WPF皮肤剥皮安全顾虑 [英] WPF Skin Skinning Security Concerns
问题描述
我真的很新的WPF在.Net框架(获取的出路)。我正在写一个应用程序,该接口是通过简单地加载的.xaml(目前页面元素)文件到一个框架,然后根据需要通过名称映射的控制非常定制。我们的想法是让谁的人有兴趣使皮肤一个社区,皮肤我的应用程序不过他们想(像Winamp的)。
I'm really new to the WPF in the .Net Framework (get that out of the way). I'm writing an application where the interface is very customizable by simply loading .xaml (at the moment a Page element) files into a frame and then mapping the controls via names as needed. The idea is to have a community of people who are interested in making skins, skin my application however they want (much like Winamp).
现在的问题是,由于我缺乏的XAML的知识,是有可能创造的下载和使用可能有其他嵌入式内部框架或可能嵌入HTML或调用远程的网页含有恶意内容的其他元素时,恶意的XAML页面?我相信这可能是这样的。
Now the question arises, due to my lack of Xaml knowledge, is it possible to create malicious Xaml pages that when downloaded and used could have other embedded Iframes or other elements that could have embed html or call remote webpages with malicious content? I believe this could be the case.
如果是这样的话那么我两个选择;要么我有一个自动的过程,可以通过检查它之前允许下载(我将承担将是最困难的)因素消除这些类型的XAML文件,或有一个人审查他们之前下载。是否有替代品,我不知道的,可以使整个过程更加容易?
If this is the case then I two options; either I have an automated process that can remove these types of Xaml files by checking it’s elements prior to allowing download (which I would assume would be most difficult) or have a human review them prior to download. Are there alternatives I’m unaware of that could make this whole process a lot easier?
推荐答案
如果您只是加载XAML没有采取任何precautions有两个潜在的问题:
If you simply load the XAML without taking any precautions there are two potential concerns:
- 的XAML可以调用使用你的对象的方法X:静态和ObjectDataSource控件
- 的XAML可以从任意尤里斯将HTML和图像,所以如果有在HTML处理或图像处理code错误,恶意软件可以利用它
的解决方案是双重的:
- 限制可实例的类。
- 限制开放的属性,以相对来源而已。 的设置
限制可实例化的类
幸运的是只有有限数量的地方类型可显示:元素名称,附-属性名称,标记扩展,类型为类型属性。通过禁止任何,但标准型的扩展,这是很简单的扫描所有用途和内置在XAML中引用类型的完整列表。这可以核对已知安全类型的白名单中。不属于安全名单上引用任何类型将导致XAML被拒绝。
Fortunately there are only a limited number of places types can appear: Element names, Attached-property names, Markup extensions, properties of type "Type". By disallowing any but the standard type extensions, it is quite simple to scan for all of usages and built a complete list of types referenced in the XAML. This can be checked against a whitelist of known-safe types. Any types referenced that aren't on the safe list cause the XAML to be rejected.
注:内置的XamlReader不允许你提供一个自定义IXamlTypeResolver。我使用增强的XamlReader我写的,允许自定义IXamlTypeResolver,所以我其实可以检测所引用的XAML在加载时所有类型的,没有做任何分析都运行时:只要不解决任何类型的类型不上白名单中。
Note: The built-in XamlReader doesn't allow you to provide a custom IXamlTypeResolver. I use an enhanced XamlReader I wrote that that allows a custom IXamlTypeResolver, so I can actually detect every type that is referenced in the XAML at load time and run time without doing any parsing at all: Just fail to resolve any type type not on the whitelist.
限制URI属性的设置
再次XAML的刚性结构来援助我们。它可以轻松地扫描以确定每个属性的setter将调用和值或绑定的设置(不要忘了款式和附加属性)。在XAML可以,如果只是一包乌里任何绝对URI用于被拒绝。尝试使用标记扩展将同样拒绝设置一个开放的。
Again the rigid structure of XAML comes to our aid. It can easily be scanned to determine every property setter that will be called and the value or binding to be set (don't forget styles and attached properties). The XAML can be rejected if any absolute Uri except a pack Uri is used. Attempts to set a Uri using a markup extension would be similarly rejected.
这篇关于WPF皮肤剥皮安全顾虑的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
