SecurityException related to partially trusted assemblies

Hi Philip
Thanks for your detailed report.
We are looking into your problem, I'll get back to
as soon as we'll have something.

Do you require further information?

Hi
The example you supplied is great and we succeed in creating
the problem but we didn't
found a fix for this problem yet.

May I delete the file from my webspace?

Hi
Sure we already downloaded the example.

Hi Philipp,



I've gone through the code samples, and investigated. Here’s what happens:



When TypeMock is enabled (whether used directly or not), while the code is JITted TypeMock injects instrumentation code (This is done only at runtime, the assembly is not recompiled). When the code is run it calls into TypeMock. And for that it needs permissions. Specifically, it needs SecurityPermission.



When you use:

[assembly: FileDialogPermission(SecurityAction.RequestOptional, Unrestricted = true)]

The RequestOptional part tells the system to refuse any other permissions (other than FileDialog, obviously). In order to call into TypeMock, you need to add the following line in the AssemblyInfo file of your code:

[assembly: SecurityPermission(SecurityAction.RequestMinimum, Unrestricted = true)]

With these two lines, you can run your tests. Now if you want to limit the permission for testing only, you can use it under a #define block. Also, keep in mind that that turning off caspol (The code access security policy tool) is also a valid option. It can be triggered once you start the run, but it always turns on again at the end of the process. You can start the process at the beginning of the build, and kill it at the end, for example.



Let me know if you need additional help.



Gil Zilberfeld

Typemock Support Team

After having applied the patch you sent me, no SecurityException is thrown any more (by none of the test methods). Instead I get a VerificationException in some tests (not all; most tests run fine now). Sure, with the SkipVerification Permission, this would not happen, but I do not understand why

1) Unverifiable (IL) code is generated.
2) Not every test is affected.
3) All my sample test methods have in common, that they do not make use of TypeMock. Thus, from the TypeMock point of view, they should be all equal. However, the SkipVerification permission is only required by few test methods. All methods requiring SkipVerification permission, have in common, that the return value is generic and the signature contains at least one reference type (but not object).

Example:

// requires SkipVerification
public static TReturn Method<TReturn>(string value) { .. }

// does not require SkipVerification
public static TReturn Method<TReturn>(object value) { .. }
public static TReturn Method<TReturn>(int value) { .. }

Hi Philipp,

Thanks for your feedback. You have very good questions, and the answer is in how Typemock works.

When Typemock is enabled it uses the profiler's API to intercept calls to the JITter. When a method is JITted, the call is injected with hooks into TypeMock. This hook determines if the current method should be mocked (based on earlier set expectations), and if it should be - then mock the call. Obviously, if there is no use for Typemock in the tests. such as setting expectations, the generated IL doesn't do much. So in that sense, regular code is basically not affected.

However, as you pointed out, this rule should apply to all tests, and all should be affected the same way. After further examination, it looks there might be a bug :evil: in the specific case of calling a generic method with reference types. (Generic types are seemingly do not cause a verification error).

We will investigate this and get back to you, once we resolve this.

Hi,

Update: The fix for the partially trusted code problem is now part of the 4.2 version, which is available at https://www.typemock.com/Downloads.php.

The unverifiable code issue is still under investigation.