diff options
Diffstat (limited to 'src/vm/dangerousapis.h')
-rw-r--r-- | src/vm/dangerousapis.h | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/src/vm/dangerousapis.h b/src/vm/dangerousapis.h new file mode 100644 index 0000000000..13122b7e8d --- /dev/null +++ b/src/vm/dangerousapis.h @@ -0,0 +1,71 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. +// + +// +//////////////////////////////////////////////////////////////////////////////// +// This header file defines the list of dangerous APIs and +// is used by InvokeUtil::IsDangerousMethod. +// Dangerous APIs are the APIs that make security decisions based on the result +// of a stack walk. When these APIs are invoked through reflection or delegate +// the stack walker can be easily confused, resulting in security holes. +//////////////////////////////////////////////////////////////////////////////// + +#ifndef API_NAMES +#define API_NAMES(...) __VA_ARGS__ +#endif // !API_NAMES + +// ToString is never dangerous but we include it on the Runtime*Info types because of a JScript.Net compat issue. +// JScript.Net tries to invoke these ToString APIs when a Runtime*Info object is compared to another object of a different type (e.g. a string). +// This used to cause a SecurityException in partial trust (which JScript catches) because the API was considered dangerous. +// Now this causes a MethodAccessException in partial trust because the API is inaccessible. So we add them back to the "dangerous" API +// list to maintain compatibility. See Devdiv bug 419443 for details. +DEFINE_DANGEROUS_API(APP_DOMAIN, API_NAMES("CreateInstance", "CreateComInstanceFrom", "CreateInstanceAndUnwrap", "CreateInstanceFrom", "CreateInstanceFromAndUnwrap ", "DefineDynamicAssembly", "Load")) +DEFINE_DANGEROUS_API(ASSEMBLYBASE, API_NAMES("CreateInstance", "Load")) +DEFINE_DANGEROUS_API(ASSEMBLY, API_NAMES("CreateInstance", "Load")) +DEFINE_DANGEROUS_API(ASSEMBLY_BUILDER, API_NAMES("CreateInstance", "DefineDynamicAssembly", "DefineDynamicModule")) +DEFINE_DANGEROUS_API(INTERNAL_ASSEMBLY_BUILDER, API_NAMES("CreateInstance")) +DEFINE_DANGEROUS_API(METHOD_BASE, API_NAMES("Invoke")) +DEFINE_DANGEROUS_API(CONSTRUCTOR_INFO, API_NAMES("Invoke", \ + "System.Runtime.InteropServices._ConstructorInfo.Invoke_2", \ + "System.Runtime.InteropServices._ConstructorInfo.Invoke_3", \ + "System.Runtime.InteropServices._ConstructorInfo.Invoke_4", \ + "System.Runtime.InteropServices._ConstructorInfo.Invoke_5")) +DEFINE_DANGEROUS_API(CONSTRUCTOR, API_NAMES("Invoke", "ToString")) +DEFINE_DANGEROUS_API(METHOD_INFO, API_NAMES("CreateDelegate", "Invoke")) +DEFINE_DANGEROUS_API(METHOD, API_NAMES("CreateDelegate", "Invoke", "ToString")) +DEFINE_DANGEROUS_API(DYNAMICMETHOD, API_NAMES("CreateDelegate", "Invoke", ".ctor")) +DEFINE_DANGEROUS_API(TYPE, API_NAMES("InvokeMember")) +DEFINE_DANGEROUS_API(CLASS, API_NAMES("InvokeMember", "ToString")) +DEFINE_DANGEROUS_API(TYPE_DELEGATOR, API_NAMES("InvokeMember")) +DEFINE_DANGEROUS_API(RT_FIELD_INFO, API_NAMES("GetValue", "SetValue", "ToString")) +DEFINE_DANGEROUS_API(FIELD_INFO, API_NAMES("GetValue", "SetValue")) +DEFINE_DANGEROUS_API(FIELD, API_NAMES("GetValue", "SetValue", "ToString")) +DEFINE_DANGEROUS_API(PROPERTY_INFO, API_NAMES("GetValue", "SetValue")) +DEFINE_DANGEROUS_API(PROPERTY, API_NAMES("GetValue", "SetValue", "ToString")) +DEFINE_DANGEROUS_API(EVENT_INFO, API_NAMES("AddEventHandler", "RemoveEventHandler")) +DEFINE_DANGEROUS_API(EVENT, API_NAMES("AddEventHandler", "RemoveEventHandler", "ToString")) +DEFINE_DANGEROUS_API(RESOURCE_MANAGER, API_NAMES("GetResourceSet", "InternalGetResourceSet", ".ctor")) + +#if defined(FEATURE_COMINTEROP) && !defined(FEATURE_CORECLR) +// The COM interfaces implemented by the reflection types. +// The IDispatch Invoke methods are not included here because they are not implemented in mscorlib. +DEFINE_DANGEROUS_API(ITYPE, API_NAMES("InvokeMember")) +DEFINE_DANGEROUS_API(IASSEMBLY, API_NAMES("CreateInstance")) +DEFINE_DANGEROUS_API(IMETHODBASE, API_NAMES("Invoke")) +DEFINE_DANGEROUS_API(IMETHODINFO, API_NAMES("Invoke")) +DEFINE_DANGEROUS_API(ICONSTRUCTORINFO, API_NAMES("Invoke", "Invoke_2", "Invoke_3", "Invoke_4", "Invoke_5")) +DEFINE_DANGEROUS_API(IFIELDINFO, API_NAMES("GetValue", "SetValue")) +DEFINE_DANGEROUS_API(IPROPERTYINFO, API_NAMES("GetValue", "SetValue")) +DEFINE_DANGEROUS_API(IEVENTINFO, API_NAMES("AddEventHandler", "RemoveEventHandler")) +DEFINE_DANGEROUS_API(IAPPDOMAIN, API_NAMES("CreateInstance", "CreateInstanceFrom", "DefineDynamicAssembly", "Load")) +DEFINE_DANGEROUS_API(IREFLECT, API_NAMES("InvokeMember")) +#endif // FEATURE_COMINTEROP && !FEATURE_CORECLR + + + + + + + |