Example #1
0
        public void VisitGraph(CallGraph graph)
        {
            string bad = string.Empty;

            // Iterate over each method in the assembly,
            foreach (KeyValuePair <MethodReference, List <MethodReference> > entry in graph.Entries())
            {
                // if it does not have a security demand then,
                MethodInfo info = Cache.FindMethod(entry.Key);
                if (info != null && info.Method.ExternallyVisible(Cache) && !DoHasSecurityDemand(info.Method))
                {
                    foreach (MethodReference callee in entry.Value)
                    {
                        // if it's calling a method with a link demand then
                        // we have a problem. Note that we won't find the
                        // method info if the callee is in a different assembly.
                        info = Cache.FindMethod(callee);
                        if (info != null && DoHasLinkDemand(info.Method))
                        {
                            Log.DebugLine(this, "bad: {0}", info.Method);
                            bad = string.Format("{0} {1}", bad, info.Method);
                        }
                    }
                }
            }

            if (bad.Length > 0)
            {
                string details = "Methods: " + bad;
                Reporter.AssemblyFailed(Cache.Assembly, CheckID, details);
            }
        }
Example #2
0
        public void VisitGraph(CallGraph graph)
        {
            m_graph = graph;

            // If the assembly is mixed transparent/critical then we may have critical
            // methods.
            if (m_mixed)
            {
                List <string> lines = new List <string>();

                // So, for each method,
                foreach (KeyValuePair <MethodReference, List <MethodReference> > entry in graph.Entries())
                {
                    MethodInfo caller = Cache.FindMethod(entry.Key);
                    if (caller != null)
                    {
                        // if it's public,
                        MethodAttributes access = caller.Method.Attributes & MethodAttributes.MemberAccessMask;
                        if (access == MethodAttributes.Public)
                        {
                            // and transparent,
                            if (!caller.Method.CustomAttributes.Has("SecurityCriticalAttribute"))
                            {
                                // then fail if it calls a non-public critical method.
                                string line = DoIsBad(caller.Method, entry.Value, 1);
                                if (line.Length > 0)
                                {
                                    lines.Add(line);
                                }
                            }
                        }
                    }
                }

                if (lines.Count > 0)
                {
                    string details = string.Join(Environment.NewLine, lines.ToArray());
//					Console.WriteLine(details);
                    Reporter.AssemblyFailed(Cache.Assembly, CheckID, details);
                }
            }
        }