//------------------------------------------------------------ // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------ namespace System.Runtime.Diagnostics { using System.Collections.Generic; using System.Diagnostics; using System.Globalization; using System.Runtime.Interop; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Runtime.Versioning; using System.Security; using System.Security.Permissions; using System.Security.Principal; using System.Text; using System.Diagnostics.CodeAnalysis; sealed class EventLogger { [Fx.Tag.SecurityNote(Miscellaneous = "RequiresReview - In PT log no more than 5 events.")] const int MaxEventLogsInPT = 5; [SecurityCritical] static int logCountForPT; static bool canLogEvent = true; DiagnosticTraceBase diagnosticTrace; [Fx.Tag.SecurityNote(Critical = "Protect the string that defines the event source name.", Safe = "It demands UnmanagedCode=true so PT cannot call.")] [SecurityCritical] string eventLogSourceName; bool isInPartialTrust; EventLogger() { this.isInPartialTrust = IsInPartialTrust(); } [Obsolete("For System.Runtime.dll use only. Call FxTrace.EventLog instead")] public EventLogger(string eventLogSourceName, DiagnosticTraceBase diagnosticTrace) { try { this.diagnosticTrace = diagnosticTrace; //set diagnostics trace prior to calling SafeSetLogSourceName if (canLogEvent) { SafeSetLogSourceName(eventLogSourceName); } } catch (SecurityException) { // running in PT, do not try to log events anymore canLogEvent = false; // not throwing exception on purpose } } [Fx.Tag.SecurityNote(Critical = "Unsafe method to create event logger (sets the event source name).")] [SecurityCritical] public static EventLogger UnsafeCreateEventLogger(string eventLogSourceName, DiagnosticTraceBase diagnosticTrace) { EventLogger logger = new EventLogger(); logger.SetLogSourceName(eventLogSourceName, diagnosticTrace); return logger; } [Fx.Tag.SecurityNote(Critical = "Logs event to the event log and asserts Unmanaged code.")] [SecurityCritical] public void UnsafeLogEvent(TraceEventType type, ushort eventLogCategory, uint eventId, bool shouldTrace, params string[] values) { if (logCountForPT < MaxEventLogsInPT) { try { // Vista introduces a new limitation: a much smaller max // event log entry size that we need to track. All strings cannot // exceed 31839 characters in length when totalled together. // Choose a max length of 25600 characters (25k) to allow for // buffer since this max length may be reduced without warning. const int MaxEventLogEntryLength = 25600; int eventLogEntryLength = 0; string[] logValues = new string[values.Length + 2]; for (int i = 0; i < values.Length; ++i) { string stringValue = values[i]; if (!string.IsNullOrEmpty(stringValue)) { stringValue = NormalizeEventLogParameter(stringValue); } else { stringValue = String.Empty; } logValues[i] = stringValue; eventLogEntryLength += stringValue.Length + 1; } string normalizedProcessName = NormalizeEventLogParameter(UnsafeGetProcessName()); logValues[logValues.Length - 2] = normalizedProcessName; eventLogEntryLength += (normalizedProcessName.Length + 1); string invariantProcessId = UnsafeGetProcessId().ToString(CultureInfo.InvariantCulture); logValues[logValues.Length - 1] = invariantProcessId; eventLogEntryLength += (invariantProcessId.Length + 1); // If current event log entry length is greater than max length // need to truncate to max length. This probably means that we // have a very long exception and stack trace in our parameter // strings. Truncate each string by MaxEventLogEntryLength // divided by number of strings in the entry. // Truncation algorithm is overly aggressive by design to // simplify the code change due to Product Cycle timing. if (eventLogEntryLength > MaxEventLogEntryLength) { // logValues.Length is always > 0 (minimum value = 2) // Subtract one to insure string ends in '\0' int truncationLength = (MaxEventLogEntryLength / logValues.Length) - 1; for (int i = 0; i < logValues.Length; i++) { if (logValues[i].Length > truncationLength) { logValues[i] = logValues[i].Substring(0, truncationLength); } } } SecurityIdentifier sid = WindowsIdentity.GetCurrent().User; byte[] sidBA = new byte[sid.BinaryLength]; sid.GetBinaryForm(sidBA, 0); IntPtr[] stringRoots = new IntPtr[logValues.Length]; GCHandle stringsRootHandle = new GCHandle(); GCHandle[] stringHandles = null; try { stringsRootHandle = GCHandle.Alloc(stringRoots, GCHandleType.Pinned); stringHandles = new GCHandle[logValues.Length]; for (int strIndex = 0; strIndex < logValues.Length; strIndex++) { stringHandles[strIndex] = GCHandle.Alloc(logValues[strIndex], GCHandleType.Pinned); stringRoots[strIndex] = stringHandles[strIndex].AddrOfPinnedObject(); } UnsafeWriteEventLog(type, eventLogCategory, eventId, logValues, sidBA, stringsRootHandle); } finally { if (stringsRootHandle.AddrOfPinnedObject() != IntPtr.Zero) { stringsRootHandle.Free(); } if (stringHandles != null) { foreach (GCHandle gcHandle in stringHandles) { if (gcHandle != null) { gcHandle.Free(); } } } } if (shouldTrace && this.diagnosticTrace != null && this.diagnosticTrace.IsEnabled()) { const int RequiredValueCount = 4; Dictionary eventValues = new Dictionary(logValues.Length + RequiredValueCount); eventValues["CategoryID.Name"] = "EventLogCategory"; eventValues["CategoryID.Value"] = eventLogCategory.ToString(CultureInfo.InvariantCulture); eventValues["InstanceID.Name"] = "EventId"; eventValues["InstanceID.Value"] = eventId.ToString(CultureInfo.InvariantCulture); for (int i = 0; i < values.Length; ++i) { eventValues.Add("Value" + i.ToString(CultureInfo.InvariantCulture), values[i] == null ? string.Empty : DiagnosticTraceBase.XmlEncode(values[i])); } this.diagnosticTrace.TraceEventLogEvent(type, new DictionaryTraceRecord((eventValues))); } } catch (Exception e) { if (Fx.IsFatal(e)) { throw; } // If not fatal, just eat the exception } // In PT, we only limit 5 event logging per session if (this.isInPartialTrust) { logCountForPT++; } } } public void LogEvent(TraceEventType type, ushort eventLogCategory, uint eventId, bool shouldTrace, params string[] values) { if (canLogEvent) { try { SafeLogEvent(type, eventLogCategory, eventId, shouldTrace, values); } catch (SecurityException ex) { // running in PT, do not try to log events anymore canLogEvent = false; // not throwing exception on purpose if (shouldTrace) { Fx.Exception.TraceHandledException(ex, TraceEventType.Information); } } } } public void LogEvent(TraceEventType type, ushort eventLogCategory, uint eventId, params string[] values) { this.LogEvent(type, eventLogCategory, eventId, true, values); } // Converts incompatible serverity enumeration TraceEventType into EventLogEntryType static EventLogEntryType EventLogEntryTypeFromEventType(TraceEventType type) { EventLogEntryType retval = EventLogEntryType.Information; switch (type) { case TraceEventType.Critical: case TraceEventType.Error: retval = EventLogEntryType.Error; break; case TraceEventType.Warning: retval = EventLogEntryType.Warning; break; } return retval; } [Fx.Tag.SecurityNote(Critical = "Logs event to the event log by calling unsafe method.", Safe = "Demands the same permission that is asserted by the unsafe method.")] [SecuritySafeCritical] [SecurityPermission(SecurityAction.Demand, UnmanagedCode = true)] void SafeLogEvent(TraceEventType type, ushort eventLogCategory, uint eventId, bool shouldTrace, params string[] values) { UnsafeLogEvent(type, eventLogCategory, eventId, shouldTrace, values); } [Fx.Tag.SecurityNote(Critical = "Protect the string that defines the event source name.", Safe = "It demands UnmanagedCode=true so PT cannot call.")] [SecuritySafeCritical] [SecurityPermission(SecurityAction.Demand, UnmanagedCode = true)] void SafeSetLogSourceName(string eventLogSourceName) { this.eventLogSourceName = eventLogSourceName; } [Fx.Tag.SecurityNote(Critical = "Sets event source name.")] [SecurityCritical] void SetLogSourceName(string eventLogSourceName, DiagnosticTraceBase diagnosticTrace) { this.eventLogSourceName = eventLogSourceName; this.diagnosticTrace = diagnosticTrace; } [Fx.Tag.SecurityNote(Critical = "Satisfies a LinkDemand for 'PermissionSetAttribute' on type 'Process' when calling method GetCurrentProcess", Safe = "Does not leak any resource")] [SecuritySafeCritical] [SuppressMessage(FxCop.Category.Security, FxCop.Rule.DoNotIndirectlyExposeMethodsWithLinkDemands, Justification = "SecuritySafeCritical method, Does not expose critical resources returned by methods with Link Demands")] bool IsInPartialTrust() { bool retval = false; try { using (Process process = Process.GetCurrentProcess()) { retval = string.IsNullOrEmpty(process.ProcessName); } } catch (SecurityException) { // we are just testing, ignore exception retval = true; } return retval; } [SecurityCritical] [Fx.Tag.SecurityNote(Critical = "Accesses security critical code RegisterEventSource and ReportEvent")] [SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)] [ResourceConsumption(ResourceScope.Machine)] [SuppressMessage(FxCop.Category.Security, FxCop.Rule.SecureAsserts)] void UnsafeWriteEventLog(TraceEventType type, ushort eventLogCategory, uint eventId, string[] logValues, byte[] sidBA, GCHandle stringsRootHandle) { using (SafeEventLogWriteHandle handle = SafeEventLogWriteHandle.RegisterEventSource(null, this.eventLogSourceName)) { if (handle != null) { HandleRef data = new HandleRef(handle, stringsRootHandle.AddrOfPinnedObject()); UnsafeNativeMethods.ReportEvent( handle, (ushort)EventLogEntryTypeFromEventType(type), eventLogCategory, eventId, sidBA, (ushort)logValues.Length, 0, data, null); } } } [Fx.Tag.SecurityNote(Critical = "Satisfies a LinkDemand for 'PermissionSetAttribute' on type 'Process' when calling method GetCurrentProcess", Safe = "Does not leak any resource")] [SecurityCritical] [SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)] [MethodImpl(MethodImplOptions.NoInlining)] [SuppressMessage(FxCop.Category.Security, FxCop.Rule.SecureAsserts)] [SuppressMessage(FxCop.Category.Security, FxCop.Rule.DoNotIndirectlyExposeMethodsWithLinkDemands, Justification = "SecurityCritical method, Does not expose critical resources returned by methods with Link Demands")] string UnsafeGetProcessName() { string retval = null; using (Process process = Process.GetCurrentProcess()) { retval = process.ProcessName; } return retval; } [Fx.Tag.SecurityNote(Critical = "Satisfies a LinkDemand for 'PermissionSetAttribute' on type 'Process' when calling method GetCurrentProcess", Safe = "Does not leak any resource")] [SecurityCritical] [SecurityPermission(SecurityAction.Assert, UnmanagedCode = true)] [MethodImpl(MethodImplOptions.NoInlining)] [SuppressMessage(FxCop.Category.Security, FxCop.Rule.SecureAsserts)] [SuppressMessage(FxCop.Category.Security, FxCop.Rule.DoNotIndirectlyExposeMethodsWithLinkDemands, Justification = "SecurityCritical method, Does not expose critical resources returned by methods with Link Demands")] int UnsafeGetProcessId() { int retval = -1; using (Process process = Process.GetCurrentProcess()) { retval = process.Id; } return retval; } internal static string NormalizeEventLogParameter(string eventLogParameter) { if (eventLogParameter.IndexOf('%') < 0) { return eventLogParameter; } StringBuilder parameterBuilder = null; int len = eventLogParameter.Length; for (int i = 0; i < len; ++i) { char c = eventLogParameter[i]; // Not '%' if (c != '%') { if (parameterBuilder != null) parameterBuilder.Append(c); continue; } // Last char if ((i + 1) >= len) { if (parameterBuilder != null) parameterBuilder.Append(c); continue; } // Next char is not number if (eventLogParameter[i + 1] < '0' || eventLogParameter[i + 1] > '9') { if (parameterBuilder != null) parameterBuilder.Append(c); continue; } // initialize str builder if (parameterBuilder == null) { parameterBuilder = new StringBuilder(len + 2); for (int j = 0; j < i; ++j) { parameterBuilder.Append(eventLogParameter[j]); } } parameterBuilder.Append(c); parameterBuilder.Append(' '); } return parameterBuilder != null ? parameterBuilder.ToString() : eventLogParameter; } } }