Make ResourceManager use Assembly instead of RuntimeAssembly internally.#21979
Conversation
| IntPtr ptrLoadContextBinder = default) | ||
| { | ||
| return InternalLoadAssemblyName(assemblyRef, reqAssembly, ref stackMark, IntPtr.Zero, true /*throwOnError*/, ptrLoadContextBinder); | ||
| return InternalLoadAssemblyName(assemblyRef, reqAssembly, ref stackMark, IntPtr.Zero, throwOnFileNotFound, ptrLoadContextBinder); |
There was a problem hiding this comment.
This is not directly related to the PR, but it should be fixed nevertheless. The method takes the throwOnFileNotFound parameter, but it didn't actually use it.
|
|
||
| string name = GetSimpleName() + ".resources"; | ||
| return InternalGetSatelliteAssembly(name, culture, version, true); | ||
| return InternalGetSatelliteAssembly(culture, version, true); |
There was a problem hiding this comment.
I moved the name generation to InternalGetSatelliteAssembly to avoid unnecessarily duplicating it in ManifestBasedResourceGroveler.
|
cc @sdmaclea This refactoring is to support sharing of the ResourceManager and friends with CoreRT. |
|
@dotnet-bot test OSX10.12 x64 Checked Innerloop Build and Test |
1 similar comment
|
@dotnet-bot test OSX10.12 x64 Checked Innerloop Build and Test |
|
Any updates on this? Anything I could do to speed things up? I have some dependent changes in my queue. |
|
Resources use binary serialization underneath. This change is allowing ResourceManager and friends to be initialized from arbitrary assembly (e.g. from System.Reflection.MetadataLoadContext) and thus creates a new indirect path to run arbitrary code via binary serialization. @bartonjs @GrabYourPitchforks Is this a valid security concern? Should we keep limiting ResourceManager to runtime created assemblies only? |
|
@morganbr Is the new Serialization Guard going to affect this somehow?
Fair enough. I was about to suggest that I can add back the |
|
@filipnavara The serialization guard is a secondary "defense in depth" when somebody uses binary deserialization on untrusted data. It is a speed bump, no something to depend on. |
|
|
@jkotas Understood. I am trying to figure out whether there is some scenario where the deserialization would be useful. It was added back mostly because of WinForms resources. I can imagine that tools like ILSpy (or some other *Spy tool) may want to load such resources from MetadataLoadContext. |
|
I have added the restriction to enable deserialization only for |
|
If ILSpy or its variant comes with a request to make this possible, we can look into how to make it work. I do think these tools would actually ever want to use |
I assume you won't get the request because they have already copied the code from .NET Core and Mono (https://github.com/icsharpcode/ILSpy/blob/ec964bf4ba00d3a8b3a983e52e8a6225720fcfbd/ICSharpCode.Decompiler/Util/ResourcesFile.cs & history). We do something like this in our private localization tool, but we didn't port it to .NET Core yet and probably won't do that for a foreseeable future. In that tool we only use it to read strings anyway. Update: I checked our localization tool and it roughly does the equivalent of Assembly a = Assembly.ReflectionOnlyLoadFrom(filename);
foreach (string name in a.GetManifestResourceNames())
{
...
ResourceSet resources = new ResourceSet(a.GetManifestResourceStream(name));It doesn't use |
I do not think it is off topic. It demonstrates that relaxing the checks in ResourceManager does not actually help the tools like the ones you have mentioned. |
|
I think we should keep the upfront checks that restrict the ResourceManager to runtime implemented assemblies only. We do have |
Alright, will do that. |
…to runtime types/assemblies).
|
@dotnet-bot test OSX10.12 x64 Checked Innerloop Build and Test |
|
/AzurePipelines run coreclr-ci |
|
Success! 1 created and queued. |
…ly. (dotnet/coreclr#21979) Commit migrated from dotnet/coreclr@6565634
3 participants
This is clean-up to aid moving System.Resources classes into shared CoreLib partition.