public object Invoke(object[] parameters) { if (FAssembly == null || FAssembly.Instance == null) { return(null); } if (FMethodInfo == null) { FMethodInfo = FAssembly.Instance.GetType().GetMethod(MethodName, BindingFlags.Instance | BindingFlags.NonPublic); } if (FMethodInfo == null) { return(null); } PermissionSet restrictions = FAssembly.Report.ScriptRestrictions; if (restrictions != null) { restrictions.Deny(); } try { return(FMethodInfo.Invoke(FAssembly.Instance, parameters)); } finally { if (restrictions != null) { CodeAccessPermission.RevertDeny(); } } }
public void CanReflectOnSecurityExceptionWithoutPermission() { SecurityPermission denyPermission = new SecurityPermission(SecurityPermissionFlag.ControlPolicy | SecurityPermissionFlag.ControlEvidence); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); SecurityException exception = null; try { DemandException(denyPermission); } catch (SecurityException e) { exception = e; } ExceptionFormatter formatter = new ExceptionFormatter(); String message = formatter.GetMessage(exception); Match demandedMatch = DemandedEntryRegex.Match(message); Assert.IsNotNull(demandedMatch); Assert.AreEqual(Resources.PropertyAccessFailed, demandedMatch.Groups[1].Value); CodeAccessPermission.RevertDeny(); message = formatter.GetMessage(exception); demandedMatch = DemandedEntryRegex.Match(message); Assert.IsNotNull(demandedMatch); Assert.AreNotEqual(Resources.PropertyAccessFailed, demandedMatch.Groups[1].Value); }
public void ReflectionFormatterReadSecurityExceptionPropertiesWithoutPermissionTest() { SecurityPermission denyPermission = new SecurityPermission(SecurityPermissionFlag.ControlPolicy | SecurityPermissionFlag.ControlEvidence); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); StringBuilder sb = new StringBuilder(); StringWriter writer = new StringWriter(sb); SecurityException exception = null; try { DemandException(denyPermission); } catch (SecurityException e) { exception = e; } MockTextExceptionFormatter formatter = new MockTextExceptionFormatter(writer, exception, Guid.Empty); formatter.Format(); CodeAccessPermission.RevertDeny(); formatter = new MockTextExceptionFormatter(writer, exception, Guid.Empty); formatter.Format(); Assert.AreEqual(exception.Demanded.ToString(), formatter.properties["Demanded"]); }
public void OpenConfigFileWithoutPermissions() { FileIOPermission denyPermission = new FileIOPermission(FileIOPermissionAccess.Read, Path.GetFullPath(myConfigTestFile)); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); ConfigurationFile configFile = new ConfigurationFile(); configFile.Load(Path.GetFullPath(myConfigTestFile)); }
public void OpenMachineConfigWithoutPermissions() { FileIOPermission denyPermission = new FileIOPermission(FileIOPermissionAccess.Read, ConfigurationBuilder.MachineConfigurationFile); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); using (new ConfigurationBuilder(ConfigurationBuilder.MachineConfigurationFile)) { } }
/// <summary> /// DemandSuccedsAfterDeny /// </summary> /// <param name="toDeny"></param> /// <returns></returns> internal static bool DemandSuccedsAfterDeny(PermissionSet toDeny) { toDeny.Deny(); try { TransparentSecurityHelper.Demand(toDeny); return(true); } catch (SecurityException) { return(false); } }
/// <summary> /// Try/finally is completely unnecessary. Permissions are associated with stack frames /// and go out of scope once stack frame returns. /// </summary> private string GetMachineNameWithoutPermissions() { EnvironmentPermission denyPermission = new EnvironmentPermission(PermissionState.None); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); try { return(Environment.MachineName); } finally { CodeAccessPermission.RevertDeny(); } }
public void CanGetMachineNameWithoutSecurity() { EnvironmentPermission denyPermission = new EnvironmentPermission(EnvironmentPermissionAccess.Read, computerName); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); StringBuilder sb = new StringBuilder(); StringWriter writer = new StringWriter(sb); Exception exception = new MockException(); TextExceptionFormatter formatter = new TextExceptionFormatter(writer, exception); Assert.IsTrue(sb.Length == 0); formatter.Format(); Assert.IsTrue(sb.ToString().Contains(machineName + " : " + permissionDenied)); }
public void CanGetWindowsIdentityWithoutSecurity() { SecurityPermission denyPermission = new SecurityPermission(SecurityPermissionFlag.ControlPrincipal); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); StringBuilder sb = new StringBuilder(); StringWriter writer = new StringWriter(sb); Exception exception = new MockException(); TextExceptionFormatter formatter = new TextExceptionFormatter(writer, exception); Assert.IsTrue(sb.Length == 0); formatter.Format(); Console.WriteLine(sb.ToString()); Assert.IsTrue(sb.ToString().Contains(windowsIdentity + " : " + permissionDenied)); }
public void NoPermissionToReadFileWhenCreated() { FileIOPermission denyPermission = new FileIOPermission(FileIOPermissionAccess.Read, Path.GetFullPath("TestFile")); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); try { new FileDependency("TestFile"); } finally { CodeAccessPermission.RevertDeny(); } }
public void NoPermissionToReadWhenCheckingExpiration() { FileDependency dependency = new FileDependency("TestFile"); FileIOPermission denyPermission = new FileIOPermission(FileIOPermissionAccess.Read, Path.GetFullPath("TestFile")); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); try { dependency.HasExpired(); } finally { CodeAccessPermission.RevertDeny(); } }
public static void Main() { // Try to access resources using the permissions currently available. AttemptAccess("Default permissions"); // Create a permission set that allows read access to the TEMP // environment variable and read, write, and append access to SomeFile PermissionSet ps = new PermissionSet(PermissionState.None); ps.AddPermission( new EnvironmentPermission(EnvironmentPermissionAccess.Read, "TEMP")); ps.AddPermission( new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.Write | FileIOPermissionAccess.Append, Path.GetFullPath("SomeFile"))); // Use caution in asserting permissions in publicly callable code without // any kind of check on the caller. There is a danger of the assert being // used to exploit a downstream caller by stopping its security check, // allowing the malicious code access to unauthorized resources. // Stop security checks at this point in the stack walk // for the specified permissions ps.Assert(); // Try to access resources using the permissions we've just asserted. AttemptAccess("Assert permissions"); // Remove this stack frame's Assert CodeAccessPermission.RevertAssert(); // Deny access to the resources we specify ps.Deny(); // Try to access resources using the permissions we've just denied. AttemptAccess("Deny permissions"); // Remove this stack frame's Deny so we're back to default permissions. CodeAccessPermission.RevertDeny(); // Make the permissions indicate the only things that we're allowed to do. ps.PermitOnly(); // Try to access resources using only the permissions we've just permitted. AttemptAccess("PermitOnly permissions"); // Remove this stack frame's PermitOnly so we're back to default permissions. CodeAccessPermission.RevertPermitOnly(); // Remove the FileIOPermissions from the permission set ps.RemovePermission(typeof(FileIOPermission)); // Try to access resources using only the Environment permissions. ps.PermitOnly(); AttemptAccess("PermitOnly without FileIOPermission permissions"); CodeAccessPermission.RevertPermitOnly(); // Remove the EnvironmentPermission from the permission set ps.RemovePermission(typeof(EnvironmentPermission)); // Try to access resources using no permissions. ps.PermitOnly(); AttemptAccess("PermitOnly without any permissions"); CodeAccessPermission.RevertPermitOnly(); // Show how to use Demand/Assert to improve performance CopyFile(".\\Permissions.exe", ".\\Permissions.copy.exe"); // Delete .exe copy File.Delete(".\\Permissions.copy.exe"); }