Swedish Windows Security User Group

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET.

You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

* You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please be aware.*

After the installation open up Visual Studio 2010 command prompt in *Administrator* mode by going to Start -> All Programs -> Microsoft Visual Studio 2010 -> Visual Studio Tools -> Visual Studio 2008 Command Prompt. At the command prompt type “sn -Vr *,b03f5f7f11d50a3a” to skip strong name verification for fxcop assemblies.

*Note sn this step will be fixed in a an incremental build very soon*

You can run CAT.NET as FXcop rules from FXCop GUI or FXCopcmd.exe

1. Start FxCop by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop. This will bring up the UI with CAT.NET rules loaded.

2. Right click “My FxCop Project” and select “Add Targets” to browse and add a target to analyze.

3. Click on the “Rules” tab to select appropriate rules.

 
Note: Sometimes FxCop UI does not display any results after selecting both rules. Workaround is to select configuration rules or data flow rules and alternate the selection after analysis.

4. After selecting a target, click the “Analyze” button in toolbar or just press F5 to start the analysis.

5. Review the results in the window on the right.

6. You can also run the analysis using the FxCop command line tool. Open FxCop Command line tool by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop Command Prompt. This will run the command line tool and display all the existing command line switches.

7. You can start analysis by using /console and /file switches. /console switch displays error in the console and /file switch specifies which file to analyze. Ex: FxCopCmd.exe /console /file:"C:\AntiXss\Sample Application\bin\SampleApp.dll"

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET.

You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

* You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please be aware.*

After the installation open up Visual Studio 2010 command prompt in *Administrator* mode by going to Start -> All Programs -> Microsoft Visual Studio 2010 -> Visual Studio Tools -> Visual Studio 2008 Command Prompt. At the command prompt type “sn -Vr *,b03f5f7f11d50a3a” to skip strong name verification for fxcop assemblies.

*Note sn this step will be fixed in a an incremental build very soon*

You can run CAT.NET as FXcop rules from FXCop GUI or FXCopcmd.exe

1. Start FxCop by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop. This will bring up the UI with CAT.NET rules loaded.

2. Right click “My FxCop Project” and select “Add Targets” to browse and add a target to analyze.

3. Click on the “Rules” tab to select appropriate rules.

 
Note: Sometimes FxCop UI does not display any results after selecting both rules. Workaround is to select configuration rules or data flow rules and alternate the selection after analysis.

4. After selecting a target, click the “Analyze” button in toolbar or just press F5 to start the analysis.

5. Review the results in the window on the right.

6. You can also run the analysis using the FxCop command line tool. Open FxCop Command line tool by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop Command Prompt. This will run the command line tool and display all the existing command line switches.

7. You can start analysis by using /console and /file switches. /console switch displays error in the console and /file switch specifies which file to analyze. Ex: FxCopCmd.exe /console /file:"C:\AntiXss\Sample Application\bin\SampleApp.dll"

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET.

You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

* You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please be aware.*

After the installation open up Visual Studio 2010 command prompt in *Administrator* mode by going to Start -> All Programs -> Microsoft Visual Studio 2010 -> Visual Studio Tools -> Visual Studio 2008 Command Prompt. At the command prompt type “sn -Vr *,b03f5f7f11d50a3a” to skip strong name verification for fxcop assemblies.

You can run CAT.NET as FXcop rules from FXCop GUI or FXCopcmd.exe

1. Start FxCop by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop. This will bring up the UI with CAT.NET rules loaded.

2. Right click “My FxCop Project” and select “Add Targets” to browse and add a target to analyze.

3. Click on the “Rules” tab to select appropriate rules.

Note: Sometimes FxCop UI does not display any results after selecting both rules. Workaround is to select configuration rules or data flow rules and alternate the selection after analysis.

4. After selecting a target, click the “Analyze” button in toolbar or just press F5 to start the analysis.

5. Review the results in the window on the right.

6. You can also run the analysis using the FxCop command line tool. Open FxCop Command line tool by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop Command Prompt. This will run the command line tool and display all the existing command line switches.

7. You can start analysis by using /console and /file switches. /console switch displays error in the console and /file switch specifies which file to analyze. Ex: FxCopCmd.exe /console /file:"C:\AntiXss\Sample Application\bin\SampleApp.dll"

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET.

You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0

* You must have Visual studio 2010 Beta 2 for this tool to work. There are known issues if you have previous issues installed so please be aware.*

After the installation open up Visual Studio 2010 command prompt in *Administrator* mode by going to Start -> All Programs -> Microsoft Visual Studio 2010 -> Visual Studio Tools -> Visual Studio 2008 Command Prompt. At the command prompt type “sn -Vr *,b03f5f7f11d50a3a” to skip strong name verification for fxcop assemblies.

You can run CAT.NET as FXcop rules from FXCop GUI or FXCopcmd.exe

1. Start FxCop by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop. This will bring up the UI with CAT.NET rules loaded.

2. Right click “My FxCop Project” and select “Add Targets” to browse and add a target to analyze.

3. Click on the “Rules” tab to select appropriate rules.

Note: Sometimes FxCop UI does not display any results after selecting both rules. Workaround is to select configuration rules or data flow rules and alternate the selection after analysis.

4. After selecting a target, click the “Analyze” button in toolbar or just press F5 to start the analysis.

5. Review the results in the window on the right.

6. You can also run the analysis using the FxCop command line tool. Open FxCop Command line tool by going to Start -> All Programs -> Microsoft Information Security -> Code Analysis Tool for .NET (CAT.NET) v2.0 -> FxCop Command Prompt. This will run the command line tool and display all the existing command line switches.

7. You can start analysis by using /console and /file switches. /console switch displays error in the console and /file switch specifies which file to analyze. Ex: FxCopCmd.exe /console /file:"C:\AntiXss\Sample Application\bin\SampleApp.dll"

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on the Information Security Tools Team.

At times we may want to know the target platform (i.e. x86 or x64) of an EXE/DLL. Visual studio provides a corflags.exe tool to identify the target platform.

• Launch visual Studio command prompt in admin mode
• Type CorFlags Assembly File Path and press enter
• Example

  C:\Windows\system32>corflags "C:\Program Files\Microsoft Information Security\Microsoft Code Analysis Tool for .NET (CAT.NET) v2.0\FxCopCmd.exe"
  Microsoft (R) .NET Framework CorFlags Conversion Tool.  Version  3.5.21022.8
  Copyright (c) Microsoft Corporation.  All rights reserved.

  Version      : v4.0.21008
  CLR Header: 2.5
  PE              : PE32
  CorFlags     : 3
  ILONLY       : 1
  32BIT         : 1
  Signed       : 1

• The PE and 32BIT flags gives details about type of the assembly;
  Any CPU : PE = PE32 and 32BIT = 0
  x86         : PE = PE32 and 32BIT = 1
  x64         : PE = PE32+ and 32BIT = 0

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on the Information Security Tools Team.

At times we may want to know the target platform (i.e. x86 or x64) of an EXE/DLL. Visual studio provides a corflags.exe tool to identify the target platform.

• Launch visual Studio command prompt in admin mode
• Type CorFlags Assembly File Path and press enter
• Example

  C:\Windows\system32>corflags "C:\Program Files\Microsoft Information Security\Microsoft Code Analysis Tool for .NET (CAT.NET) v2.0\FxCopCmd.exe"
  Microsoft (R) .NET Framework CorFlags Conversion Tool.  Version  3.5.21022.8
  Copyright (c) Microsoft Corporation.  All rights reserved.

  Version      : v4.0.21008
  CLR Header: 2.5
  PE              : PE32
  CorFlags     : 3
  ILONLY       : 1
  32BIT         : 1
  Signed       : 1

• The PE and 32BIT flags gives details about type of the assembly;
  Any CPU : PE = PE32 and 32BIT = 0
  x86         : PE = PE32 and 32BIT = 1
  x64         : PE = PE32+ and 32BIT = 0

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

The CUIT code is executed at a very fast pace, at times you may want to execute the code a bit slow or with a delay between actions.

We have playback API which helps to achieve this as shown below;

Playback.PlaybackSettings.DelayBetweenActions = 1000;

The value is in milliseconds, use the above code as the first line in your CUIT methods to get a delay between actions of one milliseconds during playback.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

The CUIT code is executed at a very fast pace, at times you may want to execute the code a bit slow or with a delay between actions.

We have playback API which helps to achieve this as shown below;

Playback.PlaybackSettings.DelayBetweenActions = 1000;

The value is in milliseconds, use the above code as the first line in your CUIT methods to get a delay between actions of one milliseconds during playback.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

One of the major feature for any automation tool is support for data driven test cases, CUIT too supports data driven testing. Let me show an example of data driving CUIT scripts.

Suppose you want to validate login feature of an application with different users.

• Select test menu and click on windows –> Test View
• Select the required test name say validatehomepage

• Click on ellipse button next to data connection string in properties window
• You can configure the required data source, select CSV file, click on Next

• Click on Finish

• Click on yes for “Copy the database file into the current project and add as deployment item”

• You can see data source code being added to the Validatehomepage file

  [DataSource("Microsoft.VisualStudio.TestTools.DataSource.CSV", "|DataDirectory|\\UserNames.csv", "UserNames#csv", DataAccessMethod.Sequential), DeploymentItem("PortalAutomation\\UserNames.csv"), TestMethod]

  public void ValidateHomePage()

• Data source is added to the project, now assign the values from data source to parameters of CUIT
• this.UIMap.LoginAdminParams.UsernameEditText = testContextInstance.DataRow[0].ToString();
• Run the tests, it runs for two iterations and shows the results

Likewise you can data drive any of the test cases, if you think out of the box you can apply the concept to validate all links present in web page.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

One of the major feature for any automation tool is support for data driven test cases, CUIT too supports data driven testing. Let me show an example of data driving CUIT scripts.

Suppose you want to validate login feature of an application with different users.

• Select test menu and click on windows –> Test View
• Select the required test name say validatehomepage

• Click on ellipse button next to data connection string in properties window
• You can configure the required data source, select CSV file, click on Next

• Click on Finish

• Click on yes for “Copy the database file into the current project and add as deployment item”

• You can see data source code being added to the Validatehomepage file

  [DataSource("Microsoft.VisualStudio.TestTools.DataSource.CSV", "|DataDirectory|\\UserNames.csv", "UserNames#csv", DataAccessMethod.Sequential), DeploymentItem("PortalAutomation\\UserNames.csv"), TestMethod]

  public void ValidateHomePage()

• Data source is added to the project, now assign the values from data source to parameters of CUIT
• this.UIMap.LoginAdminParams.UsernameEditText = testContextInstance.DataRow[0].ToString();
• Run the tests, it runs for two iterations and shows the results

Likewise you can data drive any of the test cases, if you think out of the box you can apply the concept to validate all links present in web page.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

In the previous blog posts I have shown how to automate functional test cases using CUIT and adding check points/ assertions to CUITs. Lets see with an example “how to customize the CUIT scripts”.

Lets take a close look at the files that are generated after recording;

• codedUITest1.cs file which has the method calls which we have recorded
• UIMap.cs at this stage it has nothing much than empty UIMap class which we will modify in the due course
• UIMap.Designer.cs contains code generated by CUIT builder
• UserControls.cs contains definitions of specialized classes used in CUIT

• UIMap.Designer.cs and UIMap.cs contains partial UIMap class. The designer file contains auto-generated code. As with any of the designer file, the modifications done to it would be lost if the code is regenerated.

// ------------------------------------------------------------------------------
//  <auto-generated>
//      This code was generated by coded UI test builder.
//      Version: 10.0.0.0
//
//      Changes to this file may cause incorrect behavior and will be lost if
//      the code is regenerated.
//  </auto-generated>
// ------------------------------------------------------------------------------

Suppose we have recorded sanity test cases and like to use to test production site. All you need is to modify the UIMap.cs file as shown below. Here we are updating the launch portal site params variable BlankPageWindowsInteWindowUrl to https://productionSite.

   1: public partial class UIMap

   2:     {

   3:  

   4:         public void ProductionValues()

   5:         {

   6:             this.LaunchPortalSiteParams.BlankPageWindowsInteWindowUrl = "https://productionSite";

   7:         }

   8:     }

Call this function from CUIT before any other function is called as;

   1: public void CodedUITest1()

   2:         {

   3:  

   4:             // To generate code for this test, select "Generate Code for Coded UI Test" from the shortcut menu and select one of the menu items.

   5:             this.UIMap.ProductionValues();

   6:             this.UIMap.LaunchPortalSite();

   7:             this.UIMap.ValidateHomePageLinks();

   8:             this.UIMap.ClosePortalSite();

   9:         }

Now you are good to test production site, likewise you can set values to any of the variables defined in UIMap.Designer.cs.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

In the previous blog posts I have shown how to automate functional test cases using CUIT and adding check points/ assertions to CUITs. Lets see with an example “how to customize the CUIT scripts”.

Lets take a close look at the files that are generated after recording;

• codedUITest1.cs file which has the method calls which we have recorded
• UIMap.cs at this stage it has nothing much than empty UIMap class which we will modify in the due course
• UIMap.Designer.cs contains code generated by CUIT builder
• UserControls.cs contains definitions of specialized classes used in CUIT

• UIMap.Designer.cs and UIMap.cs contains partial UIMap class. The designer file contains auto-generated code. As with any of the designer file, the modifications done to it would be lost if the code is regenerated.

// ------------------------------------------------------------------------------
//  <auto-generated>
//      This code was generated by coded UI test builder.
//      Version: 10.0.0.0
//
//      Changes to this file may cause incorrect behavior and will be lost if
//      the code is regenerated.
//  </auto-generated>
// ------------------------------------------------------------------------------

Suppose we have recorded sanity test cases and like to use to test production site. All you need is to modify the UIMap.cs file as shown below. Here we are updating the launch portal site params variable BlankPageWindowsInteWindowUrl to https://productionSite.

   1: public partial class UIMap

   2:     {

   3:  

   4:         public void ProductionValues()

   5:         {

   6:             this.LaunchPortalSiteParams.BlankPageWindowsInteWindowUrl = "https://productionSite";

   7:         }

   8:     }

Call this function from CUIT before any other function is called as;

   1: public void CodedUITest1()

   2:         {

   3:  

   4:             // To generate code for this test, select "Generate Code for Coded UI Test" from the shortcut menu and select one of the menu items.

   5:             this.UIMap.ProductionValues();

   6:             this.UIMap.LaunchPortalSite();

   7:             this.UIMap.ValidateHomePageLinks();

   8:             this.UIMap.ClosePortalSite();

   9:         }

Now you are good to test production site, likewise you can set values to any of the variables defined in UIMap.Designer.cs.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

At times I need to test an application with different versions of the .NET framework. You can configure the application config file to force the application to use the .NET version specified in the config file.

For example, suppose we have application built with .NET 3.5 and want to check the compatibility with .NET 4.0 follow the below steps;

• Open applicationname.exe.config file which will be under application path
• If its not present create a one
• Add  the following xml node

   1: <configuration>

   2:   <startup>

   3:       <supportedRuntime version="v4.0.21006"/>

   4:   </startup>

   5: </configuration>

• Save the file
• Now run the application, it runs on .NET 4.0

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

At times I need to test an application with different versions of the .NET framework. You can configure the application config file to force the application to use the .NET version specified in the config file.

For example, suppose we have application built with .NET 3.5 and want to check the compatibility with .NET 4.0 follow the below steps;

• Open applicationname.exe.config file which will be under application path
• If its not present create a one
• Add  the following xml node

   1: <configuration>

   2:   <startup>

   3:       <supportedRuntime version="v4.0.21006"/>

   4:   </startup>

   5: </configuration>

• Save the file
• Now run the application, it runs on .NET 4.0

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

As continuation to my previous post, I want to show how to add assertions to coded UI test scripts. An example maybe that after launching a portal site you want to validate the user name.

• Press enter after this.UIMap.LaunchPortalSite(); (continuation from the previous blog post) , right click and select first option “use coded UI test builder”

• Click on the cross hair (third button) and drag and drop on the control you want to validate

• Add assertions form will be shown, you can navigate through the controls and reach the top most control or form and see its properties. You can add assertion to any of the properties shown.

• Right click on the inner text which we are interested in and click on add assertion

• Select comparator and comparison value and click on Ok

• Click on generate code button. Enter appropriate method name say ValidateUser and you are ready to validate the user name.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team.

As continuation to my previous post, I want to show how to add assertions to coded UI test scripts. An example maybe that after launching a portal site you want to validate the user name.

• Press enter after this.UIMap.LaunchPortalSite(); (continuation from the previous blog post) , right click and select first option “use coded UI test builder”

• Click on the cross hair (third button) and drag and drop on the control you want to validate

• Add assertions form will be shown, you can navigate through the controls and reach the top most control or form and see its properties. You can add assertion to any of the properties shown.

• Right click on the inner text which we are interested in and click on add assertion

• Select comparator and comparison value and click on Ok

• Click on generate code button. Enter appropriate method name say ValidateUser and you are ready to validate the user name.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. I want to share my first hand experience of automating functional test cases using coded UI Test, a feature in visual studio (VS) 2010 in my next coupple of blog posts.

In this blog post I will show an example of recording a scenario where I;

• launch a web browser
• open the portal site
• Navigate within the portal site
• Close the browser

and then of course play it all back using VS 2010. Here goes;

• Launch VS 2010
• Select File –> New Project
• Select Visual C#, Test and Test project, give appropriate project name as shown below and click on ok

• This will create my portal automation project along with default cs files
• Right click on portal automation project name and select add coded UI Test

• It will launch Generate code for coded UI test select the first option and click on ok

• A small form called coded UI test builder is shown at the right hand bottom corner of your screen. Now you can record actions, add assertion (we will discuss in upcoming blog posts) and generate code

• Click on start recording button in the coded UI Test Builder, launch browser.
• Type in the site name and press enter
• Click on pause recording in Coded UI test Builder. You can view the steps recorded and edit by clicking on show recorded steps button in coded UI test builder
• Click on Generate code, enter method name as “LaunchSite”. Its always a good practice to have modular reusable steps (we can record all steps till the end of the test case, but we will divide test steps into modular reusable components to increase reusability) You can call this function wherever required.
• Click on start recording and record actions. Click on links in home page.
• Click on pause recording in coded UI test builder. Click on Generate Code, enter appropriate method name.
• Click on start recording and close the browser
• Click on pause recording in coded UI test builder. Click on Generate Code, enter appropriate method name.
• Lets see the code generated. You can see

  public void CodedUITest1()
          {
  
              // To generate code for this test, select "Generate Code for Coded UI Test" from the shortcut menu and select one of the menu items.
              this.UIMap.LaunchPortalSite();
              this.UIMap.ValidateHomePageLinks();
              this.UIMap.ClosePortalSite();
          }

• Rename codedUITest1 to ValdiateHomePageLinks, to make it more meaningful and easy to understand. From your code you can clearly make out you are launching portal site, validating homepage links and closing thte site.

• Press F5 or right click above LaunchPortalSite method and select run tests to run/ playback.

• You will see the output in test results as passed or failed.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on  the Information Security Tools Team. I want to share my first hand experience of automating functional test cases using coded UI Test, a feature in visual studio (VS) 2010 in my next coupple of blog posts.

In this blog post I will show an example of recording a scenario where I;

• launch a web browser
• open the portal site
• Navigate within the portal site
• Close the browser

and then of course play it all back using VS 2010. Here goes;

• Launch VS 2010
• Select File –> New Project
• Select Visual C#, Test and Test project, give appropriate project name as shown below and click on ok

• This will create my portal automation project along with default cs files
• Right click on portal automation project name and select add coded UI Test

• It will launch Generate code for coded UI test select the first option and click on ok

• A small form called coded UI test builder is shown at the right hand bottom corner of your screen. Now you can record actions, add assertion (we will discuss in upcoming blog posts) and generate code

• Click on start recording button in the coded UI Test Builder, launch browser.
• Type in the site name and press enter
• Click on pause recording in Coded UI test Builder. You can view the steps recorded and edit by clicking on show recorded steps button in coded UI test builder
• Click on Generate code, enter method name as “LaunchSite”. Its always a good practice to have modular reusable steps (we can record all steps till the end of the test case, but we will divide test steps into modular reusable components to increase reusability) You can call this function wherever required.
• Click on start recording and record actions. Click on links in home page.
• Click on pause recording in coded UI test builder. Click on Generate Code, enter appropriate method name.
• Click on start recording and close the browser
• Click on pause recording in coded UI test builder. Click on Generate Code, enter appropriate method name.
• Lets see the code generated. You can see

  public void CodedUITest1()
          {
  
              // To generate code for this test, select "Generate Code for Coded UI Test" from the shortcut menu and select one of the menu items.
              this.UIMap.LaunchPortalSite();
              this.UIMap.ValidateHomePageLinks();
              this.UIMap.ClosePortalSite();
          }

• Rename codedUITest1 to ValdiateHomePageLinks, to make it more meaningful and easy to understand. From your code you can clearly make out you are launching portal site, validating homepage links and closing thte site.

• Press F5 or right click above LaunchPortalSite method and select run tests to run/ playback.

• You will see the output in test results as passed or failed.

-Syed Aslam Basha (syedab@microsoft.com)

Microsoft Information Security Tools (IST) Team

Test Lead

Syed Aslam Basha here. I am a tester on the Information Security Tools team responsible for testing CAT.NET v2.0.

As the installer name suggests CATNETV20CMD, CAT.NET V2.0 CTP is command line version only. CAT.NET v2.0 CTP analyses assemblies for vulnerabilities and configuration files for misconfigurations. You can open the rules files present at C:\Program files\Microsoft Information Security tools\Microsoft Code Analysis for .NET(CAT.NET) v2.0\Rules\ConfigRules, to get an understanding of configuration rules. Example, configrule for trace, if trace is enabled it will be shown in report.

   1: <?xml version="1.0" encoding="utf-8"?>

   2: <ConfigurationRule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" typeName="Microsoft.InformationSecurity.CodeAnalysis.Engines.RulesModel.ConfigurationRule, Microsoft.InformationSecurity.CodeAnalysis.Engines.RulesModel, Version=1.0.0.0, Culture=neutral, PublicKeyToken=b9ded31be328441b" enabled="false" comparisionType="AttributeCheck" isAndConditions="false">

   3:   <Information cultureName="en-US">

   4:     <Category>Web Security</Category>

   5:     <Certainity>50</Certainity>

   6:     <Description>Trace is enabled which can lead to information disclosure</Description>

   7:     <Email>anilkr@microsoft.com</Email>

   8:     <Name>Trace enabled attribute is set to true</Name>

   9:     <Owner>Anil Revuru</Owner>

  10:     <Resolution>Set enabled attribute to false</Resolution>

  11:     <RuleId>WEBCONFSEC07</RuleId>

  12:     <SeverityLevel>High</SeverityLevel>

  13:     <Url></Url>

  14:     <Problem>Enabled attribute is set to true</Problem>

  15:   </Information>

  16:   <Conditions>

  17:     <Condition conditionId="42C400DF-5130-4FDB-9EE3-8C944D92BBC8" configurationPath="/configuration/system.web/trace" attributeName="enabled" attributeValue="true" comparisionOperator="Equals" />

  18:   </Conditions>

  19: </ConfigurationRule>

  20:  

Steps to use CAT.NET v2.0:

• Launch command prompt in administrator mode and go to C:\Program files\Microsoft Information Security tools\Microsoft Code Analysis for .NET(CAT.NET) v2.0.
• Enter

  CATNetCmd.exe /file:"D:\MyApplication\bin\Application.dll" /configdir:"D:\MyApplication" /report:"D:\MyApplication\ApplicationReport.xml" /reportxsloutput:"D:\MyApplicaiton\ApplicationReport.htm"

• /file and /configdir switches are mandatory, file is the path to the assembly to analyze and configdir path to the web.config file to analyze. It analyzes all web.configuration files under the folder and reports the issues. Total 40 rules are loaded, 33 config rules and 7 data flow rules.
• Following are the command-line options available

  /file:<target>
  
  Required. The path of an assembly file to analyze. Multiple file paths and wildcards are not supported. This is a required parameter.

  /configdir:<target directory>
  
  Required. The path to a directory which contains .NET configuration files for analysis.

  /rules:<directory>
  
  Optional. The path to a file or directory that contains analysis rule(s).  The engine will use the default rules included with the product by default.

  /report:<file>
  
  Optional. The file to store the analysis report in.  By default, the report will be saved in ‘MicrosoftCodeAnalysisReport.xml’ in the current working directory.

  /reportxsl:<file>
  
  Optional. The XSL file to use to transform the report.  By default, the packaged XSL transform included in the product will be used.

  /reportxsloutput:<file>
  
  Optional. The output file to store the XSLT transform output in.  By default, the HTML report will be saved in ‘report.html’ in the current working directory.

  /verbose
  
  Optional. Enables flag to display verbose message when displaying results.

• The CAT.NET report contains detailed information about dataflow and configuration analysis errors along with line numbers.
•  

- Syed