forked from microsoft/garnet
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support loading module from command line (microsoft#679)
* Initial draft. * Validate module paths. * Added tests. * Refactoring. * Avoid loading assembly if signing check fails. --------- Co-authored-by: Badrish Chandramouli <[email protected]>
- Loading branch information
Showing
13 changed files
with
222 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT license. | ||
|
||
using System; | ||
using System.Collections.Generic; | ||
using System.IO; | ||
using System.Linq; | ||
using System.Reflection; | ||
using System.Reflection.Metadata; | ||
using System.Reflection.PortableExecutable; | ||
using Garnet.common; | ||
|
||
namespace Garnet.server | ||
{ | ||
public class ModuleUtils | ||
{ | ||
public static bool LoadAssemblies( | ||
IEnumerable<string> binaryPaths, | ||
string[] allowedExtensionPaths, | ||
bool allowUnsignedAssemblies, | ||
out IEnumerable<Assembly> loadedAssemblies, | ||
out ReadOnlySpan<byte> errorMessage) | ||
{ | ||
loadedAssemblies = null; | ||
errorMessage = default; | ||
|
||
// Get all binary file paths from inputs binary paths | ||
if (!FileUtils.TryGetFiles(binaryPaths, out var files, out _, [".dll", ".exe"], SearchOption.AllDirectories)) | ||
{ | ||
errorMessage = CmdStrings.RESP_ERR_GENERIC_GETTING_BINARY_FILES; | ||
return false; | ||
} | ||
|
||
// Check that all binary files are contained in allowed binary paths | ||
var binaryFiles = files.ToArray(); | ||
if (allowedExtensionPaths != null) | ||
{ | ||
if (binaryFiles.Any(f => | ||
allowedExtensionPaths.All(p => !FileUtils.IsFileInDirectory(f, p)))) | ||
{ | ||
errorMessage = CmdStrings.RESP_ERR_GENERIC_BINARY_FILES_NOT_IN_ALLOWED_PATHS; | ||
return false; | ||
} | ||
} | ||
|
||
// If necessary, check that all assemblies are digitally signed | ||
if (!allowUnsignedAssemblies) | ||
{ | ||
foreach (var filePath in files) | ||
{ | ||
using var fs = File.OpenRead(filePath); | ||
using var peReader = new PEReader(fs); | ||
|
||
var metadataReader = peReader.GetMetadataReader(); | ||
var assemblyPublicKeyHandle = metadataReader.GetAssemblyDefinition().PublicKey; | ||
|
||
if (assemblyPublicKeyHandle.IsNil) | ||
{ | ||
errorMessage = CmdStrings.RESP_ERR_GENERIC_ASSEMBLY_NOT_SIGNED; | ||
return false; | ||
} | ||
|
||
var publicKeyBytes = metadataReader.GetBlobBytes(assemblyPublicKeyHandle); | ||
if (publicKeyBytes == null || publicKeyBytes.Length == 0) | ||
{ | ||
errorMessage = CmdStrings.RESP_ERR_GENERIC_ASSEMBLY_NOT_SIGNED; | ||
return false; | ||
} | ||
} | ||
} | ||
|
||
// Get all assemblies from binary files | ||
if (!FileUtils.TryLoadAssemblies(binaryFiles, out loadedAssemblies, out _)) | ||
{ | ||
errorMessage = CmdStrings.RESP_ERR_GENERIC_LOADING_ASSEMBLIES; | ||
return false; | ||
} | ||
|
||
return true; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.