0

I was looking at my SonarQube static code analysis and came across a report that says using a SafeTokenHandle DangerousGetHandle method call.

I start by declaring a SafeTokenHandle:

SafeTokenHandle safeTokenHandle;
var returnValue = Logon(safeTokenHandle);

Check it's return value to my logon method.

            if (false == returnValue)
            {
                //stuff
            }

Use a basic "using" which I log the value of the SafeTokenValue:

            using (safeTokenHandle)
            {
                Console.WriteLine("Did LogonUser Succeed? " + "Yes");
                Console.WriteLine("Value of Windows NT token: " + safeTokenHandle);

Then I have another using which sets a new WindowsItentity using the "DangerousGetHandle" method:

                using (var newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle()))

Is there any way to go ahead and get that information without using the "DangerousGetHandle" method, or do I just need to accept the risk on this?

Microsoft Says: "DangerousGetHandle method can pose security risks" primarily due to the reference becoming stale which can lead to it accessing sensative information.

It looks like using the DangerousAddRef and DangerousRelease is Microsoft's advice, but those also seem to come with risks. Any direction would be helpful.

obizues
  • 1,473
  • 5
  • 16
  • 30
  • Microsoft themselves use the same API throughout .NET Core, https://github.com/dotnet/corefx/search?q=DangerousGetHandle&unscoped_q=DangerousGetHandle Just pay attention to the pattern in their code to see what measures you need to remedy the risk. – Lex Li Aug 20 '18 at 17:02
  • So in other words, just make sure that the handle doesn't go stale? My worry is by leaving this in the code it's offering a junior developer a change to grab a stale handle. – obizues Aug 21 '18 at 13:12

0 Answers0