在C#中的LinkDemand警告 [英] Linkdemand warning in c#
问题描述
我试图让IEXPLORER.EXE的版本我DLL.However我每次都得到这样的警告
警告1 CA2122:Microsoft.Security:ApCkr .IEavailable()'调用到'具有的LinkDemand FileVersionInfo.FileMajorPart.get()'。通过此调用,'FileVersionInfo.FileMajorPart.get()'间接暴露给用户代码。审查可能暴露的方式来绕过安全防护以下调用堆栈:
在MSDN中(安全权限),并falgs搜索的负荷,我仍然不能得到任何想法我是多么要摆脱这种错误。我试图
的SecurityPermission(SecurityAction.LinkDemand,旗帜= SecurityPermissionFlag.UnmanagedCode)]
但无法得到它的工作,要么
任何帮助将不胜感激
#地区IEXPLORE
公共字符串IEavailable()
{
布尔IEversion;
FileVersionInfo.GetVersionInfo(C:\\program files\\\\Internet Explorer\\iexplore.exe);
FileVersionInfo myFileVersionInfo = FileVersionInfo.GetVersionInfo(C:\\program files\\\\Internet Explorer\\iexplore.exe);
int类型的= myFileVersionInfo.FileMajorPart;
如果(A< 8)
{
IEversion = FALSE;
}
,否则
{
IEversion = TRUE;
}
返回IEversion.ToString();
}
#endregion
这是它在谈论FileVersionInfo类的链接需求属性:
[PermissionSet中(SecurityAction.LinkDemand,NAME =将FullTrust )]
这是MSDN文章中记录很好,但并不总是很容易从FxCop的递归信息。我个人觉得反光很方便整理了这一点。
一个环节的需求是一个非常便宜的要求,检查在运行时。这是在刚刚即时编译的时候,只有一次完成,并且只检查直接调用方的权限。发生可能的安全漏洞,因为你的财产的getter可能受到的其他的代码调用,更高版本。因为你的财产缺少的属性,并已即时编译这样的代码不会得到同样要求检查。你必须采用相同的安全属性。
这当这样的代码运行的没有的将FullTrust只会是一个问题。有点难以拿出这样的情况下,你必须创建自己的沙箱和你的财产暴露在这样的沙盒代码。如果你想知道的是能够检查一个DLL版本的安全含义:知道一个DLL的到底是什么版本所使用的程序是相当重要的是要弄清楚攻击媒介
$ B $。 bFxCop的是几乎没有足够的智慧来检测这样的场景。这真的是一种工具,只是发出的警告的东西,你的可能的忽视。你可能没有。 CAS是相当否则很难理解,我强烈地纠缠自己。和其他人一样,它被认为是过时的,因为那.NET 4,由安全沙盒模式所取代。明智的举动,安全性是不可理解的是不安全的。
I am trying to get the version of Iexplorer.exe in my DLL.However i get this warning every time
Warning 1 CA2122 : Microsoft.Security : 'ApCkr.IEavailable()' calls into 'FileVersionInfo.FileMajorPart.get()' which has a LinkDemand. By making this call, 'FileVersionInfo.FileMajorPart.get()' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection:
After loads of searching in MSDN (security permissions) and falgs,i still cannot get any idea of how i am going to get rid of this error. i tried
SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
But couldn't get it to work either
Any help would be much appreciated
#region IExplore
public string IEavailable()
{
bool IEversion;
FileVersionInfo.GetVersionInfo("C:\\program files\\\\Internet Explorer\\iexplore.exe");
FileVersionInfo myFileVersionInfo = FileVersionInfo.GetVersionInfo("C:\\program files\\\\Internet Explorer\\iexplore.exe");
int a = myFileVersionInfo.FileMajorPart;
if (a < 8)
{
IEversion = false;
}
else
{
IEversion = true;
}
return IEversion.ToString();
}
#endregion
This is the link demand attribute on the FileVersionInfo class it is talking about:
[PermissionSet(SecurityAction.LinkDemand, Name="FullTrust")]
This is documented well in the MSDN article, but not always easy to recurse from the FxCop message. I personally find Reflector quite handy to sort this out.
A link demand is a very cheap demand to check at runtime. It is performed at just-in-time compile time, just once and only checks the permissions of the immediate caller. The possible security leak occurs because your property getter might be called by other code, later. Such code won't get the same demand check because your property is missing the attribute and is already jitted. You have to apply the same security attribute.
This will only be a problem when such code runs without FullTrust. Kinda hard to come up with a scenario like that, you would have to create your own sandbox and expose your property to such sandboxed code. In case you're wondering about the security implications of being able to check the version of a DLL: knowing exactly what version of a DLL is used by a program is rather important to figure out an attack vector.
FxCop is not nearly smart enough to detect such scenarios. It is really the kind of tool that just emits warnings of things you might have overlooked. And you probably did. CAS is otherwise quite hard to comprehend, I struggle mightily myself. And everybody else, it got deprecated in .NET 4 because of that, replaced by a sandboxing model for security. Wise move, security that's incomprehensible is insecure.
这篇关于在C#中的LinkDemand警告的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
