-
1.发明授权公开(公告)号:US07640540B2
公开(公告)日:2009-12-29
申请号:US10693409
申请日:2003-10-24
IPC分类号: G06F9/44
CPC分类号: G06F21/53 , G06F21/629 , G06F2221/2105 , G06F2221/2149
摘要: The present mechanism allows commands entered on a command line in a command line operating environment the ability to execute in a first execution mode or an alternate execution mode. The command is executed in the alternate execution mode if the command includes an instruction to execute in the alternate execution mode. The alternate execution mode is provided by the operating environment and provides extended functionality to the command. The alternate execution mode may visually display results of executing the command, visually display simulated results of executing the command, prompt for verification before executing the command, may perform a security check to determine whether a user requesting the execution has sufficient privileges to execute the command, and the like.
摘要翻译: 本机制允许在命令行操作环境中在命令行上输入的命令以第一执行模式或替代执行模式执行的能力。 如果命令包括在交替执行模式下执行的指令,则在备用执行模式下执行命令。 替代执行模式由操作环境提供,并为命令提供扩展功能。 替代执行模式可以可视地显示执行命令的结果,可视地显示执行命令的模拟结果,在执行命令之前提示验证,可以执行安全检查,以确定请求执行的用户是否具有执行命令的足够权限 ,等等。
-
公开(公告)号:US07620959B2
公开(公告)日:2009-11-17
申请号:US10438234
申请日:2003-05-12
CPC分类号: G06F9/45512
摘要: The present invention is directed at a reflection-based shell that provides reflection-based processing of input parameters for a command. The reflection-based processing includes parsing, data generation, data validation, object encoding, object processing, documentation, and the like. The reflection-based shell provides a mechanism for specifying a grammar for the input parameters using a class. The method includes receiving a parsable stream that includes a command and at least one parameter. Retrieving definitional information that describes an expected parameter for the command. Using the definitional information to create an object for storing the at least one parameter in a format in accordance with the description of the expected parameters. Passing the object to the command.
摘要翻译: 本发明涉及一种基于反射的外壳,其提供用于命令的输入参数的基于反射的处理。 基于反射的处理包括解析,数据生成,数据验证,对象编码,对象处理,文档等。 基于反射的外壳提供了一种使用类为输入参数指定语法的机制。 该方法包括接收包括命令和至少一个参数的可解析流。 检索描述命令的预期参数的定义信息。 使用定义信息来创建用于根据预期参数的描述以格式存储至少一个参数的对象。 将对象传递给命令。
-
公开(公告)号:US07503038B2
公开(公告)日:2009-03-10
申请号:US10928652
申请日:2004-08-27
申请人: Bhalchandra S. Pandit , Bradford R. Daniels , James W. Truher, III , Jeffrey P. Snover , Jonathan S. Newman
发明人: Bhalchandra S. Pandit , Bradford R. Daniels , James W. Truher, III , Jeffrey P. Snover , Jonathan S. Newman
IPC分类号: G06F9/45
CPC分类号: G06F9/4488
摘要: The present comparison technique operates on objects having the same type, similar types, or different types. Multiple comparison objects may be compared against one or more reference objects. The comparison objects may be obtained from a prior cmdlet in a pipeline of cmdlets operating in an object-based environment. The reference object and comparison object may be compared in an order-based manner or in a key-based manner. In addition, specific properties may be specified which will identify which properties of the reference object and the comparison object to compare during the comparison. The comparison may generate an output that identifies the difference and/or similarities. The output may be pipelined to another cmdlet for further processing.
摘要翻译: 本比较技术对具有相同类型,相似类型或不同类型的对象进行操作。 可以将多个比较对象与一个或多个参考对象进行比较。 比较对象可以从在基于对象的环境中操作的cmdlet流水线中的先前的cmdlet获得。 可以以基于顺序的方式或基于密钥的方式来比较参考对象和比较对象。 此外,可以指定具体的属性,其将识别在比较期间比较的参考对象和比较对象的哪些属性。 比较可以产生识别差异和/或相似性的输出。 输出可以流水线到另一个cmdlet进行进一步处理。
-
公开(公告)号:US07631341B2
公开(公告)日:2009-12-08
申请号:US11118971
申请日:2005-04-28
IPC分类号: G06F21/00
CPC分类号: G06F21/54
摘要: The Techniques and Mechanisms Described Herein are Directed to an Extensible security architecture that provides a security mechanism for minimizing security problems within interpretive environments. The extensible security architecture comprises a script engine configured to process a script and a security manager configured to monitor the processing of the script based on a security policy. The security manager determines whether to open an assembly associated with a command within the script, whether to process the command, whether to allow certain input to the command, and the like. The security policy may be implemented by overriding one or more methods of a base security class that are called when processing the script. The input may be an object passed via an object-based pipeline.
摘要翻译: 这里描述的技术和机制被定向到可扩展的安全架构,其提供用于最小化解释环境内的安全问题的安全机制。 可扩展安全架构包括被配置为处理脚本的脚本引擎和被配置为基于安全策略来监视脚本的处理的安全管理器。 安全管理器确定是否打开与脚本中的命令相关联的程序集,是否处理命令,是否允许对命令的某些输入等。 可以通过覆盖在处理脚本时调用的基本安全类的一个或多个方法来实现安全策略。 输入可以是通过基于对象的管道传递的对象。
-
公开(公告)号:US08230405B2
公开(公告)日:2012-07-24
申请号:US11678555
申请日:2007-02-23
IPC分类号: G06F9/45
CPC分类号: G06F9/544 , G06F9/445 , G06F9/45512
摘要: In an administrative tool environment, user input is supplied to an administrative tool framework for processing. The administrative tool framework maps user input to cmdlet objects. The cmdlet objects describe a grammar for parsing the user input and input objects to obtain expected input parameters. The input objects are emitted by one cmdlet and are available as input to another cmdlet. The input objects may be any precisely parseable input, such as .NET objects, plain strings, XML documents, and the like. The input objects are not live objects. The cmdlets may operate within the same process. Alternatively, one cmdlet may operate locally while another cmdlet operates remotely. The cmdlets may be provided by the administrative tool framework or may be provided by third party developers. The user input may be supplied to the framework via a host cmdlet.
摘要翻译: 在管理工具环境中,将用户输入提供给管理工具框架进行处理。 管理工具框架将用户输入映射到cmdlet对象。 cmdlet对象描述用于解析用户输入和输入对象以获取预期输入参数的语法。 输入对象由一个cmdlet发出,可作为另一个cmdlet的输入使用。 输入对象可以是任何精确可解析的输入,例如.NET对象,纯字符串,XML文档等。 输入对象不是活动对象。 该cmdlet可以在相同的过程中操作。 或者,一个cmdlet可以在本地操作,而另一个cmdlet远程操作。 cmdlet可以由管理工具框架提供,或者可以由第三方开发者提供。 用户输入可以通过主机cmdlet提供给框架。
-
6.发明授权公开(公告)号:US07624373B2
公开(公告)日:2009-11-24
申请号:US11096623
申请日:2005-03-31
CPC分类号: G06F9/45508
摘要: The techniques and mechanisms described herein are directed to a scripting security mechanism that minimizes security risks associated with interpreting a script written with a scripting language. An interpreter recognizes the scripting-language syntax within the script and processes each line that is designated within a data block using a restrictive set of operations. The restrictive set of operations are a subset of the total operations available for processing. If one of the lines within the data block attempts to perform an operation that is not within the restrictive set of operations, the interpreter provides an indication, such as an exception or message explaining the illegal operation. The interpreter also recognizes a list of export variables associated with the data block and exports only the variables identified in the list to an external environment if the export variable meets a constraint identified for it, if any.
摘要翻译: 本文描述的技术和机制针对脚本安全机制,其最小化与用脚本语言编写的脚本解释相关联的安全风险。 解释器识别脚本中的脚本语言语法,并使用限制性操作处理在数据块中指定的每一行。 限制性操作集合是可用于处理的总操作的子集。 如果数据块中的一条行尝试执行不在限制操作集合内的操作,则解释器提供指示,例如解释非法操作的异常或消息。 如果导出变量满足为其标识的约束(如果有的话),则解释器还会识别与数据块相关联的导出变量列表,并仅将列表中标识的变量导出到外部环境。
-
公开(公告)号:US07555708B2
公开(公告)日:2009-06-30
申请号:US10944459
申请日:2004-09-17
CPC分类号: G06F17/248
摘要: The techniques and mechanisms described herein are directed at converting text into objects based on a template that describes the format of the text. The objects then being available for further processing. The conversion mechanism converts the text into an object having at least one method that is directly invocable and that is specific to a data type specified for the live object. The template comprises an object header indicator and a corresponding object header pattern. A new object is created whenever the object header pattern is identified within the text. In addition, the template comprises one or more field indicators each having a corresponding field pattern. The field pattern is in a format of a regular expression. A new field is created for the new object whenever a field pattern is identified within the text.
摘要翻译: 本文描述的技术和机制旨在基于描述文本的格式的模板将文本转换为对象。 然后可以进行进一步处理。 转换机制将文本转换为具有至少一个方法的对象,该方法是直接可调用的,并且特定于为活动对象指定的数据类型。 模板包括对象标题指示符和相应的对象标题模式。 每当在文本中标识对象标题模式时,都会创建一个新对象。 另外,模板包括一个或多个场指示器,每个场指示器具有对应的场模式。 字段模式是正则表达式的格式。 每当在文本中标识字段模式时,将为新对象创建一个新字段。
-
公开(公告)号:US07536696B2
公开(公告)日:2009-05-19
申请号:US10693392
申请日:2003-10-24
CPC分类号: G06F9/45512 , G06F9/445
摘要: The present mechanism provides a grammar for specifying required prerequisites (e.g., number and type of input parameters) that an object must possess in order for processing to occur on the object. The mechanism allows programmers and non-programmers to easily specify these prerequisites. The prerequisites may be associated directly or indirectly with a data structure. For a direct specification, the data structure comprises a parameter declaration for each expected input parameter. For an indirect specification, the data structure comprises a parameter definition that references an external description, such as in an XML document. The data structure also providing a mechanism that identifies a corresponding parameter within an input source for each expected input parameter based on its declaration. The mechanism further populates each expected input parameter with information associated with the corresponding parameter when the data structure becomes instantiated into an object. The mechanism may be provided by a runtime environment.
摘要翻译: 本机制提供用于指定对象必须拥有的必需先决条件(例如,输入参数的数量和类型)以便处理在对象上发生的语法。 该机制允许程序员和非程序员轻松地指定这些先决条件。 前提条件可以直接或间接地与数据结构相关联。 对于直接规范,数据结构包括每个预期输入参数的参数声明。 对于间接规范,数据结构包括引用外部描述的参数定义,例如在XML文档中。 数据结构还提供了一种机制,其基于其声明为每个预期输入参数识别输入源内的对应参数。 当数据结构被实例化成对象时,该机制进一步填充每个期望的输入参数,其中与相应参数相关联的信息。 该机制可以由运行时环境提供。
-
9.发明授权System and method for distinguishing safe and potentially unsafe data during runtime processing 有权在运行时处理期间区分安全和潜在不安全数据的系统和方法公开(公告)号:US07757282B2
公开(公告)日:2010-07-13
申请号:US11133676
申请日:2005-05-20
CPC分类号: G06F21/52
摘要: The techniques and mechanisms described herein are directed to a taint mechanism. An object-based command declares a taint directive for a parameter within a command declaration. The taint directive is then associated with that parameter in a manner such that when an engine processes the command, the engine determines whether to process the command based on the taint directive and input for the parameter. The taint directive may specify that the input may be tainted or untainted. The command declaration may also include a taint parameter that specifies a taint characteristic for output from the command. The taint characteristic may be tainted, untainted, or propagated. Any type of object may become tainted. An untaint process may be applied to tainted data to obtain untainted data if an authorization check performed by the engine is successful.
摘要翻译: 本文描述的技术和机制针对污染机制。 基于对象的命令在命令声明中声明一个参数的污点指令。 然后,污染指令以这样的方式与该参数相关联,使得当引擎处理命令时,引擎根据污点指令和参数的输入来确定是否处理命令。 污点指令可能指定输入可能被污染或未被保留。 命令声明还可以包括一个污染参数,该参数指定了从命令输出的污点特性。 污点特性可能会被污染,未被维护或传播。 任何类型的物体可能会被污染。 如果发动机执行的授权检查成功,则可以将污染过程应用于污染数据以获得未维护的数据。
-
10.发明授权公开(公告)号:US07676798B2
公开(公告)日:2010-03-09
申请号:US10693396
申请日:2003-10-24
IPC分类号: G06F9/45
CPC分类号: G06F9/45512
摘要: The present mechanism obtains constraints within an interactive environment, associates these constraints with constructs, and then applies these constraints to the constructs when encountering the constructs. The constraints may be saved in metadata associated with the respective construct. The constraints may specify a data type for the construct, a predicate directive, a documentation directive, a parsing directive, a data generation directive, a data validation directive, or an object processing and encoding directive. The constraints are extendable to support other directives. The mechanism allows interactive users to easily specify constraints interactively.
摘要翻译: 本机制在交互环境中获得约束,将这些约束与构造相关联,然后在遇到构造时将这些约束应用于构造。 约束可以保存在与相应构造相关联的元数据中。 约束可以指定构造的数据类型,谓词指令,文档指令,解析指令,数据生成指令,数据验证指令或对象处理和编码指令。 限制是可扩展的,以支持其他指令。 该机制允许交互式用户以交互方式轻松指定约束。
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.021 秒)
