public void CanChangeConnectionSettingsOnClientPermission()
{
MySqlConnection dummyconn = new MySqlConnection();
PermissionSet permissionsSet = new PermissionSet(PermissionState.None);
MySqlClientPermission permission = new MySqlClientPermission(PermissionState.None);
// Allow only server localhost, any database, only with root user
permission.Add("server=localhost;", "database=; user id=root;", KeyRestrictionBehavior.PreventUsage);
permissionsSet.AddPermission(permission);
permissionsSet.PermitOnly();
dummyconn.ConnectionString = "server=localhost; user id=test;includesecurityasserts=true;";
dummyconn.Open();
if (dummyconn.State == ConnectionState.Open) dummyconn.Close();
}
static void loadAssembly2()
{
Assembly assembly = Assembly.LoadFrom("assembly2.dll");
Console.WriteLine("Strong Name : " + assembly.GetName());
try
{
PermissionSet perr = new PermissionSet(PermissionState.None);
perr.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
perr.PermitOnly();
perr.Demand();
Assembly2.AssemblyClass2.openPage();
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
}
public void PermitOnly_NonCasPermission ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
ps.AddPermission (new PrincipalPermission (PermissionState.None));
Assert.IsTrue (ps.ContainsNonCodeAccessPermissions (), "ContainsNonCodeAccessPermissions");
Assert.AreEqual (1, ps.Count, "Count");
ps.PermitOnly ();
// it's simply ignored
}
public void Run(ScriptCode code, CompilerOutputDelegate cod, PermissionSet permissionSet)
{
var resultAssembly = this.Compile(code.SourceCode, cod).CompiledAssembly;
if (resultAssembly != null)
{
if (permissionSet != null)
{
permissionSet.PermitOnly();
}
//// run script
foreach (var item in code.StartUpList.OrderBy(row => row.order))
{
if (resultAssembly.GetType(item.ClassName) == null || resultAssembly.GetType(item.ClassName).GetMethod(item.MethordName) == null)
{
throw new Exception(string.Format("没有找到公共的{0}.{0}", item.ClassName, item.MethordName));
}
MethodInfo methordInfo = resultAssembly.GetType(item.ClassName).GetMethod(item.MethordName);
methordInfo.Invoke(item.Instance, item.MethordParameters);
}
if (permissionSet != null)
{
CodeAccessPermission.RevertPermitOnly();
}
}
}
private void CreateAvailableWebPartDescriptions() {
if (_availableWebPartDescriptions != null) {
return;
}
if (WebPartManager == null || String.IsNullOrEmpty(_importedPartDescription)) {
_availableWebPartDescriptions = new WebPartDescriptionCollection();
return;
}
// Run in minimal trust
PermissionSet pset = new PermissionSet(PermissionState.None);
// add in whatever perms are appropriate
pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
pset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal));
pset.PermitOnly();
bool permitOnly = true;
string title = null;
string description = null;
string icon = null;
// Extra try-catch block to prevent elevation of privilege attack via exception filter
try {
try {
// Get the WebPart description from its saved XML description.
using (StringReader sr = new StringReader(_importedPartDescription)) {
using (XmlReader reader = XmlUtils.CreateXmlReader(sr)) {
if (reader != null) {
reader.MoveToContent();
// Check if imported part is authorized
// Get to the metadata
reader.MoveToContent();
reader.ReadStartElement(WebPartManager.ExportRootElement);
reader.ReadStartElement(WebPartManager.ExportPartElement);
reader.ReadStartElement(WebPartManager.ExportMetaDataElement);
// Get the type name
string partTypeName = null;
string userControlTypeName = null;
while (reader.Name != WebPartManager.ExportTypeElement) {
reader.Skip();
if (reader.EOF) {
throw new EndOfStreamException();
}
}
if (reader.Name == WebPartManager.ExportTypeElement) {
partTypeName = reader.GetAttribute(WebPartManager.ExportTypeNameAttribute);
userControlTypeName = reader.GetAttribute(WebPartManager.ExportUserControlSrcAttribute);
}
// If we are in shared scope, we are importing a shared WebPart
bool isShared = (WebPartManager.Personalization.Scope == PersonalizationScope.Shared);
if (!String.IsNullOrEmpty(partTypeName)) {
// Need medium trust to call BuildManager.GetType()
PermissionSet mediumPset = new PermissionSet(PermissionState.None);
mediumPset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
mediumPset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium));
CodeAccessPermission.RevertPermitOnly();
permitOnly = false;
mediumPset.PermitOnly();
permitOnly = true;
Type partType = WebPartUtil.DeserializeType(partTypeName, true);
CodeAccessPermission.RevertPermitOnly();
permitOnly = false;
pset.PermitOnly();
permitOnly = true;
// First check if the type is authorized
if (!WebPartManager.IsAuthorized(partType, null, null, isShared)) {
_importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType);
return;
}
// If the type is not a webpart, create a generic Web Part
if (!partType.IsSubclassOf(typeof(WebPart)) && !partType.IsSubclassOf(typeof(Control))) {
// We only allow for Controls (VSWhidbey 428511)
_importErrorMessage = SR.GetString(SR.WebPartManager_TypeMustDeriveFromControl);
return;
}
}
else {
// Check if the path is authorized
if (!WebPartManager.IsAuthorized(typeof(UserControl), userControlTypeName, null, isShared)) {
_importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType);
return;
}
}
while (!reader.EOF) {
while (!reader.EOF && !(reader.NodeType == XmlNodeType.Element &&
reader.Name == WebPartManager.ExportPropertyElement)) {
reader.Read();
}
if (reader.EOF) {
break;
}
string name = reader.GetAttribute(WebPartManager.ExportPropertyNameAttribute);
if (name == TitlePropertyName) {
title = reader.ReadElementString();
}
else if (name == DescriptionPropertyName) {
description = reader.ReadElementString();
}
else if (name == IconPropertyName) {
string url = reader.ReadElementString().Trim();
if (!CrossSiteScriptingValidation.IsDangerousUrl(url)) {
icon = url;
}
}
else {
reader.Read();
continue;
}
if (title != null && description != null && icon != null) {
break;
}
reader.Read();
}
}
}
if (String.IsNullOrEmpty(title)) {
title = SR.GetString(SR.Part_Untitled);
}
_availableWebPartDescriptions = new WebPartDescriptionCollection(
new WebPartDescription[] {new WebPartDescription(ImportedWebPartID, title, description, icon)});
}
}
catch (XmlException) {
_importErrorMessage = SR.GetString(SR.WebPartManager_ImportInvalidFormat);
return;
}
catch {
_importErrorMessage = (!String.IsNullOrEmpty(_importErrorMessage)) ?
_importErrorMessage :
SR.GetString(SR.WebPart_DefaultImportErrorMessage);
return;
}
finally {
if (permitOnly) {
// revert if you're not just exiting the stack frame anyway
CodeAccessPermission.RevertPermitOnly();
}
}
}
catch {
throw;
}
}
private void DecodeSerializedEvidence( Evidence evidence,
byte[] serializedEvidence )
{
MemoryStream ms = new MemoryStream( serializedEvidence );
BinaryFormatter formatter = new BinaryFormatter();
Evidence asmEvidence = null;
PermissionSet permSet = new PermissionSet( false );
permSet.SetPermission( new SecurityPermission( SecurityPermissionFlag.SerializationFormatter ) );
permSet.PermitOnly();
permSet.Assert();
try
{
asmEvidence = (Evidence)formatter.Deserialize( ms );
}
catch (Exception)
{
}
if (asmEvidence != null)
{
// Any evidence from the serialized input must:
// 1. be placed in the assembly list since it is unverifiable.
// 2. not be a built in class used as evidence (e.g. Zone, Site, URL, etc.)
IEnumerator enumerator = asmEvidence.GetAssemblyEnumerator();
while (enumerator.MoveNext())
{
Object obj = enumerator.Current;
if (!(obj is Zone || obj is Site || obj is Url || obj is StrongName || obj is PermissionRequestEvidence))
evidence.AddAssembly( obj );
}
}
}
public byte[] ValidateEntryAssembly(byte[] blackboxData)
{
//Create permissions
var permissions = new PermissionSet(PermissionState.None);
permissions.AddPermission(new FileIOPermission(
FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery,
Assembly.GetExecutingAssembly().Location));
permissions.AddPermission(new FileIOPermission(
FileIOPermissionAccess.AllAccess | FileIOPermissionAccess.PathDiscovery,
Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), Log.OutputFile)));
Log.Write("AssemblyLoader::ValidateEntryAssembly() - data length: " + ((blackboxData != null) ? blackboxData.Length : -1).ToString());
//Gather machine information
List<string> macs = null, edids = null, disks = null;
if (blackboxData != null)
Fingerprint.GatherAll(out macs, out edids, out disks);
try
{
permissions.PermitOnly();
Assembly assembly;
if (blackboxData != null)
{
assembly = Assembly.Load(blackboxData, null);
_latest = assembly;
}
else
assembly = _latest;
Log.Write("AssemblyLoader::ValidateEntryAssembly() loaded assembly: " + ((assembly != null) ? assembly.GetType().ToString() : "null"));
var validatorType = assembly.GetType("Allegiance.CommunitySecuritySystem.Blackbox.Validator");
var machineInfoType = assembly.GetType("Allegiance.CommunitySecuritySystem.Blackbox.MachineInformation");
var deviceInfoType = assembly.GetType("Allegiance.CommunitySecuritySystem.Blackbox.DeviceInfo");
var deviceTypeType = assembly.GetType("Allegiance.CommunitySecuritySystem.Blackbox.DeviceType");
var machineInfo = Activator.CreateInstance(machineInfoType);
Log.Write("AssemblyLoader::ValidateEntryAssembly() machine info created.");
//Fill MachineInfo
if (macs != null && edids != null && disks != null)
{
AppendDeviceInfo(macs, machineInfo, "Network", machineInfoType, deviceInfoType, deviceTypeType);
AppendDeviceInfo(edids, machineInfo, "EDID", machineInfoType, deviceInfoType, deviceTypeType);
AppendDeviceInfo(disks, machineInfo, "HardDisk", machineInfoType, deviceInfoType, deviceTypeType);
}
Log.Write("AssemblyLoader::ValidateEntryAssembly() calling checkin.");
//Perform initial check in
var method = validatorType.GetMethod("Check", BindingFlags.Static | BindingFlags.Public);
return method.Invoke(null, new object[] { machineInfo }) as byte[];
}
finally
{
//Revert permission changes
SecurityPermission.RevertPermitOnly();
Log.Write("AssemblyLoader::ValidateEntryAssembly() calling checkin.");
}
}
private static void DecodeSerializedEvidence(System.Security.Policy.Evidence evidence, byte[] serializedEvidence)
{
BinaryFormatter formatter = new BinaryFormatter();
System.Security.Policy.Evidence evidence2 = null;
PermissionSet set = new PermissionSet(false);
set.SetPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter));
set.PermitOnly();
set.Assert();
try
{
using (MemoryStream stream = new MemoryStream(serializedEvidence))
{
evidence2 = (System.Security.Policy.Evidence) formatter.Deserialize(stream);
}
}
catch
{
}
if (evidence2 != null)
{
IEnumerator assemblyEnumerator = evidence2.GetAssemblyEnumerator();
while (assemblyEnumerator.MoveNext())
{
object current = assemblyEnumerator.Current;
evidence.AddAssembly(current);
}
}
}
private static void DecodeSerializedEvidence( Evidence evidence,
byte[] serializedEvidence )
{
BinaryFormatter formatter = new BinaryFormatter();
Evidence asmEvidence = null;
PermissionSet permSet = new PermissionSet( false );
permSet.SetPermission( new SecurityPermission( SecurityPermissionFlag.SerializationFormatter ) );
permSet.PermitOnly();
permSet.Assert();
try {
using(MemoryStream ms = new MemoryStream( serializedEvidence ))
asmEvidence = (Evidence)formatter.Deserialize( ms );
}
catch
{
}
if (asmEvidence != null)
{
IEnumerator enumerator = asmEvidence.GetAssemblyEnumerator();
while (enumerator.MoveNext())
{
Object obj = enumerator.Current;
evidence.AddAssembly( obj );
}
}
}
public void PermitOnly_NonCasPermission ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
ps.AddPermission (new PrincipalPermission (PermissionState.None));
Assert ("ContainsNonCodeAccessPermissions", ps.ContainsNonCodeAccessPermissions ());
AssertEquals ("Count", 1, ps.Count);
ps.PermitOnly ();
// it's simply ignored
}
