dotscope::metadata

Module security

Expand description

Implementation of the .NET security model .NET Code Access Security (CAS) implementation.

This module provides support for parsing and representing .NET Code Access Security permissions and permission sets. Note that CAS has been largely deprecated in modern .NET versions but remains important for analyzing legacy assemblies.

§Overview

The .NET Code Access Security model allowed fine-grained control over what operations code could perform based on evidence about the code’s origin. This included:

  • Permission Sets - Collections of specific permissions granted to code
  • Security Actions - When and how permissions are checked (LinkDemand, Demand, etc.)
  • Named Arguments - Custom security attribute parameters
  • Permission Attributes - Declarative security specifications

§Components

  • [PermissionSet] - A collection of security permissions
  • [Permission] - Individual security permission with type and arguments
  • [NamedArgument] - Key-value pairs for permission parameters
  • Security action types and permission flags

§Examples

use dotscope::{CilObject, metadata::security::PermissionSet};

let assembly = CilObject::from_file("legacy_app.dll".as_ref())?;

// Check for security permissions on types
for entry in assembly.types().iter() {
    let (token, type_def) = (entry.key(), entry.value());
    if let Some(security) = type_def.security.get() {
        println!("Type {} has security permissions", type_def.name);
        // Analyze permission sets...
    }
}

§Legacy Status

Important: Code Access Security was deprecated starting with .NET Framework 4.0 and is not supported in .NET Core/.NET 5+. This implementation is primarily useful for analyzing older .NET Framework assemblies and understanding historical security models.

§References

  • ECMA-335 6th Edition, Partition II, Section 22.11 - DeclSecurity Table
  • Microsoft .NET Framework Security Documentation (archived)

Modules§

security_classes
Common .NET security permission classes

Structs§

NamedArgument
Represents a named argument (property or field) in a .NET security permission.
Permission
Represents a .NET security permission within a permission set.
PermissionSet
DeclSecurity entries represent declarative security attributes that define the security requirements, demands, and permissions for assemblies, types, and methods. They essentially declare what security permissions the code requires, demands from callers, or promises not to use.
Security
Wrapper of the security information to store within the dotscope data types
SecurityPermissionFlags
SecurityPermissionFlags - Controls access to security-sensitive operations.

Enums§

ArgumentType
The type of a named argument in a permission
ArgumentValue
The value of a named argument in a permission
PermissionSetFormat
The supported PermissionSet formats
SecurityAction
Security actions as defined in ECMA-335 and .NET Framework