Code:
/ 4.0 / 4.0 / untmp / DEVDIV_TFS / Dev10 / Releases / RTMRel / wpf / src / Core / CSharp / MS / Internal / ConstrainedDataObject.cs / 1305600 / ConstrainedDataObject.cs
//---------------------------------------------------------------------------- // //// Copyright (C) Microsoft Corporation. All rights reserved. // // // // Description: Internal class implemented to primarily disable the XAML cut and paste of content from a // partial trust source to a full trust target // // See spec at http://team/sites/Avalon/Specs/Rich%20Clipboard%20in%20Sandbox%20Spec.doc // // History: // 09/08/2002 : akaza Created // //--------------------------------------------------------------------------- namespace MS.Internal { using System; using System.Collections.Generic; using System.Security; using System.Security.Permissions; using System.Windows; // PreSharp uses message numbers that the C# compiler doesn't know about. // Disable the C# complaints, per the PreSharp documentation. #pragma warning disable 1634, 1691 #region ConstrainedDataObject Class ////// Implements a wrapper class the helps prevent the copy paste of xaml content from partial trust to full trust /// This class is instantiated and returned in the case of copy from a partial trust source to a full trust or >partial trust /// target. The core functionality here is to strip and deny any requests for XAML content or ApplicationTrust Content in a DataObject /// Please note it is by intent that we create a blocked list versus an allowed list of allowed types so as to not block of scenarios like /// inking from getting their content in a full trust application if they want to. /// internal sealed class ConstrainedDataObject : System.Windows.IDataObject { //----------------------------------------------------- // // Constructors // //----------------------------------------------------- #region Constructors ////// Initializes a new instance of the class, containing the specified data. /// ////// Critical: This acts as a cannister to store a dataobject that will contain XAML and ApplicationTrust format. /// The intent is to prevent that from being exposed. We mark this critical to ensure that this is called an created /// only from known locations. Also some of the interface methods that it implements have inheritance demand. /// [SecurityCritical] internal ConstrainedDataObject(System.Windows.IDataObject data) { // This check guarantees us that we can never create a Constrained data Object with a null dataobject Invariant.Assert(data != null); _innerData = data; } #endregion Constructors //------------------------------------------------------ // // Public Methods // //----------------------------------------------------- #region Public Methods ////// Retrieves the data associated with the specified data /// format, using an automated conversion parameter to determine whether to convert /// the data to the format. /// ////// Critical: This accesses the _innerDataObject. /// TreatAsSafe: It filters for the risky information and fails in the case where consumer queries for Xaml or ApplicationTrust /// [SecurityCritical, SecurityTreatAsSafe] public object GetData(string format, bool autoConvert) { if (format == null) { throw new ArgumentNullException("format"); } if (IsCriticalFormat(format)) { return null; } return _innerData.GetData(format, autoConvert); } ////// Retrieves the data associated with the specified data /// format. /// public object GetData(string format) { if (format == null) { throw new ArgumentNullException("format"); } return GetData(format, true); } ////// Retrieves the data associated with the specified class /// type format. /// public object GetData(Type format) { if (format == null) { throw new ArgumentNullException("format"); } return GetData(format.FullName); } ////// Determines whether data stored in this instance is /// associated with, or can be converted to, the specified /// format. /// public bool GetDataPresent(Type format) { if (format == null) { throw new ArgumentNullException("format"); } return (GetDataPresent(format.FullName)); } ////// Determines whether data stored in this instance is /// associated with the specified format, using an automatic conversion /// parameter to determine whether to convert the data to the format. /// ////// Critical: This accesses the _innerDataObject. /// TreatAsSafe: It filters for the risky information and fails in the case where consumer queries for Xaml or ApplicationTrust /// [SecurityCritical, SecurityTreatAsSafe] public bool GetDataPresent(string format, bool autoConvert) { bool dataPresent = false; if (format == null) { throw new ArgumentNullException("format"); } if (!IsCriticalFormat(format)) { dataPresent = _innerData.GetDataPresent(format, autoConvert); } return dataPresent; } ////// Determines whether data stored in this instance is /// associated with, or can be converted to, the specified /// format. /// public bool GetDataPresent(string format) { if (format == null) { throw new ArgumentNullException("format"); } return GetDataPresent(format, true);; } ////// Gets a list of all formats that data stored in this /// instance is associated with or can be converted to, using an automatic /// conversion parameter ///to /// determine whether to retrieve all formats that the data can be converted to or /// only native data formats. /// /// Critical: This code touches _innerData which can expose information about formats we do not want to publicly expose /// for the partial trust to full trust paste scenario. /// [SecurityCritical, SecurityTreatAsSafe] public string[] GetFormats(bool autoConvert) { string[] formats = _innerData.GetFormats(autoConvert); if (formats != null) { StripCriticalFormats(formats); } return formats; } ////// Gets a list of all formats that data stored in this instance is associated /// with or can be converted to. /// public string[] GetFormats() { return GetFormats(true); } ////// Stores the specified data in /// this instance, using the class of the data for the format. /// ////// Critical: This code touches _innerData /// TreatAsSafe: It does not expose it and relies on the protection in DataObject /// to block illegitimate conditions /// [SecurityCritical,SecurityTreatAsSafe] public void SetData(object data) { _innerData.SetData(data); } ////// Stores the specified data and its associated format in this /// instance. /// ////// Critical: This code touches _innerData /// TreatAsSafe: It does not expose it and relies on the protection in DataObject /// to block illegitimate conditions /// [SecurityCritical, SecurityTreatAsSafe] public void SetData(string format, object data) { _innerData.SetData(format, data); } ////// Stores the specified data and /// its associated class type in this instance. /// ////// Critical: This code touches _innerData /// TreatAsSafe: It does not expose it and relies on the protection in DataObject /// to block illegitimate conditions /// [SecurityCritical, SecurityTreatAsSafe] public void SetData(Type format, object data) { _innerData.SetData(format, data); } ////// Stores the specified data and its associated format in /// this instance, using the automatic conversion parameter /// to specify whether the /// data can be converted to another format. /// ////// Critical: This code touches _innerData /// TreatAsSafe: It does not expose it and relies on the protection in DataObject /// to block illegitimate conditions /// [SecurityCritical, SecurityTreatAsSafe] public void SetData(string format, Object data, bool autoConvert) { _innerData.SetData(format, data, autoConvert); } #endregion Public Methods //------------------------------------------------------ // // Internal Methods // //------------------------------------------------------ #region Internal Methods ////// Return true if the format string are equal(Case-senstive). /// private static bool IsFormatEqual(string format1, string format2) { return (String.CompareOrdinal(format1, format2) == 0); } ////// This code looks for Xaml and ApplicationTrust strings in an array of strings and removed them. The reason for that is /// that since the only scenario this class is used in is when the target application has more permissions than the source then /// we want to ensure that the target application cannot get to xaml and application trust formats if they come out of a partial trust source. /// private string[] StripCriticalFormats(string[] formats) { ListresultList = new List (); for (uint currentFormat = 0; currentFormat < formats.Length; currentFormat++) { if (!IsCriticalFormat(formats[currentFormat])) { resultList.Add(formats[currentFormat]); } } return resultList.ToArray(); } /// /// Critical: This code is used to determine whether information returned is secure or not /// TreatAsSafe: This function is critical only for tracking purposes /// /// [SecurityCritical, SecurityTreatAsSafe] private bool IsCriticalFormat(string format) { return (IsFormatEqual(format, DataFormats.Xaml) || IsFormatEqual(format, DataFormats.ApplicationTrust)); } #endregion Private Methods //----------------------------------------------------- // // Private Fields // //------------------------------------------------------ #region Private Fields // Inner data object of IDataObject. ////// This member holds a reference to a dataobject which if exposed allows client code in an app to get to the XAML /// content on the clipboard. This is deisabled for the scenario where target application has more permissions than source of /// data object and that is the only scenario where we create an instance of this class. /// [SecurityCritical] private System.Windows.IDataObject _innerData; #endregion Private Fields } #endregion ConstrainedDataObject Class } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ServiceOperationParameter.cs
- FixedTextBuilder.cs
- Lease.cs
- OpenTypeCommon.cs
- Int32RectConverter.cs
- SmiContextFactory.cs
- _LocalDataStoreMgr.cs
- BuildProviderCollection.cs
- InternalTypeHelper.cs
- StateMachineTimers.cs
- XmlText.cs
- Enum.cs
- FormViewAutoFormat.cs
- TemplateControlParser.cs
- DocumentViewerBase.cs
- TypedColumnHandler.cs
- JsonFormatMapping.cs
- FieldNameLookup.cs
- BinaryObjectInfo.cs
- InstalledFontCollection.cs
- Attributes.cs
- ContainerParaClient.cs
- ServiceNameElementCollection.cs
- DataObjectCopyingEventArgs.cs
- ProfileModule.cs
- SqlDataReaderSmi.cs
- ShaperBuffers.cs
- StdValidatorsAndConverters.cs
- DataBindingExpressionBuilder.cs
- Table.cs
- Stackframe.cs
- ObjectFactoryCodeDomTreeGenerator.cs
- XsdValidatingReader.cs
- CodeMethodReturnStatement.cs
- MessageHeaderInfoTraceRecord.cs
- InternalTypeHelper.cs
- VisualProxy.cs
- SqlTrackingQuery.cs
- GridViewCommandEventArgs.cs
- PersonalizationStateInfoCollection.cs
- DataBoundLiteralControl.cs
- JsonClassDataContract.cs
- CodeNamespaceImport.cs
- BoundingRectTracker.cs
- SafeReadContext.cs
- UpdatePanelControlTrigger.cs
- EpmAttributeNameBuilder.cs
- ZoneIdentityPermission.cs
- BadImageFormatException.cs
- OracleDataReader.cs
- ChtmlLinkAdapter.cs
- EntityParameterCollection.cs
- Misc.cs
- HTTPNotFoundHandler.cs
- GridViewColumn.cs
- HyperlinkAutomationPeer.cs
- ParserExtension.cs
- SystemParameters.cs
- DynamicDataResources.Designer.cs
- ResourceSet.cs
- MemberMaps.cs
- DefaultEvaluationContext.cs
- ContextMenu.cs
- ArrayWithOffset.cs
- ViewBase.cs
- NullableConverter.cs
- ConfigXmlAttribute.cs
- WorkflowApplication.cs
- SemaphoreFullException.cs
- EndpointAddress.cs
- PrincipalPermission.cs
- InProcStateClientManager.cs
- DataRow.cs
- RegistryPermission.cs
- ReadOnlyCollectionBase.cs
- DataShape.cs
- ProfileSettingsCollection.cs
- EdmComplexPropertyAttribute.cs
- WebPartEditorCancelVerb.cs
- DateTimeSerializationSection.cs
- unsafeIndexingFilterStream.cs
- SqlBulkCopyColumnMapping.cs
- ComponentCollection.cs
- Ref.cs
- HtmlControl.cs
- AudioFormatConverter.cs
- Config.cs
- HtmlButton.cs
- SendSecurityHeaderElementContainer.cs
- FocusChangedEventArgs.cs
- ZoneLinkButton.cs
- XmlTextAttribute.cs
- IndentedWriter.cs
- WindowsToolbarAsMenu.cs
- ConfigurationManagerHelper.cs
- _ChunkParse.cs
- StructuredType.cs
- FocusManager.cs
- ObjectToIdCache.cs
- SchemaImporterExtensionElement.cs