From 52913aa8156bf1769e3eccee0629ecd65ad9500e Mon Sep 17 00:00:00 2001
From: Matt Irvine <mji7wb@virginia.edu>
Date: Thu, 14 Sep 2017 11:06:15 -0700
Subject: [PATCH] Handle null passwords when creating SecureStrings in
 AdminService (#457)

---
 .../Admin/AdminService.cs                     | 15 +++++---
 .../Admin/AdminServiceTests.cs                | 36 +++++++++++++++++++
 2 files changed, 47 insertions(+), 4 deletions(-)
 create mode 100644 test/Microsoft.SqlTools.ServiceLayer.UnitTests/Admin/AdminServiceTests.cs

diff --git a/src/Microsoft.SqlTools.ServiceLayer/Admin/AdminService.cs b/src/Microsoft.SqlTools.ServiceLayer/Admin/AdminService.cs
index efeccefc..5b28d9e2 100644
--- a/src/Microsoft.SqlTools.ServiceLayer/Admin/AdminService.cs
+++ b/src/Microsoft.SqlTools.ServiceLayer/Admin/AdminService.cs
@@ -180,10 +180,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Admin
             // check if the connection is using SQL Auth or Integrated Auth
             if (string.Equals(connInfo.ConnectionDetails.AuthenticationType, "SqlLogin", StringComparison.OrdinalIgnoreCase))
             {
-                var passwordSecureString = new System.Security.SecureString();
-                foreach (char c in connInfo.ConnectionDetails.Password) {
-                    passwordSecureString.AppendChar(c);
-                }
+                var passwordSecureString = BuildSecureStringFromPassword(connInfo.ConnectionDetails.Password);
                 dataContainer = new CDataContainer(
                     CDataContainer.ServerType.SQL,
                     connInfo.ConnectionDetails.ServerName,
@@ -207,6 +204,16 @@ namespace Microsoft.SqlTools.ServiceLayer.Admin
             return taskHelper;
         }
 
+        internal static System.Security.SecureString BuildSecureStringFromPassword(string password) {
+            var passwordSecureString = new System.Security.SecureString();
+            if (password != null) {
+                foreach (char c in password) {
+                    passwordSecureString.AppendChar(c);
+                }
+            }
+            return passwordSecureString;
+        }
+
         /// <summary>
         /// Create data container document
         /// </summary>
diff --git a/test/Microsoft.SqlTools.ServiceLayer.UnitTests/Admin/AdminServiceTests.cs b/test/Microsoft.SqlTools.ServiceLayer.UnitTests/Admin/AdminServiceTests.cs
new file mode 100644
index 00000000..243a7419
--- /dev/null
+++ b/test/Microsoft.SqlTools.ServiceLayer.UnitTests/Admin/AdminServiceTests.cs
@@ -0,0 +1,36 @@
+//
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+//
+
+using System.Security;
+using Xunit;
+
+using Microsoft.SqlTools.ServiceLayer.Admin;
+using Microsoft.SqlTools.ServiceLayer.Connection;
+using Microsoft.SqlTools.ServiceLayer.Connection.Contracts;
+
+namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Admin
+{
+    /// <summary>
+    /// Tests for AdminService Class
+    /// </summary>
+    public class AdminServiceTests
+    {
+        [Fact]
+        public void TestBuildingSecureStringFromPassword()
+        {
+            string password = "test_password";
+            var secureString = AdminService.BuildSecureStringFromPassword(password);
+            Assert.Equal(password.Length, secureString.Length);
+        }
+
+        [Fact]
+        public void TestBuildingSecureStringFromNullPassword()
+        {
+            string password = null;
+            var secureString = AdminService.BuildSecureStringFromPassword(password);
+            Assert.Equal(0, secureString.Length);
+        }
+    }
+}