public void ThrowsGuardException_ForDelegatesCreatedFromMethodsWithRewriters(string code) { var compiled = TestHelper.Compile(@" using System; using System.Linq.Expressions; class C { void M() { " + code + @" } }" ); var policy = ApiPolicy.SafeDefault() .Namespace("System.Linq.Expressions", ApiAccess.Allowed) .Namespace("System.Reflection", ApiAccess.Allowed); Assert.Throws <AssemblyGuardException>( () => AssemblyGuard.Rewrite(compiled, new MemoryStream(), new AssemblyGuardSettings { ApiPolicy = policy }) ); }
public ExecutionResult Execute(CompilationStreamPair streams, IWorkSession session) { var readerParameters = new ReaderParameters { ReadSymbols = streams.SymbolStream != null, SymbolStream = streams.SymbolStream, AssemblyResolver = _assemblyResolver, SymbolReaderProvider = streams.SymbolStream != null ? _symbolReaderProvider : null }; using (streams) using (var definition = AssemblyDefinition.ReadAssembly(streams.AssemblyStream, readerParameters)) { AssemblyLog.Log("1.Initial", definition); foreach (var rewriter in _rewriters) { rewriter.Rewrite(definition, session); } PerformanceLog.Checkpoint("Executor.Rewrite.Flow.End"); AssemblyLog.Log("2.WithFlow", definition); if (definition.EntryPoint == null) { throw new ArgumentException("Failed to find an entry point (Main?) in assembly.", nameof(streams)); } var guardToken = AssemblyGuard.Rewrite(definition, _guardSettings); using (var rewrittenStream = _memoryStreamManager.GetStream()) { definition.Write(rewrittenStream); AssemblyLog.Log("3.Unbreakable", definition); rewrittenStream.Seek(0, SeekOrigin.Begin); PerformanceLog.Checkpoint("Executor.Rewrite.Unbreakable.End"); using (var context = new CustomAssemblyLoadContext(shouldShareAssembly: ShouldShareAssembly)) { var assembly = context.LoadFromStream(rewrittenStream); PerformanceLog.Checkpoint("Executor.AssemblyLoad.End"); return(Execute(assembly, guardToken, session)); } } } }
public void DoesNotEnforceApiPolicy_ForUserCode() { var compiled = TestHelper.Compile(@" namespace N { class C1 { void M(C2 c2) { c2.M(); } } class C2 { public void M() {} } } "); var exception = Record.Exception(() => AssemblyGuard.Rewrite(compiled, new MemoryStream(), new AssemblyGuardSettings { ApiPolicy = ApiPolicy.SafeDefault().Namespace("N", ApiAccess.Denied) })); Assert.Null(exception); }
public void ThrowsGuardException_ForFieldReadsThatExceedSizeLimit() { // found by Tereza Tomcova (@the-ress) var compiled = TestHelper.Compile(@" using System; using System.Collections.Generic; struct A_1 { public int A; public int B; } struct A_2 { public A_1 A; public A_1 B; } struct A_3 { public A_2 A; public A_2 B; } struct A_4 { public A_3 A; public A_3 B; } struct A_5 { public A_4 A; public A_4 B; } struct A_6 { public A_5 A; public A_5 B; } struct A_7 { public A_6 A; public A_6 B; } struct A_8 { public A_7 A; public A_7 B; } struct A_9 { public A_8 A; public A_8 B; } struct A_10 { public A_9 A; public A_9 B; } struct A_11 { public A_10 A; public A_10 B; } struct A_12 { public A_11 A; public A_11 B; } struct A_13 { public A_12 A; public A_12 B; } struct A_14 { public A_13 A; public A_13 B; } struct A_15 { public A_14 A; public A_14 B; } struct A_16 { public A_15 A; public A_15 B; } struct A_17 { public A_16 A; public A_16 B; } struct A_18 { public A_17 A; public A_17 B; } class C { static readonly A_18 Value = default(A_18); int M() { var d = new Dictionary<int, A_18>(); d.Add(0, Value); return 0; } } "); Assert.Throws <AssemblyGuardException>( () => AssemblyGuard.Rewrite(compiled, new MemoryStream()) ); }
public ExecutionResult Execute(Stream assemblyStream, Stream symbolStream, IWorkSession session) { var readerParameters = new ReaderParameters { ReadSymbols = symbolStream != null, SymbolStream = symbolStream, AssemblyResolver = _assemblyResolver, SymbolReaderProvider = symbolStream != null ? _symbolReaderProvider : null }; using (assemblyStream) using (symbolStream) using (var assembly = AssemblyDefinition.ReadAssembly(assemblyStream, readerParameters)) { /* #if DEBUG * assembly.Write(@"d:\Temp\assembly\" + DateTime.Now.Ticks + "-before-rewrite.dll"); #endif */ foreach (var rewriter in _rewriters) { rewriter.Rewrite(assembly, session); } if (assembly.EntryPoint == null) { throw new ArgumentException("Failed to find an entry point (Main?) in assembly.", nameof(assemblyStream)); } var guardToken = AssemblyGuard.Rewrite(assembly, GuardSettings); using (var rewrittenStream = _memoryStreamManager.GetStream()) { assembly.Write(rewrittenStream); /* #if DEBUG * assembly.Write(@"d:\Temp\assembly\" + DateTime.Now.Ticks + ".dll"); #endif */ rewrittenStream.Seek(0, SeekOrigin.Begin); return(ExecuteInAppDomain(rewrittenStream, guardToken, session)); } } }
private static Assembly RewriteNewtonsoftJson() { var assemblyPath = typeof(JsonSerializer).Assembly.GetAssemblyFileFromCodeBase().FullName; var definition = AssemblyDefinition.ReadAssembly(assemblyPath); definition.Name.HasPublicKey = false; definition.Name.PublicKey = new byte[0]; definition.Name.HashAlgorithm = AssemblyHashAlgorithm.None; definition.MainModule.Attributes &= ~ModuleAttributes.StrongNameSigned; AssemblyGuard.Rewrite(definition, new AssemblyGuardSettings { ApiPolicy = ApiRules, MethodLocalsSizeLimit = IntPtr.Size * 40, MethodStackPushSizeLimit = 120, AllowExplicitLayoutInTypesMatchingPattern = new Regex("<PrivateImplementationDetails>") }); var assemblyStream = new MemoryStream(); definition.Write(assemblyStream); definition.Write(Path.Combine(Path.GetDirectoryName(assemblyPath) !, "Newtonsoft.Json.Rewritten.dll")); return(Assembly.Load(assemblyStream.ToArray())); }
public static Invoke RewriteAndGetMethodWrappedInScope( string code, string typeName, string methodName, AssemblyGuardSettings?assemblyGuardSettings = null, RuntimeGuardSettings?runtimeGuardSettings = null ) { runtimeGuardSettings ??= new RuntimeGuardSettings { TimeLimit = TimeSpan.FromMilliseconds(1000) }; var assemblySourceStream = Compile(code); var assemblyTargetStream = new MemoryStream(); var token = AssemblyGuard.Rewrite(assemblySourceStream, assemblyTargetStream, assemblyGuardSettings); return(args => { using (token.Scope(runtimeGuardSettings)) { var method = GetInstanceMethod(assemblyTargetStream, typeName, methodName); return method(args); } }); }
public ExecutionResult Execute(CompilationStreamPair streams, IWorkSession session) { var readerParameters = new ReaderParameters { ReadSymbols = streams.SymbolStream != null, SymbolStream = streams.SymbolStream, AssemblyResolver = _assemblyResolver, SymbolReaderProvider = streams.SymbolStream != null ? _symbolReaderProvider : null }; using (streams) using (var definition = AssemblyDefinition.ReadAssembly(streams.AssemblyStream, readerParameters)) { AssemblyLog.Log("1.Initial", definition); foreach (var rewriter in _rewriters) { rewriter.Rewrite(definition, session); } AssemblyLog.Log("2.WithFlow", definition); if (definition.EntryPoint == null) { throw new ArgumentException("Failed to find an entry point (Main?) in assembly.", nameof(streams)); } var guardToken = AssemblyGuard.Rewrite(definition, _guardSettings); using (var rewrittenStream = _memoryStreamManager.GetStream()) { definition.Write(rewrittenStream); AssemblyLog.Log("3.Unbreakable", definition); rewrittenStream.Seek(0, SeekOrigin.Begin); var(result, exception) = ExecuteWithIsolation(rewrittenStream, guardToken, session); if (ShouldMonitorException(exception)) { _monitor.Exception(exception !, session); } return(result); } } }
public static RuntimeGuardToken Rewrite(Stream source, Stream target) { return(AssemblyGuard.Rewrite(source, target, CreateGuardSettings())); }