public void Audit(byte[] code, RequiredAcs requiredAcs, bool isSystemContract)
{
var findings = new List <ValidationResult>();
var asm = Assembly.Load(code);
var modDef = ModuleDefinition.ReadModule(new MemoryStream(code));
var cts = new CancellationTokenSource(CodeOpsOptionsMonitor?.CurrentValue.AuditTimeoutDuration ??
Constants.DefaultAuditTimeoutDuration);
// Run module validators
findings.AddRange(Validate(modDef, cts.Token, isSystemContract));
// Run assembly validators (run after module validators since we invoke BindService method below)
findings.AddRange(Validate(asm, cts.Token, isSystemContract));
// Run method validators
foreach (var type in modDef.Types)
{
findings.AddRange(ValidateMethodsInType(type, cts.Token, isSystemContract));
}
// Perform ACS validation
if (requiredAcs != null)
{
findings.AddRange(_acsValidator.Validate(asm, requiredAcs));
}
if (findings.Count > 0)
{
throw new CSharpCodeCheckException(
$"Contract code did not pass audit. Audit failed for contract: {modDef.Assembly.MainModule.Name}\n" +
string.Join("\n", findings), findings);
}
}
public void ContractAuditor_AcsRequired_Test()
{
var whiteList = new List <string>
{
"System.Collection",
"System.Linq"
};
var blackList = new List <string>
{
"System.Random",
"System.DateTime"
};
_auditor = new CSharpContractAuditor(whiteList, blackList);
var requireAcs = new RequiredAcs();
requireAcs.AcsList = new List <string> {
"acs1"
};
Should.Throw <CSharpInvalidCodeException>(() => _auditor.Audit(_badContractCode, requireAcs));
Should.NotThrow(() => _auditor.Audit(_systemContractCode, requireAcs));
requireAcs.AcsList.Add("acs8");
Should.NotThrow(() => _auditor.Audit(_systemContractCode, requireAcs));
requireAcs.RequireAll = true;
Should.Throw <CSharpInvalidCodeException>(() => _auditor.Audit(_systemContractCode, requireAcs));
}
public ContractAuditorFixture()
{
_auditor = new CSharpContractAuditor(null, null);
_requiredAcs = new RequiredAcs
{
AcsList = new[] { "acs1", "acs8" }.ToList(),
RequireAll = false
};
}
public ContractAuditor(CSharpContractAuditor contractAuditor)
{
_auditor = contractAuditor;
_requiredAcs = new RequiredAcs
{
AcsList = new[] { "acs1", "acs8" }.ToList(),
RequireAll = false
};
}
public ContractPolicyTests()
{
_systemContractCode = ReadPatchedContractCode(typeof(BasicContractZero));
_badContractCode = ReadContractCode(typeof(BadContract));
_requiredAcs = new RequiredAcs
{
AcsList = new[] { "acs1", "acs8" }.ToList(),
RequireAll = false
};
}
public void CheckSystemContracts_AllShouldPass(Type contractType, bool acsAllRequired = false, params string[] acsList)
{
var requiredAcs = new RequiredAcs
{
RequireAll = acsAllRequired,
AcsList = new List <string>(acsList)
};
_auditor.Audit(ReadPatchedContractCode(contractType), true);
Should.Throw <CSharpCodeCheckException>(() =>
_auditor.Audit(ReadPatchedContractCode(contractType), requiredAcs, false));
}
public void ContractAuditor_AcsRequired_Test()
{
var requireAcs = new RequiredAcs();
requireAcs.AcsList = new List <string> {
"acs1"
};
var badContractCode = ReadContractCode(typeof(BadContract));
Should.Throw <CSharpCodeCheckException>(() => _auditor.Audit(badContractCode, requireAcs, false));
var systemContractCode = ReadPatchedContractCode(typeof(BasicContractZero));
Should.NotThrow(() => _auditor.Audit(systemContractCode, requireAcs, true));
requireAcs.AcsList.Add("acs8");
Should.NotThrow(() => _auditor.Audit(systemContractCode, requireAcs, true));
requireAcs.RequireAll = true;
Should.Throw <CSharpCodeCheckException>(() => _auditor.Audit(systemContractCode, requireAcs, true));
}
private void AuditWithPolicy(byte[] code, RequiredAcs requiredAcs, AbstractPolicy policy)
{
var findings = new List <ValidationResult>();
var modDef = ModuleDefinition.ReadModule(new MemoryStream(code));
// Check against whitelist
findings.AddRange(policy.Whitelist.Validate(modDef));
// Run module validators
findings.AddRange(policy.ModuleValidators.SelectMany(v => v.Validate(modDef)));
var asm = Assembly.Load(code);
// Run assembly validators (run after module validators since we invoke BindService method below)
findings.AddRange(policy.AssemblyValidators.SelectMany(v => v.Validate(asm)));
// Run method validators
foreach (var type in modDef.Types)
{
findings.AddRange(ValidateMethodsInType(policy, type));
}
// Perform ACS validation
if (requiredAcs != null)
{
findings.AddRange(_acsValidator.Validate(asm, requiredAcs));
}
if (findings.Count > 0)
{
throw new CSharpInvalidCodeException(
$"Contract code did not pass audit. Audit failed for contract: {modDef.Assembly.MainModule.Name}\n" +
string.Join("\n", findings), findings);
}
}
public void Audit(byte[] code, RequiredAcs requiredAcs, bool isSystemContract)
{
throw new InvalidCodeException("failed");
}
public void Audit(byte[] code, RequiredAcs requiredAcs, bool isSystemContract)
{
}
public IEnumerable <ValidationResult> Validate(System.Reflection.Assembly assembly, RequiredAcs requiredAcs)
{
if (requiredAcs.AcsList.Count == 0)
{
return(Enumerable.Empty <ValidationResult>()); // No ACS required
}
var acsBaseList = GetServiceDescriptorIdentities(GetServerServiceDefinition(assembly));
if (requiredAcs.RequireAll)
{
// Contract should have all listed ACS as a base
if (requiredAcs.AcsList.Any(acs => !acsBaseList.Contains(acs)))
{
return new List <ValidationResult>
{
new AcsValidationResult(
$"Contract should have all {string.Join(", ", requiredAcs.AcsList)} as base.")
}
}
;
}
else
{
// Contract should have at least one of the listed ACS in the list as a base
if (requiredAcs.AcsList.All(acs => !acsBaseList.Contains(acs)))
{
return new List <ValidationResult>
{
new AcsValidationResult(
$"Contract should have at least {string.Join(" or ", requiredAcs.AcsList)} as base.")
}
}
;
}
return(Enumerable.Empty <ValidationResult>());
}
public void Audit(byte[] code, RequiredAcs requiredAcs)
{
AuditWithPolicy(code, requiredAcs, _priviligePolicy);
}
public void Audit(byte[] code, RequiredAcs requiredAcs, bool isSystemContract)
{
_auditor.Audit(code, requiredAcs, isSystemContract);
}
