Code:
/ Net / Net / 3.5.50727.3053 / DEVDIV / depot / DevDiv / releases / Orcas / SP / wpf / src / Core / CSharp / MS / Internal / ConstrainedDataObject.cs / 1 / ConstrainedDataObject.cs
//----------------------------------------------------------------------------
//
//
// Copyright (C) Microsoft Corporation. All rights reserved.
//
//
//
// Description: Internal class implemented to primarily disable the XAML cut and paste of content from a
// partial trust source to a full trust target
//
// See spec at http://team/sites/Avalon/Specs/Rich%20Clipboard%20in%20Sandbox%20Spec.doc
//
// History:
// 09/08/2002 : akaza Created
//
//---------------------------------------------------------------------------
namespace MS.Internal
{
using System;
using System.Collections.Generic;
using System.Security;
using System.Security.Permissions;
using System.Windows;
// PreSharp uses message numbers that the C# compiler doesn't know about.
// Disable the C# complaints, per the PreSharp documentation.
#pragma warning disable 1634, 1691
#region ConstrainedDataObject Class
///
/// Implements a wrapper class the helps prevent the copy paste of xaml content from partial trust to full trust
/// This class is instantiated and returned in the case of copy from a partial trust source to a full trust or >partial trust
/// target. The core functionality here is to strip and deny any requests for XAML content or ApplicationTrust Content in a DataObject
/// Please note it is by intent that we create a blocked list versus an allowed list of allowed types so as to not block of scenarios like
/// inking from getting their content in a full trust application if they want to.
///
internal sealed class ConstrainedDataObject : System.Windows.IDataObject
{
//-----------------------------------------------------
//
// Constructors
//
//-----------------------------------------------------
#region Constructors
///
/// Initializes a new instance of the class, containing the specified data.
///
///
/// Critical: This acts as a cannister to store a dataobject that will contain XAML and ApplicationTrust format.
/// The intent is to prevent that from being exposed. We mark this critical to ensure that this is called an created
/// only from known locations. Also some of the interface methods that it implements have inheritance demand.
///
[SecurityCritical]
internal ConstrainedDataObject(System.Windows.IDataObject data)
{
// This check guarantees us that we can never create a Constrained data Object with a null dataobject
Invariant.Assert(data != null);
_innerData = data;
}
#endregion Constructors
//------------------------------------------------------
//
// Public Methods
//
//-----------------------------------------------------
#region Public Methods
///
/// Retrieves the data associated with the specified data
/// format, using an automated conversion parameter to determine whether to convert
/// the data to the format.
///
///
/// Critical: This accesses the _innerDataObject.
/// TreatAsSafe: It filters for the risky information and fails in the case where consumer queries for Xaml or ApplicationTrust
///
[SecurityCritical, SecurityTreatAsSafe]
public object GetData(string format, bool autoConvert)
{
if (format == null)
{
throw new ArgumentNullException("format");
}
if (IsCriticalFormat(format))
{
return null;
}
return _innerData.GetData(format, autoConvert);
}
///
/// Retrieves the data associated with the specified data
/// format.
///
public object GetData(string format)
{
if (format == null)
{
throw new ArgumentNullException("format");
}
return GetData(format, true);
}
///
/// Retrieves the data associated with the specified class
/// type format.
///
public object GetData(Type format)
{
if (format == null)
{
throw new ArgumentNullException("format");
}
return GetData(format.FullName);
}
///
/// Determines whether data stored in this instance is
/// associated with, or can be converted to, the specified
/// format.
///
public bool GetDataPresent(Type format)
{
if (format == null)
{
throw new ArgumentNullException("format");
}
return (GetDataPresent(format.FullName));
}
///
/// Determines whether data stored in this instance is
/// associated with the specified format, using an automatic conversion
/// parameter to determine whether to convert the data to the format.
///
///
/// Critical: This accesses the _innerDataObject.
/// TreatAsSafe: It filters for the risky information and fails in the case where consumer queries for Xaml or ApplicationTrust
///
[SecurityCritical, SecurityTreatAsSafe]
public bool GetDataPresent(string format, bool autoConvert)
{
bool dataPresent = false;
if (format == null)
{
throw new ArgumentNullException("format");
}
if (!IsCriticalFormat(format))
{
dataPresent = _innerData.GetDataPresent(format, autoConvert);
}
return dataPresent;
}
///
/// Determines whether data stored in this instance is
/// associated with, or can be converted to, the specified
/// format.
///
public bool GetDataPresent(string format)
{
if (format == null)
{
throw new ArgumentNullException("format");
}
return GetDataPresent(format, true);;
}
///
/// Gets a list of all formats that data stored in this
/// instance is associated with or can be converted to, using an automatic
/// conversion parameter
///
/// Critical: This code touches _innerData which can expose information about formats we do not want to publicly expose
/// for the partial trust to full trust paste scenario.
///
[SecurityCritical, SecurityTreatAsSafe]
public string[] GetFormats(bool autoConvert)
{
string[] formats = _innerData.GetFormats(autoConvert);
if (formats != null)
{
StripCriticalFormats(formats);
}
return formats;
}
///
/// Gets a list of all formats that data stored in this instance is associated
/// with or can be converted to.
///
public string[] GetFormats()
{
return GetFormats(true);
}
///
/// Stores the specified data in
/// this instance, using the class of the data for the format.
///
///
/// Critical: This code touches _innerData
/// TreatAsSafe: It does not expose it and relies on the protection in DataObject
/// to block illegitimate conditions
///
[SecurityCritical,SecurityTreatAsSafe]
public void SetData(object data)
{
_innerData.SetData(data);
}
///
/// Stores the specified data and its associated format in this
/// instance.
///
///
/// Critical: This code touches _innerData
/// TreatAsSafe: It does not expose it and relies on the protection in DataObject
/// to block illegitimate conditions
///
[SecurityCritical, SecurityTreatAsSafe]
public void SetData(string format, object data)
{
_innerData.SetData(format, data);
}
///
/// Stores the specified data and
/// its associated class type in this instance.
///
///
/// Critical: This code touches _innerData
/// TreatAsSafe: It does not expose it and relies on the protection in DataObject
/// to block illegitimate conditions
///
[SecurityCritical, SecurityTreatAsSafe]
public void SetData(Type format, object data)
{
_innerData.SetData(format, data);
}
///
/// Stores the specified data and its associated format in
/// this instance, using the automatic conversion parameter
/// to specify whether the
/// data can be converted to another format.
///
///
/// Critical: This code touches _innerData
/// TreatAsSafe: It does not expose it and relies on the protection in DataObject
/// to block illegitimate conditions
///
[SecurityCritical, SecurityTreatAsSafe]
public void SetData(string format, Object data, bool autoConvert)
{
_innerData.SetData(format, data, autoConvert);
}
#endregion Public Methods
//------------------------------------------------------
//
// Internal Methods
//
//------------------------------------------------------
#region Internal Methods
///
/// Return true if the format string are equal(Case-senstive).
///
private static bool IsFormatEqual(string format1, string format2)
{
return (String.CompareOrdinal(format1, format2) == 0);
}
///
/// This code looks for Xaml and ApplicationTrust strings in an array of strings and removed them. The reason for that is
/// that since the only scenario this class is used in is when the target application has more permissions than the source then
/// we want to ensure that the target application cannot get to xaml and application trust formats if they come out of a partial trust source.
///
private string[] StripCriticalFormats(string[] formats)
{
List resultList = new List();
for (uint currentFormat = 0; currentFormat < formats.Length; currentFormat++)
{
if (!IsCriticalFormat(formats[currentFormat]))
{
resultList.Add(formats[currentFormat]);
}
}
return resultList.ToArray();
}
///
/// Critical: This code is used to determine whether information returned is secure or not
/// TreatAsSafe: This function is critical only for tracking purposes
///
///
[SecurityCritical, SecurityTreatAsSafe]
private bool IsCriticalFormat(string format)
{
return (IsFormatEqual(format, DataFormats.Xaml) ||
IsFormatEqual(format, DataFormats.ApplicationTrust));
}
#endregion Private Methods
//-----------------------------------------------------
//
// Private Fields
//
//------------------------------------------------------
#region Private Fields
// Inner data object of IDataObject.
///
/// This member holds a reference to a dataobject which if exposed allows client code in an app to get to the XAML
/// content on the clipboard. This is deisabled for the scenario where target application has more permissions than source of
/// data object and that is the only scenario where we create an instance of this class.
///
[SecurityCritical]
private System.Windows.IDataObject _innerData;
#endregion Private Fields
}
#endregion ConstrainedDataObject Class
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
//----------------------------------------------------------------------------
//
//
// Copyright (C) Microsoft Corporation. All rights reserved.
//
//
//
// Description: Internal class implemented to primarily disable the XAML cut and paste of content from a
// partial trust source to a full trust target
//
// See spec at http://team/sites/Avalon/Specs/Rich%20Clipboard%20in%20Sandbox%20Spec.doc
//
// History:
// 09/08/2002 : akaza Created
//
//---------------------------------------------------------------------------
namespace MS.Internal
{
using System;
using System.Collections.Generic;
using System.Security;
using System.Security.Permissions;
using System.Windows;
// PreSharp uses message numbers that the C# compiler doesn't know about.
// Disable the C# complaints, per the PreSharp documentation.
#pragma warning disable 1634, 1691
#region ConstrainedDataObject Class
///
/// Implements a wrapper class the helps prevent the copy paste of xaml content from partial trust to full trust
/// This class is instantiated and returned in the case of copy from a partial trust source to a full trust or >partial trust
/// target. The core functionality here is to strip and deny any requests for XAML content or ApplicationTrust Content in a DataObject
/// Please note it is by intent that we create a blocked list versus an allowed list of allowed types so as to not block of scenarios like
/// inking from getting their content in a full trust application if they want to.
///
internal sealed class ConstrainedDataObject : System.Windows.IDataObject
{
//-----------------------------------------------------
//
// Constructors
//
//-----------------------------------------------------
#region Constructors
///
/// Initializes a new instance of the class, containing the specified data.
///
///
/// Critical: This acts as a cannister to store a dataobject that will contain XAML and ApplicationTrust format.
/// The intent is to prevent that from being exposed. We mark this critical to ensure that this is called an created
/// only from known locations. Also some of the interface methods that it implements have inheritance demand.
///
[SecurityCritical]
internal ConstrainedDataObject(System.Windows.IDataObject data)
{
// This check guarantees us that we can never create a Constrained data Object with a null dataobject
Invariant.Assert(data != null);
_innerData = data;
}
#endregion Constructors
//------------------------------------------------------
//
// Public Methods
//
//-----------------------------------------------------
#region Public Methods
///
/// Retrieves the data associated with the specified data
/// format, using an automated conversion parameter to determine whether to convert
/// the data to the format.
///
///
/// Critical: This accesses the _innerDataObject.
/// TreatAsSafe: It filters for the risky information and fails in the case where consumer queries for Xaml or ApplicationTrust
///
[SecurityCritical, SecurityTreatAsSafe]
public object GetData(string format, bool autoConvert)
{
if (format == null)
{
throw new ArgumentNullException("format");
}
if (IsCriticalFormat(format))
{
return null;
}
return _innerData.GetData(format, autoConvert);
}
///
/// Retrieves the data associated with the specified data
/// format.
///
public object GetData(string format)
{
if (format == null)
{
throw new ArgumentNullException("format");
}
return GetData(format, true);
}
///
/// Retrieves the data associated with the specified class
/// type format.
///
public object GetData(Type format)
{
if (format == null)
{
throw new ArgumentNullException("format");
}
return GetData(format.FullName);
}
///
/// Determines whether data stored in this instance is
/// associated with, or can be converted to, the specified
/// format.
///
public bool GetDataPresent(Type format)
{
if (format == null)
{
throw new ArgumentNullException("format");
}
return (GetDataPresent(format.FullName));
}
///
/// Determines whether data stored in this instance is
/// associated with the specified format, using an automatic conversion
/// parameter to determine whether to convert the data to the format.
///
///
/// Critical: This accesses the _innerDataObject.
/// TreatAsSafe: It filters for the risky information and fails in the case where consumer queries for Xaml or ApplicationTrust
///
[SecurityCritical, SecurityTreatAsSafe]
public bool GetDataPresent(string format, bool autoConvert)
{
bool dataPresent = false;
if (format == null)
{
throw new ArgumentNullException("format");
}
if (!IsCriticalFormat(format))
{
dataPresent = _innerData.GetDataPresent(format, autoConvert);
}
return dataPresent;
}
///
/// Determines whether data stored in this instance is
/// associated with, or can be converted to, the specified
/// format.
///
public bool GetDataPresent(string format)
{
if (format == null)
{
throw new ArgumentNullException("format");
}
return GetDataPresent(format, true);;
}
///
/// Gets a list of all formats that data stored in this
/// instance is associated with or can be converted to, using an automatic
/// conversion parameter
///
/// Critical: This code touches _innerData which can expose information about formats we do not want to publicly expose
/// for the partial trust to full trust paste scenario.
///
[SecurityCritical, SecurityTreatAsSafe]
public string[] GetFormats(bool autoConvert)
{
string[] formats = _innerData.GetFormats(autoConvert);
if (formats != null)
{
StripCriticalFormats(formats);
}
return formats;
}
///
/// Gets a list of all formats that data stored in this instance is associated
/// with or can be converted to.
///
public string[] GetFormats()
{
return GetFormats(true);
}
///
/// Stores the specified data in
/// this instance, using the class of the data for the format.
///
///
/// Critical: This code touches _innerData
/// TreatAsSafe: It does not expose it and relies on the protection in DataObject
/// to block illegitimate conditions
///
[SecurityCritical,SecurityTreatAsSafe]
public void SetData(object data)
{
_innerData.SetData(data);
}
///
/// Stores the specified data and its associated format in this
/// instance.
///
///
/// Critical: This code touches _innerData
/// TreatAsSafe: It does not expose it and relies on the protection in DataObject
/// to block illegitimate conditions
///
[SecurityCritical, SecurityTreatAsSafe]
public void SetData(string format, object data)
{
_innerData.SetData(format, data);
}
///
/// Stores the specified data and
/// its associated class type in this instance.
///
///
/// Critical: This code touches _innerData
/// TreatAsSafe: It does not expose it and relies on the protection in DataObject
/// to block illegitimate conditions
///
[SecurityCritical, SecurityTreatAsSafe]
public void SetData(Type format, object data)
{
_innerData.SetData(format, data);
}
///
/// Stores the specified data and its associated format in
/// this instance, using the automatic conversion parameter
/// to specify whether the
/// data can be converted to another format.
///
///
/// Critical: This code touches _innerData
/// TreatAsSafe: It does not expose it and relies on the protection in DataObject
/// to block illegitimate conditions
///
[SecurityCritical, SecurityTreatAsSafe]
public void SetData(string format, Object data, bool autoConvert)
{
_innerData.SetData(format, data, autoConvert);
}
#endregion Public Methods
//------------------------------------------------------
//
// Internal Methods
//
//------------------------------------------------------
#region Internal Methods
///
/// Return true if the format string are equal(Case-senstive).
///
private static bool IsFormatEqual(string format1, string format2)
{
return (String.CompareOrdinal(format1, format2) == 0);
}
///
/// This code looks for Xaml and ApplicationTrust strings in an array of strings and removed them. The reason for that is
/// that since the only scenario this class is used in is when the target application has more permissions than the source then
/// we want to ensure that the target application cannot get to xaml and application trust formats if they come out of a partial trust source.
///
private string[] StripCriticalFormats(string[] formats)
{
List resultList = new List();
for (uint currentFormat = 0; currentFormat < formats.Length; currentFormat++)
{
if (!IsCriticalFormat(formats[currentFormat]))
{
resultList.Add(formats[currentFormat]);
}
}
return resultList.ToArray();
}
///
/// Critical: This code is used to determine whether information returned is secure or not
/// TreatAsSafe: This function is critical only for tracking purposes
///
///
[SecurityCritical, SecurityTreatAsSafe]
private bool IsCriticalFormat(string format)
{
return (IsFormatEqual(format, DataFormats.Xaml) ||
IsFormatEqual(format, DataFormats.ApplicationTrust));
}
#endregion Private Methods
//-----------------------------------------------------
//
// Private Fields
//
//------------------------------------------------------
#region Private Fields
// Inner data object of IDataObject.
///
/// This member holds a reference to a dataobject which if exposed allows client code in an app to get to the XAML
/// content on the clipboard. This is deisabled for the scenario where target application has more permissions than source of
/// data object and that is the only scenario where we create an instance of this class.
///
[SecurityCritical]
private System.Windows.IDataObject _innerData;
#endregion Private Fields
}
#endregion ConstrainedDataObject Class
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- TTSVoice.cs
- ObfuscationAttribute.cs
- TextMarkerSource.cs
- PrintPreviewControl.cs
- Queue.cs
- PropertyKey.cs
- ValueQuery.cs
- XmlWriterSettings.cs
- StyleCollection.cs
- SafeRegistryHandle.cs
- TreeViewImageIndexConverter.cs
- Classification.cs
- CrossSiteScriptingValidation.cs
- TextFormatterHost.cs
- RectIndependentAnimationStorage.cs
- SoapExtensionTypeElement.cs
- ReaderOutput.cs
- XmlSchemaException.cs
- NavigationWindowAutomationPeer.cs
- SqlDataSourceEnumerator.cs
- RegexFCD.cs
- BitVector32.cs
- DetailsViewUpdatedEventArgs.cs
- COM2IPerPropertyBrowsingHandler.cs
- StylusEventArgs.cs
- SystemGatewayIPAddressInformation.cs
- RequestCache.cs
- FileUtil.cs
- XmlExpressionDumper.cs
- StylusDownEventArgs.cs
- EntitySet.cs
- CodeTryCatchFinallyStatement.cs
- NonDualMessageSecurityOverHttpElement.cs
- OrderPreservingMergeHelper.cs
- ControlBindingsCollection.cs
- NodeLabelEditEvent.cs
- HttpResponseHeader.cs
- IdentityValidationException.cs
- DataGridLinkButton.cs
- PeerApplication.cs
- SamlSubject.cs
- ObjectItemLoadingSessionData.cs
- AuthenticatingEventArgs.cs
- RequestQueryParser.cs
- CqlParser.cs
- ControlBindingsCollection.cs
- DocumentViewerBaseAutomationPeer.cs
- InkCanvasFeedbackAdorner.cs
- TokenBasedSet.cs
- WS2007HttpBindingElement.cs
- WebServiceTypeData.cs
- CodeGenerator.cs
- UniqueConstraint.cs
- SectionUpdates.cs
- ErrorReporting.cs
- BamlWriter.cs
- ComponentEvent.cs
- Input.cs
- ProfilePropertySettingsCollection.cs
- DictionaryMarkupSerializer.cs
- ImageMapEventArgs.cs
- DecimalKeyFrameCollection.cs
- InvokePatternIdentifiers.cs
- PackWebRequestFactory.cs
- RegularExpressionValidator.cs
- Vector3DAnimationUsingKeyFrames.cs
- HttpHandlerAction.cs
- ToolStripItemImageRenderEventArgs.cs
- GridViewRowPresenterBase.cs
- PageRanges.cs
- SplitContainer.cs
- ColumnMap.cs
- PageAdapter.cs
- SudsParser.cs
- ComboBoxAutomationPeer.cs
- BooleanFunctions.cs
- SpeakInfo.cs
- LayoutTableCell.cs
- PropertyGridEditorPart.cs
- XmlSerializerVersionAttribute.cs
- TextProperties.cs
- ListCommandEventArgs.cs
- CustomBinding.cs
- XmlSequenceWriter.cs
- ShaperBuffers.cs
- InvokerUtil.cs
- GeometryHitTestParameters.cs
- ActivationServices.cs
- SafeHGlobalHandleCritical.cs
- Interlocked.cs
- ListenerPerfCounters.cs
- DataGridViewElement.cs
- StorageInfo.cs
- InstanceLockedException.cs
- Pens.cs
- ObjectParameterCollection.cs
- ConfigXmlCDataSection.cs
- InternalDispatchObject.cs
- SystemWebCachingSectionGroup.cs
- ListViewInsertionMark.cs