public string[] GetDirectlyImportedProjects(ProjectShim project)
{
List<string> list = new List<string>();
foreach (Import import in project.Imports) {
if (!import.IsImported) {
list.Add(import.EvaluatedProjectPath);
}
}
return list.ToArray();
}
internal static string[] GetNonImportedTargetNames(ProjectShim project)
{
List<string> list = new List<string>();
foreach (TargetShim shim in project.Targets) {
if (!shim.IsImported) {
list.Add(shim.Name);
}
}
return list.ToArray();
}
public string[] GetNonImportedUsingTasks(ProjectShim project)
{
List<string> list = new List<string>();
foreach (UsingTask task in project.UsingTasks) {
if (!task.IsImported) {
list.Add(task.TaskName);
}
}
return list.ToArray();
}
internal static string[] GetNonImportedPropertyNames(ProjectShim project)
{
Dictionary<string, string> hashtable = new Dictionary<string, string>();
foreach (BuildPropertyGroupShim shim in project.PropertyGroups) {
if (!shim.IsImported) {
foreach (BuildPropertyShim shim2 in shim) {
hashtable[shim2.Name] = string.Empty;
}
continue;
}
}
return hashtable.Keys.ToArray();
}
public string[] GetNonImportedUsingTasks(ProjectShim project)
{
List <string> list = new List <string>();
foreach (UsingTask task in project.UsingTasks)
{
if (!task.IsImported)
{
list.Add(task.TaskName);
}
}
return(list.ToArray());
}
public string[] GetDirectlyImportedProjects(ProjectShim project)
{
List <string> list = new List <string>();
foreach (Import import in project.Imports)
{
if (!import.IsImported)
{
list.Add(import.EvaluatedProjectPath);
}
}
return(list.ToArray());
}
internal static string[] GetNonImportedTargetNames(ProjectShim project)
{
List <string> list = new List <string>();
foreach (TargetShim shim in project.Targets)
{
if (!shim.IsImported)
{
list.Add(shim.Name);
}
}
return(list.ToArray());
}
internal static string[] GetNonImportedItemNames(ProjectShim project)
{
Dictionary <string, string> hashtable = new Dictionary <string, string>();
foreach (BuildItemGroupShim shim in project.ItemGroups)
{
if (!shim.IsImported)
{
foreach (BuildItemShim shim2 in shim)
{
hashtable[shim2.Name] = string.Empty;
}
continue;
}
}
return(hashtable.Keys.ToArray());
}
/// <summary>
/// Overloaded Constructor
/// </summary>
/// <param name="projectFilePath">path to the project file</param>
/// <param name="serviceProvider">A service provider.</param>
public ProjectSecurityChecker(IServiceProvider serviceProvider, string projectFilePath)
{
if (serviceProvider == null)
{
throw new ArgumentNullException("serviceProvider");
}
if (String.IsNullOrEmpty(projectFilePath))
{
throw new ArgumentException(SR.GetString(SR.ParameterCannotBeNullOrEmpty, CultureInfo.CurrentUICulture), "projectFilePath");
}
this.serviceProvider = serviceProvider;
// Instantiate a new project shim that we are going to use for security checkings.
this.projectShim = new ProjectShim(new EngineShim());
projectShim.Load(projectFilePath);
}
/// <summary>
/// Checks whether a set of project items described by the LoadTimeCheckItemLocation are in a safe location.
/// </summary>
/// <param name="projectShim">The project shim containing the items to be checked.</param>
/// <param name="itemsToCheck">The list of items to check if they are in the project cone.</param>
/// <param name="reasonForFailure">The reason for failure if any of the files fails</param>
/// <returns>true if all project items are in the project cone. Otherwise false.</returns>
internal bool CheckItemsSecurity(ProjectShim projectShim, IList<string> itemsToCheck, out string reasonForFailure)
{
reasonForFailure = String.Empty;
// If nothing to check assume that everything is ok.
if(itemsToCheck == null)
{
return true;
}
Debug.Assert(projectShim != null, "Cannot check the items if no project has been defined!");
foreach(string itemName in itemsToCheck)
{
BuildItemGroupShim group = projectShim.GetEvaluatedItemsByNameIgnoringCondition(itemName);
if(group != null)
{
IEnumerator enumerator = group.GetEnumerator();
while(enumerator.MoveNext())
{
BuildItemShim item = enumerator.Current as BuildItemShim;
string finalItem = item.FinalItemSpec;
if(!String.IsNullOrEmpty(finalItem))
{
// Perform the actual check - start with normalizing the path. Relative paths
// should be treated as relative to the project file.
string fullPath = this.GetFullPath(finalItem);
// If the fullpath of the item is suspiciously short do not check it.
if(fullPath.Length >= 3)
{
Uri uri = null;
// If we cannot create a uri from the item path return with the error
if(!Uri.TryCreate(fullPath, UriKind.Absolute, out uri))
{
reasonForFailure = fullPath;
return false;
}
// Check if the item points to a network share
if(uri.IsUnc)
{
reasonForFailure = fullPath;
return false;
}
// Check if the item is located in a drive root directory
if(uri.Segments.Length == 3 && uri.Segments[1] == ":" && uri.Segments[2][0] == Path.DirectorySeparatorChar)
{
reasonForFailure = fullPath;
return false;
}
//Check if the item is not in a special folder.
foreach(Uri specialFolder in this.specialFolders)
{
if(ItemSecurityChecker.IsItemInCone(uri, specialFolder))
{
reasonForFailure = fullPath;
return false;
}
}
}
else
{
reasonForFailure = fullPath;
return false;
}
}
}
}
}
return true;
}
/// <summary>
/// Overloaded Constructor
/// </summary>
/// <param name="projectFilePath">path to the project file</param>
/// <param name="serviceProvider">A service provider.</param>
public ProjectSecurityChecker(IServiceProvider serviceProvider, string projectFilePath)
{
if(serviceProvider == null)
{
throw new ArgumentNullException("serviceProvider");
}
if(String.IsNullOrEmpty(projectFilePath))
{
throw new ArgumentException(SR.GetString(SR.ParameterCannotBeNullOrEmpty, CultureInfo.CurrentUICulture), "projectFilePath");
}
this.serviceProvider = serviceProvider;
// Instantiate a new project shim that we are going to use for security checkings.
this.projectShim = new ProjectShim(new EngineShim());
projectShim.Load(projectFilePath);
}
internal void UnloadProject(ProjectShim projectShim)
{
_engine.UnloadProject(projectShim.Project);
}
internal bool IsProjectSafe(string dangerousItemsPropertyName, string defaultDangerousItems, ProjectShim mainProject, ProjectShim userProject, SecurityCheckPass pass, out string reasonFailed, out bool isUserFile)
{
reasonFailed = string.Empty;
isUserFile = false;
string[] nonImportedItems = null;
string[] nonImportedTargetNames = null;
switch (pass) {
case SecurityCheckPass.Targets:
if (mainProject != null) {
nonImportedItems = GetNonImportedTargetNames(mainProject);
}
if (userProject != null) {
nonImportedTargetNames = GetNonImportedTargetNames(userProject);
}
break;
case SecurityCheckPass.Properties:
if (mainProject != null) {
nonImportedItems = GetNonImportedPropertyNames(mainProject);
}
if (userProject != null) {
nonImportedTargetNames = GetNonImportedPropertyNames(userProject);
}
break;
case SecurityCheckPass.Items:
if (mainProject != null) {
nonImportedItems = GetNonImportedItemNames(mainProject);
}
if (userProject != null) {
nonImportedTargetNames = GetNonImportedItemNames(userProject);
}
break;
default:
return false;
}
Dictionary<string, string> dangerousItems = CreateDangerousItemHashtable(defaultDangerousItems + mainProject.GetEvaluatedProperty(dangerousItemsPropertyName));
bool flag = IsProjectSafeHelper(nonImportedItems, dangerousItems, out reasonFailed);
if (!flag) {
isUserFile = false;
return false;
}
bool flag2 = IsProjectSafeHelper(nonImportedTargetNames, dangerousItems, out reasonFailed);
if (!flag2) {
isUserFile = true;
return false;
}
return (flag && flag2);
}
/// <summary>
/// Checks whether a set of project items described by the LoadTimeCheckItemLocation are in a safe location.
/// </summary>
/// <param name="projectShim">The project shim containing the items to be checked.</param>
/// <param name="itemsToCheck">The list of items to check if they are in the project cone.</param>
/// <param name="reasonForFailure">The reason for failure if any of the files fails</param>
/// <returns>true if all project items are in the project cone. Otherwise false.</returns>
internal bool CheckItemsSecurity(ProjectShim projectShim, IList <string> itemsToCheck, out string reasonForFailure)
{
reasonForFailure = String.Empty;
// If nothing to check assume that everything is ok.
if (itemsToCheck == null)
{
return(true);
}
Debug.Assert(projectShim != null, "Cannot check the items if no project has been defined!");
foreach (string itemName in itemsToCheck)
{
BuildItemGroupShim group = projectShim.GetEvaluatedItemsByNameIgnoringCondition(itemName);
if (group != null)
{
IEnumerator enumerator = group.GetEnumerator();
while (enumerator.MoveNext())
{
BuildItemShim item = enumerator.Current as BuildItemShim;
string finalItem = item.FinalItemSpec;
if (!String.IsNullOrEmpty(finalItem))
{
// Perform the actual check - start with normalizing the path. Relative paths
// should be treated as relative to the project file.
string fullPath = this.GetFullPath(finalItem);
// If the fullpath of the item is suspiciously short do not check it.
if (fullPath.Length >= 3)
{
Uri uri = null;
// If we cannot create a uri from the item path return with the error
if (!Uri.TryCreate(fullPath, UriKind.Absolute, out uri))
{
reasonForFailure = fullPath;
return(false);
}
// Check if the item points to a network share
if (uri.IsUnc)
{
reasonForFailure = fullPath;
return(false);
}
// Check if the item is located in a drive root directory
if (uri.Segments.Length == 3 && uri.Segments[1] == ":" && uri.Segments[2][0] == Path.DirectorySeparatorChar)
{
reasonForFailure = fullPath;
return(false);
}
//Check if the item is not in a special folder.
foreach (Uri specialFolder in this.specialFolders)
{
if (ItemSecurityChecker.IsItemInCone(uri, specialFolder))
{
reasonForFailure = fullPath;
return(false);
}
}
}
else
{
reasonForFailure = fullPath;
return(false);
}
}
}
}
}
return(true);
}
internal void UnloadProject(ProjectShim projectShim)
{
_engine.UnloadProject(projectShim.Project);
}
internal bool IsProjectSafe(string dangerousItemsPropertyName, string defaultDangerousItems, ProjectShim mainProject, ProjectShim userProject, SecurityCheckPass pass, out string reasonFailed, out bool isUserFile)
{
reasonFailed = string.Empty;
isUserFile = false;
string[] nonImportedItems = null;
string[] nonImportedTargetNames = null;
switch (pass)
{
case SecurityCheckPass.Targets:
if (mainProject != null)
{
nonImportedItems = GetNonImportedTargetNames(mainProject);
}
if (userProject != null)
{
nonImportedTargetNames = GetNonImportedTargetNames(userProject);
}
break;
case SecurityCheckPass.Properties:
if (mainProject != null)
{
nonImportedItems = GetNonImportedPropertyNames(mainProject);
}
if (userProject != null)
{
nonImportedTargetNames = GetNonImportedPropertyNames(userProject);
}
break;
case SecurityCheckPass.Items:
if (mainProject != null)
{
nonImportedItems = GetNonImportedItemNames(mainProject);
}
if (userProject != null)
{
nonImportedTargetNames = GetNonImportedItemNames(userProject);
}
break;
default:
return(false);
}
Dictionary <string, string> dangerousItems = CreateDangerousItemHashtable(defaultDangerousItems + mainProject.GetEvaluatedProperty(dangerousItemsPropertyName));
bool flag = IsProjectSafeHelper(nonImportedItems, dangerousItems, out reasonFailed);
if (!flag)
{
isUserFile = false;
return(false);
}
bool flag2 = IsProjectSafeHelper(nonImportedTargetNames, dangerousItems, out reasonFailed);
if (!flag2)
{
isUserFile = true;
return(false);
}
return(flag && flag2);
}
