Sunday, July 04, 2004

PermCalc is Cool

I've been playing around with Beta 1 of Visual Studio 2005, and am happy to report that PermCalc is working fine now. To use it, bring up the security tab for a project, select "Enable ClickOnce Security Settings", select (Custom) as the Zone, and hit the "Calculate Permissions" button. A full static analysis of the project and the code paths that it will call is performed (including dependant assemblies), and a grid will be filled that shows the required permissions for the application, as shown below. A green tick indicates that permission is required, and clicking on the details tab will bring up the details for that permission.





If an application is defined as going out to a particular zone, and the permissions for that zone are less than the application requires, the developer is alerted to the problem:





PermCalc can also be used from the command line, and the description it outputs to the console reads: "PermCalc is a tool that estimates the permissions required by assemblies or public entry-points. If the "-Library" switch is not used, it estimates the permissions that must be granted to each assembly in an application in order to execute with no security exceptions. If the "-Library" switch is used, it estimates the permissions that must be granted to the caller of each public entry-point. (Note that this may not include all the permissions that the library itself must be granted in order to execute.)"



The output generated by the tool is an permission request set in the form of an XML file. An example file is shown below:


<?xml version="1.0" encoding="utf-8"?>

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">

 <security>

 <applicationRequestMinimum>

  <PermissionSet class="System.Security.PermissionSet" version="1" ID="Custom">

   <IPermission class="System.Security.Permissions.FileDialogPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Access="Open" />

   <IPermission class="System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Allowed="DomainIsolationByUser" UserQuota="10240" />

   <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode, Execution" />

   <IPermission class="System.Security.Permissions.UIPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Window="SafeTopLevelWindows" Clipboard="OwnClipboard" />

   <IPermission class="System.Windows.Forms.WebBrowserPermission, System, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Level="Restricted" />

   <IPermission class="System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" version="1" Level="SafePrinting" />

  </PermissionSet>

 <defaultAssemblyRequest permissionSetReference="Custom" />

 </applicationRequestMinimum>

 </security>

</trustInfo>

0 Comments:

Post a Comment

<< Home