Security

dotnet · BrennanConroy · May 5, 2022 · Apr 30, 2022 · Apr 30, 2022 · Apr 30, 2022
commit a355b4335a7d32d0b59358618d45da9ac65ff77d
@@ -11,7 +11,7 @@
 
 namespace Microsoft.AspNetCore.Authentication.Certificate;
 
-internal class CertificateAuthenticationHandler : AuthenticationHandler<CertificateAuthenticationOptions>
+internal sealed class CertificateAuthenticationHandler : AuthenticationHandler<CertificateAuthenticationOptions>
 {
     private static readonly Oid ClientCertificateOid = new Oid("1.3.6.1.5.5.7.3.2");
     private ICertificateValidationCache? _cache;
@@ -28,7 +28,7 @@ public CertificateAuthenticationHandler(
     /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
     /// If it is not provided a default instance is supplied which does nothing when the methods are called.
     /// </summary>
-    protected new CertificateAuthenticationEvents Events
+    private new CertificateAuthenticationEvents Events
     {
         get { return (CertificateAuthenticationEvents)base.Events!; }
         set { base.Events = value; }

@@ -65,7 +65,7 @@ public void Put(HttpContext context, X509Certificate2 certificate, AuthenticateR
     private static string ComputeKey(X509Certificate2 certificate)
         => certificate.GetCertHashString(HashAlgorithmName.SHA256);
 
-    private class CachingClock : Extensions.Internal.ISystemClock
+    private sealed class CachingClock : Extensions.Internal.ISystemClock
     {
         private readonly ISystemClock _clock;
         public CachingClock(ISystemClock clock) => _clock = clock;

@@ -113,7 +113,7 @@ private static bool IsAjaxRequest(HttpRequest request)
     /// </summary>
     /// <param name="context">The <see cref="CookieValidatePrincipalContext"/>.</param>
     public virtual Task ValidatePrincipal(CookieValidatePrincipalContext context) => OnValidatePrincipal(context);
-    
+
     /// <summary>
     /// Invoked to check if the cookie should be renewed.
     /// </summary>

@@ -107,7 +107,7 @@ public virtual AuthenticationBuilder AddPolicyScheme(string authenticationScheme
         => AddSchemeHelper<PolicySchemeOptions, PolicySchemeHandler>(authenticationScheme, displayName, configureOptions);
 
     // Used to ensure that there's always a default sign in scheme that's not itself
-    private class EnsureSignInScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
+    private sealed class EnsureSignInScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
     {
         private readonly AuthenticationOptions _authOptions;
 

@@ -143,7 +143,7 @@ public CookieBuilder CorrelationCookie
         set => _correlationCookieBuilder = value ?? throw new ArgumentNullException(nameof(value));
     }
 
-    private class CorrelationCookieBuilder : RequestPathBaseCookieBuilder
+    private sealed class CorrelationCookieBuilder : RequestPathBaseCookieBuilder
     {
         private readonly RemoteAuthenticationOptions _options;
 

@@ -8,7 +8,7 @@
 
 namespace Microsoft.AspNetCore.Authentication.Negotiate.Internal;
 
-internal class NegotiateOptionsValidationStartupFilter : IStartupFilter
+internal sealed class NegotiateOptionsValidationStartupFilter : IStartupFilter
 {
     private readonly string _authenticationScheme;
 

@@ -12,7 +12,7 @@
 
 namespace Microsoft.AspNetCore.Authentication.Negotiate;
 
-internal class ReflectedNegotiateState : INegotiateState
+internal sealed class ReflectedNegotiateState : INegotiateState
 {
     // https://www.gnu.org/software/gss/reference/gss.pdf
     private const uint GSS_S_NO_CRED = 7 << 16;

@@ -3,7 +3,7 @@
 
 namespace Microsoft.AspNetCore.Authentication.Negotiate;
 
-internal class ReflectedNegotiateStateFactory : INegotiateStateFactory
+internal sealed class ReflectedNegotiateStateFactory : INegotiateStateFactory
 {
     public INegotiateState CreateInstance()
     {

@@ -416,7 +416,7 @@ private static Task DisposeState(object state)
     }
 
     // This allows us to have one disposal registration per connection and limits churn on the Items collection.
-    private class AuthPersistence : IDisposable
+    private sealed class AuthPersistence : IDisposable
     {
         internal INegotiateState? State { get; set; }
 

@@ -304,7 +304,7 @@ public CookieBuilder NonceCookie
     /// </summary>
     public bool UsePkce { get; set; } = true;
 
-    private class OpenIdConnectNonceCookieBuilder : RequestPathBaseCookieBuilder
+    private sealed class OpenIdConnectNonceCookieBuilder : RequestPathBaseCookieBuilder
     {
         private readonly OpenIdConnectOptions _options;
 

@@ -110,7 +110,7 @@ public void PostConfigure(string? name, OpenIdConnectOptions options)
         }
     }
 
-    private class StringSerializer : IDataSerializer<string>
+    private sealed class StringSerializer : IDataSerializer<string>
     {
         public string Deserialize(byte[] data)
         {

@@ -3,7 +3,7 @@
 
 namespace Microsoft.AspNetCore.Authentication.Twitter;
 
-internal class TwitterError
+internal sealed class TwitterError
 {
     public int Code { get; set; }
     public string? Message { get; set; }

@@ -3,7 +3,7 @@
 
 namespace Microsoft.AspNetCore.Authentication.Twitter;
 
-internal class TwitterErrorResponse
+internal sealed class TwitterErrorResponse
 {
     public List<TwitterError>? Errors { get; set; }
 }
@@ -104,7 +104,7 @@ public override void Validate()
         }
     }
 
-    private class TwitterCookieBuilder : CookieBuilder
+    private sealed class TwitterCookieBuilder : CookieBuilder
     {
         private readonly TwitterOptions _twitterOptions;
 

@@ -3,6 +3,6 @@
 
 namespace Microsoft.AspNetCore.Authorization.Policy;
 
-internal class AuthorizationPolicyMarkerService
+internal sealed class AuthorizationPolicyMarkerService
 {
 }
@@ -62,7 +62,7 @@ public Task Invoke(HttpContext context)
         return _next(context);
     }
 
-    private class CookiesWrapperFeature : IResponseCookiesFeature
+    private sealed class CookiesWrapperFeature : IResponseCookiesFeature
     {
         public CookiesWrapperFeature(ResponseCookiesWrapper wrapper)
         {

@@ -10,7 +10,7 @@
 
 namespace Microsoft.AspNetCore.CookiePolicy;
 
-internal class ResponseCookiesWrapper : IResponseCookies, ITrackingConsentFeature
+internal sealed class ResponseCookiesWrapper : IResponseCookies, ITrackingConsentFeature
 {
     private readonly ILogger _logger;
     private bool? _isConsentNeeded;

@@ -43,7 +43,7 @@ public Task Invoke_HasEndpoint_NoAuthorization()
         return _authorizationMiddleware.Invoke(_httpContextHasEndpoint);
     }
 
-    private class EndpointFeature : IEndpointFeature
+    private sealed class EndpointFeature : IEndpointFeature
     {
         public Endpoint Endpoint { get; set; }
     }
-Original file line number
+Diff line change
@@ Expand Up @@
             }
         }
-        private class StringSerializer : IDataSerializer<string>
+        private sealed class StringSerializer : IDataSerializer<string>
         {
             public string Deserialize(byte[] data)
             {
@@ Expand Down @@