Application Security Testing: An Integral Part of DevOps
.Net developers are quite spoilt for choice when it comes to storing little pieces of information. Common places in which developers can store data are the following:
- Configuration files
- The Registry
- Flat files
- INI files
It all depends on the need of the user, and obviously the amount of data that needs storing. It is senseless saving a couple of strings into a database; it is also senseless storing huge amounts of data into anything other than a database.
What are Configuration Files?
As the name implies, a Configuration file allows you to store configuration settings. These configuration settings could be anything such as a database connection, common strings, or objects that will be used throughout your entire application. The benefit of using a Config file is that it is automatically part of your application. This eliminates the need to create separate files in order to store your settings.
Configuration files are in XML format. This means that every setting stored inside a config file can easily be read if you understand the very basics of XML. Every Windows Forms application includes a file called app.config, which I will talk about now.
As said, any Windows Forms application includes this file as part of the solution - so create a VB.NET Windows Forms application quickly. You can store all your Database connection strings, Resource locations (et al.) inside it. If you were to open the App.Config file inside Visual Studio it will look like the following:
<?xml version="1.0" encoding="utf-8" ?> <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /> </startup> </configuration>
Doesn't look like much. This simply tells the application that it expects .NET Framework 4.5 in order to run. Now where do the Settings I mentioned come in?
You have to edit the App.Config file to include your desired settings. Edit your App.Config to look like the next code listing:
<?xml version="1.0" encoding="utf-8" ?> <configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /> </startup> <appSettings> <add key="TestKey" value="whatever"/> </appSettings> </configuration>
All I included here was the appSettings section. Here I created a sub key named TestKey and supplied a senseless value (as this is just an example). Now, you have added a section to your Config file, and you can manipulate it through VB.NET Code. Design your form to resemble Figure 1 below.
Figure 1 - Our Design
Before you can jump in and code, you first need to set a project reference to System.Configuration by following these steps:
- Click Project
- Click Add Reference
- Click Assemblies
- Click Framework (if necessary)
- Scroll to System.Configuration and check the box next to it, as shown in Figure 2.
Figure 2 - Added Project Reference
Now that all the semantics are out of the way, you can start coding. As usual (I am a creature of habit) add the Imports statements first:
Imports System.Configuration 'Need to add project reference as well
The reference and the namespace allows us to be able to read any configuration file as well as to supply you with the necessary tools to do it. Create the following modular objects:
Dim cAppConfig As Configuration = ConfigurationManager.OpenExeConfiguration(Application.StartupPath & "\Config_File_Ex.exe") Dim asSettings As AppSettingsSection = cAppConfig.AppSettings
The first object you created (cAppConfig) is a Configuration object. You use this to open the application's config file via the use of the ConfigurationManager class' OpenExeConfiguration method. The next object is an AppSettingsSection object, which reads the appSettings key within the specified Configuration file object.
Storing a Value Inside a Configuration File
Now that everything is set up, you can finally store a value inside the appSettings key you created earlier. Add the following code behind the button labelled 'Store':
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click asSettings.Settings.Item("TestKey").Value = 5 'Save Original Value cAppConfig.Save(ConfigurationSaveMode.Modified) End Sub
Here you opened the TestKey inside appSettings and give it a value. The next line simply saves the Configuration into the Config file.
Reading from a Configuration File
Add the next code behind the button labelled 'Show':
Private Sub Button3_Click(sender As Object, e As EventArgs) Handles Button3.Click Try Dim appSettings = ConfigurationManager.AppSettings 'Read Stored Value Dim result As String = appSettings("TestKey") If IsNothing(result) Then result = "Not found" End If MessageBox.Show(result) Catch ec As ConfigurationErrorsException MessageBox.Show("Error reading app settings") End Try End Sub
You created an AppSettings object to read through the Config file's AppSettings section. Then, you read from the specified key - in this case it is TestKey. If there is data present it will show the data inside a MessageBox, else, it will inform you that nothing has been stored.
Editing Config File Values
Add the next code behind the button labeled 'Edit':
Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click 'Re-Open file and Store a new value cAppConfig = ConfigurationManager.OpenExeConfiguration(Application.StartupPath & "\Config_File_Ex.exe") asSettings = cAppConfig.AppSettings asSettings.Settings.Item("TestKey").Value = 15 'Save Modified Value cAppConfig.Save(ConfigurationSaveMode.Modified) End Sub
Inside the Edit button you simply open the Configuration file and the desired key, then you store a new value and save the file again.
In this article you have learned how to manipulate data in Configuration Files. I hope you have enjoyed it as much as I did. Until next time, cheers!