mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 4.3.2.467

Browse Source 
Former-commit-id: 9c2cb47f45fa221e661ab616387c9cda183f283d
This commit is contained in:
Xamarin Public Jenkins
2016-02-22 11:00:01 -05:00
parent f302175246
commit f3e3aab35a
4097 changed files with 122406 additions and 82300 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
external/referencesource/System.Web/Security/ADMembershipProvider.cs.REMOVED.git-id vendored
View File

@@ -1 +1 @@
86b5c0a6f2c00fb083dda0132b35aa86179280a6
6fc96d5a48329aa8e7ef17bceda3f17990c6df42

2
external/referencesource/System.Web/Security/AntiXss/GlobalSuppressions.cs vendored
View File

@@ -55,4 +55,4 @@ using System.Diagnostics.CodeAnalysis;
[module: SuppressMessage("Microsoft.Naming", "CA1709:IdentifiersShouldBeCasedCorrectly", MessageId = "Ol", Scope = "member", Target = "System.Web.Security.AntiXss.LowerMidCodeCharts.#OlChiki", Justification = "AntiXSS baseline.")]
[module: SuppressMessage("Microsoft.Naming", "CA1709:IdentifiersShouldBeCasedCorrectly", MessageId = "Li", Scope = "member", Target = "System.Web.Security.AntiXss.UpperCodeCharts.#KayahLi", Justification = "AntiXSS baseline.")]
[module: SuppressMessage("Microsoft.Naming", "CA1709:IdentifiersShouldBeCasedCorrectly", MessageId = "Yi", Scope = "member", Target = "System.Web.Security.AntiXss.UpperMidCodeCharts.#YiSyllables", Justification = "AntiXSS baseline.")]
[module: SuppressMessage("Microsoft.Naming", "CA1709:IdentifiersShouldBeCasedCorrectly", MessageId = "Yi", Scope = "member", Target = "System.Web.Security.AntiXss.UpperMidCodeCharts.#YiRadicals", Justification = "AntiXSS baseline.")]
[module: SuppressMessage("Microsoft.Naming", "CA1709:IdentifiersShouldBeCasedCorrectly", MessageId = "Yi", Scope = "member", Target = "System.Web.Security.AntiXss.UpperMidCodeCharts.#YiRadicals", Justification = "AntiXSS baseline.")]

2
external/referencesource/System.Web/Security/IVType.cs vendored
View File

@@ -26,4 +26,4 @@ namespace System.Web.Configuration
// multiple times.
Hash = 2,
}
}
}

7
external/referencesource/System.Web/Security/MembershipPasswordAttribute.cs vendored
View File

@@ -5,6 +5,7 @@
using System.Globalization;
using System.Linq;
using System.Text.RegularExpressions;
using System.Web.Util;
/// <summary>
/// Validates whether a password field meets the current Membership Provider's password requirements.
@@ -143,6 +144,9 @@
}
}
}
// The timeout for the regex we use to check password strength
public int? PasswordStrengthRegexTimeout { get; set; }
#endregion
#region Overriden Methods
@@ -189,7 +193,8 @@
Regex passwordStrengthRegex;
try {
passwordStrengthRegex = new Regex(passwordStrengthRegularExpression);
// Adding timeout for Regex in case of malicious string causing DoS
passwordStrengthRegex = RegexUtil.CreateRegex(passwordStrengthRegularExpression, RegexOptions.None, PasswordStrengthRegexTimeout);
}
catch (ArgumentException ex) {
throw new InvalidOperationException(SR.GetString(SR.MembershipPasswordAttribute_InvalidRegularExpression), ex);

6
external/referencesource/System.Web/Security/RolePrincipal.cs vendored
View File

@@ -98,7 +98,7 @@ namespace System.Web.Security {
private void InitFromEncryptedTicket( string encryptedTicket )
{
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc))
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc) && HttpContext.Current != null)
EtwTrace.Trace(EtwTraceType.ETW_TYPE_ROLE_BEGIN, HttpContext.Current.WorkerRequest);
if (string.IsNullOrEmpty(encryptedTicket))
@@ -140,14 +140,14 @@ namespace System.Web.Security {
RenewIfOld();
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc))
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc) && HttpContext.Current != null)
EtwTrace.Trace( EtwTraceType.ETW_TYPE_ROLE_END, HttpContext.Current.WorkerRequest, "RolePrincipal", _Identity.Name);
return;
Exit:
Init();
_CachedListChanged = true;
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc))
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc) && HttpContext.Current != null)
EtwTrace.Trace(EtwTraceType.ETW_TYPE_ROLE_END, HttpContext.Current.WorkerRequest, "RolePrincipal", _Identity.Name);
return;
}

8
external/referencesource/System.Web/Security/Roles.cs vendored
View File

@@ -93,7 +93,7 @@ namespace System.Web.Security {
// authorization
static public bool IsUserInRole(string username, string roleName) {
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc))
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc) && HttpContext.Current != null)
EtwTrace.Trace(EtwTraceType.ETW_TYPE_ROLE_BEGIN, HttpContext.Current.WorkerRequest);
EnsureEnabled();
@@ -111,7 +111,7 @@ namespace System.Web.Security {
isUserInRole = Provider.IsUserInRole(username, roleName);
return isUserInRole;
} finally {
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc)) {
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc) && HttpContext.Current != null) {
if (EtwTrace.IsTraceEnabled(EtwTraceLevel.Verbose, EtwTraceFlags.AppSvc)) {
string status = SR.Resources.GetString(isUserInRole ? SR.Etw_Success : SR.Etw_Failure, CultureInfo.InstalledUICulture);
EtwTrace.Trace(EtwTraceType.ETW_TYPE_ROLE_IS_USER_IN_ROLE, HttpContext.Current.WorkerRequest, isRolePrincipal ? "RolePrincipal" : Provider.GetType().FullName, username, roleName, status);
@@ -129,7 +129,7 @@ namespace System.Web.Security {
static public string[] GetRolesForUser (string username){
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc))
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc) && HttpContext.Current != null)
EtwTrace.Trace(EtwTraceType.ETW_TYPE_ROLE_BEGIN, HttpContext.Current.WorkerRequest);
EnsureEnabled();
@@ -150,7 +150,7 @@ namespace System.Web.Security {
}
return roles;
} finally {
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc)) {
if (HostingEnvironment.IsHosted && EtwTrace.IsTraceEnabled(EtwTraceLevel.Information, EtwTraceFlags.AppSvc) && HttpContext.Current != null) {
if (EtwTrace.IsTraceEnabled(EtwTraceLevel.Verbose, EtwTraceFlags.AppSvc)) {
string roleNames = null;
if (roles != null && roles.Length > 0)

11
external/referencesource/System.Web/Security/SQLMembershipProvider.cs vendored
View File

@@ -77,7 +77,7 @@ namespace System.Web.Security {
_AppName = value;
}
}
private string _sqlConnectionString;
private bool _EnablePasswordRetrieval;
private bool _EnablePasswordReset;
@@ -94,6 +94,7 @@ namespace System.Web.Security {
private MembershipPasswordFormat _PasswordFormat;
private MembershipPasswordCompatibilityMode _LegacyPasswordCompatibilityMode = MembershipPasswordCompatibilityMode.Framework20;
private string s_HashAlgorithm = null;
private int? _passwordStrengthRegexTimeout;
private const int PASSWORD_SIZE = 14;
@@ -124,6 +125,7 @@ namespace System.Web.Security {
_PasswordAttemptWindow = SecUtility.GetIntValue( config, "passwordAttemptWindow", 10, false, 0 );
_MinRequiredPasswordLength = SecUtility.GetIntValue( config, "minRequiredPasswordLength", 7, false, 128 );
_MinRequiredNonalphanumericCharacters = SecUtility.GetIntValue( config, "minRequiredNonalphanumericCharacters", 1, true, 128 );
_passwordStrengthRegexTimeout = SecUtility.GetNullableIntValue(config, "passwordStrengthRegexTimeout");
_PasswordStrengthRegularExpression = config["passwordStrengthRegularExpression"];
if( _PasswordStrengthRegularExpression != null )
@@ -203,6 +205,7 @@ namespace System.Web.Security {
config.Remove("minRequiredNonalphanumericCharacters");
config.Remove("passwordStrengthRegularExpression");
config.Remove("passwordCompatMode");
config.Remove("passwordStrengthRegexTimeout");
if (config.Count > 0) {
string attribUnrecognized = config.GetKey(0);
if (!String.IsNullOrEmpty(attribUnrecognized))
@@ -331,7 +334,7 @@ namespace System.Web.Security {
if( PasswordStrengthRegularExpression.Length > 0 )
{
if( !Regex.IsMatch( password, PasswordStrengthRegularExpression ) )
if( !RegexUtil.IsMatch( password, PasswordStrengthRegularExpression, RegexOptions.None, _passwordStrengthRegexTimeout ) )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
@@ -422,7 +425,7 @@ namespace System.Web.Security {
throw;
}
}
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
@@ -580,7 +583,7 @@ namespace System.Web.Security {
if( PasswordStrengthRegularExpression.Length > 0 )
{
if( !Regex.IsMatch( newPassword, PasswordStrengthRegularExpression ) )
if( !RegexUtil.IsMatch( newPassword, PasswordStrengthRegularExpression, RegexOptions.None, _passwordStrengthRegexTimeout ) )
{
throw new ArgumentException(SR.GetString(SR.Password_does_not_match_regular_expression,
"newPassword"));