public IEnumerable <PackageVerifierIssue> Validate(IPackageRepository packageRepo, IPackage package, IPackageVerifierLogger logger) { foreach (IPackageFile currentFile in package.GetFiles()) { string extension = Path.GetExtension(currentFile.Path); if (extension.Equals(".dll", StringComparison.OrdinalIgnoreCase) || extension.Equals(".exe", StringComparison.OrdinalIgnoreCase)) { string assemblyPath = Path.ChangeExtension(Path.Combine(Path.GetTempPath(), Path.GetTempFileName()), extension); var isManagedCode = false; var isStrongNameSigned = false; int hresult = 0; try { using (Stream packageFileStream = currentFile.GetStream()) { var _assemblyBytes = new byte[packageFileStream.Length]; packageFileStream.Read(_assemblyBytes, 0, _assemblyBytes.Length); using (var fileStream = new FileStream(assemblyPath, FileMode.Create)) { packageFileStream.Seek(0, SeekOrigin.Begin); packageFileStream.CopyTo(fileStream); fileStream.Flush(true); } if (AssemblyHelpers.IsAssemblyManaged(assemblyPath)) { isManagedCode = true; var clrStrongName = (IClrStrongName)RuntimeEnvironment.GetRuntimeInterfaceAsObject(new Guid("B79B0ACD-F5CD-409b-B5A5-A16244610B92"), new Guid("9FD93CCF-3280-4391-B3A9-96E1CDE77C8D")); bool verificationForced; hresult = clrStrongName.StrongNameSignatureVerificationEx(assemblyPath, true, out verificationForced); if (hresult == 0) { isStrongNameSigned = true; } } } } catch (Exception ex) { logger.LogError("Error while verifying strong name signature for {0}: {1}", currentFile.Path, ex.Message); } finally { if (File.Exists(assemblyPath)) { File.Delete(assemblyPath); } } if (isManagedCode && !isStrongNameSigned) { yield return(PackageIssueFactory.AssemblyNotStrongNameSigned(currentFile.Path, hresult)); } } } yield break; }
public IEnumerable <PackageVerifierIssue> Validate(PackageAnalysisContext context) { if (context.Metadata.IsDotNetToolPackage()) { yield break; } foreach (var currentFile in context.PackageReader.GetFiles()) { var extension = Path.GetExtension(currentFile); if (extension.Equals(".dll", StringComparison.OrdinalIgnoreCase) || extension.Equals(".exe", StringComparison.OrdinalIgnoreCase)) { string assemblyPath; do { assemblyPath = Path.ChangeExtension( Path.Combine(Path.GetTempPath(), Path.GetRandomFileName()), extension); } while (File.Exists(assemblyPath)); var isManagedCode = false; var isStrongNameSigned = false; var hasCorrectPublicKeyToken = false; var hresult = 0; try { using (var packageFileStream = context.PackageReader.GetStream(currentFile)) using (var fileStream = new FileStream(assemblyPath, FileMode.Create)) { packageFileStream.CopyTo(fileStream); } if (AssemblyHelpers.IsAssemblyManaged(assemblyPath)) { isManagedCode = true; using (var assembly = AssemblyDefinition.ReadAssembly(assemblyPath)) { if (assembly.Modules.Any()) { isStrongNameSigned = assembly.Modules.All( module => module.Attributes.HasFlag(ModuleAttributes.StrongNameSigned)); } else { throw new InvalidOperationException("The managed assembly does not contain any modules."); } var tokenHexString = BitConverter.ToString(assembly.Name.PublicKeyToken).Replace("-", ""); if (_publicKeyToken.Equals(tokenHexString, StringComparison.OrdinalIgnoreCase)) { hasCorrectPublicKeyToken = true; } } } } catch (Exception ex) { context.Logger.LogError( "Error while verifying strong name signature for {0}: {1}", currentFile, ex.Message); } finally { if (File.Exists(assemblyPath)) { File.Delete(assemblyPath); } } if (isManagedCode && !isStrongNameSigned) { yield return(PackageIssueFactory.AssemblyNotStrongNameSigned(currentFile, hresult)); } if (isManagedCode && !hasCorrectPublicKeyToken) { yield return(PackageIssueFactory.AssemblyHasWrongPublicKeyToken(currentFile, _publicKeyToken)); } } } }