0
Vote

Create an abstraction of package types and remove PerformAction

description

LostLib.Programs needs to be pluggable with package type handlers. Version 0.2 must have only one built-in handler for strongly named assemblies. Current MSI handler must be marked as deprecated.

comments

wrote Jun 17, 2008 at 8:42 PM

Description: CA2122 : Microsoft.Security : 'ShellExtensions.PerformAction(this FileSystemInfo, string)' calls into 'Process.StandardOutput.get()' which has a LinkDemand. By making this call, 'Process.StandardOutput.get()' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection:
->'ShellExtensions.PerformAction(this FileSystemInfo, string)'
->'ShellExtensions.PerformAction(this FileSystemInfo, string)'
File: C:\LOST\Projects\Codeplex\LostProjects\LostLib\Programs\ShellExtensions.cs
Line: 25
Project: LostLib.Programs

wrote Jan 21, 2013 at 6:20 PM