public void TestDangereousTargets() { UIThreadInvoker.Invoke((ThreadInvoker) delegate() { //Get the global service provider and the dte IServiceProvider sp = VsIdeTestHostContext.ServiceProvider; DTE dte = (DTE)sp.GetService(typeof(DTE)); string mainProjFilename = CreateTempFileOnDisk(@" <Project DefaultTargets=`Build` xmlns=`msbuildnamespace`> <Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/> <Target Name=`PrepareForBuild`> <PropertyGroup> <TargetDir>$(TargetDir)</TargetDir> <TargetPath>$(TargetPath)</TargetPath> </PropertyGroup> </Target> </Project> " ); try { ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename); MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithTargets", BindingFlags.Instance | BindingFlags.NonPublic); string[] message = new string[1] { String.Empty }; bool result = (bool)mi.Invoke(projectSecurityChecker, message); Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with redefined safe targets."); } finally { File.Delete(mainProjFilename); } }); }
public void TestDangereousUsingTasks() { UIThreadInvoker.Invoke((ThreadInvoker) delegate() { //Get the global service provider and the dte IServiceProvider sp = VsIdeTestHostContext.ServiceProvider; DTE dte = (DTE)sp.GetService(typeof(DTE)); string mainProjFilename = CreateTempFileOnDisk(@" <Project xmlns=`msbuildnamespace`> <UsingTask TaskName=`Microsoft.Build.Tasks.FormatUrl` AssemblyName=`Microsoft.Build.Tasks, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`/> <UsingTask TaskName=`Microsoft.Build.Tasks.FormatVersion` AssemblyName=`Microsoft.Build.Tasks, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`/> <Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/> </Project> " ); try { ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename); MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithUsingTasks", BindingFlags.Instance | BindingFlags.NonPublic); string[] message = new string[1] { String.Empty }; bool result = (bool)mi.Invoke(projectSecurityChecker, message); Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with not safe taks."); } finally { File.Delete(mainProjFilename); } }); }
public void TestMultipleFailures() { UIThreadInvoker.Invoke((ThreadInvoker) delegate() { //Get the global service provider and the dte IServiceProvider sp = VsIdeTestHostContext.ServiceProvider; DTE dte = (DTE)sp.GetService(typeof(DTE)); string mainProjFilename = CreateTempFileOnDisk(@" <Project DefaultTargets=`Build` xmlns=`msbuildnamespace`> <PropertyGroup> <BaseIntermediateOutputPath>obj\</BaseIntermediateOutputPath> </PropertyGroup> <ItemGroup> <AppConfigFileDestination Include=`$(OutDir)$(TargetFileName).config`/> </ItemGroup> <Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/> </Project> " ); try { ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename); string errorMessage; bool result = projectSecurityChecker.IsProjectSafeAtLoadTime(out errorMessage); Assert.IsFalse(result, "A project was considered safe containing redefined safe properties and safe items!"); Assert.IsTrue(errorMessage.Contains("1:") && errorMessage.Contains("2:"), "The error string returning from a project with multiple failures should contain the listed failures"); } finally { File.Delete(mainProjFilename); } }); }
public void TestBadImport() { UIThreadInvoker.Invoke((ThreadInvoker) delegate() { //Get the global service provider and the dte IServiceProvider sp = VsIdeTestHostContext.ServiceProvider; DTE dte = (DTE)sp.GetService(typeof(DTE)); // Create temp files on disk for the main project file and the imported project files. string importedProjFilename3 = CreateTempFileOnDisk(@" <Project xmlns=`msbuildnamespace`> <PropertyGroup> <ReferencePath>c:\foobar</ReferencePath> </PropertyGroup> </Project> " ); string importedProjFilename2 = CreateTempFileOnDisk(@" <Project xmlns=`msbuildnamespace`> <PropertyGroup> <ReferencePath>c:\foobar</ReferencePath> </PropertyGroup> </Project> " ); string importedProjFilename1 = CreateTempFileOnDisk(string.Format(@" <Project xmlns=`msbuildnamespace`> <Import Project=`{0}`/> <PropertyGroup> <ReferencePath>c:\foobar</ReferencePath> </PropertyGroup> </Project> " , importedProjFilename2)); // Create temp files on disk for the main project file and the imported project files. string mainProjFilename = CreateTempFileOnDisk(string.Format(@" <Project xmlns=`msbuildnamespace`> <Import Project=`{0}`/> <Import Project=`{1}`/> </Project> " , importedProjFilename1, importedProjFilename3)); try { ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename); MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithImports", BindingFlags.Instance | BindingFlags.NonPublic); string[] message = new string[1] { String.Empty }; bool result = (bool)mi.Invoke(projectSecurityChecker, message); Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with unsafe imports"); } finally { File.Delete(mainProjFilename); File.Delete(importedProjFilename1); File.Delete(importedProjFilename2); File.Delete(importedProjFilename3); } }); }
public void TestBadImport() { UIThreadInvoker.Invoke((ThreadInvoker)delegate() { //Get the global service provider and the dte IServiceProvider sp = VsIdeTestHostContext.ServiceProvider; DTE dte = (DTE)sp.GetService(typeof(DTE)); // Create temp files on disk for the main project file and the imported project files. string importedProjFilename3 = CreateTempFileOnDisk(@" <Project xmlns=`msbuildnamespace`> <PropertyGroup> <ReferencePath>c:\foobar</ReferencePath> </PropertyGroup> </Project> "); string importedProjFilename2 = CreateTempFileOnDisk(@" <Project xmlns=`msbuildnamespace`> <PropertyGroup> <ReferencePath>c:\foobar</ReferencePath> </PropertyGroup> </Project> "); string importedProjFilename1 = CreateTempFileOnDisk(string.Format(@" <Project xmlns=`msbuildnamespace`> <Import Project=`{0}`/> <PropertyGroup> <ReferencePath>c:\foobar</ReferencePath> </PropertyGroup> </Project> ", importedProjFilename2)); // Create temp files on disk for the main project file and the imported project files. string mainProjFilename = CreateTempFileOnDisk(string.Format(@" <Project xmlns=`msbuildnamespace`> <Import Project=`{0}`/> <Import Project=`{1}`/> </Project> ", importedProjFilename1, importedProjFilename3)); try { ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename); MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithImports", BindingFlags.Instance | BindingFlags.NonPublic); string[] message = new string[1] { String.Empty }; bool result = (bool)mi.Invoke(projectSecurityChecker, message); Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with unsafe imports"); } finally { File.Delete(mainProjFilename); File.Delete(importedProjFilename1); File.Delete(importedProjFilename2); File.Delete(importedProjFilename3); } }); }
public void TestMultipleFailures() { UIThreadInvoker.Invoke((ThreadInvoker)delegate() { //Get the global service provider and the dte IServiceProvider sp = VsIdeTestHostContext.ServiceProvider; DTE dte = (DTE)sp.GetService(typeof(DTE)); string mainProjFilename = CreateTempFileOnDisk(@" <Project DefaultTargets=`Build` xmlns=`msbuildnamespace`> <PropertyGroup> <BaseIntermediateOutputPath>obj\</BaseIntermediateOutputPath> </PropertyGroup> <ItemGroup> <AppConfigFileDestination Include=`$(OutDir)$(TargetFileName).config`/> </ItemGroup> <Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/> </Project> "); try { ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename); string errorMessage; bool result = projectSecurityChecker.IsProjectSafeAtLoadTime(out errorMessage); Assert.IsFalse(result, "A project was considered safe containing redefined safe properties and safe items!"); Assert.IsTrue(errorMessage.Contains("1:") && errorMessage.Contains("2:"), "The error string returning from a project with multiple failures should contain the listed failures"); } finally { File.Delete(mainProjFilename); } }); }
public void TestDangereousUsingTasks() { UIThreadInvoker.Invoke((ThreadInvoker)delegate() { //Get the global service provider and the dte IServiceProvider sp = VsIdeTestHostContext.ServiceProvider; DTE dte = (DTE)sp.GetService(typeof(DTE)); string mainProjFilename = CreateTempFileOnDisk(@" <Project xmlns=`msbuildnamespace`> <UsingTask TaskName=`Microsoft.Build.Tasks.FormatUrl` AssemblyName=`Microsoft.Build.Tasks, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`/> <UsingTask TaskName=`Microsoft.Build.Tasks.FormatVersion` AssemblyName=`Microsoft.Build.Tasks, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`/> <Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/> </Project> "); try { ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename); MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithUsingTasks", BindingFlags.Instance | BindingFlags.NonPublic); string[] message = new string[1] { String.Empty }; bool result = (bool)mi.Invoke(projectSecurityChecker, message); Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with not safe taks."); } finally { File.Delete(mainProjFilename); } }); }
public void TestDangereousTargets() { UIThreadInvoker.Invoke((ThreadInvoker)delegate() { //Get the global service provider and the dte IServiceProvider sp = VsIdeTestHostContext.ServiceProvider; DTE dte = (DTE)sp.GetService(typeof(DTE)); string mainProjFilename = CreateTempFileOnDisk(@" <Project DefaultTargets=`Build` xmlns=`msbuildnamespace`> <Import Project=`$(MSBuildBinPath)\Microsoft.CSharp.targets`/> <Target Name=`PrepareForBuild`> <PropertyGroup> <TargetDir>$(TargetDir)</TargetDir> <TargetPath>$(TargetPath)</TargetPath> </PropertyGroup> </Target> </Project> "); try { ProjectSecurityChecker projectSecurityChecker = new ProjectSecurityChecker(sp, mainProjFilename); MethodInfo mi = projectSecurityChecker.GetType().GetMethod("IsProjectSafeWithTargets", BindingFlags.Instance | BindingFlags.NonPublic); string[] message = new string[1] { String.Empty }; bool result = (bool)mi.Invoke(projectSecurityChecker, message); Assert.IsTrue(!result && !String.IsNullOrEmpty(message[0]), "No message returned from a project with redefined safe targets."); } finally { File.Delete(mainProjFilename); } }); }
/// <summary> /// Make sure that we load normally and skip security checking. /// This can have security impacts so do not do this in production code. /// </summary> protected override ProjectLoadOption CheckProjectForSecurity(ProjectSecurityChecker projectSecurityChecker, ProjectSecurityChecker userProjectSecurityChecker) { return(ProjectLoadOption.LoadNormally); }