Exemplo n.º 1
0
        public static int Main()
        {
            var monoroot = new FileInfo(Assembly.GetExecutingAssembly().Location).Directory.Parent.Parent.Parent.Parent.Parent.FullName;
            var inputdir = Paths.Combine(monoroot, "tmp", "unity_linkered");
            //var inputdir = Paths.Combine(monoroot, "mcs","class","lib","unity");
            var outputdir        = Paths.Combine(monoroot, "builds", "monodistribution", "lib", "mono", "unity_web");
            var profileDirectory = Paths.Combine(monoroot, "tuning", "TuningInput", "Security");

            Console.WriteLine("Outputdir: " + outputdir);
            Console.WriteLine("Inputdir: " + inputdir);
            if (Directory.Exists(outputdir))
            {
                Directory.Delete(outputdir, true);
            }
            Directory.CreateDirectory(outputdir);

            var assemblypaths = new List <string>();

            var inject = new[] { "mscorlib.dll", "System.dll", "System.Core.dll", "System.Xml.dll", "Mono.Security.dll" };

            foreach (var f in Directory.GetFiles(inputdir))
            {
                var name = Path.GetFileName(f);
                if (inject.Where(name.Contains).Any() && Path.GetExtension(name) == ".dll")
                {
                    assemblypaths.Add(f);
                    continue;
                }
                if (f.ToLower().Contains("report"))
                {
                    continue;
                }
                if (f.ToLower().Contains("I18N"))
                {
                    continue;
                }
                File.Copy(f, Path.Combine(outputdir, name));
            }

            var assemblies    = TimeFunction("Assembly loading", () => LoadAssembliesAndSetUpAssemblyResolver(assemblypaths, profileDirectory));
            var criticalTypes = CriticalTypes(assemblies, profileDirectory).ToList();

            EnsureCriticalTypesEnheritanceRulesAreCompliedWith(assemblies, criticalTypes);

            MethodPrivilegeDetector.CriticalTypes = criticalTypes.Cast <TypeReference>().ToList();
            var methodsRequiringPrivilegesThemselvesWithComments = TimeFunction("Privilege detection", () => assemblies.SelectMany(assembly => MethodPrivilegeDetector.MethodsRequiringPrivilegesThemselvesOn(assembly)).ToList());
            var methodsRequiringPrivilegesThemselvesManual       = TimeFunction("Read manually provided methods requiring privileges", () => ManuallyProvidedMethodsRequiringPrivilegesThemselves(profileDirectory, assemblies));

            methodsRequiringPrivilegesThemselvesWithComments.AddRange(
                methodsRequiringPrivilegesThemselvesManual.Select(
                    n => new KeyValuePair <MethodDefinition, string>(n, "Manually added in .manual file")));

            var methodsRequiringPrivilegesThemselves = methodsRequiringPrivilegesThemselvesWithComments.Select(g => g.Key).ToList();

            var auditedSafeMethods   = TimeFunction("Loading audit files", () => AuditedSafeMethods(profileDirectory, assemblies));
            var ignoredCalls         = TimeFunction("Loading ignored call files", () => IgnoredCalls(profileDirectory, assemblies)).ToList();
            var privilegePropagation = TimeFunction("Privilege propagation", () => new MethodPrivilegePropagation(assemblies, methodsRequiringPrivilegesThemselves, auditedSafeMethods, criticalTypes, ignoredCalls));

            var report = privilegePropagation.CreateReportBuilder().Build();

            foreach (var assembly in assemblies)
            {
                var injector = new Injector(assembly)
                {
                    UI = UI, OutputDirectory = outputdir
                };
                injector.InjectAll(report.GetInjectionsFor(assembly));
            }
            //var allCriticalMethods = privilegePropagation.ResultingCriticalMethods;
            //TimeAction("Attribute injection", ()=>InjectSecurityAttributes(assemblies, auditedSafeMethods, allCriticalMethods, outputdir));

            var rapportdir = Path.Combine(Path.Combine(monoroot, "tuning"), "GeneratedSecurityReports");

            TimeAction("Report generation", () => GenerateReportsFor(assemblies, methodsRequiringPrivilegesThemselvesWithComments, privilegePropagation, profileDirectory, rapportdir));

            int count = FindUnreviewedUnavailablePublicAPISInReport(rapportdir);

            //return 0;
            return(count);
        }
Exemplo n.º 2
0
        public void Test()
        {
            var asssembly1src =
                @"
using System;
using System.Runtime.CompilerServices;

public class A
{
	public void Fine() {}
	unsafe public void NotFine(IntPtr* a) {}
}

unsafe public class B
{
	IntPtr* bad;

	public void Fine() {}
	public void AlsoFine(IntPtr* a) {}

	[MethodImpl(MethodImplOptions.InternalCall)]
	public extern void AlsoFine2();
}

public class C
{
	public void NotFine(B b) {}
	public void Fine() {}
}

public class SubB : B
{
}

public class D
{
	SubB b;
}
public class E
{
	public void NotFine(D d) {}
}

";

            var assembly = CSharpCompiler.CompileTempAssembly(asssembly1src);

            var ad  = AssemblyFactory.GetAssembly(assembly);
            var cdf = new CecilDefinitionFinder(ad);

            MethodPrivilegeDetector.CriticalTypes = new[]
            {
                "B",
                "SubB",
                "D",
            }.Select(s => cdf.FindType(s)).Cast <TypeReference>().ToList();
            var results = MethodPrivilegeDetector.MethodsRequiringPrivilegesThemselvesOn(ad).Select(kvp => kvp.Key);


            var expectedresults = new[]
            {
                "System.Void A::NotFine(System.IntPtr*)",
                "System.Void C::NotFine(B)",
                "System.Void E::NotFine(D)",
            }.Select(s => cdf.FindMethod(s));

            CollectionAssert.AreEquivalent(expectedresults.ToArray(), results.ToArray());
        }