您的位置: 首页  >  技术问答  >  有人可以提供(链接)一个有用的InheritanceDemand的例子吗?

有人可以提供(链接)一个有用的InheritanceDemand的例子吗?

分类: 技术问答 2022-05-29 11:09:58
问题描述:

我有以下类:

[UIPermission(SecurityAction.InheritanceDemand, Window = UIPermissionWindow.AllWindows)]
    public class PrintData
    {
        protected string Data = "secret value";

        public virtual void PrintString()
        {
            Console.WriteLine(Data);
        }
    }

有人可以提供从PrintData继承和/或调用一个重写PRINTSTRING方法会抛出异常的例子吗?

Can someone provide an example in which inheriting from PrintData and/or invoking an overridden PrintString method will throw an exception?

唉,我终于有一个计划炸毁一个失败inheritancedemand的直接原因。 你需要有三个项目与解决方案。 首先是基类:

Well, I have finally managed to have a program blow up as a direct cause of a failed inheritancedemand. You will need a VS solution with three projects. First the baseclass:

using System;
using System.IO;
using System.Security;
using System.Security.Permissions;

namespace BaseClass
{
    public abstract class IniPrinterBase
    {
        [FileIOPermission(SecurityAction.Deny, AllFiles = FileIOPermissionAccess.Read)]
        //[RegistryPermission(SecurityAction.InheritanceDemand,Unrestricted = true)]
        public virtual void PrintIniFile()
        {
            ProtectedPrint();
        }

        protected void ProtectedPrint()
        {
            try
            {
                var lines = File.ReadAllLines(@"G:\test.ini");
                foreach (var line in lines)
                {
                    Console.WriteLine(line);
                }
            }
            catch (SecurityException e)
            {

                Console.WriteLine("PRINT OF INI FILE FAILED!");
                Console.WriteLine(e.Message);
            }
        }
    }
}

然后在不同的项目中的派生类:

Then the derived classes in a different project:

using System.Security.Permissions;
using BaseClass;

[assembly:RegistryPermission(SecurityAction.RequestRefuse,Unrestricted = true)]
namespace DerivedClasses
{
    public class FileIOPermissionExceptionThrower : IniPrinterBase
    {
        public override void PrintIniFile()
        {
            base.PrintIniFile();
        }
    }

    public class InheritanceDemandExceptionThrower : IniPrinterBase
    {
        public override void PrintIniFile()
        {
            ProtectedPrint();
        }
    }   
}

终于在第三个项目的主要程序:

and finally the main program in a third project:

using System;
using DerivedClasses;

namespace MethodSecuritySpike
{
    class Program
    {

        static void Main(string[] args)
        {
            Console.WriteLine("Printing ini file from security enforced method:");
            var printer1 = new FileIOPermissionExceptionThrower();
            printer1.PrintIniFile();
            Console.WriteLine();
            Console.WriteLine("Bypassing security:");
            var printer2 = new InheritanceDemandExceptionThrower();
            printer2.PrintIniFile();
            Console.ReadLine();      
        }
    }
}

为了让这个例子工作,你必须引用BaseClass的装配在DerivedClasses组装和两个BaseClass的和DerivedClasses组件在MethodSecuritySpike组装。 此外,做出适当test.ini文件中的其他任何位置比C盘根:\(否则Windows安全性可以做手脚你)

To make the example work you have to reference the BaseClass assembly in the DerivedClasses assembly and both the BaseClass and DerivedClasses assemblies in the MethodSecuritySpike assembly. Moreover, make an appropriate test.ini file in any other location than the root of C:\ (otherwise windows security may play tricks with you)

运行程序(MethodSecuritySpike.exe)。你会首先看到一个异常被捕获在尝试读取ini文件,然后ini文件的内容显示仍然。

Run the program (MethodSecuritySpike.exe). You will first see that an exception is caught while trying to read the ini file, thereafter the contents of the ini file are displayed nonetheless.

然后拆掉RegistryPermissionAttribute在BaseClass的命名空间之前注释斜杠。运行程序:它拒绝在所有运行

Next remove the comment slashes before the RegistryPermissionAttribute in the BaseClass namespace. Run the program: it refuses to run at all!

说明:
在基类:
[FileIOPermission的(SecurityAction.Deny,AllFiles = FileIOPermissionAccess.Read)
当PrintIniFile被调用的在基类会引起异常的(模拟的情况是,code访问安全性尝试prevent访问INI文件) 该InheritanceDemandExceptionThrower类通过覆盖PrintIniFile法和直接调用ProtectedPrint方法绕过这个安全声明。(模拟一个安全漏洞)

[RegistryPermission的(SecurityAction.InheritanceDemand,无限制= TRUE)]
Requieres是从IniPrinterBase继承的类有上述权限(任意选择,因为它需要很高的信任度) 由于DerivedClasses.dll明确拒绝该权限的程序无法运行时,此属性是注释。

Explanation of the attributes:
In Baseclass:
[FileIOPermission(SecurityAction.Deny, AllFiles = FileIOPermissionAccess.Read)]
Will cause the exception when the PrintIniFile is invoked in the base class (simulates a situation in which Code Access Security tries to prevent accessing an ini file) The InheritanceDemandExceptionThrower class bypasses this security declaration by overriding the PrintIniFile method and calling the ProtectedPrint method directly.(Simulating a security breach)

[RegistryPermission(SecurityAction.InheritanceDemand,Unrestricted = true)]
Requieres that classes that inherit from IniPrinterBase have the above permission (arbitrarily chosen because it will need a high trust level) As the DerivedClasses.dll is explicitly denied this permission the program fails to run when this attribute is uncommented.

在DerivedClasses:
[总成:RegistryPermission的(SecurityAction.RequestRefuse,无限制= TRUE)]
指定用于RegistryAccess的请求应被拒绝(模拟部分信任的环境)。通常情况下这并没有引发异常的类在DerivedClasses.dll不访问注册表。 然而,当inheritancedemand被激活的DerivedClasses.dll需要RegistryPermission的,以便能够实例化其两个类和吹

In DerivedClasses:
[assembly:RegistryPermission(SecurityAction.RequestRefuse,Unrestricted = true)]
Specifies that a request for RegistryAccess should be denied (simulates a partial trust environment). Normally this does not throw an exception as the classes in the DerivedClasses.dll do not access the registry. However, when the inheritancedemand is made active the DerivedClasses.dll needs the registrypermission to be able to instantiate its two classes and blows up.

简单! ; - )

相关推荐