc8c47..ecd9b305 100644 --- a/Client.Tests/Core/Compression/JpgCompression.Tests.cs +++ b/Client.Tests/Core/Compression/JpgCompression.Tests.cs @@ -8,7 +8,7 @@ namespace xClient.Tests.Core.Compression [TestClass] public class JpgCompressionTests { - [TestMethod] + [TestMethod, TestCategory("Compression")] public void CompressionTest() { var quality = Int64.MaxValue; diff --git a/Client.Tests/Core/Compression/SafeQuickLZ.Tests.cs b/Client.Tests/Core/Compression/SafeQuickLZ.Tests.cs index 1fef6496..70a10069 100644 --- a/Client.Tests/Core/Compression/SafeQuickLZ.Tests.cs +++ b/Client.Tests/Core/Compression/SafeQuickLZ.Tests.cs @@ -11,8 +11,7 @@ public class SafeQuickLZTests * Purpose: To validate a small amount of data after compression/decompression * using SafeQuickLZ with level 1 compression. */ - [TestMethod] - [TestCategory("Compression")] + [TestMethod, TestCategory("Compression")] public void SmallDataCompressionTestLevel1() { SafeQuickLZ safeQuickLZtest = new SafeQuickLZ(); @@ -40,8 +39,7 @@ public void SmallDataCompressionTestLevel1() * Purpose: To validate a small amount of data after compression/decompression * using SafeQuickLZ with level 3 compression. */ - [TestMethod] - [TestCategory("Compression")] + [TestMethod, TestCategory("Compression")] public void SmallDataCompressionTestLevel3() { SafeQuickLZ safeQuickLZtest = new SafeQuickLZ(); @@ -69,8 +67,7 @@ public void SmallDataCompressionTestLevel3() * Purpose: To validate a large amount of data after compression/decompression * using SafeQuickLZ with level 1 compression. */ - [TestMethod] - [TestCategory("Compression")] + [TestMethod, TestCategory("Compression")] public void BigDataCompressionTestLevel1() { SafeQuickLZ safeQuickLZtest = new SafeQuickLZ(); @@ -98,8 +95,7 @@ public void BigDataCompressionTestLevel1() * Purpose: To validate a large amount of data after compression/decompression * using SafeQuickLZ with level 3 compression. */ - [TestMethod] - [TestCategory("Compression")] + [TestMethod, TestCategory("Compression")] public void BigDataCompressionTestLevel3() { SafeQuickLZ safeQuickLZtest = new SafeQuickLZ(); diff --git a/Client.Tests/Core/Encryption/AES.Tests.cs b/Client.Tests/Core/Encryption/AES.Tests.cs index a1ce5c45..2cf8a5e5 100644 --- a/Client.Tests/Core/Encryption/AES.Tests.cs +++ b/Client.Tests/Core/Encryption/AES.Tests.cs @@ -8,7 +8,7 @@ namespace xClient.Tests.Core.Encryption [TestClass] public class AESTests { - [TestMethod] + [TestMethod, TestCategory("Encryption")] public void EncryptAndDecryptStringTest() { var input = FileHelper.GetRandomFilename(100); @@ -23,7 +23,7 @@ public void EncryptAndDecryptStringTest() Assert.AreEqual(input, decrypted); } - [TestMethod] + [TestMethod, TestCategory("Encryption")] public void EncryptAndDecryptByteArrayTest() { var input = FileHelper.GetRandomFilename(100); diff --git a/Client.Tests/Core/Encryption/SHA256.Tests.cs b/Client.Tests/Core/Encryption/SHA256.Tests.cs index fb92db00..02748a78 100644 --- a/Client.Tests/Core/Encryption/SHA256.Tests.cs +++ b/Client.Tests/Core/Encryption/SHA256.Tests.cs @@ -7,7 +7,7 @@ namespace xClient.Tests.Core.Encryption [TestClass] public class SHA256Tests { - [TestMethod] + [TestMethod, TestCategory("Encryption")] public void ComputeHashTest() { var input = FileHelper.GetRandomFilename(100); diff --git a/Client.Tests/Core/Helper/FileHelper.Tests.cs b/Client.Tests/Core/Helper/FileHelper.Tests.cs new file mode 100644 index 00000000..5ece9547 --- /dev/null +++ b/Client.Tests/Core/Helper/FileHelper.Tests.cs @@ -0,0 +1,38 @@ +using Microsoft.VisualStudio.TestTools.UnitTesting; +using xClient.Core.Helper; + +namespace xClient.Tests.Core.Helper +{ + [TestClass] + public class FileHelperTests + { + [TestMethod, TestCategory("Helper")] + public void RandomFilenameTest() + { + int length = 100; + var name = FileHelper.GetRandomFilename(length); + Assert.IsNotNull(name); + Assert.IsTrue(name.Length == length, "Filename has wrong length!"); + } + + [TestMethod, TestCategory("Helper")] + public void ValidateExecutableTest() + { + var bytes = new byte[] {77, 90}; + + var result = FileHelper.IsValidExecuteableFile(bytes); + + Assert.IsTrue(result, "Validating a .exe file failed!"); + } + + [TestMethod, TestCategory("Helper")] + public void ValidateInvalidFileTest() + { + var bytes = new byte[] {22, 93}; + + var result = FileHelper.IsValidExecuteableFile(bytes); + + Assert.IsFalse(result, "Validating an invalid file worked!"); + } + } +} \ No newline at end of file diff --git a/Client/Core/Commands/MiscHandler.cs b/Client/Core/Commands/MiscHandler.cs index 2a942027..52d0f152 100644 --- a/Client/Core/Commands/MiscHandler.cs +++ b/Client/Core/Commands/MiscHandler.cs @@ -75,7 +75,8 @@ public static void HandleDoUploadAndExecute(Packets.ServerPackets.DoUploadAndExe try { - if (!IsValidExecuteFile(command)) throw new Exception("File type is not valid"); + if (command.CurrentBlock == 0 && Path.GetExtension(command.FileName) == ".exe" && !FileHelper.IsValidExecuteableFile(command.Block)) + throw new Exception("No executable file"); FileSplit destFile = new FileSplit(filePath); @@ -156,15 +157,5 @@ public static void HandleDoShowMessageBox(Packets.ServerPackets.DoShowMessageBox new Packets.ClientPackets.SetStatus("Showed Messagebox").Execute(client); } - - public static bool IsValidExecuteFile(Packets.ServerPackets.DoUploadAndExecute command) - { - if (command.CurrentBlock == 0 && command.Block[0] != 'M' && command.Block[1] != 'Z' && - command.CurrentBlock == 0 && command.Block[0] != 'e' && command.Block[1] != 'c') - return false; - - return true; - } - } } \ No newline at end of file diff --git a/Client/Core/Helper/FileHelper.cs b/Client/Core/Helper/FileHelper.cs index 13a2e0f2..afae4d42 100644 --- a/Client/Core/Helper/FileHelper.cs +++ b/Client/Core/Helper/FileHelper.cs @@ -16,5 +16,11 @@ public static string GetRandomFilename(int length, string extension = "") return string.Concat(randomName.ToString(), extension); } + + public static bool IsValidExecuteableFile(byte[] block) + { + if (block.Length < 2) return false; + return (block[0] == 'M' && block[1] == 'Z') || (block[0] == 'Z' && block[1] == 'M'); + } } } diff --git a/Server/Forms/FrmMain.cs b/Server/Forms/FrmMain.cs index 62da76ca..59eb4cd9 100644 --- a/Server/Forms/FrmMain.cs +++ b/Server/Forms/FrmMain.cs @@ -647,7 +647,7 @@ private void ctxtLocalFile_Click(object sender, EventArgs e) foreach (Client c in GetSelectedClients()) { if (c == null) continue; - if(error) continue; + if (error) continue; FileSplit srcFile = new FileSplit(UploadAndExecute.FilePath); if (srcFile.MaxBlocks < 0)