Application Security Testing: An Integral Part of DevOps
A few month ago I submitted a macro for Visual Studio that allows a developer to launch an application from within the code. See Application Launcher. The macro was designed for VS 5.0 and it ran very well, at least in my computer :-). I was contacted by a few people complaining they could not make the macro run. I later found out the reason it ran in my computer so well was because I had Microsoft's Windows Scripting Host installed. After upgrading to Visual Studio 6.0 the macro stop working. Apparently Visual Studio 6.0 does not support the CreateObject(...) function, even after installing Windows Scripting Host. Since I have learned to depend on this macro for my in source documentation, I decided to create an add-in to provide the functionality of the application launcher macro.
How It Works.
I decided to take a more simplistic approach for the Application Launcher add-in. Instead of trying to figure out what application to call depending on the file extension as the macro did. I have delegated that responsibility to the operating system and have limited the functionality of the macro to pick up the link from the source code and pass it to ShellExcecute(...). The code is very simple and everything is done in one function. I have reused some of the code for string manipulation posted by Zafir Anjum . Having said that, this is a list of some of the links you can include in your source code .
|Omar Francisco [mailto:email@example.com]||Email Client|
|[REPOSITORY:D:\Apps\Microsoft Visual Studio\Common\Tools\VCM\VCM.VBD]||MS Repository|
|[SOURCE SAFE:X\VSS\srcsafe.ini]||Source Safe|
|[news://msnews.microsoft.com]||News Group Reader|
Anything you can run from a command line, could be run from within your code. This add-in has the potential to make your life easier both during development and during the maintenance of your code.
The add-in also supports custom tags that force a specific application to be called when a custom tag is found. This feature is useful to call applications like Source Safe that take an INI file as a parameter. I have included custom links for MSDN articles, Source Safe and Microsoft repository. The bold items in the previous list represent custom tags.
The custom tag file goes by the name AppLaunch.ini and it is expected to be found in the same directory where the add-in is stored. It is read when Visual Studio starts up and the (tag, application) pair is stored in a vector. Due to the almost static nature of this file, I did not see a need to provide a mechanism to refresh the file without closing Visual Studio. The format of the file is self-explanatory.
Case insensitive tag; application
See AppLauch.ini for more information.
How to Install and Run
Compile the enclosed project and register the AppLaunch.dll. Don't forget to copy the AppLaunch.ini file to the same directory where the AppLaunch.dll is located. Then you must associate the add-in with a shortcut key (See my comments about shortcut keys). Once that is done just create a link to something and enclose it in brackets , i.e. [http://www.codeguru.com]. Put the cursor anywhere within the pair of brackets and press the shortcut key associated with the add-in. The application associated with the link will be started.
About Shortcut Keys
As I added more and more add-ins and macros to Visual Studio and other applications, it became almost impossible to remember all these keystrokes. To the rescue came PC-DASH from Saitek. It is a programmable keypad that allows me to bind add-ins or macros to a single keystroke. It also let me design my own labels for every key. More information about this product could be found at http://www.saitekusa.com/products/other/pcdash.html. I have no affiliation with this company. If you have questions about how I am using this device in my programming environment, I will be happy to answer them.
That's all folks.