Application Security Testing: An Integral Part of DevOps
A while back, I worked on a client application where I was significantly responsible for the components. The application was written in Delphi and the components were installed into the toolbox. I returned to the client after a few days off and discovered a huge problem. Some other developers had sent messages from the components to the presentation layer by adding references to the GUI forms in the component layer. Can you tell what went wrong?
If a component or any kind of middleware refers to the presentation layer, that presentation layer goes wherever the components go. This kills reusekills it dead in the water. Building an application is hard enough without having to drag all of your old applications along for the ride.
So, about ten years ago I devised a simple way to send information around an application without creating circular references between layers. I called the technique broadcaster and listener, because I modeled it after the notion of radio stations and listeners: A radio station broadcasts without any specific knowledge of or action towards the listeners who tune in.
Many of you will recognize this as an implementation of the Observer behavior pattern (in other words, the publish-subscribe implementation of Observer). It successfully separates internal messaging within an application. The gang of four (GoF) published it first and will forever get the credit, but this implementationI call it the Radio patternis easy for any developer to create and use. (For more information on the Observer behavior pattern, refer to Design Patterns: Elements of Reusable Object Oriented Software by Erich Gamma and company from Addison Wesley.)
I refer to the three combined elements of the implementation (the listener, audience, and broadcaster classes) as the Radio Application Block (RAB). You can incorporate and use it like any other of the readily available application blocks, such as DAAB or EMAB. (If you are unfamiliar with these, just Google them: DAAB site://www.microsoft.com.)
This article demonstrates how you can implement the Radio pattern to keep your application code loosely coupled.
Defining the Listener
Many languages in .NET do not support multiple inheritance. Thus, because I am not using events and don't want to use what may be only one inheritance slot, I elected to implement the listener by using an interface.
The objective of the listener is to tune in and listen for messages. These goals can be captured in a simple interface with a Boolean that indicates a tuned-in state and a method that receives messages. Alternatively, strings and an object would work too. Listing 1 contains the implementation of the IListener interface. (An I prefix is used by convention.)
Listing 1: An Implementation of the IListener Interface
Public Interface IListener ReadOnly Property Listening() As Boolean Sub Listen(ByVal message As String) End Interface
You could add methods to accept an object, a DateTime, or some additional information, but to make the Radio pattern easier to use, leave it to consumers to format the message into a string.
Defining the Audience
Audience simply refers to any listeners. A listener is any class that implements IListener and adds itself to the listener's collection. I used a strongly typed collection of IListener to represent the audience. I have covered typed collections several times in previous articles, so I will just provide that code in Listing 2.
Listing 2: An Implementation of a Typed Collection of IListener
Imports System.Collections Public Class ListenerCollection Inherits CollectionBase Default Public Property Item(ByVal index As Integer) As IListener Get Return CType(List(index), IListener) End Get Set(ByVal Value As IListener) List(index) = Value End Set End Property Public Function Add(ByVal Value As IListener) As Integer Return List.Add(Value) End Function Public Sub Remove(ByVal Value As IListener) If (list.Contains(Value)) Then list.Remove(Value) End If End Sub End Class