/// <summary> /// Deserializes /// </summary> public static async Task <FileAccessWhitelist> DeserializeAsync( BuildXLReader reader, Task <PipExecutionContext> contextTask) { Contract.Requires(reader != null); Contract.Requires(contextTask != null); var context = await contextTask; if (context == null) { return(null); } var result = new FileAccessWhitelist(context); DeserializeCore(reader, result); var moduleWhitelistCount = reader.ReadInt32Compact(); for (int j = 0; j < moduleWhitelistCount; j++) { var moduleId = reader.ReadModuleId(); FileAccessWhitelist moduleWhitelist = new FileAccessWhitelist(result); DeserializeCore(reader, moduleWhitelist); result.m_moduleWhitelists.Add(moduleId, moduleWhitelist); } return(result); }
/// <inheritdoc /> public override FileAccessWhitelist.MatchType Matches(ReportedFileAccess reportedFileAccess, Process pip, PathTable pathTable) { Contract.Requires(pip != null); Contract.Requires(pathTable != null); // An access is whitelisted if: // * The tool was in the whitelist (implicit here by lookup from FileAccessWhitelist.Matches) AND // * the path filter matches (or is empty) return(FileAccessWhitelist.Match(FileAccessWhitelist.PathFilterMatches(PathRegex.Regex, reportedFileAccess, pathTable), AllowsCaching)); }
/// <summary> /// Construct a nested whitelist. /// </summary> private FileAccessWhitelist(FileAccessWhitelist parent) { Contract.Requires(parent != null); m_context = parent.m_context; m_valuePathEntries = new MultiValueDictionary <FullSymbol, ValuePathFileAccessWhitelistEntry>(); m_executablePathEntries = new MultiValueDictionary <AbsolutePath, ExecutablePathWhitelistEntry>(); m_counts = new ConcurrentDictionary <string, int>(); m_moduleWhitelists = null; m_parent = parent; }
/// <summary> /// Creates a context. All <see cref="Counters"/> are initially zero and will increase as accesses are reported. /// </summary> public FileAccessReportingContext(LoggingContext loggingContext, PipExecutionContext context, ISandboxConfiguration config, Process pip, bool reportWhitelistedAccesses, FileAccessWhitelist whitelist = null) { Contract.Requires(loggingContext != null); Contract.Requires(context != null); Contract.Requires(config != null); Contract.Requires(pip != null); m_loggingContext = loggingContext; m_context = context; m_config = config; m_pip = pip; m_reportWhitelistedAccesses = reportWhitelistedAccesses; m_fileAccessWhitelist = whitelist; }
private static void DeserializeCore(BuildXLReader reader, FileAccessWhitelist whitelist) { var valuePathEntryCount = reader.ReadInt32Compact(); for (int i = 0; i < valuePathEntryCount; i++) { whitelist.Add(ValuePathFileAccessWhitelistEntry.Deserialize(reader)); } var executablePathEntryCount = reader.ReadInt32Compact(); for (int i = 0; i < executablePathEntryCount; i++) { whitelist.Add(ExecutablePathWhitelistEntry.Deserialize(reader)); } }
/// <summary> /// Constructs a new FileAccessWhiteList from the root configuration. /// </summary> /// <remarks>Throws a BuildXLException on error.</remarks> public void Initialize(IRootModuleConfiguration rootConfiguration) { Contract.Assert(m_parent == null, "Only root whitelist can be initialized"); Initialize((IModuleConfiguration)rootConfiguration); foreach (var module in rootConfiguration.ModulePolicies.Values) { if ((module.FileAccessWhiteList.Count == 0) && (module.CacheableFileAccessWhitelist.Count == 0)) { continue; } var moduleWhitelist = new FileAccessWhitelist(this); moduleWhitelist.Initialize(module); m_moduleWhitelists.Add(module.ModuleId, moduleWhitelist); } }