Mercurial > hg > orthanc-authorization
comparison UnitTestsSources/UnitTestsMain.cpp @ 77:94a9484d7f8f
fix security issues allowing to browse remote dicom servers + introduced UnitTests
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 15 Mar 2023 16:36:42 +0100 |
parents | |
children | 0ffad746a16b |
comparison
equal
deleted
inserted
replaced
76:d301047ee3c4 | 77:94a9484d7f8f |
---|---|
1 /** | |
2 * Orthanc - A Lightweight, RESTful DICOM Store | |
3 * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics | |
4 * Department, University Hospital of Liege, Belgium | |
5 * Copyright (C) 2017-2021 Osimis S.A., Belgium | |
6 * | |
7 * This program is free software: you can redistribute it and/or | |
8 * modify it under the terms of the GNU Affero General Public License | |
9 * as published by the Free Software Foundation, either version 3 of | |
10 * the License, or (at your option) any later version. | |
11 * | |
12 * This program is distributed in the hope that it will be useful, but | |
13 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 * Affero General Public License for more details. | |
16 * | |
17 * You should have received a copy of the GNU Affero General Public License | |
18 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
19 **/ | |
20 | |
21 | |
22 #include <gtest/gtest.h> | |
23 #include <boost/lexical_cast.hpp> | |
24 #include <boost/algorithm/string/predicate.hpp> | |
25 | |
26 #include "../Plugin/DefaultAuthorizationParser.h" | |
27 #include "../Plugin/AssociativeArray.h" | |
28 #include "../Plugin/AccessedResource.h" | |
29 #include "../Plugin/MemoryCache.h" | |
30 #include "../Plugin/PermissionParser.h" | |
31 #include "../Plugin/ResourceHierarchyCache.h" | |
32 | |
33 using namespace OrthancPlugins; | |
34 | |
35 std::string instanceOrthancId = "44444444-44444444-44444444-44444444-44444444"; | |
36 std::string seriesOrthancId = "33333333-33333333-33333333-33333333-33333333"; | |
37 std::string studyOrthancId = "22222222-22222222-22222222-22222222-22222222"; | |
38 std::string patientOrthancId = "11111111-11111111-11111111-11111111-11111111"; | |
39 | |
40 std::string instanceDicomUid = "4.4"; | |
41 std::string seriesDicomUid = "3.3"; | |
42 std::string studyDicomUid = "2.2"; | |
43 std::string patientDicomUid = "PATIENT.1"; | |
44 | |
45 bool IsAccessing(const IAuthorizationParser::AccessedResources& accesses, AccessLevel level, const std::string& orthancId) | |
46 { | |
47 for (IAuthorizationParser::AccessedResources::const_iterator it = accesses.begin(); it != accesses.end(); ++it) | |
48 { | |
49 if (it->GetLevel() == level && it->GetOrthancId() == orthancId) | |
50 { | |
51 return true; | |
52 } | |
53 } | |
54 return false; | |
55 } | |
56 | |
57 namespace OrthancPlugins | |
58 { | |
59 // The namespace is necessary for friend classes to work | |
60 // http://code.google.com/p/googletest/wiki/AdvancedGuide#Private_Class_Members | |
61 | |
62 TEST(DefaultAuthorizationParser, Parse) | |
63 { | |
64 MemoryCache::Factory factory(10); | |
65 DefaultAuthorizationParser parser(factory, "/dicom-web/"); | |
66 ResourceHierarchyCache* cache = parser.GetResourceHierarchy(); | |
67 | |
68 cache->AddOrthancDicomMapping(Orthanc::ResourceType_Instance, instanceOrthancId, instanceDicomUid); | |
69 cache->AddOrthancDicomMapping(Orthanc::ResourceType_Series, seriesOrthancId, seriesDicomUid); | |
70 cache->AddOrthancDicomMapping(Orthanc::ResourceType_Study, studyOrthancId, studyDicomUid); | |
71 cache->AddOrthancDicomMapping(Orthanc::ResourceType_Patient, patientOrthancId, patientDicomUid); | |
72 | |
73 cache->AddParentLink(Orthanc::ResourceType_Instance, instanceOrthancId, seriesOrthancId); | |
74 cache->AddParentLink(Orthanc::ResourceType_Series, seriesOrthancId, studyOrthancId); | |
75 cache->AddParentLink(Orthanc::ResourceType_Study, studyOrthancId, patientOrthancId); | |
76 | |
77 IAuthorizationParser::AccessedResources accesses; | |
78 AssociativeArray noGetArguments(0, NULL, NULL, false); | |
79 | |
80 accesses.clear(); | |
81 parser.Parse(accesses, "/studies/22222222-22222222-22222222-22222222-22222222/", noGetArguments.GetMap()); | |
82 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
83 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
84 | |
85 accesses.clear(); | |
86 parser.Parse(accesses, "/studies/22222222-22222222-22222222-22222222-22222222/instances", noGetArguments.GetMap()); | |
87 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
88 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
89 | |
90 accesses.clear(); | |
91 parser.Parse(accesses, "/studies/22222222-22222222-22222222-22222222-22222222/archive", noGetArguments.GetMap()); | |
92 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
93 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
94 | |
95 accesses.clear(); | |
96 parser.Parse(accesses, "/osimis-viewer/studies/22222222-22222222-22222222-22222222-22222222/archive", noGetArguments.GetMap()); | |
97 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
98 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
99 | |
100 accesses.clear(); | |
101 parser.Parse(accesses, "/series/33333333-33333333-33333333-33333333-33333333/", noGetArguments.GetMap()); | |
102 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
103 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
104 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
105 | |
106 accesses.clear(); | |
107 parser.Parse(accesses, "/series/33333333-33333333-33333333-33333333-33333333/media", noGetArguments.GetMap()); | |
108 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
109 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
110 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
111 | |
112 accesses.clear(); | |
113 parser.Parse(accesses, "/series/33333333-33333333-33333333-33333333-33333333/modify", noGetArguments.GetMap()); | |
114 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
115 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
116 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
117 | |
118 accesses.clear(); | |
119 parser.Parse(accesses, "/web-viewer/series/33333333-33333333-33333333-33333333-33333333", noGetArguments.GetMap()); | |
120 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
121 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
122 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
123 | |
124 accesses.clear(); | |
125 parser.Parse(accesses, "/osimis-viewer/series/33333333-33333333-33333333-33333333-33333333", noGetArguments.GetMap()); | |
126 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
127 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
128 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
129 | |
130 accesses.clear(); | |
131 parser.Parse(accesses, "/instances/44444444-44444444-44444444-44444444-44444444/file", noGetArguments.GetMap()); | |
132 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Instance, instanceOrthancId)); | |
133 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
134 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
135 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
136 | |
137 accesses.clear(); | |
138 parser.Parse(accesses, "/web-viewer/instances/jpeg95-44444444-44444444-44444444-44444444-44444444_0", noGetArguments.GetMap()); | |
139 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Instance, instanceOrthancId)); | |
140 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
141 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
142 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
143 | |
144 accesses.clear(); | |
145 parser.Parse(accesses, "/osimis-viewer/images/44444444-44444444-44444444-44444444-44444444/0/high-quality", noGetArguments.GetMap()); | |
146 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Instance, instanceOrthancId)); | |
147 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
148 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
149 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
150 | |
151 accesses.clear(); | |
152 parser.Parse(accesses, "/system", noGetArguments.GetMap()); | |
153 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_System, "/system")); | |
154 | |
155 | |
156 ///////////////////////// dicom-web | |
157 accesses.clear(); | |
158 parser.Parse(accesses, "/dicom-web/studies/2.2", noGetArguments.GetMap()); | |
159 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
160 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
161 | |
162 accesses.clear(); | |
163 parser.Parse(accesses, "/dicom-web/studies/2.2/series/3.3", noGetArguments.GetMap()); | |
164 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
165 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
166 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
167 | |
168 accesses.clear(); | |
169 parser.Parse(accesses, "/dicom-web/studies/2.2/series/3.3/instances/4.4", noGetArguments.GetMap()); | |
170 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Instance, instanceOrthancId)); | |
171 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
172 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
173 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
174 | |
175 accesses.clear(); | |
176 parser.Parse(accesses, "/dicom-web/studies/2.2/series/3.3/instances/4.4/frames/0", noGetArguments.GetMap()); | |
177 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Instance, instanceOrthancId)); | |
178 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
179 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
180 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
181 | |
182 { | |
183 accesses.clear(); | |
184 const char* getKeys[] = {"0020000D"}; | |
185 const char* getValues[] = {"2.2"}; | |
186 AssociativeArray getArguments(1, getKeys, getValues, false); | |
187 parser.Parse(accesses, "/dicom-web/studies", getArguments.GetMap()); | |
188 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
189 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
190 } | |
191 { | |
192 accesses.clear(); | |
193 const char* getKeys[] = {"0020000D", "0020000E"}; | |
194 const char* getValues[] = {"2.2", "3.3"}; | |
195 AssociativeArray getArguments(2, getKeys, getValues, false); | |
196 parser.Parse(accesses, "/dicom-web/series", getArguments.GetMap()); | |
197 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
198 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
199 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
200 } | |
201 { | |
202 accesses.clear(); | |
203 const char* getKeys[] = {"0020000D", "00080018", "0020000E"}; | |
204 const char* getValues[] = {"2.2", "4.4", "3.3", }; | |
205 AssociativeArray getArguments(3, getKeys, getValues, false); | |
206 parser.Parse(accesses, "/dicom-web/studies", getArguments.GetMap()); | |
207 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Instance, instanceOrthancId)); | |
208 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Series, seriesOrthancId)); | |
209 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Study, studyOrthancId)); | |
210 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
211 } | |
212 { | |
213 accesses.clear(); | |
214 const char* getKeys[] = {"00100010"}; | |
215 const char* getValues[] = {"PATIENT.1"}; | |
216 AssociativeArray getArguments(1, getKeys, getValues, false); | |
217 parser.Parse(accesses, "/dicom-web/studies", getArguments.GetMap()); | |
218 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_Patient, patientOrthancId)); | |
219 } | |
220 | |
221 { // qido with no arguments = search all => system resource | |
222 accesses.clear(); | |
223 parser.Parse(accesses, "/dicom-web/studies", noGetArguments.GetMap()); | |
224 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_System, "/dicom-web/studies")); | |
225 } | |
226 | |
227 accesses.clear(); | |
228 parser.Parse(accesses, "/dicom-web/servers", noGetArguments.GetMap()); | |
229 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_System, "/dicom-web/servers")); | |
230 | |
231 accesses.clear(); | |
232 parser.Parse(accesses, "/dicom-web/info", noGetArguments.GetMap()); | |
233 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_System, "/dicom-web/info")); | |
234 | |
235 accesses.clear(); | |
236 parser.Parse(accesses, "/dicom-web/servers/test/qido", noGetArguments.GetMap()); | |
237 ASSERT_TRUE(IsAccessing(accesses, AccessLevel_System, "/dicom-web/servers/test/qido")); | |
238 | |
239 } | |
240 } | |
241 | |
242 int main(int argc, char **argv) | |
243 { | |
244 ::testing::InitGoogleTest(&argc, argv); | |
245 return RUN_ALL_TESTS(); | |
246 } |