/// <summary> /// Ensures that the provided script block is compatible with the current language mode - to /// be used when a script block is being dotted. /// </summary> /// <param name="scriptBlock">The script block being dotted.</param> /// <param name="languageMode">The current language mode.</param> /// <param name="invocationInfo">The invocation info about the command.</param> protected static void ValidateCompatibleLanguageMode( ScriptBlock scriptBlock, PSLanguageMode languageMode, InvocationInfo invocationInfo) { // If we are in a constrained language mode (Core or Restricted), block it. // We are currently restricting in one direction: // - Can't dot something from a more permissive mode, since that would probably expose // functions that were never designed to handle untrusted data. // This function won't be called for NoLanguage mode so the only direction checked is trusted // (FullLanguage mode) script running in a constrained/restricted session. if ((scriptBlock.LanguageMode.HasValue) && (scriptBlock.LanguageMode != languageMode) && ((languageMode == PSLanguageMode.RestrictedLanguage) || (languageMode == PSLanguageMode.ConstrainedLanguage))) { // Finally check if script block is really just PowerShell commands plus parameters. // If so then it is safe to dot source across language mode boundaries. bool isSafeToDotSource = false; try { scriptBlock.GetPowerShell(); isSafeToDotSource = true; } catch (Exception) { } if (!isSafeToDotSource) { ErrorRecord errorRecord = new ErrorRecord( new NotSupportedException( DiscoveryExceptions.DotSourceNotSupported), "DotSourceNotSupported", ErrorCategory.InvalidOperation, null); errorRecord.SetInvocationInfo(invocationInfo); throw new CmdletInvocationException(errorRecord); } } }
/// <summary> /// Ensures that the provided script block is compatible with the current language mode - to /// be used when a script block is being dotted. /// </summary> /// <param name="scriptBlock">The script block being dotted</param> /// <param name="languageMode">The current language mode</param> /// <param name="invocationInfo">The invocation info about the command</param> protected static void ValidateCompatibleLanguageMode(ScriptBlock scriptBlock, PSLanguageMode languageMode, InvocationInfo invocationInfo) { // If we are in a constrained language mode (Core or Restricted), block it. // We are currently restricting in one direction: // - Can't dot something from a more permissive mode, since that would probably expose // functions that were never designed to handle untrusted data. // This function won't be called for NoLanguage mode so the only direction checked is trusted // (FullLanguage mode) script running in a constrained/restricted session. if ((scriptBlock.LanguageMode.HasValue) && (scriptBlock.LanguageMode != languageMode) && ((languageMode == PSLanguageMode.RestrictedLanguage) || (languageMode == PSLanguageMode.ConstrainedLanguage))) { // Finally check if script block is really just PowerShell commands plus parameters. // If so then it is safe to dot source across language mode boundaries. bool isSafeToDotSource = false; try { scriptBlock.GetPowerShell(); isSafeToDotSource = true; } catch (Exception e) { CheckForSevereException(e); } if (!isSafeToDotSource) { ErrorRecord errorRecord = new ErrorRecord( new NotSupportedException( DiscoveryExceptions.DotSourceNotSupported), "DotSourceNotSupported", ErrorCategory.InvalidOperation, null); errorRecord.SetInvocationInfo(invocationInfo); throw new CmdletInvocationException(errorRecord); } } }