public static LibraryIssue GetIssue(DotnetLibrary library)
{
if (library.Name == "Ninject")
{
Version ninjectVersion = new Version(library.ProductVersion ?? library.Version);
Version validVersion = new Version("3.2.2");
if (ninjectVersion.CompareTo(validVersion) <= 0)
{
return(new LibraryIssue("Ninject 3.2.2 and below have a known bug that causes a crash with .NET profilers, including Contrast. You must upgrade your version of Ninject or use a known workaround. More information available on our documentation at https://docs.contrastsecurity.com/user_netfaq.html#ninject"));
}
}
else if (library.Name == "ServiceStack")
{
return(new LibraryIssue(string.Format(unsupportedFrameworkMessage, "ServiceStack")));
}
else if (library.Name == "Nancy")
{
return(new LibraryIssue(string.Format(unsupportedFrameworkMessage, "Nancy")));
}
else if (library.Name == "Castle.Monorail")
{
return(new LibraryIssue(string.Format(unsupportedFrameworkMessage, "Castle.Monorail")));
}
else if (library.Name.StartsWith("Microsoft.AspNet.SignalR", StringComparison.InvariantCulture))
{
return(new LibraryIssue("SignalR framework is not currently supported for Assess or Defend rules."));
}
return(null);
}
public static List<DotnetLibrary> GetGACLibraries()
{
var gacList = new List<DotnetLibrary>();
try
{
var assemblyEnumerator = new AssemblyCacheEnumerator();
var assemblyName = assemblyEnumerator.GetNextAssembly();
while (assemblyName != null)
{
var assemblyDescription = new AssemblyDescription(assemblyName);
string name = assemblyDescription.Name;
bool probablyMicrosoftPackage = (name.StartsWith("Microsoft") || name.StartsWith("System"));
if (!probablyMicrosoftPackage)
{
var gacLib = new DotnetLibrary
{
Culture = assemblyDescription.Culture,
ProcessorArchitecture = assemblyDescription.ProcessorArchitecture,
Name = name,
Version = assemblyDescription.Version,
Filepath = assemblyDescription.Path,
};
FileInfo fi = new FileInfo(gacLib.Filepath);
if (fi.Exists)
{
gacLib.Filename = fi.Name;
FileVersionInfo fvi = FileVersionInfo.GetVersionInfo(gacLib.Filepath);
bool isDllFile = fvi.FileVersion != null;
bool isMicrosoftCopyright = fvi.LegalCopyright != null && fvi.LegalCopyright.Contains("Microsoft Corporation");
if (isDllFile && !isMicrosoftCopyright)
{
gacLib.FileDescription = fvi.FileDescription;
gacLib.Version = fvi.FileVersion;
gacLib.ProductName = fvi.ProductName;
gacLib.ProductVersion = fvi.ProductVersion;
gacLib.Copyright = fvi.LegalCopyright;
gacLib.Language = fvi.Language;
gacLib.SHA1Hash = GetFileSHA1(gacLib.Filepath);
gacLib.Md5Hash = GetFileMD5(gacLib.Filepath);
gacList.Add(gacLib);
}
}
}
assemblyName = assemblyEnumerator.GetNextAssembly();
}
}
catch(Exception ex)
{
Trace.TraceWarning("Could not load DLL list from the GAC. Error: {0}", ex.ToString());
Console.Error.WriteLine("Could not load DLL list from the GAC.");
return new List<DotnetLibrary>();
}
return gacList;
}
private static List<DotnetLibrary> GetLibsForApp(string appPath)
{
var libs = new List<DotnetLibrary>();
DirectoryInfo di = new DirectoryInfo(Path.Combine(appPath, "bin"));
if (di.Exists)
{
foreach (FileInfo fi in di.GetFiles("*.dll"))
{
if (!fi.Exists)
continue;
var lib = new DotnetLibrary();
lib.Filepath = fi.FullName;
lib.Filename = fi.Name;
FileVersionInfo fvi = FileVersionInfo.GetVersionInfo(lib.Filepath);
bool isDllFile = fvi.FileVersion != null;
if (!isDllFile)
continue;
lib.FileDescription = fvi.FileDescription;
lib.Version = fvi.FileVersion;
lib.ProductName = fvi.ProductName;
lib.ProductVersion = fvi.ProductVersion;
lib.Copyright = fvi.LegalCopyright;
lib.Language = fvi.Language;
lib.SHA1Hash = GetFileSHA1(lib.Filepath);
lib.Md5Hash = GetFileMD5(lib.Filepath);
//get .net metadata
try
{
var assemblyName = AssemblyName.GetAssemblyName(lib.Filepath);
lib.Name = assemblyName.Name;
lib.Culture = assemblyName.CultureInfo.Name;
lib.Version = assemblyName.Version.ToString();
lib.ProcessorArchitecture = Enum.GetName(typeof(ProcessorArchitecture), assemblyName.ProcessorArchitecture);
var bytes = assemblyName.GetPublicKeyToken();
if (bytes == null || bytes.Length == 0)
{
lib.PublicKeyToken = "None";
}
else
{
string publicKeyToken = string.Empty;
for (int i = 0; i < bytes.GetLength(0); i++)
publicKeyToken += string.Format("{0:x2}", bytes[i]);
lib.PublicKeyToken = publicKeyToken;
}
lib.AssemblyVersion = assemblyName.Version;
}
catch(Exception ex) when (ex is BadImageFormatException || ex is FileNotFoundException || ex is NotSupportedException || ex is FileLoadException)
{
Trace.TraceWarning("Could not load assembly at {0}. Error: {1}", lib.Filepath, ex.ToString());
Console.Error.WriteLine("Could not load assembly info for {0}", lib.Filepath);
continue;
}
libs.Add(lib);
}
}
return libs;
}
