public void TestDangereousTargets()
{
UIThreadInvoker.Invoke((ThreadInvoker) delegate()
{
//Get the global service provider and the dte
IServiceProvider sp = VsIdeTestHostContext.ServiceProvider;
DTE dte = (DTE)sp.GetService(typeof(DTE));
string mainProjFilename = CreateTempFileOnDisk(@"
<Project DefaultTargets=`Build` xmlns=`msbuildnamespace`>
<Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/>
<Target
Name=`PrepareForBuild`>
<PropertyGroup>
<TargetDir>$(TargetDir)</TargetDir>
<TargetPath>$(TargetPath)</TargetPath>
</PropertyGroup>
</Target>
</Project>
" );
try
{
ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename);
MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithTargets", BindingFlags.Instance | BindingFlags.NonPublic);
string[] message = new string[1] {
String.Empty
};
bool result = (bool)mi.Invoke(projectSecurityChecker, message);
Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with redefined safe targets.");
}
finally
{
File.Delete(mainProjFilename);
}
});
}
public void TestDangereousUsingTasks()
{
UIThreadInvoker.Invoke((ThreadInvoker) delegate()
{
//Get the global service provider and the dte
IServiceProvider sp = VsIdeTestHostContext.ServiceProvider;
DTE dte = (DTE)sp.GetService(typeof(DTE));
string mainProjFilename = CreateTempFileOnDisk(@"
<Project xmlns=`msbuildnamespace`>
<UsingTask
TaskName=`Microsoft.Build.Tasks.FormatUrl`
AssemblyName=`Microsoft.Build.Tasks, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`/>
<UsingTask
TaskName=`Microsoft.Build.Tasks.FormatVersion`
AssemblyName=`Microsoft.Build.Tasks, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`/>
<Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/>
</Project>
" );
try
{
ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename);
MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithUsingTasks", BindingFlags.Instance | BindingFlags.NonPublic);
string[] message = new string[1] {
String.Empty
};
bool result = (bool)mi.Invoke(projectSecurityChecker, message);
Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with not safe taks.");
}
finally
{
File.Delete(mainProjFilename);
}
});
}
public void TestMultipleFailures()
{
UIThreadInvoker.Invoke((ThreadInvoker) delegate()
{
//Get the global service provider and the dte
IServiceProvider sp = VsIdeTestHostContext.ServiceProvider;
DTE dte = (DTE)sp.GetService(typeof(DTE));
string mainProjFilename = CreateTempFileOnDisk(@"
<Project DefaultTargets=`Build` xmlns=`msbuildnamespace`>
<PropertyGroup>
<BaseIntermediateOutputPath>obj\</BaseIntermediateOutputPath>
</PropertyGroup>
<ItemGroup>
<AppConfigFileDestination Include=`$(OutDir)$(TargetFileName).config`/>
</ItemGroup>
<Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/>
</Project>
" );
try
{
ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename);
string errorMessage;
bool result = projectSecurityChecker.IsProjectSafeAtLoadTime(out errorMessage);
Assert.IsFalse(result, "A project was considered safe containing redefined safe properties and safe items!");
Assert.IsTrue(errorMessage.Contains("1:") && errorMessage.Contains("2:"), "The error string returning from a project with multiple failures should contain the listed failures");
}
finally
{
File.Delete(mainProjFilename);
}
});
}
public void TestBadImport()
{
UIThreadInvoker.Invoke((ThreadInvoker) delegate()
{
//Get the global service provider and the dte
IServiceProvider sp = VsIdeTestHostContext.ServiceProvider;
DTE dte = (DTE)sp.GetService(typeof(DTE));
// Create temp files on disk for the main project file and the imported project files.
string importedProjFilename3 = CreateTempFileOnDisk(@"
<Project xmlns=`msbuildnamespace`>
<PropertyGroup>
<ReferencePath>c:\foobar</ReferencePath>
</PropertyGroup>
</Project>
" );
string importedProjFilename2 = CreateTempFileOnDisk(@"
<Project xmlns=`msbuildnamespace`>
<PropertyGroup>
<ReferencePath>c:\foobar</ReferencePath>
</PropertyGroup>
</Project>
" );
string importedProjFilename1 = CreateTempFileOnDisk(string.Format(@"
<Project xmlns=`msbuildnamespace`>
<Import Project=`{0}`/>
<PropertyGroup>
<ReferencePath>c:\foobar</ReferencePath>
</PropertyGroup>
</Project>
" , importedProjFilename2));
// Create temp files on disk for the main project file and the imported project files.
string mainProjFilename = CreateTempFileOnDisk(string.Format(@"
<Project xmlns=`msbuildnamespace`>
<Import Project=`{0}`/>
<Import Project=`{1}`/>
</Project>
" , importedProjFilename1, importedProjFilename3));
try
{
ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename);
MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithImports", BindingFlags.Instance | BindingFlags.NonPublic);
string[] message = new string[1] {
String.Empty
};
bool result = (bool)mi.Invoke(projectSecurityChecker, message);
Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with unsafe imports");
}
finally
{
File.Delete(mainProjFilename);
File.Delete(importedProjFilename1);
File.Delete(importedProjFilename2);
File.Delete(importedProjFilename3);
}
});
}
public void TestBadImport()
{
UIThreadInvoker.Invoke((ThreadInvoker)delegate()
{
//Get the global service provider and the dte
IServiceProvider sp = VsIdeTestHostContext.ServiceProvider;
DTE dte = (DTE)sp.GetService(typeof(DTE));
// Create temp files on disk for the main project file and the imported project files.
string importedProjFilename3 = CreateTempFileOnDisk(@"
<Project xmlns=`msbuildnamespace`>
<PropertyGroup>
<ReferencePath>c:\foobar</ReferencePath>
</PropertyGroup>
</Project>
");
string importedProjFilename2 = CreateTempFileOnDisk(@"
<Project xmlns=`msbuildnamespace`>
<PropertyGroup>
<ReferencePath>c:\foobar</ReferencePath>
</PropertyGroup>
</Project>
");
string importedProjFilename1 = CreateTempFileOnDisk(string.Format(@"
<Project xmlns=`msbuildnamespace`>
<Import Project=`{0}`/>
<PropertyGroup>
<ReferencePath>c:\foobar</ReferencePath>
</PropertyGroup>
</Project>
", importedProjFilename2));
// Create temp files on disk for the main project file and the imported project files.
string mainProjFilename = CreateTempFileOnDisk(string.Format(@"
<Project xmlns=`msbuildnamespace`>
<Import Project=`{0}`/>
<Import Project=`{1}`/>
</Project>
", importedProjFilename1, importedProjFilename3));
try
{
ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename);
MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithImports", BindingFlags.Instance | BindingFlags.NonPublic);
string[] message = new string[1] { String.Empty };
bool result = (bool)mi.Invoke(projectSecurityChecker, message);
Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with unsafe imports");
}
finally
{
File.Delete(mainProjFilename);
File.Delete(importedProjFilename1);
File.Delete(importedProjFilename2);
File.Delete(importedProjFilename3);
}
});
}
public void TestMultipleFailures()
{
UIThreadInvoker.Invoke((ThreadInvoker)delegate()
{
//Get the global service provider and the dte
IServiceProvider sp = VsIdeTestHostContext.ServiceProvider;
DTE dte = (DTE)sp.GetService(typeof(DTE));
string mainProjFilename = CreateTempFileOnDisk(@"
<Project DefaultTargets=`Build` xmlns=`msbuildnamespace`>
<PropertyGroup>
<BaseIntermediateOutputPath>obj\</BaseIntermediateOutputPath>
</PropertyGroup>
<ItemGroup>
<AppConfigFileDestination Include=`$(OutDir)$(TargetFileName).config`/>
</ItemGroup>
<Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/>
</Project>
");
try
{
ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename);
string errorMessage;
bool result = projectSecurityChecker.IsProjectSafeAtLoadTime(out errorMessage);
Assert.IsFalse(result, "A project was considered safe containing redefined safe properties and safe items!");
Assert.IsTrue(errorMessage.Contains("1:") && errorMessage.Contains("2:"), "The error string returning from a project with multiple failures should contain the listed failures");
}
finally
{
File.Delete(mainProjFilename);
}
});
}
public void TestDangereousUsingTasks()
{
UIThreadInvoker.Invoke((ThreadInvoker)delegate()
{
//Get the global service provider and the dte
IServiceProvider sp = VsIdeTestHostContext.ServiceProvider;
DTE dte = (DTE)sp.GetService(typeof(DTE));
string mainProjFilename = CreateTempFileOnDisk(@"
<Project xmlns=`msbuildnamespace`>
<UsingTask
TaskName=`Microsoft.Build.Tasks.FormatUrl`
AssemblyName=`Microsoft.Build.Tasks, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`/>
<UsingTask
TaskName=`Microsoft.Build.Tasks.FormatVersion`
AssemblyName=`Microsoft.Build.Tasks, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`/>
<Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/>
</Project>
");
try
{
ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename);
MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithUsingTasks", BindingFlags.Instance | BindingFlags.NonPublic);
string[] message = new string[1] { String.Empty };
bool result = (bool)mi.Invoke(projectSecurityChecker, message);
Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with not safe taks.");
}
finally
{
File.Delete(mainProjFilename);
}
});
}
public void TestDangereousTargets()
{
UIThreadInvoker.Invoke((ThreadInvoker)delegate()
{
//Get the global service provider and the dte
IServiceProvider sp = VsIdeTestHostContext.ServiceProvider;
DTE dte = (DTE)sp.GetService(typeof(DTE));
string mainProjFilename = CreateTempFileOnDisk(@"
<Project DefaultTargets=`Build` xmlns=`msbuildnamespace`>
<Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/>
<Target
Name=`PrepareForBuild`>
<PropertyGroup>
<TargetDir>$(TargetDir)</TargetDir>
<TargetPath>$(TargetPath)</TargetPath>
</PropertyGroup>
</Target>
</Project>
");
try
{
ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename);
MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithTargets", BindingFlags.Instance | BindingFlags.NonPublic);
string[] message = new string[1] { String.Empty };
bool result = (bool)mi.Invoke(projectSecurityChecker, message);
Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with redefined safe targets.");
}
finally
{
File.Delete(mainProjFilename);
}
});
}
/// <summary>
/// Make sure that we load normally and skip security checking.
/// This can have security impacts so do not do this in production code.
/// </summary>
protected override ProjectLoadOption CheckProjectForSecurity(ProjectSecurityChecker projectSecurityChecker, ProjectSecurityChecker userProjectSecurityChecker)
{
return(ProjectLoadOption.LoadNormally);
}
