Skip to content

Disable the debugger when in system lock-down mode #9645

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TravisEz13 merged 2 commits into from
May 22, 2019
Merged

Disable the debugger when in system lock-down mode #9645

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d50cddd
disable debugger in System Lock down mode
TravisEz13 May 16, 2019
120ed15
resolve PR comments from paul
TravisEz13 May 16, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 46 additions & 6 deletions src/System.Management.Automation/engine/debugger/debugger.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1132,12 +1132,16 @@ private Breakpoint AddCommandBreakpoint(CommandBreakpoint breakpoint)
internal Breakpoint NewCommandBreakpoint(string path, string command, ScriptBlock action)
{
WildcardPattern pattern = WildcardPattern.Get(command, WildcardOptions.Compiled | WildcardOptions.IgnoreCase);

CheckForBreakpointSupport();
return AddCommandBreakpoint(new CommandBreakpoint(path, pattern, command, action));
}

internal Breakpoint NewCommandBreakpoint(string command, ScriptBlock action)
{
WildcardPattern pattern = WildcardPattern.Get(command, WildcardOptions.Compiled | WildcardOptions.IgnoreCase);

CheckForBreakpointSupport();
return AddCommandBreakpoint(new CommandBreakpoint(null, pattern, command, action));
}

Expand Down Expand Up @@ -1175,13 +1179,15 @@ internal Breakpoint NewLineBreakpoint(string path, int line, ScriptBlock action)
{
Diagnostics.Assert(path != null, "caller to verify path is not null");

CheckForBreakpointSupport();
return AddLineBreakpoint(new LineBreakpoint(path, line, action));
}

internal Breakpoint NewStatementBreakpoint(string path, int line, int column, ScriptBlock action)
{
Diagnostics.Assert(path != null, "caller to verify path is not null");

CheckForBreakpointSupport();
return AddLineBreakpoint(new LineBreakpoint(path, line, column, action));
}

Expand All @@ -1201,11 +1207,13 @@ internal VariableBreakpoint AddVariableBreakpoint(VariableBreakpoint breakpoint)

internal Breakpoint NewVariableBreakpoint(string path, string variableName, VariableAccessMode accessMode, ScriptBlock action)
{
CheckForBreakpointSupport();
return AddVariableBreakpoint(new VariableBreakpoint(path, variableName, accessMode, action));
}

internal Breakpoint NewVariableBreakpoint(string variableName, VariableAccessMode accessMode, ScriptBlock action)
{
CheckForBreakpointSupport();
return AddVariableBreakpoint(new VariableBreakpoint(null, variableName, accessMode, action));
}

Expand Down Expand Up @@ -1761,12 +1769,6 @@ private void OnDebuggerStop(InvocationInfo invocationInfo, List<Breakpoint> brea
originalLanguageMode = _context.LanguageMode;
_context.LanguageMode = PSLanguageMode.FullLanguage;
}
else if (System.Management.Automation.Security.SystemPolicy.GetSystemLockdownPolicy() ==
System.Management.Automation.Security.SystemEnforcementMode.Enforce)
{
// If there is a system lockdown in place, enforce it
originalLanguageMode = Utils.EnforceSystemLockDownLanguageMode(this._context);
}

// Update the prompt to the debug prompt
if (hadDefaultPrompt)
Expand Down Expand Up @@ -2060,6 +2062,17 @@ private void SetInternalDebugMode(InternalDebugMode mode)
{
lock (_syncObject)
{
// Disable script debugger when in system lock down mode
if (IsSystemLockedDown)
{
if (_context._debuggingMode != (int)InternalDebugMode.Disabled)
{
_context._debuggingMode = (int)InternalDebugMode.Disabled;
}

return;
}

switch (mode)
{
case InternalDebugMode.InPushedStop:
Expand All @@ -2086,6 +2099,24 @@ private bool CanEnableDebugger
}
}

private static bool IsSystemLockedDown
{
get
{
return (System.Management.Automation.Security.SystemPolicy.GetSystemLockdownPolicy() ==
System.Management.Automation.Security.SystemEnforcementMode.Enforce);
}
}

private static void CheckForBreakpointSupport()
{
if (IsSystemLockedDown)
{
// Local script debugging is not supported in locked down mode
throw new PSNotSupportedException();
}
}

#region Enable debug stepping

[Flags]
Expand Down Expand Up @@ -2323,6 +2354,15 @@ public override void SetDebugMode(DebugModes mode)
{
lock (_syncObject)
{
// Restrict local script debugger mode when in system lock down.
// DebugModes enum flags provide a combination of values. To disable local script debugging
// we have to disallow 'LocalScript' and 'Default' flags and only allow 'None' or 'RemoteScript'
// flags exclusively. This allows only no debugging 'None' or remote debugging 'RemoteScript'.
if (IsSystemLockedDown && (mode != DebugModes.None) && (mode != DebugModes.RemoteScript))
{
mode = DebugModes.RemoteScript;
}

base.SetDebugMode(mode);

if (!CanEnableDebugger)
Expand Down
Loading