public void Audit(byte[] code, RequiredAcs requiredAcs, bool isSystemContract) { var findings = new List <ValidationResult>(); var asm = Assembly.Load(code); var modDef = ModuleDefinition.ReadModule(new MemoryStream(code)); var cts = new CancellationTokenSource(CodeOpsOptionsMonitor?.CurrentValue.AuditTimeoutDuration ?? Constants.DefaultAuditTimeoutDuration); // Run module validators findings.AddRange(Validate(modDef, cts.Token, isSystemContract)); // Run assembly validators (run after module validators since we invoke BindService method below) findings.AddRange(Validate(asm, cts.Token, isSystemContract)); // Run method validators foreach (var type in modDef.Types) { findings.AddRange(ValidateMethodsInType(type, cts.Token, isSystemContract)); } // Perform ACS validation if (requiredAcs != null) { findings.AddRange(_acsValidator.Validate(asm, requiredAcs)); } if (findings.Count > 0) { throw new CSharpCodeCheckException( $"Contract code did not pass audit. Audit failed for contract: {modDef.Assembly.MainModule.Name}\n" + string.Join("\n", findings), findings); } }
public void ContractAuditor_AcsRequired_Test() { var whiteList = new List <string> { "System.Collection", "System.Linq" }; var blackList = new List <string> { "System.Random", "System.DateTime" }; _auditor = new CSharpContractAuditor(whiteList, blackList); var requireAcs = new RequiredAcs(); requireAcs.AcsList = new List <string> { "acs1" }; Should.Throw <CSharpInvalidCodeException>(() => _auditor.Audit(_badContractCode, requireAcs)); Should.NotThrow(() => _auditor.Audit(_systemContractCode, requireAcs)); requireAcs.AcsList.Add("acs8"); Should.NotThrow(() => _auditor.Audit(_systemContractCode, requireAcs)); requireAcs.RequireAll = true; Should.Throw <CSharpInvalidCodeException>(() => _auditor.Audit(_systemContractCode, requireAcs)); }
public ContractAuditorFixture() { _auditor = new CSharpContractAuditor(null, null); _requiredAcs = new RequiredAcs { AcsList = new[] { "acs1", "acs8" }.ToList(), RequireAll = false }; }
public ContractAuditor(CSharpContractAuditor contractAuditor) { _auditor = contractAuditor; _requiredAcs = new RequiredAcs { AcsList = new[] { "acs1", "acs8" }.ToList(), RequireAll = false }; }
public ContractPolicyTests() { _systemContractCode = ReadPatchedContractCode(typeof(BasicContractZero)); _badContractCode = ReadContractCode(typeof(BadContract)); _requiredAcs = new RequiredAcs { AcsList = new[] { "acs1", "acs8" }.ToList(), RequireAll = false }; }
public void CheckSystemContracts_AllShouldPass(Type contractType, bool acsAllRequired = false, params string[] acsList) { var requiredAcs = new RequiredAcs { RequireAll = acsAllRequired, AcsList = new List <string>(acsList) }; _auditor.Audit(ReadPatchedContractCode(contractType), true); Should.Throw <CSharpCodeCheckException>(() => _auditor.Audit(ReadPatchedContractCode(contractType), requiredAcs, false)); }
public void ContractAuditor_AcsRequired_Test() { var requireAcs = new RequiredAcs(); requireAcs.AcsList = new List <string> { "acs1" }; var badContractCode = ReadContractCode(typeof(BadContract)); Should.Throw <CSharpCodeCheckException>(() => _auditor.Audit(badContractCode, requireAcs, false)); var systemContractCode = ReadPatchedContractCode(typeof(BasicContractZero)); Should.NotThrow(() => _auditor.Audit(systemContractCode, requireAcs, true)); requireAcs.AcsList.Add("acs8"); Should.NotThrow(() => _auditor.Audit(systemContractCode, requireAcs, true)); requireAcs.RequireAll = true; Should.Throw <CSharpCodeCheckException>(() => _auditor.Audit(systemContractCode, requireAcs, true)); }
private void AuditWithPolicy(byte[] code, RequiredAcs requiredAcs, AbstractPolicy policy) { var findings = new List <ValidationResult>(); var modDef = ModuleDefinition.ReadModule(new MemoryStream(code)); // Check against whitelist findings.AddRange(policy.Whitelist.Validate(modDef)); // Run module validators findings.AddRange(policy.ModuleValidators.SelectMany(v => v.Validate(modDef))); var asm = Assembly.Load(code); // Run assembly validators (run after module validators since we invoke BindService method below) findings.AddRange(policy.AssemblyValidators.SelectMany(v => v.Validate(asm))); // Run method validators foreach (var type in modDef.Types) { findings.AddRange(ValidateMethodsInType(policy, type)); } // Perform ACS validation if (requiredAcs != null) { findings.AddRange(_acsValidator.Validate(asm, requiredAcs)); } if (findings.Count > 0) { throw new CSharpInvalidCodeException( $"Contract code did not pass audit. Audit failed for contract: {modDef.Assembly.MainModule.Name}\n" + string.Join("\n", findings), findings); } }
public void Audit(byte[] code, RequiredAcs requiredAcs, bool isSystemContract) { throw new InvalidCodeException("failed"); }
public void Audit(byte[] code, RequiredAcs requiredAcs, bool isSystemContract) { }
public IEnumerable <ValidationResult> Validate(System.Reflection.Assembly assembly, RequiredAcs requiredAcs) { if (requiredAcs.AcsList.Count == 0) { return(Enumerable.Empty <ValidationResult>()); // No ACS required } var acsBaseList = GetServiceDescriptorIdentities(GetServerServiceDefinition(assembly)); if (requiredAcs.RequireAll) { // Contract should have all listed ACS as a base if (requiredAcs.AcsList.Any(acs => !acsBaseList.Contains(acs))) { return new List <ValidationResult> { new AcsValidationResult( $"Contract should have all {string.Join(", ", requiredAcs.AcsList)} as base.") } } ; } else { // Contract should have at least one of the listed ACS in the list as a base if (requiredAcs.AcsList.All(acs => !acsBaseList.Contains(acs))) { return new List <ValidationResult> { new AcsValidationResult( $"Contract should have at least {string.Join(" or ", requiredAcs.AcsList)} as base.") } } ; } return(Enumerable.Empty <ValidationResult>()); }
public void Audit(byte[] code, RequiredAcs requiredAcs) { AuditWithPolicy(code, requiredAcs, _priviligePolicy); }
public void Audit(byte[] code, RequiredAcs requiredAcs, bool isSystemContract) { _auditor.Audit(code, requiredAcs, isSystemContract); }