scadalink-design/tests at a9bd7ee37cef883f6670d73ff16efe13491f7679 - scadalink-design - Gitea: Git with a cup of tea

dohertj2/scadalink-design

Files

History

Joseph Doherty a9bd7ee37c fix(central-ui): resolve CentralUI-001 — enforce script trust model before sandbox execution

ScriptAnalysisService.RunInSandboxAsync compiled and executed arbitrary
user C# in the central host process with no trust-model enforcement — the
forbidden-API set was only a Monaco editor diagnostic. A Design-role user
could run System.IO/Process/Reflection/network code on the central node.

Added a Roslyn semantic gate (EnforceTrustModel) invoked after compilation
and before script.RunAsync, and on nested shared scripts in callSharedFunc;
a script referencing any forbidden API is rejected before it runs.

Reworked FindForbiddenApiUsages: it now resolves every identifier against
the semantic model and checks types and members, so a fully-qualified call
(System.IO.File.WriteAllText) is caught — the pre-fix check only inspected
the leftmost identifier and missed that shape. This is a static semantic
gate, not a process sandbox.

Adds gate regression tests that fail against the pre-fix code, plus a
clean-script test guarding against over-blocking.

2026-05-16 18:41:12 -04:00

..

ScadaLink.CentralUI.PlaywrightTests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.CentralUI.Tests

fix(central-ui): resolve CentralUI-001 — enforce script trust model before sandbox execution

2026-05-16 18:41:12 -04:00

ScadaLink.CLI.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.ClusterInfrastructure.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.Commons.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.Communication.Tests

fix(communication): resolve Communication-001 — early stream termination handling

2026-05-16 18:32:52 -04:00

ScadaLink.ConfigurationDatabase.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.DataConnectionLayer.Tests

fix(data-connection): resolve DataConnectionLayer-001 — off-thread actor state mutation

2026-05-16 18:26:43 -04:00

ScadaLink.DeploymentManager.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.ExternalSystemGateway.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.HealthMonitoring.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.Host.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.InboundAPI.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.IntegrationTests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.ManagementService.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.NotificationService.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.PerformanceTests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.Security.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.SiteEventLogging.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.SiteRuntime.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.StoreAndForward.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00

ScadaLink.TemplateEngine.Tests

build: adopt NuGet Central Package Management

2026-05-16 15:56:30 -04:00