static void ProcessSecurityProvider (ISecurityDeclarationProvider provider) { if (!provider.HasSecurityDeclarations) return; provider.SecurityDeclarations.Clear (); }
public static void CopySecurityDeclarations(ISecurityDeclarationProvider source, ISecurityDeclarationProvider target, ReferenceResolver resolver) { if (!source.HasSecurityDeclarations) return; foreach (var declaration in source.SecurityDeclarations) target.InjectSecurityDeclaration(declaration, resolver); }
void ProcessSecurityProvider(ISecurityDeclarationProvider provider) { if (!provider.HasSecurityDeclarations) return; // for non-linked code we still need to remove the security declarations, // if any are present, are save back the assembly. Otherwise it might become // impossible to decode what we save #28918. switch (Action) { case AssemblyAction.Link: case AssemblyAction.Save: break; default: Annotations.SetAction (Current, AssemblyAction.Save); Action = AssemblyAction.Save; break; } provider.SecurityDeclarations.Clear (); }
private bool RuleDoesAppliesToType (ISecurityDeclarationProvider type) { assert = null; deny = null; permitonly = null; demand = null; // #1 - this rules apply if type has security permissions if (!type.HasSecurityDeclarations) return false; bool apply = false; // #2 - this rules doesn't apply to LinkDemand (both are executed) // and to InheritanceDemand (both are executed at different time). foreach (SecurityDeclaration declsec in type.SecurityDeclarations) { switch (declsec.Action) { case Mono.Cecil.SecurityAction.Assert: assert = declsec.ToPermissionSet (); apply = true; break; case Mono.Cecil.SecurityAction.Deny: deny = declsec.ToPermissionSet (); apply = true; break; case Mono.Cecil.SecurityAction.PermitOnly: permitonly = declsec.ToPermissionSet (); apply = true; break; case Mono.Cecil.SecurityAction.Demand: demand = declsec.ToPermissionSet (); apply = true; break; } } return apply; }
internal bool TryGetSecurityDeclarationRanges(ISecurityDeclarationProvider owner, out Range[] ranges) { return SecurityDeclarations.TryGetValue (owner.MetadataToken, out ranges); }
static bool RemoveSecurityDeclarations (ISecurityDeclarationProvider provider) { // also remove already existing CAS security declarations if (provider == null) return false; if (!provider.HasSecurityDeclarations) return false; provider.SecurityDeclarations.Clear (); return true; }
public void RemoveSecurityDeclarationRange(ISecurityDeclarationProvider owner) { SecurityDeclarations.Remove(owner.MetadataToken); }
public bool TryGetSecurityDeclarationRanges(ISecurityDeclarationProvider owner, out Range[] ranges) { return(this.SecurityDeclarations.TryGetValue(owner.MetadataToken, out ranges)); }
public void RemoveSecurityDeclarationRange (ISecurityDeclarationProvider owner) { SecurityDeclarations.Remove (owner.MetadataToken); }
protected void MarkSecurityDeclarations (ISecurityDeclarationProvider provider) { // most security declarations are removed (if linked) but user code might still have some // and if the attribtues references types then they need to be marked too if ((provider == null) || !provider.HasSecurityDeclarations) return; foreach (var sd in provider.SecurityDeclarations) MarkSecurityDeclaration (sd); }
private static bool Check (ISecurityDeclarationProvider caller, ISecurityDeclarationProvider callee) { // 1 - look if the callee has a LinkDemand PermissionSet calleeLinkDemand = GetLinkDemand (callee); if (calleeLinkDemand.Count == 0) return true; // 2 - Ensure the caller requires a superset (or the same) permissions return calleeLinkDemand.IsSubsetOf (GetLinkDemand (caller)); }
public static bool GetHasSecurityDeclarations( this ISecurityDeclarationProvider self, ModuleDefinition module) { return(module.HasImage() && module.Read(self, (provider, reader) => reader.HasSecurityDeclarations(provider))); }
private void WriteSecurityDeclarations(ISecurityDeclarationProvider secDeclProvider) { if (!secDeclProvider.HasSecurityDeclarations) { return; } foreach (var secdecl in secDeclProvider.SecurityDeclarations) { _output.Write(".permissionset "); switch (secdecl.Action) { case SecurityAction.Request: _output.Write("request"); break; case SecurityAction.Demand: _output.Write("demand"); break; case SecurityAction.Assert: _output.Write("assert"); break; case SecurityAction.Deny: _output.Write("deny"); break; case SecurityAction.PermitOnly: _output.Write("permitonly"); break; case SecurityAction.LinkDemand: _output.Write("linkcheck"); break; case SecurityAction.InheritDemand: _output.Write("inheritcheck"); break; case SecurityAction.RequestMinimum: _output.Write("reqmin"); break; case SecurityAction.RequestOptional: _output.Write("reqopt"); break; case SecurityAction.RequestRefuse: _output.Write("reqrefuse"); break; case SecurityAction.PreJitGrant: _output.Write("prejitgrant"); break; case SecurityAction.PreJitDeny: _output.Write("prejitdeny"); break; case SecurityAction.NonCasDemand: _output.Write("noncasdemand"); break; case SecurityAction.NonCasLinkDemand: _output.Write("noncaslinkdemand"); break; case SecurityAction.NonCasInheritance: _output.Write("noncasinheritance"); break; default: _output.Write(secdecl.Action.ToString()); break; } _output.WriteLine(" = {"); _output.Indent(); for (var i = 0; i < secdecl.SecurityAttributes.Count; i++) { var sa = secdecl.SecurityAttributes[i]; if (sa.AttributeType.Scope == sa.AttributeType.Module) { _output.Write("class "); _output.Write(DisassemblerHelpers.Escape(GetAssemblyQualifiedName(sa.AttributeType))); } else { sa.AttributeType.WriteTo(_output, ILNameSyntax.TypeName); } _output.Write(" = {"); if (sa.HasFields || sa.HasProperties) { _output.WriteLine(); _output.Indent(); foreach (var na in sa.Fields) { _output.Write("field "); WriteSecurityDeclarationArgument(na); _output.WriteLine(); } foreach (var na in sa.Properties) { _output.Write("property "); WriteSecurityDeclarationArgument(na); _output.WriteLine(); } _output.Unindent(); } _output.Write('}'); if (i + 1 < secdecl.SecurityAttributes.Count) { _output.Write(','); } _output.WriteLine(); } _output.Unindent(); _output.WriteLine("}"); } }
static void RemoveSecurityDeclarations (ISecurityDeclarationProvider provider) { // also remove already existing CAS security declarations if (provider == null) return; if (!provider.HasSecurityDeclarations) return; provider.SecurityDeclarations.Clear (); }
private void WriteSecurityDeclarations(ISecurityDeclarationProvider secDeclProvider) { if (!secDeclProvider.HasSecurityDeclarations) return; foreach (var secdecl in secDeclProvider.SecurityDeclarations) { WriteKeyWordPostSpace(".permissionset"); switch (secdecl.Action) { case SecurityAction.Request: WriteKeyword("request"); break; case SecurityAction.Demand: WriteKeyword("demand"); break; case SecurityAction.Assert: WriteKeyword("assert"); break; case SecurityAction.Deny: WriteKeyword("deny"); break; case SecurityAction.PermitOnly: WriteKeyword("permitonly"); break; case SecurityAction.LinkDemand: WriteKeyword("linkcheck"); break; case SecurityAction.InheritDemand: WriteKeyword("inheritcheck"); break; case SecurityAction.RequestMinimum: WriteKeyword("reqmin"); break; case SecurityAction.RequestOptional: WriteKeyword("reqopt"); break; case SecurityAction.RequestRefuse: WriteKeyword("reqrefuse"); break; case SecurityAction.PreJitGrant: WriteKeyword("prejitgrant"); break; case SecurityAction.PreJitDeny: WriteKeyword("prejitdeny"); break; case SecurityAction.NonCasDemand: WriteKeyword("noncasdemand"); break; case SecurityAction.NonCasLinkDemand: WriteKeyword("noncaslinkdemand"); break; case SecurityAction.NonCasInheritance: WriteKeyword("noncasinheritance"); break; default: WriteKeyword(secdecl.Action.ToString()); break; } WriteTokenPreSpace("="); WriteTokenPreSpace("{"); WriteLine(); Indent(); for (int i = 0; i < secdecl.SecurityAttributes.Count; i++) { SecurityAttribute sa = secdecl.SecurityAttributes[i]; if (sa.AttributeType.Scope == sa.AttributeType.Module) { WriteKeyWordPostSpace("class"); WriteEscaped(GetAssemblyQualifiedName(sa.AttributeType)); } else { WriteTypeReference(sa.AttributeType, ILNameSyntax.TypeName); } WriteTokenPreSpace("="); WriteTokenPreSpace("{"); if (sa.HasFields || sa.HasProperties) { WriteLine(); Indent(); foreach (CustomAttributeNamedArgument na in sa.Fields) { WriteKeyWordPostSpace("field"); WriteSecurityDeclarationArgument(na); WriteLine(); } foreach (CustomAttributeNamedArgument na in sa.Properties) { WriteKeyWordPostSpace("property"); WriteSecurityDeclarationArgument(na); WriteLine(); } Outdent(); } WriteToken("}"); if (i + 1 < secdecl.SecurityAttributes.Count) WriteToken(","); WriteLine(); } Outdent(); WriteToken("}"); WriteLine(); } }
public static bool GetHasSecurityDeclarations( ISecurityDeclarationProvider self, ModuleDefinition module) { return Mixin.HasImage(module) && module.Read(self, (provider, reader) => reader.HasSecurityDeclarations(provider)); }
public static Collection<SecurityDeclaration> GetSecurityDeclarations( ISecurityDeclarationProvider self, ref Collection<SecurityDeclaration> variable, ModuleDefinition module) { return Mixin.HasImage(module) ? module.Read(ref variable, self, (provider, reader) => reader.ReadSecurityDeclarations(provider)) : variable = new Collection<SecurityDeclaration>(); }
protected virtual void VerifySecurityAttributes(ICustomAttributeProvider src, ISecurityDeclarationProvider linked) { var expectedAttrs = GetCustomAttributeCtorValues <object> (src, nameof(KeptSecurityAttribute)) .Select(attr => attr.ToString()) .ToList(); var linkedAttrs = FilterLinkedSecurityAttributes(linked).ToList(); Assert.That(linkedAttrs, Is.EquivalentTo(expectedAttrs), $"Security attributes on `{src}' are not matching"); }
private static PermissionSet GetLinkDemand (ISecurityDeclarationProvider method) { foreach (SecurityDeclaration declsec in method.SecurityDeclarations) { switch (declsec.Action) { case Mono.Cecil.SecurityAction.LinkDemand: case Mono.Cecil.SecurityAction.NonCasLinkDemand: return declsec.ToPermissionSet (); } } return Empty; }
protected virtual IEnumerable <string> FilterLinkedSecurityAttributes(ISecurityDeclarationProvider linked) { return(linked.SecurityDeclarations .SelectMany(d => d.SecurityAttributes) .Select(attr => attr.AttributeType.ToString())); }
public bool TryGetSecurityDeclarationRange (ISecurityDeclarationProvider owner, out Range range) { return SecurityDeclarations.TryGetValue (owner.MetadataToken, out range); }
public bool TryGetSecurityDeclarationRange(ISecurityDeclarationProvider owner, out Range range) { return(SecurityDeclarations.TryGetValue(owner.MetadataToken, out range)); }
static bool CompareSecurityDeclarations (ISecurityDeclarationProvider a, ISecurityDeclarationProvider b) { bool ha = a.HasSecurityDeclarations; bool hb = b.HasSecurityDeclarations; // if only one of them has custom attributes if (ha != hb) return false; // if both do not have custom attributes if (!ha && !hb) return true; // compare attributes foreach (SecurityDeclaration sd in a.SecurityDeclarations) { if (!b.SecurityDeclarations.Contains (sd)) return false; } return true; }
void EmitSecDeclarations (ISecurityDeclarationProvider prov) { foreach (var sec in prov.SecurityDeclarations) { string act_str = null; if (!sec_action_to_string.TryGetValue (sec.Action, out act_str)) throw new NotImplementedException (sec.Action.ToString ()); WriteLine (".permissionset " + act_str + " = ("); WriteBlob (sec.GetBlob ()); } }