Application Security Testing: An Integral Part of DevOps
I love my job as a programming trainer. It always brings with it new people and new challenges. Some challenges are more complicated than others. A little while ago, one of my students asked me whether or not it was possible to have a textbox that can be automatically filled in with the previous URL history, similar to what can be found in any decent web browser.
Obviously my answer was: "Anything is possible. You could use the SHAutoComplete API to achieve that." The student was happy, but even happier when I quickly demonstrated how easy it is. This is what we will do in this little project.
We make use of a very basic design, which you could see in Figure 1.
Figure 1 - Our Design
Before we dive in, I need to make sure that you have a good grasp of APIs. You could have a look at this article to learn more and see exactly how powerful APIs are. The article is quite old, but very useful and very informative. No, I'm not being biased because I wrote it, as you'll see. :)
SHAutoComplete is the magic API that enables us to add autocomplete functionality to our textbox. The SHAutoComplete function resides in a DLL file called shlwapi.dll. So, by using this function we actually open up the shlwapi.dll file and read that particular function from it. Importing the SHAutoComplete API into our program actually imports shlwapi.dll and all its capabilities. More details about SHAutoComplete can be found here.
Let us get started!
Go to the code window of your form, and add the following Imports statement:
Imports System.Runtime.InteropServices 'Working With APIs
This enables us to work with APIs.
Add the following API function to your code:
'Instructs system edit controls to use AutoComplete to help complete URLs or file system paths Declare Function SHAutoComplete Lib "shlwapi.dll" (ByVal hWndEdit As IntPtr, ByVal dwFlags As AutoCompleteFlags) As Integer
Add the following Enum:
<Flags()> _ Enum AutoCompleteFlags As Integer SHACF_DEFAULT = &H0 ' Currently (SHACF_FILESYSTEM | SHACF_URLALL) SHACF_FILESYSTEM = &H1 ' This includes the File System as well as the rest of the shell (Desktop\My Computer\Control Panel\) SHACF_URLALL = (SHACF_URLHISTORY Or SHACF_URLMRU) SHACF_URLHISTORY = &H2 ' URLs in the User's History SHACF_URLMRU = &H4 ' URLs in the User's Recently Used list. SHACF_USETAB = &H8 ' Use the tab to move thru the autocomplete possibilities instead of to the next dialog/window control. SHACF_FILESYS_ONLY = &H10 ' This includes the File System SHACF_FILESYS_DIRS = &H20 ' Same as SHACF_FILESYS_ONLY except it only includes directories, UNC servers, and UNC server shares. SHACF_AUTOSUGGEST_FORCE_ON = &H10000000 ' Ignore the registry default and force the feature on. SHACF_AUTOSUGGEST_FORCE_OFF = &H20000000 ' Ignore the registry default and force the feature off. SHACF_AUTOAPPEND_FORCE_ON = &H40000000 ' Ignore the registry default and force the feature on. (Also know as AutoComplete) SHACF_AUTOAPPEND_FORCE_OFF = &H80000000 ' Ignore the registry default and force the feature off. (Also know as AutoComplete) End Enum
This Enum, or Flags or settings helps our API determine what to do. In this case "what to do" means what content to show inside the textbox - what to automatically complete.
Add the next function:
Public Function AutoCompleteURLs(ByVal objSource As Object, ByVal acfFlag As AutoCompleteFlags) As Long Dim hwnTextBox As Long 'Handle of Source TextBox If TypeOf objSource Is TextBox Then 'Determine If We Have Correct Object hwnTextBox = DirectCast(objSource, TextBox).Handle 'Obtain Handle From Source TextBox End If AutoCompleteURLs = SHAutoComplete(hwnTextBox, acfFlag) 'Enable AutoComplete End Function
Here, we determine the Source object, i.e.. the Object that we pass to the function to have the AutoComplete functionality. If this object is a Textbox, we obtain its handle and pass this handle to the SHAutoComplete function. This links our textbox with our API. acfFlag is the Setting we pass on and tells the Textbox what to Automatically complete.
All we need to do now is to call this function in our Form_Load event:
Private Sub Form1_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load AutoCompleteURLs(txtURLs, AutoCompleteFlags.SHACF_URLHISTORY) 'Call To AutoComplete For URLs Function End Sub
Voila! If you were to run your program now, you would see that it automatically suggests URLs as you type. You can experiment with the other settings (Flags) to see what other information can be returned.
Short and sweet. This was fun. Thank you for reading my article and I hope you have benefited from it. Until next time, Cheers!