Merge pull request #3020 from arpitmathur/dev/arpit/release_may

Fixing Microsoft Security Advisory CVE-2020-0605 : .NET Core Remote Code Execution Vulnerability- Variant (.Net Core 3.1)

Author: arpitmathur

NuGet.config

@@ -11,8 +11,6 @@
     <add key="arcade" value="https://dotnetfeed.blob.core.windows.net/dotnet-tools-internal/index.json" />
     <add key="dotnet-core" value="https://dotnetfeed.blob.core.windows.net/dotnet-core/index.json" />
     <add key="dotnet-tools" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json" />
-    <add key="dotnet3" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet3/nuget/v3/index.json" />
-    <add key="dotnet3-transport" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet3-transport/nuget/v3/index.json" />
     <add key="dotnet3.1" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet3.1/nuget/v3/index.json" />
     <add key="dotnet3.1-transport" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet3.1-transport/nuget/v3/index.json" />
     <add key="dotnet-coreclr" value="https://dotnetfeed.blob.core.windows.net/dotnet-coreclr/index.json" />

eng/pipeline.yml

@@ -67,6 +67,8 @@ jobs:
           value: ''
         - name: _HelixCreator
           value: ${{ parameters.repoName }}
+        - name: _InternalRuntimeDownloadArgs
+          value: ''
 
 
         # Override some values if we're building internally
@@ -109,6 +111,10 @@ jobs:
             value: '' #if _HelixToken is set, Creator must be empty
           - name: _TestHelixAgentPool
             value: 'Windows.10.Amd64.ClientRS5' # Preferred: 'Windows.10.Amd64%3bWindows.7.Amd64%3bWindows.10.Amd64.ClientRS5'
+          - group: DotNet-MSRC-Storage
+          - name: _InternalRuntimeDownloadArgs
+            value: /p:DotNetRuntimeSourceFeed=https://dotnetclimsrc.blob.core.windows.net/dotnet
+              /p:DotNetRuntimeSourceFeedKey=$(dotnetclimsrc-read-sas-token-base64)
 
       strategy:
         matrix:
@@ -138,6 +144,15 @@ jobs:
       - powershell: eng\pre-build.ps1
         displayName: Pre-Build - Set VSO Variables
 
+      - ${{ if ne(variables['System.TeamProject'], 'public') }}:
+        - task: PowerShell@2
+          displayName: Setup Private Feeds Credentials
+          inputs:
+            filePath: $(Build.SourcesDirectory)/eng/common/SetupNugetSources.ps1
+            arguments: -ConfigFile $(Build.SourcesDirectory)/NuGet.config -Password $Env:Token
+          env:
+            Token: $(dn-bot-dnceng-artifact-feeds-rw)
+
       # Use utility script to run script command dependent on agent OS.
       - script: eng\common\cibuild.cmd
           -configuration $(_BuildConfig) 
@@ -146,6 +161,7 @@ jobs:
           $(_SignArgs)
           $(_OfficialBuildIdArgs)
           $(_PlatformArgs)
+          $(_InternalRuntimeDownloadArgs)
         displayName: Windows Build / Publish
         # This condition should be kept in sync with the condition for 'Run DRTs' step 
         #   When building on a regular pipeline (!_HelixPipeline), build as usual 

src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/XpsS0ValidatingLoader.cs

@@ -59,13 +59,17 @@ internal void Validate(Stream stream, Uri parentUri, ParserContext pc, ContentTy
         /// <returns></returns>
         private object Load(Stream stream, Uri parentUri, ParserContext pc, ContentType mimeType, string rootElement)
         {
-            object obj = null;
+            object obj = null;
+
+            List<Type> safeTypes = new List<Type> { typeof(System.Windows.ResourceDictionary) };
 
             if (!DocumentMode)
             {                       // Loose XAML, just check against schema, don't check content type
                 if (rootElement==null)
-                {
-                    obj = XamlReader.Load(stream, pc);
+                {
+                    XmlReader reader = XmlReader.Create(stream, null, pc);
+                    obj = XamlReader.Load(reader, pc, XamlParseMode.Synchronous, true, safeTypes);
+                    stream.Close();
                 }
             }
             else
@@ -148,10 +152,10 @@ private object Load(Stream stream, Uri parentUri, ParserContext pc, ContentType
                         ;
                 }
                 else
-                {
-                    obj = XamlReader.Load(xpsSchemaValidator.XmlReader,
-                                    pc,
-                                    XamlParseMode.Synchronous);
+                {
+                    obj = XamlReader.Load(xpsSchemaValidator.XmlReader,
+                               pc,
+                               XamlParseMode.Synchronous, true, safeTypes);
                 }
                 _validResources.Pop();
             }

src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/RestrictiveXamlXmlReader.cs

@@ -61,6 +61,20 @@ static RestrictiveXamlXmlReader()
         /// </summary>
         public RestrictiveXamlXmlReader(XmlReader xmlReader, XamlSchemaContext schemaContext, XamlXmlReaderSettings settings) : base(xmlReader, schemaContext, settings)
         {
+        }
+
+        /// <summary>
+        /// Builds the restricted set based on RestrictedTypes that have already been loaded but adds the list of Types passed in in safeTypes to the instance of _safeTypesSet
+        /// </summary>
+        internal RestrictiveXamlXmlReader(XmlReader xmlReader, XamlSchemaContext schemaContext, XamlXmlReaderSettings settings, List<Type> safeTypes) : base(xmlReader, schemaContext, settings)
+        {
+            if (safeTypes != null)
+            {
+                foreach (Type safeType in safeTypes)
+                {
+                    _safeTypesSet.Add(safeType);
+                }
+            }
         }
 
         /// <summary>

src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlReader.cs

@@ -13,7 +13,8 @@
 using System.IO.Packaging;
 using System.Windows;
 using System.ComponentModel;
-using System.Collections;
+using System.Collections;
+using System.Collections.Generic;
 using System.Diagnostics;
 using System.Reflection;
 
@@ -744,10 +745,33 @@ internal static object Load(
         /// RestrictiveXamlXmlReader to restrict instantiation of potentially dangerous types</param>
         /// <returns>object root generated after xml parsed</returns>
         internal static object Load(
-        XmlReader reader,
-        ParserContext parserContext,
-        XamlParseMode parseMode,
-        bool useRestrictiveXamlReader)
+           XmlReader reader,
+           ParserContext parserContext,
+           XamlParseMode parseMode,
+           bool useRestrictiveXamlReader)
+        {
+            return Load(reader, parserContext, parseMode, useRestrictiveXamlReader, null);
+        }
+
+        /// <summary>
+        /// Reads XAML from the passed stream, building an object tree and returning the
+        /// root of that tree.  Wrap a CompatibilityReader with another XmlReader that
+        /// uses the passed reader settings to allow validation of xaml.
+        /// </summary>
+        /// <param name="reader">XmlReader to use.  This is NOT wrapped by any
+        ///  other reader</param>
+        /// <param name="context">Optional parser context.  May be null </param>
+        /// <param name="parseMode">Sets synchronous or asynchronous parsing</param>
+        /// <param name="useRestrictiveXamlReader">Whether or not this method should use 
+        /// RestrictiveXamlXmlReader to restrict instantiation of potentially dangerous types</param>
+        /// <param name="safeTypes">List of known safe Types to be allowed through the RestrictiveXamlXmlReader</param>
+        /// <returns>object root generated after xml parsed</returns>
+        internal static object Load(
+            XmlReader reader,
+            ParserContext parserContext,
+            XamlParseMode parseMode,
+            bool useRestrictiveXamlReader,
+            List<Type> safeTypes)
         {
             if (parseMode == XamlParseMode.Uninitialized ||
                 parseMode == XamlParseMode.Asynchronous)
@@ -805,7 +829,7 @@ internal static object Load(
 
                 XamlSchemaContext schemaContext = parserContext.XamlTypeMapper != null ?
                     parserContext.XamlTypeMapper.SchemaContext : GetWpfSchemaContext();
-                System.Xaml.XamlXmlReader xamlXmlReader = (useRestrictiveXamlReader) ? new RestrictiveXamlXmlReader(reader, schemaContext, settings):
+                System.Xaml.XamlXmlReader xamlXmlReader = (useRestrictiveXamlReader) ? new RestrictiveXamlXmlReader(reader, schemaContext, settings, safeTypes) :
                                                                                        new System.Xaml.XamlXmlReader(reader, schemaContext, settings);
                 root = Load(xamlXmlReader, parserContext);
                 reader.Close();