Archive

Archive for the ‘C#’ Category

Silverlight 3.0 Datagrid – How to change a cell state?

February 13th, 2010 Comments off

Hi Syam Pinnaka, Sr. SDE in Infosec tools team.

Silverlight 3.0 datagrid can be used to bind to any enumerable collection and display the data in the grid. The data changes in the grid can be propagated back to the bound data using a special type in silverlight called ObservableCollection. We will discuss more about ObservableCollection in a separate post. In this post Lets see how to change a datagrid cell state based on certain condition. For example lets say there are two DataGridCheckBoxColumn columns and first check box column state will need to change to read-only based on the value of second check box column.

We can accomplish this by handling datagrid events like BeginningEdit or CellEditEnded. In our example, we can use BeginningEdit to check for checkbox whether the checkbox being clicked is first one, if so check the state of second check box to allow the click or not. Example code below.

#region selectUsersGrid_BeginningEdit
private void selectUsersGrid_BeginningEdit(object sender, DataGridBeginningEditEventArgs e)
{
    if (e.Column.DisplayIndex == 0) //First DataGridCheckBoxColumn
    {
        User u = e.Row.DataContext as User; //fetch the row data.
        if (u.IsMember == false) //examine the second checkbox data, do not allow if its false
        {
            e.Cancel = true;
        }
    }
}
#endregion

The same effect can be accomplished in some other ways. For example we can use CellEditEnded instead of BeginningEdit. In CellEditEnded, check for second check box state and mark first one as read-only when required. Example code below.

#region selectUsersGrid_CellEditEnded
private void selectUsersGrid_CellEditEnded(object sender, DataGridCellEditEndedEventArgs e)
{
    if (e.Column.DisplayIndex == 1) //Second check box state changed.
    {
        User u = e.Row.DataContext as User; //fetch the row data
        if (u.IsMember == false) //This is not a member, Clear IsDeny (make first check box as read-only)
            u.IsDeny = false;
    }
}
#endregion

One point to note in the above two code snippets is that, we are modifying the data (binding) to alter the cell state instead of cell itself. This becomes essential when we waned to change state that is not related to data, for example lets say background color of the cell. this can be accomplished as below.

 

#region selectUsersGrid_CellEditEnded
private void selectUsersGrid_CellEditEnded(object sender, DataGridCellEditEndedEventArgs e)
{
    if (e.Column.DisplayIndex == 1) //Second check box state changed.
    {

FrameworkElement firstCheckbox = e.Column.GetCellContent(e.Row);
if (firstCheckbox is CheckBox)
{
    CheckBox c = firstCheckbox as CheckBox;
    c.Background = new SolidColorBrush(Colors.Red);
}

    }
}
#endregion

 

This is about it for now, We will talk more silverlight during coming posts. Feel free to contact me at syamp@microsoft.com if you have any questions about the above post.

Happy coding!

Categories: ASP.NET, C#, SilverLight, Visual Studio Tags:

Silverlight 3.0 Datagrid – How to change a cell state?

February 13th, 2010 No comments

Hi Syam Pinnaka, Sr. SDE in Infosec tools team.

Silverlight 3.0 datagrid can be used to bind to any enumerable collection and display the data in the grid. The data changes in the grid can be propagated back to the bound data using a special type in silverlight called ObservableCollection. We will discuss more about ObservableCollection in a separate post. In this post Lets see how to change a datagrid cell state based on certain condition. For example lets say there are two DataGridCheckBoxColumn columns and first check box column state will need to change to read-only based on the value of second check box column.

We can accomplish this by handling datagrid events like BeginningEdit or CellEditEnded. In our example, we can use BeginningEdit to check for checkbox whether the checkbox being clicked is first one, if so check the state of second check box to allow the click or not. Example code below.

#region selectUsersGrid_BeginningEdit
private void selectUsersGrid_BeginningEdit(object sender, DataGridBeginningEditEventArgs e)
{
    if (e.Column.DisplayIndex == 0) //First DataGridCheckBoxColumn
    {
        User u = e.Row.DataContext as User; //fetch the row data.
        if (u.IsMember == false) //examine the second checkbox data, do not allow if its false
        {
            e.Cancel = true;
        }
    }
}
#endregion

The same effect can be accomplished in some other ways. For example we can use CellEditEnded instead of BeginningEdit. In CellEditEnded, check for second check box state and mark first one as read-only when required. Example code below.

#region selectUsersGrid_CellEditEnded
private void selectUsersGrid_CellEditEnded(object sender, DataGridCellEditEndedEventArgs e)
{
    if (e.Column.DisplayIndex == 1) //Second check box state changed.
    {
        User u = e.Row.DataContext as User; //fetch the row data
        if (u.IsMember == false) //This is not a member, Clear IsDeny (make first check box as read-only)
            u.IsDeny = false;
    }
}
#endregion

One point to note in the above two code snippets is that, we are modifying the data (binding) to alter the cell state instead of cell itself. This becomes essential when we waned to change state that is not related to data, for example lets say background color of the cell. this can be accomplished as below.

 

#region selectUsersGrid_CellEditEnded
private void selectUsersGrid_CellEditEnded(object sender, DataGridCellEditEndedEventArgs e)
{
    if (e.Column.DisplayIndex == 1) //Second check box state changed.
    {

FrameworkElement firstCheckbox = e.Column.GetCellContent(e.Row);
if (firstCheckbox is CheckBox)
{
    CheckBox c = firstCheckbox as CheckBox;
    c.Background = new SolidColorBrush(Colors.Red);
}

    }
}
#endregion

 

This is about it for now, We will talk more silverlight during coming posts. Feel free to contact me at syamp@microsoft.com if you have any questions about the above post.

Happy coding!

Categories: ASP.NET, C#, SilverLight, Visual Studio Tags:

Silverlight 3.0 Datagrid – How to change a cell state?

February 13th, 2010 No comments

Hi Syam Pinnaka, Sr. SDE in Infosec tools team.

Silverlight 3.0 datagrid can be used to bind to any enumerable collection and display the data in the grid. The data changes in the grid can be propagated back to the bound data using a special type in silverlight called ObservableCollection. We will discuss more about ObservableCollection in a separate post. In this post Lets see how to change a datagrid cell state based on certain condition. For example lets say there are two DataGridCheckBoxColumn columns and first check box column state will need to change to read-only based on the value of second check box column.

We can accomplish this by handling datagrid events like BeginningEdit or CellEditEnded. In our example, we can use BeginningEdit to check for checkbox whether the checkbox being clicked is first one, if so check the state of second check box to allow the click or not. Example code below.

#region selectUsersGrid_BeginningEdit
private void selectUsersGrid_BeginningEdit(object sender, DataGridBeginningEditEventArgs e)
{
    if (e.Column.DisplayIndex == 0) //First DataGridCheckBoxColumn
    {
        User u = e.Row.DataContext as User; //fetch the row data.
        if (u.IsMember == false) //examine the second checkbox data, do not allow if its false
        {
            e.Cancel = true;
        }
    }
}
#endregion

The same effect can be accomplished in some other ways. For example we can use CellEditEnded instead of BeginningEdit. In CellEditEnded, check for second check box state and mark first one as read-only when required. Example code below.

#region selectUsersGrid_CellEditEnded
private void selectUsersGrid_CellEditEnded(object sender, DataGridCellEditEndedEventArgs e)
{
    if (e.Column.DisplayIndex == 1) //Second check box state changed.
    {
        User u = e.Row.DataContext as User; //fetch the row data
        if (u.IsMember == false) //This is not a member, Clear IsDeny (make first check box as read-only)
            u.IsDeny = false;
    }
}
#endregion

One point to note in the above two code snippets is that, we are modifying the data (binding) to alter the cell state instead of cell itself. This becomes essential when we waned to change state that is not related to data, for example lets say background color of the cell. this can be accomplished as below.

 

#region selectUsersGrid_CellEditEnded
private void selectUsersGrid_CellEditEnded(object sender, DataGridCellEditEndedEventArgs e)
{
    if (e.Column.DisplayIndex == 1) //Second check box state changed.
    {

FrameworkElement firstCheckbox = e.Column.GetCellContent(e.Row);
if (firstCheckbox is CheckBox)
{
    CheckBox c = firstCheckbox as CheckBox;
    c.Background = new SolidColorBrush(Colors.Red);
}

    }
}
#endregion

 

This is about it for now, We will talk more silverlight during coming posts. Feel free to contact me at syamp@microsoft.com if you have any questions about the above post.

Happy coding!

Categories: ASP.NET, C#, SilverLight, Visual Studio Tags:

How To: Use CAT.NET 2.0 Beta

February 5th, 2010 Comments off

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET.

You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

* You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please be aware.*

After the installation open up Visual Studio 2010 command prompt in *Administrator* mode by going to Start -> All Programs -> Microsoft Visual Studio 2010 -> Visual Studio Tools -> Visual Studio 2008 Command Prompt. At the command prompt type “sn -Vr *,b03f5f7f11d50a3a” to skip strong name verification for fxcop assemblies.

*Note sn this step will be fixed in a an incremental build very soon*

image_thumb

 

You can run CAT.NET as FXcop rules from FXCop GUI or FXCopcmd.exe

1. Start FxCop by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop. This will bring up the UI with CAT.NET rules loaded.

 

image_thumb1

2. Right click “My FxCop Project” and select “Add Targets” to browse and add a target to analyze.

image_thumb2

3. Click on the “Rules” tab to select appropriate rules.

image_thumb3

 
Note: Sometimes FxCop UI does not display any results after selecting both rules. Workaround is to select configuration rules or data flow rules and alternate the selection after analysis.

4. After selecting a target, click the “Analyze” button in toolbar or just press F5 to start the analysis.

5. Review the results in the window on the right.

6. You can also run the analysis using the FxCop command line tool. Open FxCop Command line tool by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop Command Prompt. This will run the command line tool and display all the existing command line switches.

7. You can start analysis by using /console and /file switches. /console switch displays error in the console and /file switch specifies which file to analyze. Ex: FxCopCmd.exe /console /file:"C:\AntiXss\Sample Application\bin\SampleApp.dll"

image_thumb4

 

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

How To: Use CAT.NET 2.0 Beta

February 5th, 2010 No comments

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET.

You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

* You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please be aware.*

After the installation open up Visual Studio 2010 command prompt in *Administrator* mode by going to Start -> All Programs -> Microsoft Visual Studio 2010 -> Visual Studio Tools -> Visual Studio 2008 Command Prompt. At the command prompt type “sn -Vr *,b03f5f7f11d50a3a” to skip strong name verification for fxcop assemblies.

*Note sn this step will be fixed in a an incremental build very soon*

image_thumb

 

You can run CAT.NET as FXcop rules from FXCop GUI or FXCopcmd.exe

1. Start FxCop by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop. This will bring up the UI with CAT.NET rules loaded.

 

image_thumb1

2. Right click “My FxCop Project” and select “Add Targets” to browse and add a target to analyze.

image_thumb2

3. Click on the “Rules” tab to select appropriate rules.

image_thumb3

 
Note: Sometimes FxCop UI does not display any results after selecting both rules. Workaround is to select configuration rules or data flow rules and alternate the selection after analysis.

4. After selecting a target, click the “Analyze” button in toolbar or just press F5 to start the analysis.

5. Review the results in the window on the right.

6. You can also run the analysis using the FxCop command line tool. Open FxCop Command line tool by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop Command Prompt. This will run the command line tool and display all the existing command line switches.

7. You can start analysis by using /console and /file switches. /console switch displays error in the console and /file switch specifies which file to analyze. Ex: FxCopCmd.exe /console /file:"C:\AntiXss\Sample Application\bin\SampleApp.dll"

image_thumb4

 

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

How To: Use CAT.NET 2.0 Beta

February 5th, 2010 No comments

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET.

You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

* You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please be aware.*

After the installation open up Visual Studio 2010 command prompt in *Administrator* mode by going to Start -> All Programs -> Microsoft Visual Studio 2010 -> Visual Studio Tools -> Visual Studio 2008 Command Prompt. At the command prompt type “sn -Vr *,b03f5f7f11d50a3a” to skip strong name verification for fxcop assemblies.

*Note sn this step will be fixed in a an incremental build very soon*

image_thumb

 

You can run CAT.NET as FXcop rules from FXCop GUI or FXCopcmd.exe

1. Start FxCop by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop. This will bring up the UI with CAT.NET rules loaded.

 

image_thumb1

2. Right click “My FxCop Project” and select “Add Targets” to browse and add a target to analyze.

image_thumb2

3. Click on the “Rules” tab to select appropriate rules.

image_thumb3

 
Note: Sometimes FxCop UI does not display any results after selecting both rules. Workaround is to select configuration rules or data flow rules and alternate the selection after analysis.

4. After selecting a target, click the “Analyze” button in toolbar or just press F5 to start the analysis.

5. Review the results in the window on the right.

6. You can also run the analysis using the FxCop command line tool. Open FxCop Command line tool by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop Command Prompt. This will run the command line tool and display all the existing command line switches.

7. You can start analysis by using /console and /file switches. /console switch displays error in the console and /file switch specifies which file to analyze. Ex: FxCopCmd.exe /console /file:"C:AntiXssSample ApplicationbinSampleApp.dll"

image_thumb4

 

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

How To: Use CAT.NET V2.0 Beta

February 5th, 2010 No comments

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET.

You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

* You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please be aware.*

After the installation open up Visual Studio 2010 command prompt in *Administrator* mode by going to Start -> All Programs -> Microsoft Visual Studio 2010 -> Visual Studio Tools -> Visual Studio 2008 Command Prompt. At the command prompt type “sn -Vr *,b03f5f7f11d50a3a” to skip strong name verification for fxcop assemblies.

image

You can run CAT.NET as FXcop rules from FXCop GUI or FXCopcmd.exe

1. Start FxCop by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop. This will bring up the UI with CAT.NET rules loaded.

image

2. Right click “My FxCop Project” and select “Add Targets” to browse and add a target to analyze.

image

3. Click on the “Rules” tab to select appropriate rules.

image
Note: Sometimes FxCop UI does not display any results after selecting both rules. Workaround is to select configuration rules or data flow rules and alternate the selection after analysis.

4. After selecting a target, click the “Analyze” button in toolbar or just press F5 to start the analysis.

5. Review the results in the window on the right.

6. You can also run the analysis using the FxCop command line tool. Open FxCop Command line tool by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop Command Prompt. This will run the command line tool and display all the existing command line switches.

7. You can start analysis by using /console and /file switches. /console switch displays error in the console and /file switch specifies which file to analyze. Ex: FxCopCmd.exe /console /file:"C:\AntiXss\Sample Application\bin\SampleApp.dll"

image

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

How To: Use CAT.NET V2.0 Beta

February 5th, 2010 No comments

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET.

You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

* You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please be aware.*

After the installation open up Visual Studio 2010 command prompt in *Administrator* mode by going to Start -> All Programs -> Microsoft Visual Studio 2010 -> Visual Studio Tools -> Visual Studio 2008 Command Prompt. At the command prompt type “sn -Vr *,b03f5f7f11d50a3a” to skip strong name verification for fxcop assemblies.

image

You can run CAT.NET as FXcop rules from FXCop GUI or FXCopcmd.exe

1. Start FxCop by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop. This will bring up the UI with CAT.NET rules loaded.

image

2. Right click “My FxCop Project” and select “Add Targets” to browse and add a target to analyze.

image

3. Click on the “Rules” tab to select appropriate rules.

image
Note: Sometimes FxCop UI does not display any results after selecting both rules. Workaround is to select configuration rules or data flow rules and alternate the selection after analysis.

4. After selecting a target, click the “Analyze” button in toolbar or just press F5 to start the analysis.

5. Review the results in the window on the right.

6. You can also run the analysis using the FxCop command line tool. Open FxCop Command line tool by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop Command Prompt. This will run the command line tool and display all the existing command line switches.

7. You can start analysis by using /console and /file switches. /console switch displays error in the console and /file switch specifies which file to analyze. Ex: FxCopCmd.exe /console /file:"C:AntiXssSample ApplicationbinSampleApp.dll"

image

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

How To: Use CAT.NET V2.0 Beta

February 5th, 2010 Comments off

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET.

You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

* You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please be aware.*

After the installation open up Visual Studio 2010 command prompt in *Administrator* mode by going to Start -> All Programs -> Microsoft Visual Studio 2010 -> Visual Studio Tools -> Visual Studio 2008 Command Prompt. At the command prompt type “sn -Vr *,b03f5f7f11d50a3a” to skip strong name verification for fxcop assemblies.

image

You can run CAT.NET as FXcop rules from FXCop GUI or FXCopcmd.exe

1. Start FxCop by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop. This will bring up the UI with CAT.NET rules loaded.

image

2. Right click “My FxCop Project” and select “Add Targets” to browse and add a target to analyze.

image

3. Click on the “Rules” tab to select appropriate rules.

image
Note: Sometimes FxCop UI does not display any results after selecting both rules. Workaround is to select configuration rules or data flow rules and alternate the selection after analysis.

4. After selecting a target, click the “Analyze” button in toolbar or just press F5 to start the analysis.

5. Review the results in the window on the right.

6. You can also run the analysis using the FxCop command line tool. Open FxCop Command line tool by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop Command Prompt. This will run the command line tool and display all the existing command line switches.

7. You can start analysis by using /console and /file switches. /console switch displays error in the console and /file switch specifies which file to analyze. Ex: FxCopCmd.exe /console /file:"C:\AntiXss\Sample Application\bin\SampleApp.dll"

image

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

CAT.NET 2.0 – Beta

February 4th, 2010 No comments

Mark Curphey here…

Please to announce a beta of the upcoming CAT.NET 2.0. This beta program will last for approximately 1 month.  The final released version is scheduled to release shortly after VS 2010 RTM.   The goal of this beta program is to garner feedback from the user community.   Please send all feedback to ist-cat@microsoft.com.  There have been some significant changes to the code.  These changes include;

User Experience

  • Integration with Visual Studio 2010 code analysis infrastructure as FxCop rules.
  • Easy analysis using FxCop command line or UI interface or VSTS Team Build.
  • Currently beta includes FxCop UI and Command prompt.

Core Analysis

  • Total of 55 rules have been added.  There are 9 data flow rules and 46 configuration rules are included in this version.
  • Updated tainted data flow analysis engine to track both tainted operands and source symbols.
  • Reduced false positives and false negatives. 
  • Accomplished by detecting sanitizers, constant variables and instructions that affect the data flow.
  • New Data flow rule to detect XML Injection attacks
  • Updated configuration rules engine detecting clear text connection strings and credentials.
  • Rules to detect insecure defaults. 
  • Example minRequiredPasswordLength attribute of membership providers add element.
  • Configuration rules updated to detect @page directive configuration overrides.

Known Issues

All current known issues have been included in the CAT.NET V2.0 Beta guide document.  The items listed in this document will be resolved prior to final release.

Download

You can download the bits at Connect (link below)

https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

Enjoy!

CAT.NET 2.0 – Beta

February 4th, 2010 Comments off

Mark Curphey here…

Please to announce a beta of the upcoming CAT.NET 2.0. This beta program will last for approximately 1 month.  The final released version is scheduled to release shortly after VS 2010 RTM.   The goal of this beta program is to garner feedback from the user community.   Please send all feedback to ist-cat@microsoft.com.  There have been some significant changes to the code.  These changes include;

User Experience

  • Integration with Visual Studio 2010 code analysis infrastructure as FxCop rules.
  • Easy analysis using FxCop command line or UI interface or VSTS Team Build.
  • Currently beta includes FxCop UI and Command prompt.

Core Analysis

  • Total of 55 rules have been added.  There are 9 data flow rules and 46 configuration rules are included in this version.
  • Updated tainted data flow analysis engine to track both tainted operands and source symbols.
  • Reduced false positives and false negatives. 
  • Accomplished by detecting sanitizers, constant variables and instructions that affect the data flow.
  • New Data flow rule to detect XML Injection attacks
  • Updated configuration rules engine detecting clear text connection strings and credentials.
  • Rules to detect insecure defaults. 
  • Example minRequiredPasswordLength attribute of membership providers add element.
  • Configuration rules updated to detect @page directive configuration overrides.

Known Issues

All current known issues have been included in the CAT.NET V2.0 Beta guide document.  The items listed in this document will be resolved prior to final release.

Download

You can download the bits at Connect (link below)

https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

Enjoy!

CAT.NET 2.0 – Beta

February 4th, 2010 No comments

Mark Curphey here…

Please to announce a beta of the upcoming CAT.NET 2.0. This beta program will last for approximately 1 month.  The final released version is scheduled to release shortly after VS 2010 RTM.   The goal of this beta program is to garner feedback from the user community.   Please send all feedback to ist-cat@microsoft.com.  There have been some significant changes to the code.  These changes include;

User Experience

  • Integration with Visual Studio 2010 code analysis infrastructure as FxCop rules.
  • Easy analysis using FxCop command line or UI interface or VSTS Team Build.
  • Currently beta includes FxCop UI and Command prompt.

Core Analysis

  • Total of 55 rules have been added.  There are 9 data flow rules and 46 configuration rules are included in this version.
  • Updated tainted data flow analysis engine to track both tainted operands and source symbols.
  • Reduced false positives and false negatives. 
  • Accomplished by detecting sanitizers, constant variables and instructions that affect the data flow.
  • New Data flow rule to detect XML Injection attacks
  • Updated configuration rules engine detecting clear text connection strings and credentials.
  • Rules to detect insecure defaults. 
  • Example minRequiredPasswordLength attribute of membership providers add element.
  • Configuration rules updated to detect @page directive configuration overrides.

Known Issues

All current known issues have been included in the CAT.NET V2.0 Beta guide document.  The items listed in this document will be resolved prior to final release.

Download

You can download the bits at Connect (link below)

https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

Enjoy!

Delay Between Actions Feature in CUIT

January 18th, 2010 No comments

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

The CUIT code is executed at a very fast pace, at times you may want to execute the code a bit slow or with a delay between actions.

We have playback API which helps to achieve this as shown below;

Playback.PlaybackSettings.DelayBetweenActions = 1000;

The value is in milliseconds, use the above code as the first line in your CUIT methods to get a delay between actions of one milliseconds during playback.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Delay Between Actions Feature in CUIT

January 18th, 2010 Comments off

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

The CUIT code is executed at a very fast pace, at times you may want to execute the code a bit slow or with a delay between actions.

We have playback API which helps to achieve this as shown below;

Playback.PlaybackSettings.DelayBetweenActions = 1000;

The value is in milliseconds, use the above code as the first line in your CUIT methods to get a delay between actions of one milliseconds during playback.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Delay Between Actions Feature in CUIT

January 18th, 2010 No comments

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

The CUIT code is executed at a very fast pace, at times you may want to execute the code a bit slow or with a delay between actions.

We have playback API which helps to achieve this as shown below;

Playback.PlaybackSettings.DelayBetweenActions = 1000;

The value is in milliseconds, use the above code as the first line in your CUIT methods to get a delay between actions of one milliseconds during playback.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

How To: Data Drive CUIT Scripts

January 18th, 2010 No comments

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

One of the major feature for any automation tool is support for data driven test cases, CUIT too supports data driven testing. Let me show an example of data driving CUIT scripts.

Suppose you want to validate login feature of an application with different users.

  • Select test menu and click on windows –> Test View
  • Select the required test name say validatehomepage

image

  • Click on ellipse button next to data connection string in properties window
  • You can configure the required data source, select CSV file, click on Next

image

  • Click on Finish

image

  • Click on yes for “Copy the database file into the current project and add as deployment item”

image

  • You can see data source code being added to the Validatehomepage file

    [DataSource("Microsoft.VisualStudio.TestTools.DataSource.CSV", "|DataDirectory|\UserNames.csv", "UserNames#csv", DataAccessMethod.Sequential), DeploymentItem("PortalAutomation\UserNames.csv"), TestMethod]

    public void ValidateHomePage()

  • Data source is added to the project, now assign the values from data source to parameters of CUIT
  • this.UIMap.LoginAdminParams.UsernameEditText = testContextInstance.DataRow[0].ToString();
  • Run the tests, it runs for two iterations and shows the results

Likewise you can data drive any of the test cases, if you think out of the box you can apply the concept to validate all links present in web page.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

How To: Data Drive CUIT Scripts

January 18th, 2010 No comments

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

One of the major feature for any automation tool is support for data driven test cases, CUIT too supports data driven testing. Let me show an example of data driving CUIT scripts.

Suppose you want to validate login feature of an application with different users.

  • Select test menu and click on windows –> Test View
  • Select the required test name say validatehomepage

image

  • Click on ellipse button next to data connection string in properties window
  • You can configure the required data source, select CSV file, click on Next

image

  • Click on Finish

image

  • Click on yes for “Copy the database file into the current project and add as deployment item”

image

  • You can see data source code being added to the Validatehomepage file

    [DataSource("Microsoft.VisualStudio.TestTools.DataSource.CSV", "|DataDirectory|\\UserNames.csv", "UserNames#csv", DataAccessMethod.Sequential), DeploymentItem("PortalAutomation\\UserNames.csv"), TestMethod]

    public void ValidateHomePage()

  • Data source is added to the project, now assign the values from data source to parameters of CUIT
  • this.UIMap.LoginAdminParams.UsernameEditText = testContextInstance.DataRow[0].ToString();
  • Run the tests, it runs for two iterations and shows the results

Likewise you can data drive any of the test cases, if you think out of the box you can apply the concept to validate all links present in web page.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

How To: Data Drive CUIT Scripts

January 18th, 2010 Comments off

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

One of the major feature for any automation tool is support for data driven test cases, CUIT too supports data driven testing. Let me show an example of data driving CUIT scripts.

Suppose you want to validate login feature of an application with different users.

  • Select test menu and click on windows –> Test View
  • Select the required test name say validatehomepage

image

  • Click on ellipse button next to data connection string in properties window
  • You can configure the required data source, select CSV file, click on Next

image

  • Click on Finish

image

  • Click on yes for “Copy the database file into the current project and add as deployment item”

image

  • You can see data source code being added to the Validatehomepage file

    [DataSource("Microsoft.VisualStudio.TestTools.DataSource.CSV", "|DataDirectory|\\UserNames.csv", "UserNames#csv", DataAccessMethod.Sequential), DeploymentItem("PortalAutomation\\UserNames.csv"), TestMethod]

    public void ValidateHomePage()

  • Data source is added to the project, now assign the values from data source to parameters of CUIT
  • this.UIMap.LoginAdminParams.UsernameEditText = testContextInstance.DataRow[0].ToString();
  • Run the tests, it runs for two iterations and shows the results

Likewise you can data drive any of the test cases, if you think out of the box you can apply the concept to validate all links present in web page.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

How To: Customize CUIT scripts

January 18th, 2010 No comments

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

In the previous blog posts I have shown how to automate functional test cases using CUIT and adding check points/ assertions to CUITs. Lets see with an example “how to customize the CUIT scripts”.

Lets take a close look at the files that are generated after recording;

  • codedUITest1.cs file which has the method calls which we have recorded
  • UIMap.cs at this stage it has nothing much than empty UIMap class which we will modify in the due course
  • UIMap.Designer.cs contains code generated by CUIT builder
  • UserControls.cs contains definitions of specialized classes used in CUIT

image

  • UIMap.Designer.cs and UIMap.cs contains partial UIMap class. The designer file contains auto-generated code. As with any of the designer file, the modifications done to it would be lost if the code is regenerated.
// ------------------------------------------------------------------------------
//  <auto-generated>
//      This code was generated by coded UI test builder.
//      Version: 10.0.0.0
//
//      Changes to this file may cause incorrect behavior and will be lost if
//      the code is regenerated.
//  </auto-generated>
// ------------------------------------------------------------------------------

Suppose we have recorded sanity test cases and like to use to test production site. All you need is to modify the UIMap.cs file as shown below. Here we are updating the launch portal site params variable BlankPageWindowsInteWindowUrl to https://productionSite.

   1: public partial class UIMap

   2:     {

   3:  

   4:         public void ProductionValues()

   5:         {

   6:             this.LaunchPortalSiteParams.BlankPageWindowsInteWindowUrl = "https://productionSite";

   7:         }

   8:     }

Call this function from CUIT before any other function is called as;

   1: public void CodedUITest1()

   2:         {

   3:  

   4:             // To generate code for this test, select "Generate Code for Coded UI Test" from the shortcut menu and select one of the menu items.

   5:             this.UIMap.ProductionValues();

   6:             this.UIMap.LaunchPortalSite();

   7:             this.UIMap.ValidateHomePageLinks();

   8:             this.UIMap.ClosePortalSite();

   9:         }

Now you are good to test production site, likewise you can set values to any of the variables defined in UIMap.Designer.cs.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

How To: Customize CUIT scripts

January 18th, 2010 No comments

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

In the previous blog posts I have shown how to automate functional test cases using CUIT and adding check points/ assertions to CUITs. Lets see with an example “how to customize the CUIT scripts”.

Lets take a close look at the files that are generated after recording;

  • codedUITest1.cs file which has the method calls which we have recorded
  • UIMap.cs at this stage it has nothing much than empty UIMap class which we will modify in the due course
  • UIMap.Designer.cs contains code generated by CUIT builder
  • UserControls.cs contains definitions of specialized classes used in CUIT

image

  • UIMap.Designer.cs and UIMap.cs contains partial UIMap class. The designer file contains auto-generated code. As with any of the designer file, the modifications done to it would be lost if the code is regenerated.
// ------------------------------------------------------------------------------
//  <auto-generated>
//      This code was generated by coded UI test builder.
//      Version: 10.0.0.0
//
//      Changes to this file may cause incorrect behavior and will be lost if
//      the code is regenerated.
//  </auto-generated>
// ------------------------------------------------------------------------------

Suppose we have recorded sanity test cases and like to use to test production site. All you need is to modify the UIMap.cs file as shown below. Here we are updating the launch portal site params variable BlankPageWindowsInteWindowUrl to https://productionSite.

   1: public partial class UIMap

   2:     {

   3:  

   4:         public void ProductionValues()

   5:         {

   6:             this.LaunchPortalSiteParams.BlankPageWindowsInteWindowUrl = "https://productionSite";

   7:         }

   8:     }

Call this function from CUIT before any other function is called as;

   1: public void CodedUITest1()

   2:         {

   3:  

   4:             // To generate code for this test, select "Generate Code for Coded UI Test" from the shortcut menu and select one of the menu items.

   5:             this.UIMap.ProductionValues();

   6:             this.UIMap.LaunchPortalSite();

   7:             this.UIMap.ValidateHomePageLinks();

   8:             this.UIMap.ClosePortalSite();

   9:         }

Now you are good to test production site, likewise you can set values to any of the variables defined in UIMap.Designer.cs.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead