Skip to content

Commit 264fdb0

Browse files
committed
SEBWIN-1102: Removed start URL from session integrity verification.
1 parent 0281250 commit 264fdb0

4 files changed

Lines changed: 20 additions & 25 deletions

File tree

SafeExamBrowser.Client.UnitTests/Responsibilities/IntegrityResponsibilityTests.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ public void Initialize()
3131
text = new Mock<IText>();
3232
integrityModule = new Mock<IIntegrityModule>();
3333

34-
integrityModule.Setup(m => m.TryVerifySessionIntegrity(It.IsAny<string>(), It.IsAny<string>(), out valid)).Returns(true);
34+
integrityModule.Setup(m => m.TryVerifySessionIntegrity(It.IsAny<string>(), out valid)).Returns(true);
3535

3636
var sut = new IntegrityResponsibility(context, logger.Object, text.Object);
3737
}

SafeExamBrowser.Client/Responsibilities/IntegrityResponsibility.cs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ private void UpdateSessionIntegrity()
6262

6363
if (hasQuitPassword)
6464
{
65-
IntegrityModule?.ClearSession(Settings.Browser.ConfigurationKey, Settings.Browser.StartUrl);
65+
IntegrityModule?.ClearSession(Settings.Browser.ConfigurationKey);
6666
}
6767
}
6868

@@ -96,12 +96,12 @@ private void VerifySessionIntegrity()
9696
{
9797
Logger.Info($"Attempting to verify session integrity...");
9898

99-
if (IntegrityModule.TryVerifySessionIntegrity(Settings.Browser.ConfigurationKey, Settings.Browser.StartUrl, out var isValid))
99+
if (IntegrityModule.TryVerifySessionIntegrity(Settings.Browser.ConfigurationKey, out var isValid))
100100
{
101101
if (isValid)
102102
{
103103
Logger.Info("Session integrity successfully verified.");
104-
IntegrityModule.CacheSession(Settings.Browser.ConfigurationKey, Settings.Browser.StartUrl);
104+
IntegrityModule.CacheSession(Settings.Browser.ConfigurationKey);
105105
}
106106
else
107107
{

SafeExamBrowser.Integrity.Contracts/IIntegrityModule.cs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,12 @@ public interface IIntegrityModule
1616
/// <summary>
1717
/// Caches the specified session for later integrity verification.
1818
/// </summary>
19-
void CacheSession(string configurationKey, string startUrl);
19+
void CacheSession(string configurationKey);
2020

2121
/// <summary>
2222
/// Removes the specified session from the integrity verification cache.
2323
/// </summary>
24-
void ClearSession(string configurationKey, string startUrl);
24+
void ClearSession(string configurationKey);
2525

2626
/// <summary>
2727
/// Indicates whether the computer system is a virtual machine and if so, provides its manufacturer and probability.
@@ -51,6 +51,6 @@ public interface IIntegrityModule
5151
/// <summary>
5252
/// Attempts to verify the integrity for the specified session.
5353
/// </summary>
54-
bool TryVerifySessionIntegrity(string configurationKey, string startUrl, out bool isValid);
54+
bool TryVerifySessionIntegrity(string configurationKey, out bool isValid);
5555
}
5656
}

SafeExamBrowser.Integrity/IntegrityModule.cs

Lines changed: 13 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,6 @@ public class IntegrityModule : IIntegrityModule
3939
0x01, 0x04, 0x02, 0x03, 0x14, 0x15, 0x07, 0x08,
4040
0x11, 0x12, 0x16, 0x05, 0x09, 0x10, 0x12, 0x02
4141
};
42-
private static readonly string SESSION_DATA_SEPARATOR = "<@|--separator--|@>";
4342

4443
private readonly AppConfig appConfig;
4544
private readonly ILogger logger;
@@ -50,9 +49,9 @@ public IntegrityModule(AppConfig appConfig, ILogger logger)
5049
this.logger = logger;
5150
}
5251

53-
public void CacheSession(string configurationKey, string startUrl)
52+
public void CacheSession(string configurationKey)
5453
{
55-
if (TryReadSessionCache(out var sessions) && TryWriteSessionCache(sessions.Append((configurationKey, startUrl))))
54+
if (TryReadSessionCache(out var sessions) && TryWriteSessionCache(sessions.Append(configurationKey)))
5655
{
5756
logger.Debug("Successfully cached session.");
5857
}
@@ -62,9 +61,9 @@ public void CacheSession(string configurationKey, string startUrl)
6261
}
6362
}
6463

65-
public void ClearSession(string configurationKey, string startUrl)
64+
public void ClearSession(string configurationKey)
6665
{
67-
if (TryReadSessionCache(out var sessions) && TryWriteSessionCache(sessions.Where(s => s.configurationKey != configurationKey && s.startUrl != startUrl)))
66+
if (TryReadSessionCache(out var sessions) && TryWriteSessionCache(sessions.Where(s => s != configurationKey)))
6867
{
6968
logger.Debug("Successfully cleared session.");
7069
}
@@ -194,15 +193,15 @@ public bool TryVerifyCodeSignature(out bool isValid)
194193
return success;
195194
}
196195

197-
public bool TryVerifySessionIntegrity(string configurationKey, string startUrl, out bool isValid)
196+
public bool TryVerifySessionIntegrity(string configurationKey, out bool isValid)
198197
{
199198
var success = false;
200199

201200
isValid = false;
202201

203202
if (TryReadSessionCache(out var sessions))
204203
{
205-
isValid = sessions.All(s => s.configurationKey != configurationKey && s.startUrl != startUrl);
204+
isValid = sessions.All(s => s != configurationKey);
206205
success = true;
207206
logger.Debug($"Successfully verified session integrity, session is {(isValid ? "valid." : "compromised!")}");
208207
}
@@ -214,11 +213,11 @@ public bool TryVerifySessionIntegrity(string configurationKey, string startUrl,
214213
return success;
215214
}
216215

217-
private bool TryReadSessionCache(out IList<(string configurationKey, string startUrl)> sessions)
216+
private bool TryReadSessionCache(out IList<string> sessions)
218217
{
219218
var success = false;
220219

221-
sessions = new List<(string configurationKey, string startUrl)>();
220+
sessions = new List<string>();
222221

223222
try
224223
{
@@ -229,13 +228,9 @@ private bool TryReadSessionCache(out IList<(string configurationKey, string star
229228
using (var stream = new CryptoStream(file, aes.CreateDecryptor(SESSION_DATA_KEY, SESSION_DATA_IV), CryptoStreamMode.Read))
230229
using (var reader = new StreamReader(stream))
231230
{
232-
for (var line = reader.ReadLine(); line != default; line = reader.ReadLine())
231+
for (var session = reader.ReadLine(); session != default; session = reader.ReadLine())
233232
{
234-
var session = line.Split(new string[] { SESSION_DATA_SEPARATOR }, StringSplitOptions.None);
235-
var configurationKey = session[0];
236-
var startUrl = session[1];
237-
238-
sessions.Add((configurationKey, startUrl));
233+
sessions.Add(session);
239234
}
240235
}
241236
}
@@ -250,7 +245,7 @@ private bool TryReadSessionCache(out IList<(string configurationKey, string star
250245
return success;
251246
}
252247

253-
private bool TryWriteSessionCache(IEnumerable<(string configurationKey, string startUrl)> sessions)
248+
private bool TryWriteSessionCache(IEnumerable<string> sessions)
254249
{
255250
var success = false;
256251

@@ -267,9 +262,9 @@ private bool TryWriteSessionCache(IEnumerable<(string configurationKey, string s
267262
using (var stream = new CryptoStream(file, aes.CreateEncryptor(), CryptoStreamMode.Write))
268263
using (var writer = new StreamWriter(stream))
269264
{
270-
foreach (var (configurationKey, startUrl) in sessions)
265+
foreach (var session in sessions)
271266
{
272-
writer.WriteLine($"{configurationKey}{SESSION_DATA_SEPARATOR}{startUrl}");
267+
writer.WriteLine(session);
273268
}
274269
}
275270
}

0 commit comments

Comments
 (0)