/// <summary>
///
/// </summary>
/// <param name="hWnd"></param>
/// <param name="msg"></param>
/// <param name="wParam"></param>
/// <param name="lParam"></param>
/// <returns></returns>
private IntPtr CustomWndProc(IntPtr hWnd, uint msg, IntPtr wParam,
IntPtr lParam)
{
// we only care about COPYDATA messages
if (msg != WM_COPYDATA)
{
return(DefWindowProcW(hWnd, msg, wParam, lParam));
}
IntPtr result = IntPtr.Zero;
// convert lParam to something usable
COPYDATASTRUCT copyData = (COPYDATASTRUCT)
Marshal.PtrToStructure(lParam, typeof(COPYDATASTRUCT));
if (((IntPtr.Size == 4) &&
(copyData.dwData.ToInt32() != (unchecked ((int)AGENT_COPYDATA_ID)))) ||
((IntPtr.Size == 8) &&
(copyData.dwData.ToInt64() != AGENT_COPYDATA_ID)))
{
return(result); // failure
}
string mapname = Marshal.PtrToStringAnsi(copyData.lpData);
if (mapname.Length != copyData.cbData - 1)
{
return(result); // failure
}
try {
using (MemoryMappedFile fileMap =
MemoryMappedFile.OpenExisting(mapname,
MemoryMappedFileRights.FullControl)) {
if (fileMap.SafeMemoryMappedFileHandle.IsInvalid)
{
return(result); // failure
}
SecurityIdentifier mapOwner =
(SecurityIdentifier)fileMap.GetAccessControl()
.GetOwner(typeof(System.Security.Principal.SecurityIdentifier));
/* check to see if message sender is same user as this program's
* user */
var user = WindowsIdentity.GetCurrent();
var userSid = user.User;
// see http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/pageant-backwards-compatibility.html
var procOwnerSid = GetProcessOwnerSID(Process.GetCurrentProcess().Id);
Process otherProcess = null;
try {
otherProcess = WinInternals.FindProcessWithMatchingHandle(fileMap);
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
if (userSid == mapOwner || procOwnerSid == mapOwner)
{
using (MemoryMappedViewStream stream = fileMap.CreateViewStream()) {
AnswerMessage(stream, otherProcess);
}
result = new IntPtr(1);
return(result); // success
}
}
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
return(result); // failure
}
void Main(IntPtr intPtr, IsolatedStorageFile isolatedStorageFile, MemoryMappedFile memoryMappedFile, MemoryMappedFileSecurity memoryMappedFileSecurity, Stream stream)
{
// Any static method call on File or Directory will raise
File.Exists(""); // Noncompliant {{Make sure this file handling is safe here.}}
// ^^^^^^^^^^^^^^^
File.Create(""); // Noncompliant
File.Delete(""); // Noncompliant
File.ReadLines(""); // Noncompliant
Directory.Exists(""); // Noncompliant
Directory.Delete(""); // Noncompliant
Directory.EnumerateFiles(""); // Noncompliant
// Any FileInfo or DirectoryInfo creation
var fileInfo = new FileInfo(""); // Noncompliant {{Make sure this file handling is safe here.}}
// ^^^^^^^^^^^^^^^^
var dirInfo = new DirectoryInfo(""); // Noncompliant
// Calls to extern CreateFile
SafeFileHandle handle;
handle = CreateFile("", 0, 0, intPtr, 0, 0, intPtr); // Noncompliant
handle = CreateFile(); // Compliant, not extern
// Creation of SafeFileHandle
handle = new SafeFileHandle(IntPtr.Zero, false); // Noncompliant
// All constructors of FileStream
FileStream fileStream;
fileStream = new FileStream(IntPtr.Zero, FileAccess.Read); // Noncompliant
fileStream = new FileStream(handle, FileAccess.Read); // Compliant, created from SafeFileHandle, which should be already reported
fileStream = new FileStream("", FileMode.Append); // Noncompliant
fileStream = new FileStream(IntPtr.Zero, FileAccess.Read, true); // Noncompliant
fileStream = new FileStream(handle, FileAccess.Read, 0); // Compliant, created from SafeFileHandle, which should be already reported
fileStream = new FileStream("", FileMode.Append, FileAccess.Read); // Noncompliant
fileStream = new FileStream(IntPtr.Zero, FileAccess.Read, true, 0); // Noncompliant
fileStream = new FileStream(handle, FileAccess.Read, 0, true); // Compliant, created from SafeFileHandle, which should be already reported
fileStream = new FileStream("", FileMode.Append, FileAccess.Read, FileShare.Read); // Noncompliant
fileStream = new FileStream(IntPtr.Zero, FileAccess.Read, true, 0, true); // Noncompliant
fileStream = new FileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, 0); // Noncompliant
fileStream = new FileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, 0, true); // Noncompliant
fileStream = new FileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, 0, FileOptions.Asynchronous); // Noncompliant
fileStream = new FileStream("", FileMode.Append, FileSystemRights.Read, FileShare.Read, 0, FileOptions.Asynchronous); // Noncompliant
fileStream = new FileStream("", FileMode.Append, FileSystemRights.Read, FileShare.Read, 0, FileOptions.Asynchronous, new FileSecurity()); // Noncompliant
// All constructors of StreamWriter, whos first argument is string
StreamWriter streamWriter;
streamWriter = new StreamWriter(stream);
streamWriter = new StreamWriter(""); // Noncompliant
streamWriter = new StreamWriter(stream, Encoding.Unicode);
streamWriter = new StreamWriter("", true); // Noncompliant
streamWriter = new StreamWriter(stream, Encoding.Unicode, 0);
streamWriter = new StreamWriter("", true, Encoding.Unicode); // Noncompliant
streamWriter = new StreamWriter(stream, Encoding.Unicode, 0, true);
streamWriter = new StreamWriter("", true, Encoding.Unicode, 0); // Noncompliant
// All constructors of StreamReader, whos first argument is string
StreamReader streamReader;
streamReader = new StreamReader(stream);
streamReader = new StreamReader(""); // Noncompliant
streamReader = new StreamReader(stream, true);
streamReader = new StreamReader(stream, Encoding.Unicode);
streamReader = new StreamReader("", true); // Noncompliant
streamReader = new StreamReader("", Encoding.Unicode); // Noncompliant
streamReader = new StreamReader(stream, Encoding.Unicode, true);
streamReader = new StreamReader("", Encoding.Unicode, true); // Noncompliant
streamReader = new StreamReader(stream, Encoding.Unicode, true, 0);
streamReader = new StreamReader("", Encoding.Unicode, true, 0); // Noncompliant
streamReader = new StreamReader(stream, Encoding.Unicode, true, 0, true);
Path.GetTempFileName(); // Noncompliant
Path.GetTempPath(); // Noncompliant
FileSecurity fileSecurity;
fileSecurity = new FileSecurity();
fileSecurity = new FileSecurity("", AccessControlSections.All); // Noncompliant
// All static methods of ZipFile (all methods are static!)
ZipFile.CreateFromDirectory("", ""); // Noncompliant
ZipFile.CreateFromDirectory("", "", CompressionLevel.Fastest, true); // Noncompliant
ZipFile.CreateFromDirectory("", "", CompressionLevel.Fastest, true, Encoding.Unicode); // Noncompliant
ZipFile.Open("", ZipArchiveMode.Read); // Noncompliant
ZipFile.Open("", ZipArchiveMode.Read, Encoding.Unicode); // Noncompliant
ZipFile.OpenRead(""); // Noncompliant
ZipFile.ExtractToDirectory("", ""); // Noncompliant
ZipFile.ExtractToDirectory("", "", Encoding.Unicode); // Noncompliant
// All static methods of IsolatedStorageFile
IsolatedStorageFile.GetMachineStoreForApplication(); // Noncompliant
IsolatedStorageFile.GetMachineStoreForAssembly(); // Noncompliant
IsolatedStorageFile.GetMachineStoreForDomain(); // Noncompliant
IsolatedStorageFile.GetStore(IsolatedStorageScope.Application, typeof(Program), typeof(Program)); // Noncompliant
IsolatedStorageFile.GetStore(IsolatedStorageScope.Application, new Evidence(), typeof(Program), new Evidence(), typeof(Program)); // Noncompliant
IsolatedStorageFile.GetStore(IsolatedStorageScope.Application, typeof(Program)); // Noncompliant
IsolatedStorageFile.GetStore(IsolatedStorageScope.Application, null); // Noncompliant
IsolatedStorageFile.GetStore(IsolatedStorageScope.Application, null, null); // Noncompliant
IsolatedStorageFile.GetUserStoreForApplication(); // Noncompliant
IsolatedStorageFile.GetUserStoreForAssembly(); // Noncompliant
IsolatedStorageFile.GetUserStoreForDomain(); // Noncompliant
IsolatedStorageFile.GetUserStoreForSite(); // Noncompliant
isolatedStorageFile.CopyFile("", ""); // Compliant, not static
// All constructors of IsolatedStorageFileStream
IsolatedStorageFileStream isolatedStorageFileStream;
isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append); // Noncompliant
isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read); // Noncompliant
isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, isolatedStorageFile); // Noncompliant
isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read, FileShare.Read); // Noncompliant
isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read, isolatedStorageFile); // Noncompliant
isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, 0); // Noncompliant
isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, isolatedStorageFile); // Noncompliant
isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, 0, isolatedStorageFile); // Noncompliant
// All static methods that start with Create* on MemoryMappedFile
MemoryMappedFile.CreateFromFile(""); // Noncompliant
MemoryMappedFile.CreateFromFile("", FileMode.Append); // Noncompliant
MemoryMappedFile.CreateFromFile("", FileMode.Append, ""); // Noncompliant
MemoryMappedFile.CreateFromFile("", FileMode.Append, "", 0); // Noncompliant
MemoryMappedFile.CreateFromFile("", FileMode.Append, "", 0, MemoryMappedFileAccess.CopyOnWrite); // Noncompliant
MemoryMappedFile.CreateFromFile(fileStream, "", 0, MemoryMappedFileAccess.CopyOnWrite, memoryMappedFileSecurity, HandleInheritability.Inheritable, true); // Noncompliant
MemoryMappedFile.CreateNew("", 0); // Noncompliant
MemoryMappedFile.CreateNew("", 0, MemoryMappedFileAccess.CopyOnWrite); // Noncompliant
MemoryMappedFile.CreateNew("", 0, MemoryMappedFileAccess.CopyOnWrite, MemoryMappedFileOptions.DelayAllocatePages, memoryMappedFileSecurity, HandleInheritability.Inheritable); // Noncompliant
MemoryMappedFile.CreateOrOpen("", 0); // Noncompliant
MemoryMappedFile.CreateOrOpen("", 0, MemoryMappedFileAccess.CopyOnWrite); // Noncompliant
MemoryMappedFile.CreateOrOpen("", 0, MemoryMappedFileAccess.CopyOnWrite, MemoryMappedFileOptions.DelayAllocatePages, memoryMappedFileSecurity, HandleInheritability.Inheritable); // Noncompliant
memoryMappedFile.CreateViewAccessor(0, 0); // Compliant, not static
// All static methods that start with Open* on MemoryMappedFile
MemoryMappedFile.OpenExisting(""); // Noncompliant
MemoryMappedFile.OpenExisting("", MemoryMappedFileRights.CopyOnWrite); // Noncompliant
MemoryMappedFile.OpenExisting("", MemoryMappedFileRights.CopyOnWrite, HandleInheritability.Inheritable); // Noncompliant
memoryMappedFile.GetAccessControl(); // Compliant, not static, not starting with Open or Create
}
