public void CanChangeConnectionSettingsOnClientPermission() { MySqlConnection dummyconn = new MySqlConnection(); PermissionSet permissionsSet = new PermissionSet(PermissionState.None); MySqlClientPermission permission = new MySqlClientPermission(PermissionState.None); // Allow only server localhost, any database, only with root user permission.Add("server=localhost;", "database=; user id=root;", KeyRestrictionBehavior.PreventUsage); permissionsSet.AddPermission(permission); permissionsSet.PermitOnly(); dummyconn.ConnectionString = "server=localhost; user id=test;includesecurityasserts=true;"; dummyconn.Open(); if (dummyconn.State == ConnectionState.Open) dummyconn.Close(); }
static void loadAssembly2() { Assembly assembly = Assembly.LoadFrom("assembly2.dll"); Console.WriteLine("Strong Name : " + assembly.GetName()); try { PermissionSet perr = new PermissionSet(PermissionState.None); perr.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); perr.PermitOnly(); perr.Demand(); Assembly2.AssemblyClass2.openPage(); } catch (Exception ex) { Console.WriteLine(ex); } }
public void PermitOnly_NonCasPermission () { PermissionSet ps = new PermissionSet (PermissionState.None); ps.AddPermission (new PrincipalPermission (PermissionState.None)); Assert.IsTrue (ps.ContainsNonCodeAccessPermissions (), "ContainsNonCodeAccessPermissions"); Assert.AreEqual (1, ps.Count, "Count"); ps.PermitOnly (); // it's simply ignored }
public void Run(ScriptCode code, CompilerOutputDelegate cod, PermissionSet permissionSet) { var resultAssembly = this.Compile(code.SourceCode, cod).CompiledAssembly; if (resultAssembly != null) { if (permissionSet != null) { permissionSet.PermitOnly(); } //// run script foreach (var item in code.StartUpList.OrderBy(row => row.order)) { if (resultAssembly.GetType(item.ClassName) == null || resultAssembly.GetType(item.ClassName).GetMethod(item.MethordName) == null) { throw new Exception(string.Format("没有找到公共的{0}.{0}", item.ClassName, item.MethordName)); } MethodInfo methordInfo = resultAssembly.GetType(item.ClassName).GetMethod(item.MethordName); methordInfo.Invoke(item.Instance, item.MethordParameters); } if (permissionSet != null) { CodeAccessPermission.RevertPermitOnly(); } } }
private void CreateAvailableWebPartDescriptions() { if (_availableWebPartDescriptions != null) { return; } if (WebPartManager == null || String.IsNullOrEmpty(_importedPartDescription)) { _availableWebPartDescriptions = new WebPartDescriptionCollection(); return; } // Run in minimal trust PermissionSet pset = new PermissionSet(PermissionState.None); // add in whatever perms are appropriate pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); pset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal)); pset.PermitOnly(); bool permitOnly = true; string title = null; string description = null; string icon = null; // Extra try-catch block to prevent elevation of privilege attack via exception filter try { try { // Get the WebPart description from its saved XML description. using (StringReader sr = new StringReader(_importedPartDescription)) { using (XmlReader reader = XmlUtils.CreateXmlReader(sr)) { if (reader != null) { reader.MoveToContent(); // Check if imported part is authorized // Get to the metadata reader.MoveToContent(); reader.ReadStartElement(WebPartManager.ExportRootElement); reader.ReadStartElement(WebPartManager.ExportPartElement); reader.ReadStartElement(WebPartManager.ExportMetaDataElement); // Get the type name string partTypeName = null; string userControlTypeName = null; while (reader.Name != WebPartManager.ExportTypeElement) { reader.Skip(); if (reader.EOF) { throw new EndOfStreamException(); } } if (reader.Name == WebPartManager.ExportTypeElement) { partTypeName = reader.GetAttribute(WebPartManager.ExportTypeNameAttribute); userControlTypeName = reader.GetAttribute(WebPartManager.ExportUserControlSrcAttribute); } // If we are in shared scope, we are importing a shared WebPart bool isShared = (WebPartManager.Personalization.Scope == PersonalizationScope.Shared); if (!String.IsNullOrEmpty(partTypeName)) { // Need medium trust to call BuildManager.GetType() PermissionSet mediumPset = new PermissionSet(PermissionState.None); mediumPset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); mediumPset.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)); CodeAccessPermission.RevertPermitOnly(); permitOnly = false; mediumPset.PermitOnly(); permitOnly = true; Type partType = WebPartUtil.DeserializeType(partTypeName, true); CodeAccessPermission.RevertPermitOnly(); permitOnly = false; pset.PermitOnly(); permitOnly = true; // First check if the type is authorized if (!WebPartManager.IsAuthorized(partType, null, null, isShared)) { _importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType); return; } // If the type is not a webpart, create a generic Web Part if (!partType.IsSubclassOf(typeof(WebPart)) && !partType.IsSubclassOf(typeof(Control))) { // We only allow for Controls (VSWhidbey 428511) _importErrorMessage = SR.GetString(SR.WebPartManager_TypeMustDeriveFromControl); return; } } else { // Check if the path is authorized if (!WebPartManager.IsAuthorized(typeof(UserControl), userControlTypeName, null, isShared)) { _importErrorMessage = SR.GetString(SR.WebPartManager_ForbiddenType); return; } } while (!reader.EOF) { while (!reader.EOF && !(reader.NodeType == XmlNodeType.Element && reader.Name == WebPartManager.ExportPropertyElement)) { reader.Read(); } if (reader.EOF) { break; } string name = reader.GetAttribute(WebPartManager.ExportPropertyNameAttribute); if (name == TitlePropertyName) { title = reader.ReadElementString(); } else if (name == DescriptionPropertyName) { description = reader.ReadElementString(); } else if (name == IconPropertyName) { string url = reader.ReadElementString().Trim(); if (!CrossSiteScriptingValidation.IsDangerousUrl(url)) { icon = url; } } else { reader.Read(); continue; } if (title != null && description != null && icon != null) { break; } reader.Read(); } } } if (String.IsNullOrEmpty(title)) { title = SR.GetString(SR.Part_Untitled); } _availableWebPartDescriptions = new WebPartDescriptionCollection( new WebPartDescription[] {new WebPartDescription(ImportedWebPartID, title, description, icon)}); } } catch (XmlException) { _importErrorMessage = SR.GetString(SR.WebPartManager_ImportInvalidFormat); return; } catch { _importErrorMessage = (!String.IsNullOrEmpty(_importErrorMessage)) ? _importErrorMessage : SR.GetString(SR.WebPart_DefaultImportErrorMessage); return; } finally { if (permitOnly) { // revert if you're not just exiting the stack frame anyway CodeAccessPermission.RevertPermitOnly(); } } } catch { throw; } }
private void DecodeSerializedEvidence( Evidence evidence, byte[] serializedEvidence ) { MemoryStream ms = new MemoryStream( serializedEvidence ); BinaryFormatter formatter = new BinaryFormatter(); Evidence asmEvidence = null; PermissionSet permSet = new PermissionSet( false ); permSet.SetPermission( new SecurityPermission( SecurityPermissionFlag.SerializationFormatter ) ); permSet.PermitOnly(); permSet.Assert(); try { asmEvidence = (Evidence)formatter.Deserialize( ms ); } catch (Exception) { } if (asmEvidence != null) { // Any evidence from the serialized input must: // 1. be placed in the assembly list since it is unverifiable. // 2. not be a built in class used as evidence (e.g. Zone, Site, URL, etc.) IEnumerator enumerator = asmEvidence.GetAssemblyEnumerator(); while (enumerator.MoveNext()) { Object obj = enumerator.Current; if (!(obj is Zone || obj is Site || obj is Url || obj is StrongName || obj is PermissionRequestEvidence)) evidence.AddAssembly( obj ); } } }
public byte[] ValidateEntryAssembly(byte[] blackboxData) { //Create permissions var permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(new FileIOPermission( FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, Assembly.GetExecutingAssembly().Location)); permissions.AddPermission(new FileIOPermission( FileIOPermissionAccess.AllAccess | FileIOPermissionAccess.PathDiscovery, Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), Log.OutputFile))); Log.Write("AssemblyLoader::ValidateEntryAssembly() - data length: " + ((blackboxData != null) ? blackboxData.Length : -1).ToString()); //Gather machine information List<string> macs = null, edids = null, disks = null; if (blackboxData != null) Fingerprint.GatherAll(out macs, out edids, out disks); try { permissions.PermitOnly(); Assembly assembly; if (blackboxData != null) { assembly = Assembly.Load(blackboxData, null); _latest = assembly; } else assembly = _latest; Log.Write("AssemblyLoader::ValidateEntryAssembly() loaded assembly: " + ((assembly != null) ? assembly.GetType().ToString() : "null")); var validatorType = assembly.GetType("Allegiance.CommunitySecuritySystem.Blackbox.Validator"); var machineInfoType = assembly.GetType("Allegiance.CommunitySecuritySystem.Blackbox.MachineInformation"); var deviceInfoType = assembly.GetType("Allegiance.CommunitySecuritySystem.Blackbox.DeviceInfo"); var deviceTypeType = assembly.GetType("Allegiance.CommunitySecuritySystem.Blackbox.DeviceType"); var machineInfo = Activator.CreateInstance(machineInfoType); Log.Write("AssemblyLoader::ValidateEntryAssembly() machine info created."); //Fill MachineInfo if (macs != null && edids != null && disks != null) { AppendDeviceInfo(macs, machineInfo, "Network", machineInfoType, deviceInfoType, deviceTypeType); AppendDeviceInfo(edids, machineInfo, "EDID", machineInfoType, deviceInfoType, deviceTypeType); AppendDeviceInfo(disks, machineInfo, "HardDisk", machineInfoType, deviceInfoType, deviceTypeType); } Log.Write("AssemblyLoader::ValidateEntryAssembly() calling checkin."); //Perform initial check in var method = validatorType.GetMethod("Check", BindingFlags.Static | BindingFlags.Public); return method.Invoke(null, new object[] { machineInfo }) as byte[]; } finally { //Revert permission changes SecurityPermission.RevertPermitOnly(); Log.Write("AssemblyLoader::ValidateEntryAssembly() calling checkin."); } }
private static void DecodeSerializedEvidence(System.Security.Policy.Evidence evidence, byte[] serializedEvidence) { BinaryFormatter formatter = new BinaryFormatter(); System.Security.Policy.Evidence evidence2 = null; PermissionSet set = new PermissionSet(false); set.SetPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter)); set.PermitOnly(); set.Assert(); try { using (MemoryStream stream = new MemoryStream(serializedEvidence)) { evidence2 = (System.Security.Policy.Evidence) formatter.Deserialize(stream); } } catch { } if (evidence2 != null) { IEnumerator assemblyEnumerator = evidence2.GetAssemblyEnumerator(); while (assemblyEnumerator.MoveNext()) { object current = assemblyEnumerator.Current; evidence.AddAssembly(current); } } }
private static void DecodeSerializedEvidence( Evidence evidence, byte[] serializedEvidence ) { BinaryFormatter formatter = new BinaryFormatter(); Evidence asmEvidence = null; PermissionSet permSet = new PermissionSet( false ); permSet.SetPermission( new SecurityPermission( SecurityPermissionFlag.SerializationFormatter ) ); permSet.PermitOnly(); permSet.Assert(); try { using(MemoryStream ms = new MemoryStream( serializedEvidence )) asmEvidence = (Evidence)formatter.Deserialize( ms ); } catch { } if (asmEvidence != null) { IEnumerator enumerator = asmEvidence.GetAssemblyEnumerator(); while (enumerator.MoveNext()) { Object obj = enumerator.Current; evidence.AddAssembly( obj ); } } }
public void PermitOnly_NonCasPermission () { PermissionSet ps = new PermissionSet (PermissionState.None); ps.AddPermission (new PrincipalPermission (PermissionState.None)); Assert ("ContainsNonCodeAccessPermissions", ps.ContainsNonCodeAccessPermissions ()); AssertEquals ("Count", 1, ps.Count); ps.PermitOnly (); // it's simply ignored }