Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add test coverage for DirectoryServices.TransformControls #107201

Merged
merged 4 commits into from
Sep 26, 2024
Merged

Add test coverage for DirectoryServices.TransformControls #107201

merged 4 commits into from
Sep 26, 2024

Conversation

edwardneal
Copy link
Contributor

@edwardneal edwardneal commented Aug 30, 2024
edited
Loading

Relates to PR #101512.

This PR introduces test coverage for DirectoryServices.TransformControls. The method parses five types of control - AsqResponseControl, DirSyncResponseControl, PageResultResponseControl, SortResponseControl and VlvResponseControl.

Each control splits the parsing attempt into three groups:

  • Conformant: values which conform to the relevant spec, and which we expect to pass.
  • Invalid: various combinations of poorly-structured values. These should always fail with a BerConversionException.
  • Nonconformant: values which aren't spec-compliant, but which are parsed anyway because BerConverter is forgiving.

These tests pass on my Windows PC, with different handling for OpenLDAP and earlier versions of Windows. There are a few interesting variations.

Platform variations

  • Windows mandates that a SEQUENCE's length completely covers the length of its contents. An OCTET STRING with a length which extends beyond the length of its containing SEQUENCE will fail to parse. OpenLDAP does not implement this restriction - if the OCTET STRING overruns the SEQUENCE, it'll be parsed and returned.
  • On versions of Windows prior to Windows 10, when a zero-length OCTET STRING is parsed as a string (format specifier of a) it will return null. After Windows 10 and in OpenLDAP, it returns a zero-length string. This is a behavioural difference between .NET and .NET Framework (which always returns an empty string.)
  • OpenLDAP seems to validate a BER element's tag, where Windows does not. If BerConverter expects to find an optional OCTET STRING but actually encounters trailing bytes, OpenLDAP will return null but Windows will return an empty string.
    • I expect this is because the trailing bytes' values are 0x80. Windows treats this as a length, where bit 7 is set (indicating a long-form length) and bits 0-6 are zero (indicating that the next zero bytes of the buffer contain the length.)

Errata

If an OCTET STRING contains a trailing 0x80 byte which is an invalid Unicode character, BerConverter won't handle the DecoderFallbackException - that exception will just bubble up to the caller. There's a test to verify this behaviour, but I'm pretty sure this is a bug.

@dotnet-policy-service dotnet-policy-service bot added the community-contribution Indicates that the PR has been added by a community member label Aug 30, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-directoryservices, @jay98014
See info in area-owners.md if you want to be subscribed.

@build-analysis build-analysis bot mentioned this pull request Aug 30, 2024
Open
3 tasks
@edwardneal
Addressing platform inconsistencies
d34ff41 
* There are looser rules in OpenLDAP when an octet string exceeds the length of its containing sequence.
* Windows 8.1 and below treats trailing 0x80 bytes differently to every other platform.
* Added a test which covers an octet string containing invalid Unicode bytes.
@edwardneal
Handle differing .NET Framework behaviour
10ae098 
Also handle changes to the "a" format string: Winldap in Windows 10 is stricter when a SEQUENCE's contents overflow its length
@build-analysis build-analysis bot mentioned this pull request Aug 31, 2024
Closed
@edwardneal edwardneal marked this pull request as ready for review September 1, 2024 06:42
@edwardneal edwardneal mentioned this pull request Sep 1, 2024
Merged
@buyaa-n
Copy link
Contributor

buyaa-n commented Sep 11, 2024

Each control splits the parsing attempt into three groups:

Thank you @edwardneal looks its covered scenarios well, overall the PR LGTM

Errata

If an OCTET STRING contains a trailing 0x80 byte which is an invalid Unicode character, BerConverter won't handle the DecoderFallbackException - that exception will just bubble up to the caller. There's a test to verify this behaviour, but I'm pretty sure this is a bug.

Not sure if we should fix it or leave it as is, tag @bartonjs @jay98014 @steveharter @kumarravik78c for opinions about this

buyaa-n
buyaa-n approved these changes Sep 26, 2024
View reviewed changes
Copy link
Contributor

@buyaa-n buyaa-n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @edwardneal

@buyaa-n
Copy link
Contributor

buyaa-n commented Sep 26, 2024

Errata

If an OCTET STRING contains a trailing 0x80 byte which is an invalid Unicode character, BerConverter won't handle the DecoderFallbackException - that exception will just bubble up to the caller. There's a test to verify this behaviour, but I'm pretty sure this is a bug

We can fix this later if needed, going to merge this PR to unblock #101512.

@buyaa-n buyaa-n merged commit 52a51e8 into dotnet:main Sep 26, 2024
85 checks passed
@edwardneal edwardneal deleted the directorycontrol-transformcontrols-tests branch September 27, 2024 05:45
@edwardneal
Copy link
Contributor Author

Thanks @buyaa-n; I can see that my tests passed, so I'll merge into the other PR and re-test in the next few days.

sirntar pushed a commit to sirntar/runtime that referenced this pull request Sep 30, 2024
@edwardneal @sirntar
Add test coverage for DirectoryServices.TransformControls (dotnet#107201
6ba32ea 
)

* Added tests for server response DirectoryControls

* Addressing platform inconsistencies

* There are looser rules in OpenLDAP when an octet string exceeds the length of its containing sequence.
* Windows 8.1 and below treats trailing 0x80 bytes differently to every other platform.
* Added a test which covers an octet string containing invalid Unicode bytes.

* Handle differing .NET Framework behaviour

Also handle changes to the "a" format string: Winldap in Windows 10 is stricter when a SEQUENCE's contents overflow its length

* Update SortResponseControlTests.cs
@github-actions github-actions bot locked and limited conversation to collaborators Oct 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@buyaa-n buyaa-n buyaa-n approved these changes

@steveharter steveharter Awaiting requested review from steveharter

@bartonjs bartonjs Awaiting requested review from bartonjs

@jay98014 jay98014 Awaiting requested review from jay98014

@kumarravik78c kumarravik78c Awaiting requested review from kumarravik78c

Assignees
No one assigned
Labels
area-System.DirectoryServices community-contribution Indicates that the PR has been added by a community member
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@edwardneal @buyaa-n