Example: Verifying application r-code integrity

Managing ABL Applications

R-code Features and Functions : R-code CRCs and procedure integrity : RCODE-INFO handle : Example: Verifying application r-code integrity

Be sure to verify the integrity of your application's r-code.

To provide r-code integrity and security in your application:

1. Build the procedure security table, RcodeSecurity, with these fields:

Filename — CHARACTER field for the pathname of each r-code file

CRC — INTEGER field for the r-code CRC of the specified r-code file

2. Construct a text file, crctable.dat, that contains a list of the pathnames, relative to the working directory, for all the secure procedures called by your application.

3. Compile and save the r-code for all the secure procedures in your application.

4. Run a procedure that contains code to build the RcodeSecurity table. For example:

DEFINE VARIABLE cProcName AS CHARACTER NO-UNDO FORMAT "x(32)".
DEFINE VARIABLE ix        AS INTEGER   NO-UNDO.
INPUT FROM "crctable.dat". /* List of r-code file pathnames */
REPEAT:
  SET cProcName.
  FIND RcodeSecurity WHERE RcodeSecurity.Filename = cProcName NO-ERROR.
  IF NOT AVAILABLE(RcodeSecurity) THEN
    CREATE RcodeSecurity.
  ASSIGN
    RCODE-INFO:FILE-NAME   = cProcName.
    RcodeSecurity.Filename = cProcName
    RcodeSecurity.Crc      = RCODE-INFO:CRC-VALUE
    ix                     = ix + 1.
END.
INPUT CLOSE.
MESSAGE ix "procedure security records created".

5. At each point where you call a secure procedure in your application, insert this code:

FIND RcodeSecurity WHERE RcodeSecurity.Filename = "secret.r".
RCODE-INFO:FILE-NAME = "secret.r".
IF RcodeSecurity.Crc = RCODE-INFO:CRC-VALUE THEN
  RUN secret.
ELSE DO:
  MESSAGE "Procedure secret.r is invalid.".
  QUIT.
END.