Application Security Testing: An Integral Part of DevOps
This article introduces you to the CTS and its purpose. This article highlights the following:
- Intro to the Common Type System (CTS)
- Intro to the Common Language Runtime (CLR)
- Why the Need for a Common Runtime and Type System?
- Common Language Specification
- Common Methods of the CTS
- Set of Lnaguages that Target The CLR
- CTS Benefits
The CTS provides every language running on the .NET platform with a base set of data types. While the CTS is responsible for defining the types that can be used across the .NET languages, most languages choose to implement aliases to those types. For example, a four-byte integer value is represented by the CTS type System.Int32. C# defines an alias for this called type called int.
- VALUE TYPES ( assigning actual values to the variables)
- REFERENCE TYPES (referencing to point to the address of the object)
The high-performance CLR (Common Language Runtime) includes an
- Execution engine,
- A garbage collector,
- Just-in-time (JIT) compiler,
- A security system,
- A rich class framework (The .Net framework).
The CLR was designed to support multiple languages. The CLR is responsible for managing the execution of code compiled for the .NET platform. Code requiring the CLR at runtime in order to execute is referred to as " managed code". Compilers that target the .NET platform generate managed code that relies on a core set of services provided by the CLR. Despite the fact that managed code is compiled to an intermediate language (IL), .NET programs are not interpreted by a "virtual machine". The CLR is responsible for compiling .NET applications to native machine code. It is also technically possible to port the CLR to a variety of hardware platforms, even other programming systems. Some of the salient features of CLR include:
- Cross-language integration
- Enhanced security
- Versioning and deployment support
- Debugging and profiling services
- Memory management
Each programming language seems to bring its own datatypes with it. For example, VB represents strings using the BSTR struct, C++ offers char and wchar datatypes, and MFC offers the CString class. The C++ int datatype is a 32-bit value where the VB integer datatype, prior to VB .NET, is a 16-bit value. One of the goals of the .NET platform is to make it easier for the developer to write applications. COM developers are exposed to a headache as they need to be concerned about GUIDs, HRESULTs, early versus Late binding, managing reference counts, the type of threading model your component will run in, and proxy and stub layers etc.
Fortunately some of the programming environment and frameworks such as VB and ATL come to the rescue and reduces much of this complexity.For example, VB automatically generates the appropriate GUIDS and also manages reference counts for COM object used within the application. But still many developers will argue that Visual Basic's implementation of COM leaves a lot to be desired. The solution has been presented in the form of creating such a system which is common to all the languages related to this platform and so the common type system was created.
The Common Language Specification describes a common level of language functionality. The CLS is a set of rules that a language compiler must adhere to in order to create .NET applications that run in the CLR. Anyone who wants to write a .NET-compliant compiler needs simply to adhere to these rules and that's it. The relatively high minimum bar of the CLS enables the creation of a club of CLS-compliant languages. Each member of this club enjoys dual benefits: complete access to .NET framework functionality and rich interoperability with other compliant languages. For example a VB class can inherit from a C# class and override its virtual methods.
Every type supported by CTS is derived from System.Object. Therefore, every type supports the following methods:
1. PUBLIC METHODS:
It is used to test equality with another object. Reference types should return true if the Object parameter references the same object and Values types when references the same value.
Int 32 Get Hash Code( ):
It generates a number corresponding to the value of an object. If two objects of the same type are equal, then they must return the same hash code. This value is used extensively by the sorting algorithms implemented in System.Collections.
Type GetType( ):
Gets a Type Object that can be used to access metadata associated with the type and as a starting point for navigating the object heirarchy exposed by the Reflection API.
String ToString( ):
The default implementation returns the fully qualified name of the class of the object. This method is often overridden to output data that is more meaningful to the type.
2. PROTECTED METHODS:
void finalize( ):
This method is called by the runtime to allow for cleanup prior to garbage collection.
This member represents a shallow copy of the object containing references to other objects that does noy include copies of the objects referenced.
Microsoft provided languages that target the CLR include Visual Basic .NET, Visual C++ .NET with Managed Extensions, Visual C# .NET, and JScript .NET. Third parties are also providing many other languages----too many to list here.
The benefits of the Common Type System include:
Since all .NET languages are using a single type system, you are assured that objects and types are created in different languages can interact with one another in a seamless manner. It's the CTS/CLS combination that helps make language interoperability more than just a programmer's dream.
Singly rooted object hierarchy:
A singly rooted object hierarchy is the key to a unified type system because it guarantees that each object in the hierarchy has a common interface and therefore everything in the hierarchy will ultimately be of the same base type.
Type safety guarantees that types are declared safely and there is no way to trick the system to think that one type is actually another and only appropriate functions can be preformed on a particular object.