removing the verifier (broken security is worse than no security.)

2010-04-04 16:08:34 +12:00
parent 8f1102016c
commit ed33684cd5
3 changed files with 2 additions and 220 deletions
--- a/OpenRA.FileFormats/OpenRA.FileFormats.csproj
+++ b/OpenRA.FileFormats/OpenRA.FileFormats.csproj
@@ -97,7 +97,6 @@
    <Compile Include="TileSet.cs" />
    <Compile Include="Tuple.cs" />
    <Compile Include="TypeDictionary.cs" />
    <Compile Include="Verifier.cs" />
    <Compile Include="Walkability.cs" />
    <Compile Include="ActorReference.cs" />
    <Compile Include="TerrainColorSet.cs" />
--- a/OpenRA.FileFormats/Verifier.cs
+++ b/OpenRA.FileFormats/Verifier.cs
@@ -1,207 +0,0 @@
 #region Copyright & License Information
 /*
 * Copyright 2007,2009,2010 Chris Forbes, Robert Pepperell, Matthew Bowra-Dean, Paul Chote, Alli Witheford.
 * This file is part of OpenRA.
 * 
 *  OpenRA is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 * 
 *  OpenRA is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 * 
 *  You should have received a copy of the GNU General Public License
 *  along with OpenRA.  If not, see <http://www.gnu.org/licenses/>.
 */
 #endregion
 using System;
 using System.Reflection;
 using System.Collections.Generic;
 using System.Reflection.Emit;
 using System.Linq;
 namespace OpenRA.FileFormats
 {
 	public static class Verifier
 	{
 		static readonly string[] AllowedPatterns = {
 		   "System.Collections.Generic.*",
 		   "System.Linq.*",
 		   "OpenRA.*",
 		   "System.Collections.*",
 		   "System.Func*",
 		   "System.String:*",
 		   "System.IDisposable:*",
 		   "System.Action*",
 		   "System.Object:*",
 		   "System.Math:*",
 		   "System.Predicate*",
 		   "System.NotSupportedException:.ctor",
 		   "System.Threading.Thread:get_CurrentThread",
 		   "System.Threading.Thread:get_ManagedThreadId",
 		   // Fixes to let the game run: should be checked by someone knowledgeable
 		   "System.Threading.Interlocked:CompareExchange",
 		   "System.Drawing.Color:*",
 	   };
 		public static bool IsSafe(string filename, List<string> failures)
 		{
 			Log.Write("Start verification: {0}", filename);
 			AppDomain.CurrentDomain.ReflectionOnlyAssemblyResolve += (s, a) => Assembly.ReflectionOnlyLoad(a.Name);
 			var flags = BindingFlags.Instance | BindingFlags.Static |
 				BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.DeclaredOnly;
 			var assembly = Assembly.ReflectionOnlyLoadFrom(filename);
 			var pinvokes = assembly.GetTypes()
 				.SelectMany(t => t.GetMethods(flags))
 				.Where(m => (m.Attributes & MethodAttributes.PinvokeImpl) != 0)
 				.Select(m => m.Name).ToArray();
 			foreach (var pi in pinvokes)
 				failures.Add("P/Invoke: {0}".F(pi));
 			foreach (var fn in assembly
 				.GetTypes()
 				.SelectMany(x => x.GetMembers(flags))
 				.SelectMany(x => FunctionsUsedBy(x))
 				.Where(x => x.DeclaringType.Assembly != assembly)
 				.Select(x => string.Format("{0}:{1}", x.DeclaringType.FullName, x.Name))
 				.OrderBy(x => x)
 				.Distinct())
 				if (!IsAllowed(fn))
 					failures.Add("Unsafe function: {0}".F(fn));
 			return failures.Count == 0;
 		}
 		static bool IsAllowed(string fn)
 		{
 			foreach (var p in AllowedPatterns)
 				if (p.EndsWith("*"))
 				{
 					if (fn.StartsWith(p.Substring(0, p.Length - 1))) return true;
 				}
 				else
 				{
 					if (fn == p) return true;
 				}
 			Log.Write(fn);
 			return false;
 		}
 		static IEnumerable<MethodBase> FunctionsUsedBy( MemberInfo x )
 		{
 			if( x is MethodInfo )
 			{
 				var method = x as MethodInfo;
 				if (method.GetMethodBody() != null)
 					foreach( var fn in CheckIL( method.GetMethodBody().GetILAsByteArray(), x.Module, x.DeclaringType.GetGenericArguments(), method.GetGenericArguments() ) )
 						yield return fn;
 			}
 			else if( x is ConstructorInfo )
 			{
 				var method = x as ConstructorInfo;
 				if (method.GetMethodBody() != null)
 					foreach( var fn in CheckIL( method.GetMethodBody().GetILAsByteArray(), x.Module, x.DeclaringType.GetGenericArguments(), new Type[ 0 ] ) )
 						yield return fn;
 			}
 			else if( x is FieldInfo )
 			{
 				// ignore it
 			}
 			else if( x is PropertyInfo )
 			{
 				var prop = x as PropertyInfo;
 				foreach( var method in prop.GetAccessors() )
 					if (method.GetMethodBody() != null)
 						foreach( var fn in CheckIL( method.GetMethodBody().GetILAsByteArray(), x.Module, x.DeclaringType.GetGenericArguments(), new Type[ 0 ] ) )
 							yield return fn;
 			}
 			else if( x is Type )
 			{
 				// ... shouldn't happen, but does.... :O
 			}
 			else
 				throw new NotImplementedException();
 		}
 		static IEnumerable<MethodBase> CheckIL( byte[] p, Module a, Type[] classGenerics, Type[] functionGenerics )
 		{
 			var position = 0;
 			var ret = new List<int>();
 			while( position < p.Length )
 			{
 				var opcode = OpCodeMap.GetOpCode( p, position );
 				position += opcode.Size;
 				if( opcode.OperandType == OperandType.InlineMethod )
 					ret.Add( BitConverter.ToInt32( p, position ));
 				position += OperandSize( opcode, p, position );
 			}
 			return ret.Select( t => a.ResolveMethod( t, classGenerics, functionGenerics ) );
 		}
 		static int OperandSize( OpCode opcode, byte[] p, int position )
 		{
 			switch( opcode.OperandType )
 			{
 			case OperandType.InlineNone:
 				return 0;
 			case OperandType.InlineMethod:
 			case OperandType.InlineField:
 			case OperandType.InlineType:
 			case OperandType.InlineTok:
 			case OperandType.InlineString:
 			case OperandType.InlineI:
 			case OperandType.InlineBrTarget:
 				return 4;
 			case OperandType.ShortInlineBrTarget:
 			case OperandType.ShortInlineI:
 			case OperandType.ShortInlineVar:
 				return 1;
 			case OperandType.InlineSwitch:
 				var numSwitchArgs = BitConverter.ToUInt32( p, position );
 				return (int)( 4 + 4 * numSwitchArgs );
 			case OperandType.ShortInlineR:
 				return 4;
 			default:
 				throw new NotImplementedException("Unsupported: {0}".F(opcode.OperandType));
 			}
 		}
 	}
 	static class OpCodeMap
 	{
 		static readonly Dictionary<byte, OpCode> simpleOps = new Dictionary<byte, OpCode>();
 		static readonly Dictionary<byte, OpCode> feOps = new Dictionary<byte, OpCode>();
 		static OpCodeMap()
 		{
 			foreach( var o in typeof( OpCodes ).GetFields( BindingFlags.Static | BindingFlags.Public ).Select( f => (OpCode)f.GetValue( null ) ) )
 			{
 				if( o.Size == 1 )
 					simpleOps.Add( (byte)o.Value, o );
 				else if( o.Size == 2 )
 					feOps.Add( (byte)( o.Value & 0xFF ), o );
 				else
 					throw new NotImplementedException();
 			}
 		}
 		public static OpCode GetOpCode( byte[] input, int position )
 		{
 			if( input[ position ] != 0xFE )
 				return simpleOps[ input[ position ] ];
 			else
 				return feOps[ input[ position + 1 ] ];
 		}
 	}
 }
--- a/OpenRA.Game/Game.cs
+++ b/OpenRA.Game/Game.cs
@@ -79,19 +79,9 @@ namespace OpenRA
 			{
 				var failures = new List<string>();
 				var fullpath = Path.GetFullPath(a);
 				if (Verifier.IsSafe(fullpath, failures))
 				{
 					var asm = Assembly.LoadFile(fullpath);
 					asms.AddRange(asm.GetNamespaces().Select(ns => Pair.New(asm, ns)));
 				}
 				else
 				{
 					Log.Write("Assembly `{0}` cannot be verified. Failures:", a);
 					foreach (var f in failures)
 						Log.Write("\t{0}", f);
-					throw new InvalidOperationException("Failed verification. See the log for further details.");
+				var asm = Assembly.LoadFile(fullpath);
-				}
+				asms.AddRange(asm.GetNamespaces().Select(ns => Pair.New(asm, ns)));
 			}
 			ModAssemblies = asms.ToArray();