public void InjectFromCecilSecurityAttributeDefinitions() { var assembly = AssemblyCompiler.CompileTempAssembly(@" class Foo { public void CriticalMethod() {} public void Bar(int value) {} public void Bar(string value) {} public void SafeCriticalMethod() {} public Foo(string value) {} } class CriticalType { } " ); var finder = new CecilDefinitionFinder(assembly); var safecriticalmethod = finder.FindMethod("System.Void Foo::SafeCriticalMethod()"); var criticalmethod = finder.FindMethod("System.Void Foo::CriticalMethod()"); var criticaltype = finder.FindType("CriticalType"); var instructions = new List <CecilSecurityAttributeDescriptor>() { new CecilSecurityAttributeDescriptor(criticalmethod, SecurityAttributeType.Critical), new CecilSecurityAttributeDescriptor(safecriticalmethod, SecurityAttributeType.SafeCritical), new CecilSecurityAttributeDescriptor(criticaltype, SecurityAttributeType.Critical), }; var injector = new Injector(assembly); injector.InjectAll(instructions); new AssemblySecurityVerifier(assembly.AssemblyPath()).Verify(instructions); }
public void Test() { var assembly1 = AssemblyCompiler.CompileTempAssembly(@" using System; using System.IO; using System.Runtime.CompilerServices; public interface IMyEnumerator { Object Current { get; } } public class SystemArray { private class SimpleEnumerator : IMyEnumerator { SystemArray mycopy = null; public Object Current { get { mycopy.DoSomethingBad(); return null; } } } [MethodImpl(MethodImplOptions.InternalCall)] void DoSomethingBad() { } } "); var requirePrivilegesThemselves = DetectMethodsRequiringPrivileges(new TypeDefinition[] {}, assembly1); Console.WriteLine("Requires themselves: " + requirePrivilegesThemselves.Aggregate("", (c, i) => c + i)); //var requirePrivilegesThemselves = new List<string>() {"System.Void SystemArray/SimpleEnumerator::DoSomethingBad()"}; var propagationReport = PropagateRequiredPrivileges(new TypeDefinition[] {}, new string[] {}, requirePrivilegesThemselves.ToArray(), assembly1); Console.WriteLine(propagationReport.InjectionInstructions); Assert.AreEqual( @"SC-M: System.Void SystemArray::DoSomethingBad() SC-M: System.Object SystemArray/SimpleEnumerator::get_Current() SC-M: System.Object IMyEnumerator::get_Current() ", propagationReport.InjectionInstructions); }
private AssemblyDefinition PrepareTestForAssembly(string code, params string[] references) { _assembly = AssemblyCompiler.CompileTempAssembly(@" using System; using System.IO; using System.Runtime.CompilerServices;" + code + @" public static class Evil { [MethodImpl(MethodImplOptions.InternalCall)] public static void Do() { } } ", references); _cdf = new CecilDefinitionFinder(_assembly); _evilDo = _cdf.FindMethod("System.Void Evil::Do()"); return(_assembly); }
public void TwoAssembliesWithCriticalType() { var assembly1 = AssemblyCompiler.CompileTempAssembly(@" public interface IMyEnumerator { void M1(); }"); var assembly2 = PrepareTestForAssembly(@" public class CriticalType : IMyEnumerator { public void M1() { Evil.Do(); } } ", assembly1.AssemblyPath()); var finderForAssembly2 = new CecilDefinitionFinder(assembly2); var evilDo = finderForAssembly2.FindMethod("System.Void Evil::Do()"); var criticaltype = finderForAssembly2.FindType("CriticalType"); var assemblies = new[] { assembly1, assembly2 }; var propagation = new MethodPrivilegePropagation(assemblies, new[] { evilDo }, new MethodDefinition[] { }, new[] { criticaltype }, new List <MethodToMethodCall>()); var report = propagation.CreateReportBuilder().Build(); CollectionAssert.IsEmpty(report.GetInjectionsFor(assembly1)); var injections = report.GetInjectionsFor(assembly2); var expected = new[] { new CecilSecurityAttributeDescriptor(criticaltype, SecurityAttributeType.Critical), new CecilSecurityAttributeDescriptor(evilDo, SecurityAttributeType.Critical) }; CollectionAssert.AreEquivalent(expected, injections); }