示例#1
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="hWnd"></param>
        /// <param name="msg"></param>
        /// <param name="wParam"></param>
        /// <param name="lParam"></param>
        /// <returns></returns>
        private IntPtr CustomWndProc(IntPtr hWnd, uint msg, IntPtr wParam,
                                     IntPtr lParam)
        {
            // we only care about COPYDATA messages
            if (msg != WM_COPYDATA)
            {
                return(DefWindowProcW(hWnd, msg, wParam, lParam));
            }

            IntPtr result = IntPtr.Zero;

            // convert lParam to something usable
            COPYDATASTRUCT copyData = (COPYDATASTRUCT)
                                      Marshal.PtrToStructure(lParam, typeof(COPYDATASTRUCT));

            if (((IntPtr.Size == 4) &&
                 (copyData.dwData.ToInt32() != (unchecked ((int)AGENT_COPYDATA_ID)))) ||
                ((IntPtr.Size == 8) &&
                 (copyData.dwData.ToInt64() != AGENT_COPYDATA_ID)))
            {
                return(result); // failure
            }

            string mapname = Marshal.PtrToStringAnsi(copyData.lpData);

            if (mapname.Length != copyData.cbData - 1)
            {
                return(result); // failure
            }

            try {
                using (MemoryMappedFile fileMap =
                           MemoryMappedFile.OpenExisting(mapname,
                                                         MemoryMappedFileRights.FullControl)) {
                    if (fileMap.SafeMemoryMappedFileHandle.IsInvalid)
                    {
                        return(result); // failure
                    }

                    SecurityIdentifier mapOwner =
                        (SecurityIdentifier)fileMap.GetAccessControl()
                        .GetOwner(typeof(System.Security.Principal.SecurityIdentifier));

                    /* check to see if message sender is same user as this program's
                     * user */

                    var user    = WindowsIdentity.GetCurrent();
                    var userSid = user.User;

                    // see http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/pageant-backwards-compatibility.html
                    var procOwnerSid = GetProcessOwnerSID(Process.GetCurrentProcess().Id);

                    Process otherProcess = null;
                    try {
                        otherProcess = WinInternals.FindProcessWithMatchingHandle(fileMap);
                    } catch (Exception ex) {
                        Debug.Fail(ex.ToString());
                    }

                    if (userSid == mapOwner || procOwnerSid == mapOwner)
                    {
                        using (MemoryMappedViewStream stream = fileMap.CreateViewStream()) {
                            AnswerMessage(stream, otherProcess);
                        }
                        result = new IntPtr(1);
                        return(result); // success
                    }
                }
            } catch (Exception ex) {
                Debug.Fail(ex.ToString());
            }
            return(result); // failure
        }
示例#2
0
        void Main(IntPtr intPtr, IsolatedStorageFile isolatedStorageFile, MemoryMappedFile memoryMappedFile, MemoryMappedFileSecurity memoryMappedFileSecurity, Stream stream)
        {
            // Any static method call on File or Directory will raise
            File.Exists("");              // Noncompliant {{Make sure this file handling is safe here.}}
//          ^^^^^^^^^^^^^^^
            File.Create("");              // Noncompliant
            File.Delete("");              // Noncompliant
            File.ReadLines("");           // Noncompliant
            Directory.Exists("");         // Noncompliant
            Directory.Delete("");         // Noncompliant
            Directory.EnumerateFiles(""); // Noncompliant

            // Any FileInfo or DirectoryInfo creation
            var fileInfo = new FileInfo("");     // Noncompliant {{Make sure this file handling is safe here.}}
//                         ^^^^^^^^^^^^^^^^
            var dirInfo = new DirectoryInfo(""); // Noncompliant

            // Calls to extern CreateFile
            SafeFileHandle handle;

            handle = CreateFile("", 0, 0, intPtr, 0, 0, intPtr); // Noncompliant
            handle = CreateFile();                               // Compliant, not extern

            // Creation of SafeFileHandle
            handle = new SafeFileHandle(IntPtr.Zero, false); // Noncompliant

            // All constructors of FileStream
            FileStream fileStream;

            fileStream = new FileStream(IntPtr.Zero, FileAccess.Read);                                                                                // Noncompliant
            fileStream = new FileStream(handle, FileAccess.Read);                                                                                     // Compliant, created from SafeFileHandle, which should be already reported
            fileStream = new FileStream("", FileMode.Append);                                                                                         // Noncompliant
            fileStream = new FileStream(IntPtr.Zero, FileAccess.Read, true);                                                                          // Noncompliant
            fileStream = new FileStream(handle, FileAccess.Read, 0);                                                                                  // Compliant, created from SafeFileHandle, which should be already reported
            fileStream = new FileStream("", FileMode.Append, FileAccess.Read);                                                                        // Noncompliant
            fileStream = new FileStream(IntPtr.Zero, FileAccess.Read, true, 0);                                                                       // Noncompliant
            fileStream = new FileStream(handle, FileAccess.Read, 0, true);                                                                            // Compliant, created from SafeFileHandle, which should be already reported
            fileStream = new FileStream("", FileMode.Append, FileAccess.Read, FileShare.Read);                                                        // Noncompliant
            fileStream = new FileStream(IntPtr.Zero, FileAccess.Read, true, 0, true);                                                                 // Noncompliant
            fileStream = new FileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, 0);                                                     // Noncompliant
            fileStream = new FileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, 0, true);                                               // Noncompliant
            fileStream = new FileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, 0, FileOptions.Asynchronous);                           // Noncompliant
            fileStream = new FileStream("", FileMode.Append, FileSystemRights.Read, FileShare.Read, 0, FileOptions.Asynchronous);                     // Noncompliant
            fileStream = new FileStream("", FileMode.Append, FileSystemRights.Read, FileShare.Read, 0, FileOptions.Asynchronous, new FileSecurity()); // Noncompliant

            // All constructors of StreamWriter, whos first argument is string
            StreamWriter streamWriter;

            streamWriter = new StreamWriter(stream);
            streamWriter = new StreamWriter("");                            // Noncompliant
            streamWriter = new StreamWriter(stream, Encoding.Unicode);
            streamWriter = new StreamWriter("", true);                      // Noncompliant
            streamWriter = new StreamWriter(stream, Encoding.Unicode, 0);
            streamWriter = new StreamWriter("", true, Encoding.Unicode);    // Noncompliant
            streamWriter = new StreamWriter(stream, Encoding.Unicode, 0, true);
            streamWriter = new StreamWriter("", true, Encoding.Unicode, 0); // Noncompliant

            // All constructors of StreamReader, whos first argument is string
            StreamReader streamReader;

            streamReader = new StreamReader(stream);
            streamReader = new StreamReader(""); // Noncompliant
            streamReader = new StreamReader(stream, true);
            streamReader = new StreamReader(stream, Encoding.Unicode);
            streamReader = new StreamReader("", true);                      // Noncompliant
            streamReader = new StreamReader("", Encoding.Unicode);          // Noncompliant
            streamReader = new StreamReader(stream, Encoding.Unicode, true);
            streamReader = new StreamReader("", Encoding.Unicode, true);    // Noncompliant
            streamReader = new StreamReader(stream, Encoding.Unicode, true, 0);
            streamReader = new StreamReader("", Encoding.Unicode, true, 0); // Noncompliant
            streamReader = new StreamReader(stream, Encoding.Unicode, true, 0, true);

            Path.GetTempFileName(); // Noncompliant
            Path.GetTempPath();     // Noncompliant

            FileSecurity fileSecurity;

            fileSecurity = new FileSecurity();
            fileSecurity = new FileSecurity("", AccessControlSections.All); // Noncompliant

            // All static methods of ZipFile (all methods are static!)
            ZipFile.CreateFromDirectory("", "");                                                   // Noncompliant
            ZipFile.CreateFromDirectory("", "", CompressionLevel.Fastest, true);                   // Noncompliant
            ZipFile.CreateFromDirectory("", "", CompressionLevel.Fastest, true, Encoding.Unicode); // Noncompliant
            ZipFile.Open("", ZipArchiveMode.Read);                                                 // Noncompliant
            ZipFile.Open("", ZipArchiveMode.Read, Encoding.Unicode);                               // Noncompliant
            ZipFile.OpenRead("");                                                                  // Noncompliant
            ZipFile.ExtractToDirectory("", "");                                                    // Noncompliant
            ZipFile.ExtractToDirectory("", "", Encoding.Unicode);                                  // Noncompliant

            // All static methods of IsolatedStorageFile
            IsolatedStorageFile.GetMachineStoreForApplication();                                                                              // Noncompliant
            IsolatedStorageFile.GetMachineStoreForAssembly();                                                                                 // Noncompliant
            IsolatedStorageFile.GetMachineStoreForDomain();                                                                                   // Noncompliant
            IsolatedStorageFile.GetStore(IsolatedStorageScope.Application, typeof(Program), typeof(Program));                                 // Noncompliant
            IsolatedStorageFile.GetStore(IsolatedStorageScope.Application, new Evidence(), typeof(Program), new Evidence(), typeof(Program)); // Noncompliant
            IsolatedStorageFile.GetStore(IsolatedStorageScope.Application, typeof(Program));                                                  // Noncompliant
            IsolatedStorageFile.GetStore(IsolatedStorageScope.Application, null);                                                             // Noncompliant
            IsolatedStorageFile.GetStore(IsolatedStorageScope.Application, null, null);                                                       // Noncompliant
            IsolatedStorageFile.GetUserStoreForApplication();                                                                                 // Noncompliant
            IsolatedStorageFile.GetUserStoreForAssembly();                                                                                    // Noncompliant
            IsolatedStorageFile.GetUserStoreForDomain();                                                                                      // Noncompliant
            IsolatedStorageFile.GetUserStoreForSite();                                                                                        // Noncompliant
            isolatedStorageFile.CopyFile("", "");                                                                                             // Compliant, not static

            // All constructors of IsolatedStorageFileStream
            IsolatedStorageFileStream isolatedStorageFileStream;

            isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append);                                                          // Noncompliant
            isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read);                                         // Noncompliant
            isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, isolatedStorageFile);                                     // Noncompliant
            isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read, FileShare.Read);                         // Noncompliant
            isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read, isolatedStorageFile);                    // Noncompliant
            isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, 0);                      // Noncompliant
            isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, isolatedStorageFile);    // Noncompliant
            isolatedStorageFileStream = new IsolatedStorageFileStream("", FileMode.Append, FileAccess.Read, FileShare.Read, 0, isolatedStorageFile); // Noncompliant

            // All static methods that start with Create* on MemoryMappedFile
            MemoryMappedFile.CreateFromFile("");                                                                                                                                              // Noncompliant
            MemoryMappedFile.CreateFromFile("", FileMode.Append);                                                                                                                             // Noncompliant
            MemoryMappedFile.CreateFromFile("", FileMode.Append, "");                                                                                                                         // Noncompliant
            MemoryMappedFile.CreateFromFile("", FileMode.Append, "", 0);                                                                                                                      // Noncompliant
            MemoryMappedFile.CreateFromFile("", FileMode.Append, "", 0, MemoryMappedFileAccess.CopyOnWrite);                                                                                  // Noncompliant
            MemoryMappedFile.CreateFromFile(fileStream, "", 0, MemoryMappedFileAccess.CopyOnWrite, memoryMappedFileSecurity, HandleInheritability.Inheritable, true);                         // Noncompliant
            MemoryMappedFile.CreateNew("", 0);                                                                                                                                                // Noncompliant
            MemoryMappedFile.CreateNew("", 0, MemoryMappedFileAccess.CopyOnWrite);                                                                                                            // Noncompliant
            MemoryMappedFile.CreateNew("", 0, MemoryMappedFileAccess.CopyOnWrite, MemoryMappedFileOptions.DelayAllocatePages, memoryMappedFileSecurity, HandleInheritability.Inheritable);    // Noncompliant
            MemoryMappedFile.CreateOrOpen("", 0);                                                                                                                                             // Noncompliant
            MemoryMappedFile.CreateOrOpen("", 0, MemoryMappedFileAccess.CopyOnWrite);                                                                                                         // Noncompliant
            MemoryMappedFile.CreateOrOpen("", 0, MemoryMappedFileAccess.CopyOnWrite, MemoryMappedFileOptions.DelayAllocatePages, memoryMappedFileSecurity, HandleInheritability.Inheritable); // Noncompliant
            memoryMappedFile.CreateViewAccessor(0, 0);                                                                                                                                        // Compliant, not static

            // All static methods that start with Open* on MemoryMappedFile
            MemoryMappedFile.OpenExisting("");                                                                       // Noncompliant
            MemoryMappedFile.OpenExisting("", MemoryMappedFileRights.CopyOnWrite);                                   // Noncompliant
            MemoryMappedFile.OpenExisting("", MemoryMappedFileRights.CopyOnWrite, HandleInheritability.Inheritable); // Noncompliant
            memoryMappedFile.GetAccessControl();                                                                     // Compliant, not static, not starting with Open or Create
        }