-
公开(公告)号:US20060225036A1
公开(公告)日:2006-10-05
申请号:US11096623
申请日:2005-03-31
IPC分类号: G06F9/44
CPC分类号: G06F9/45508
摘要: The techniques and mechanisms described herein are directed to a scripting security mechanism that minimizes security risks associated with interpreting a script written with a scripting language. An interpreter recognizes the scripting-language syntax within the script and processes each line that is designated within a data block using a restrictive set of operations. The restrictive set of operations are a subset of the total operations available for processing. If one of the lines within the data block attempts to perform an operation that is not within the restrictive set of operations, the interpreter provides an indication, such as an exception or message explaining the illegal operation. The interpreter also recognizes a list of export variables associated with the data block and exports only the variables identified in the list to an external environment if the export variable meets a constraint identified for it, if any.
-
2.发明申请公开(公告)号:US20050091525A1
公开(公告)日:2005-04-28
申请号:US10693409
申请日:2003-10-24
申请人: Jeffrey Snover , James Truher
发明人: Jeffrey Snover , James Truher
CPC分类号: G06F21/53 , G06F21/629 , G06F2221/2105 , G06F2221/2149
摘要: The present mechanism allows commands entered on a command line in a command line operating environment the ability to execute in a first execution mode or an alternate execution mode. The command is executed in the alternate execution mode if the command includes an instruction to execute in the alternate execution mode. The alternate execution mode is provided by the operating environment and provides extended functionality to the command. The alternate execution mode may visually display results of executing the command, visually display simulated results of executing the command, prompt for verification before executing the command, may perform a security check to determine whether a user requesting the execution has sufficient privileges to execute the command, and the like.
摘要翻译: 本机制允许在命令行操作环境中在命令行上输入的命令以第一执行模式或替代执行模式执行的能力。 如果命令包括在交替执行模式下执行的指令,则在备用执行模式下执行命令。 替代执行模式由操作环境提供,并为命令提供扩展功能。 替代执行模式可以可视地显示执行命令的结果,可视地显示执行命令的模拟结果,在执行命令之前提示验证,可以执行安全检查,以确定请求执行的用户是否具有执行命令的足够权限 ,等等。
-
3.发明申请System and method for distinguishing safe and potentially unsafe data during runtime processing 有权在运行时处理期间区分安全和潜在不安全数据的系统和方法公开(公告)号:US20060277604A1
公开(公告)日:2006-12-07
申请号:US11133676
申请日:2005-05-20
IPC分类号: G06F12/14
CPC分类号: G06F21/52
摘要: The techniques and mechanisms described herein are directed to a taint mechanism. An object-based command declares a taint directive for a parameter within a command declaration. The taint directive is then associated with that parameter in a manner such that when an engine processes the command, the engine determines whether to process the command based on the taint directive and input for the parameter. The taint directive may specify that the input may be tainted or untainted. The command declaration may also include a taint parameter that specifies a taint characteristic for output from the command. The taint characteristic may be tainted, untainted, or propagated. Any type of object may become tainted. An untaint process may be applied to tainted data to obtain untainted data if an authorization check performed by the engine is successful.
摘要翻译: 本文描述的技术和机制针对污染机制。 基于对象的命令在命令声明中声明一个参数的污点指令。 然后,污染指令以这样的方式与该参数相关联,使得当引擎处理命令时,引擎根据污点指令和参数的输入来确定是否处理命令。 污点指令可能指定输入可能被污染或未被保留。 命令声明还可以包括一个污染参数,该参数指定了从命令输出的污点特性。 污点特性可能会被污染,未被维护或传播。 任何类型的物体可能会被污染。 如果发动机执行的授权检查成功,则可以将污染过程应用于污染数据以获得未维护的数据。
-
公开(公告)号:US20050091258A1
公开(公告)日:2005-04-28
申请号:US10882609
申请日:2004-06-30
申请人: Jeffrey Snover , Daryl Wray , James Truher , Bruce Payette
发明人: Jeffrey Snover , Daryl Wray , James Truher , Bruce Payette
IPC分类号: G06F20060101 , G06F7/00 , G06F9/44 , G06F9/445 , G06F17/00
CPC分类号: G06F9/544 , G06F9/445 , G06F9/45512
摘要: In an administrative tool environment, user input is supplied to an administrative tool framework for processing. The administrative tool framework maps user input to cmdlet objects. The cmdlet objects describe a grammar for parsing the user input and input objects to obtain expected input parameters. The input objects are emitted by one cmdlet and are available as input to another cmdlet. The input objects may be any precisely parseable input, such as .NET objects, plain strings, XML documents, and the like. The input objects are not live objects. The cmdlets may operate within the same process. Alternatively, one cmdlet may operate locally while another cmdlet operates remotely. The cmdlets may be provided by the administrative tool framework or may be provided by third party developers. The user input may be supplied to the framework via a host cmdlet.
摘要翻译: 在管理工具环境中,将用户输入提供给管理工具框架进行处理。 管理工具框架将用户输入映射到cmdlet对象。 cmdlet对象描述用于解析用户输入和输入对象以获取预期输入参数的语法。 输入对象由一个cmdlet发出,可作为另一个cmdlet的输入使用。 输入对象可以是任何精确可解析的输入,例如.NET对象,纯字符串,XML文档等。 输入对象不是活动对象。 该cmdlet可以在相同的过程中操作。 或者,一个cmdlet可以在本地操作,而另一个cmdlet远程操作。 cmdlet可以由管理工具框架提供,或者可以由第三方开发者提供。 用户输入可以通过主机cmdlet提供给框架。
-
公开(公告)号:US20070135949A1
公开(公告)日:2007-06-14
申请号:US11678555
申请日:2007-02-23
申请人: Jeffrey Snover , Daryl Wray , James Truher , Bruce Payette
发明人: Jeffrey Snover , Daryl Wray , James Truher , Bruce Payette
IPC分类号: G05B19/42
CPC分类号: G06F9/544 , G06F9/445 , G06F9/45512
摘要: In an administrative tool environment, user input is supplied to an administrative tool framework for processing. The administrative tool framework maps user input to cmdlet objects. The cmdlet objects describe a grammar for parsing the user input and input objects to obtain expected input parameters. The input objects are emitted by one cmdlet and are available as input to another cmdlet. The input objects may be any precisely parseable input, such as .NET objects, plain strings, XML documents, and the like. The input objects are not live objects. The cmdlets may operate within the same process. Alternatively, one cmdlet may operate locally while another cmdlet operates remotely. The cmdlets may be provided by the administrative tool framework or may be provided by third party developers. The user input may be supplied to the framework via a host cmdlet.
摘要翻译: 在管理工具环境中,将用户输入提供给管理工具框架进行处理。 管理工具框架将用户输入映射到cmdlet对象。 cmdlet对象描述用于解析用户输入和输入对象以获取预期输入参数的语法。 输入对象由一个cmdlet发出,可作为另一个cmdlet的输入使用。 输入对象可以是任何精确可解析的输入,例如.NET对象,纯字符串,XML文档等。 输入对象不是活动对象。 该cmdlet可以在相同的过程中操作。 或者,一个cmdlet可以在本地操作,而另一个cmdlet远程操作。 cmdlet可以由管理工具框架提供,或者可以由第三方开发者提供。 用户输入可以通过主机cmdlet提供给框架。
-
公开(公告)号:US20060064672A1
公开(公告)日:2006-03-23
申请号:US10944459
申请日:2004-09-17
申请人: Bhalchandra Pandit , Bruce Payette , James Truher
发明人: Bhalchandra Pandit , Bruce Payette , James Truher
IPC分类号: G06F9/44
CPC分类号: G06F17/248
摘要: The techniques and mechanisms described herein are directed at converting text into objects based on a template that describes the format of the text. The objects then being available for further processing. The conversion mechanism converts the text into an object having at least one method that is directly invocable and that is specific to a data type specified for the live object. The template comprises an object header indicator and a corresponding object header pattern. A new object is created whenever the object header pattern is identified within the text. In addition, the template comprises one or more field indicators each having a corresponding field pattern. The field pattern is in a format of a regular expression. A new field is created for the new object whenever a field pattern is identified within the text.
-
公开(公告)号:US20050091420A1
公开(公告)日:2005-04-28
申请号:US10883373
申请日:2004-06-30
申请人: Jeffrey Snover , James Truher
发明人: Jeffrey Snover , James Truher
CPC分类号: G06F9/45512 , G06F9/445
摘要: The present mechanism provides a grammar for specifying required prerequisites (e.g., number and type of input parameters) that an object must possess in order for processing to occur on the object. The mechanism allows programmers and non-programmers to easily specify these prerequisites. The prerequisites may be associated directly or indirectly with a data structure. For a direct specification, the data structure comprises a parameter declaration for each expected input parameter. For an indirect specification, the data structure comprises a parameter definition that references an external description, such as in an XML document. The data structure also providing a mechanism that identifies a corresponding parameter within an input source for each expected input parameter based on its declaration. The input source does not include live objects. The mechanism further populates each expected input parameter with information associated with the corresponding parameter when the data structure becomes instantiated into an object.
摘要翻译: 本机制提供用于指定对象必须拥有的必需先决条件(例如,输入参数的数量和类型)以便处理在对象上发生的语法。 该机制允许程序员和非程序员轻松地指定这些先决条件。 前提条件可以直接或间接地与数据结构相关联。 对于直接规范,数据结构包括每个预期输入参数的参数声明。 对于间接规范,数据结构包括引用外部描述的参数定义,例如在XML文档中。 数据结构还提供了一种机制,其基于其声明为每个预期输入参数识别输入源内的对应参数。 输入源不包括活动对象。 当数据结构被实例化成对象时,该机制进一步填充每个期望的输入参数,其中与相应参数相关联的信息。
-
公开(公告)号:US20050091201A1
公开(公告)日:2005-04-28
申请号:US10693785
申请日:2003-10-24
申请人: Jeffrey Snover , Daryl Wray , James Truher , Bruce Payette
发明人: Jeffrey Snover , Daryl Wray , James Truher , Bruce Payette
IPC分类号: G06F20060101 , G06F7/00 , G06F9/44 , G06F9/445 , G06F17/00
CPC分类号: G06F9/544 , G06F9/445 , G06F9/45512
摘要: In an administrative tool environment, user input is supplied to an administrative tool framework for processing. The administrative tool framework maps user input to cmdlet objects. The cmdlet objects describe a grammar for parsing the user input and input objects to obtain expected input parameters. The input objects are emitted by one cmdlet and are available as input to another cmdlet. The input objects may be any precisely parseable input, such as .NET objects, plain strings, XML documents, and the like. The cmdlets may operate within the same process. Alternatively, one cmdlet may operate locally while another cmdlet operates remotely. The cmdlets may be provided by the administrative tool framework or may be provided by third party developers. The user input may be supplied to the framework via a host cmdlet.
摘要翻译: 在管理工具环境中,将用户输入提供给管理工具框架进行处理。 管理工具框架将用户输入映射到cmdlet对象。 cmdlet对象描述用于解析用户输入和输入对象以获取预期输入参数的语法。 输入对象由一个cmdlet发出,可作为另一个cmdlet的输入使用。 输入对象可以是任何精确可解析的输入,例如.NET对象,纯字符串,XML文档等。 该cmdlet可以在相同的过程中操作。 或者,一个cmdlet可以在本地操作,而另一个cmdlet远程操作。 cmdlet可以由管理工具框架提供,或者可以由第三方开发者提供。 用户输入可以通过主机cmdlet提供给框架。
-
公开(公告)号:US20060047652A1
公开(公告)日:2006-03-02
申请号:US10928652
申请日:2004-08-27
CPC分类号: G06F9/4488
摘要: The present comparison technique operates on objects having the same type, similar types, or different types. Multiple comparison objects may be compared against one or more reference objects. The comparison objects may be obtained from a prior cmdlet in a pipeline of cmdlets operating in an object-based environment. The reference object and comparison object may be compared in an order-based manner or in a key-based manner. In addition, specific properties may be specified which will identify which properties of the reference object and the comparison object to compare during the comparison. The comparison may generate an output that identifies the difference and/or similarities. The output may be pipelined to another cmdlet for further processing.
-
公开(公告)号:US20070028211A1
公开(公告)日:2007-02-01
申请号:US11192535
申请日:2005-07-29
IPC分类号: G06F9/44
CPC分类号: G06F21/52
摘要: The techniques and mechanisms described herein are directed to an interpreter security mechanism that minimizes security risks associated with interpreting a script written with a scripting language. The interpreter security mechanism recognizes a marker that indicates a beginning for a set of non-interpreted lines. Upon recognizing the marker, the interpreter refrains from interpreting subsequent lines in the script until an end of marker occurs or an end of file occurs. The end of marker indicates that the interpreter can resume interpreting the lines in the script that follow the end of marker.
摘要翻译: 本文描述的技术和机制针对解释器安全机制,其最小化与用脚本语言编写的脚本解释相关联的安全风险。 解释器安全机制识别指示一组非解释行的开始的标记。 识别标记后,解释器不会解释脚本中的后续行,直到出现标记结束或文件结束。 标记的末端表示解释器可以恢复解释跟随标记结尾的脚本中的行。
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.022 秒)
