├── src └── hhnl.ProcessIsolation │ ├── hhnl.ProcessIsolation │ ├── NetworkPermissions.cs │ ├── hhnl.ProcessIsolation.csproj │ ├── IIsolatedProcess.cs │ ├── Windows │ │ ├── IsolatedWin32Process.cs │ │ └── AppContainerIsolator.cs │ ├── FileAccess.cs │ └── IProcessIsolator.cs │ ├── hhnl.ProcessIsolation.Communication │ ├── ITransportSerializer.cs │ ├── IIsolatedPipeStream.cs │ ├── hhnl.ProcessIsolation.Communication.csproj │ ├── IsolatedProcessServerStream.cs │ ├── IsolatedProcessClientStream.cs │ └── IsolatedProcessChannel.cs │ ├── hhnl.ProcessIsolation.Tests │ ├── hhnl.ProcessIsolation.Tests.csproj │ └── IsolatedProcessChannelTests.cs │ └── hhnl.ProcessIsolation.sln ├── LICENSE ├── README.md ├── .github └── workflows │ └── codeql-analysis.yml └── .gitignore /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation/NetworkPermissions.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace hhnl.ProcessIsolation 4 | { 5 | [Flags] 6 | public enum NetworkPermissions 7 | { 8 | None = 0, 9 | LocalNetwork = 1, 10 | Internet = 2 11 | } 12 | } -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation.Communication/ITransportSerializer.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Threading.Tasks; 3 | 4 | namespace hhnl.ProcessIsolation.Communication 5 | { 6 | public interface ITransportSerializer 7 | { 8 | (int Length, byte[] buffer) Serialize(T message); 9 | 10 | T Deserialize(ReadOnlySpan bytes); 11 | } 12 | } -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation.Communication/IIsolatedPipeStream.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO.Pipes; 3 | using System.Threading; 4 | using System.Threading.Tasks; 5 | 6 | namespace hhnl.ProcessIsolation.Communication 7 | { 8 | public interface IIsolatedPipeStream : IDisposable, IAsyncDisposable 9 | { 10 | public PipeStream Stream { get; } 11 | 12 | public Task StartAsync(CancellationToken token = default); 13 | 14 | public Task StopAsync(); 15 | } 16 | } -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation/hhnl.ProcessIsolation.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netstandard2.0 5 | enable 6 | latest 7 | 1.2.0 8 | Andre Hähnel 9 | Process isolation;AppContainer 10 | true 11 | MIT 12 | https://github.com/anhaehne/hhnl.ProcessIsolation 13 | true 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation/IIsolatedProcess.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Diagnostics; 3 | 4 | namespace hhnl.ProcessIsolation 5 | { 6 | public interface IIsolatedProcess : IDisposable 7 | { 8 | ///

9 | /// Gets the process. 10 | ///

11 | /// 12 | /// The process. 13 | /// 14 | Process Process { get; } 15 | 16 | ///

17 | /// Gets the security identifier of the isolation context. 18 | ///

19 | /// 20 | /// The security identifier. 21 | /// 22 | string SecurityIdentifier { get; } 23 | 24 | ///

25 | /// Gets the session identifier of the process. 26 | ///

27 | /// 28 | /// The session identifier. 29 | /// 30 | int SessionId { get; } 31 | } 32 | } -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation/Windows/IsolatedWin32Process.cs: -------------------------------------------------------------------------------- 1 | using System.Diagnostics; 2 | using NtApiDotNet.Win32; 3 | 4 | namespace hhnl.ProcessIsolation.Windows 5 | { 6 | public class IsolatedWin32Process : IIsolatedProcess 7 | { 8 | private readonly Win32Process _process; 9 | private readonly AppContainerProfile _appContainer; 10 | 11 | public IsolatedWin32Process(Win32Process process, AppContainerProfile appContainer) 12 | { 13 | _process = process; 14 | _appContainer = appContainer; 15 | Process = Process.GetProcessById(process.Pid); 16 | } 17 | 18 | public Process Process { get; } 19 | 20 | public string SecurityIdentifier => _appContainer.Sid.ToString(); 21 | 22 | public int SessionId => _process.Process.SessionId; 23 | 24 | public void Dispose() 25 | { 26 | _process.Dispose(); 27 | _appContainer.Dispose(); 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation.Communication/hhnl.ProcessIsolation.Communication.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netstandard2.1 5 | enable 6 | latest 7 | 1.0.0 8 | Andre Hähnel 9 | Process isolation;AppContainer;Named pipes 10 | true 11 | MIT 12 | https://github.com/anhaehne/hhnl.ProcessIsolation 13 | true 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation.Tests/hhnl.ProcessIsolation.Tests.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | net5.0 5 | 6 | false 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | all 17 | runtime; build; native; contentfiles; analyzers; buildtransitive 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Andre Hähnel 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation/FileAccess.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace hhnl.ProcessIsolation 4 | { 5 | ///

6 | /// Specifies the file or folder access right. 7 | ///

8 | public class FileAccess 9 | { 10 | ///

11 | /// Initializes a new instance of the class. 12 | ///

13 | /// The path. 14 | /// The file access rights. 15 | public FileAccess(string path, Right accessRights) 16 | { 17 | Path = path; 18 | AccessRight = accessRights; 19 | } 20 | 21 | ///

22 | /// Gets or sets the path to the file or folder. 23 | ///

24 | /// 25 | /// The path. 26 | /// 27 | public string Path { get; } 28 | 29 | ///

30 | /// Gets the file access rights for the file or folder. 31 | ///

32 | /// 33 | /// The file access rights. 34 | /// 35 | public Right AccessRight { get; } 36 | 37 | [Flags] 38 | public enum Right : uint 39 | { 40 | Read = 2147483648, 41 | Write = 1073741824 42 | } 43 | } 44 | } -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation.Communication/IsolatedProcessServerStream.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO.Pipes; 3 | using System.Threading; 4 | using System.Threading.Tasks; 5 | 6 | namespace hhnl.ProcessIsolation.Communication 7 | { 8 | public class IsolatedProcessServerStream : IIsolatedPipeStream, IDisposable, IAsyncDisposable 9 | { 10 | private readonly NamedPipeServerStream _serverStream; 11 | 12 | public IsolatedProcessServerStream(string pipeName) 13 | { 14 | var pipePath = $"LOCAL\\{pipeName}"; 15 | 16 | _serverStream = new NamedPipeServerStream(pipePath, 17 | PipeDirection.InOut, 18 | 1, 19 | PipeTransmissionMode.Byte, 20 | PipeOptions.Asynchronous); 21 | } 22 | 23 | public IsolatedProcessServerStream(NamedPipeServerStream serverStream) 24 | { 25 | _serverStream = serverStream; 26 | } 27 | 28 | public ValueTask DisposeAsync() 29 | { 30 | return _serverStream.DisposeAsync(); 31 | } 32 | 33 | public void Dispose() 34 | { 35 | _serverStream.Dispose(); 36 | } 37 | 38 | public PipeStream Stream => _serverStream; 39 | 40 | public Task StartAsync(CancellationToken token = default) 41 | { 42 | return WaitForConnectionAsync(token); 43 | } 44 | 45 | public Task StopAsync() 46 | { 47 | Disconnect(); 48 | return Task.CompletedTask; 49 | } 50 | 51 | public Task WaitForConnectionAsync() 52 | { 53 | return _serverStream.WaitForConnectionAsync(); 54 | } 55 | 56 | public Task WaitForConnectionAsync(CancellationToken cancellationToken) 57 | { 58 | return _serverStream.WaitForConnectionAsync(cancellationToken); 59 | } 60 | 61 | public void Disconnect() 62 | { 63 | _serverStream.Disconnect(); 64 | } 65 | } 66 | } -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation/IProcessIsolator.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | 4 | namespace hhnl.ProcessIsolation 5 | { 6 | public interface IProcessIsolator 7 | { 8 | bool IsCurrentProcessIsolated(); 9 | 10 | ///

11 | /// Starts the process isolated. 12 | ///

13 | /// 14 | /// Name identifier for the isolation. This has to be unique. Under windows this is the 15 | /// name of the AppContainerIsolator. 16 | /// 17 | /// The path to the executable. 18 | /// The command line arguments. 19 | /// The network permissions the process should have. 20 | /// 21 | /// If set to true the started process will be terminated when the current 22 | /// process exits. 23 | /// 24 | /// The file access. Allows to specify file and folder access rights. 25 | /// 26 | /// The process object. Needs to be disposed. 27 | /// 28 | /// 29 | /// By default the folder containing the executable will be made available to the process to allow loading dependencies. 30 | /// Set this to false to suppress this behaviour. 31 | /// 32 | /// 33 | /// The working directory of the process. 34 | /// 35 | /// $"Couldn't resolve directory for '{path}'. 36 | IIsolatedProcess StartIsolatedProcess( 37 | string isolationIdentifier, 38 | string path, 39 | string[]? commandLineArguments = null, 40 | NetworkPermissions networkPermissions = NetworkPermissions.None, 41 | bool attachToCurrentProcess = true, 42 | IEnumerable? fileAccess = null, 43 | bool makeApplicationDirectoryReadable = true, 44 | string? workingDirectory = null); 45 | } 46 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # hhnl.ProcessIsolation 2 | A .net library to start isolated processes. 3 | 4 | [![Nuget](https://img.shields.io/nuget/v/hhnl.ProcessIsolation?label=hhnl.ProcessIsolation)](https://www.nuget.org/packages/hhnl.ProcessIsolation/) 5 | 6 | Eventhough this is a .net standard project, only windows is currently supported. 7 | Processes are run inside an appcontainer which restricts network, file and windows access. 8 | 9 | ## Example: 10 | ``` csharp 11 | IProcessIsolator isolator = new AppContainerIsolator() 12 | isolator.StartIsolatedProcess("MyIsolatedProcess", "c:\\windows\\notepad.exe", makeApplicationDirectoryReadable: false); 13 | ``` 14 | This should open notepad. If you try to open a file with "File => Open" you should get an error "Access denied". 15 | See https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation for more information. 16 | 17 | ### Remarks: 18 | By default the application will be granted read access to the folder the executable is in. 19 | 20 | If you want to prevent this behaviour because the application does not need acces or the current user has no permission to that folder, you can suppress the behaviour by setting 'makeApplicationDirectoryReadable: false'. 21 | 22 | It is included in this example because changing the permissions of 'c:\windows' requires admin privileges by default. 23 | 24 | ## Allow network access: 25 | ``` csharp 26 | using hhnl.ProcessIsolation.Windows; 27 | 28 | // Allows internet and local network access 29 | isolator.StartIsolatedProcess("MyIsolatedProcess", "myapp.exe", networkPermissions: NetworkPermissions.Internet | NetworkPermissions.LocalNetwork); 30 | ``` 31 | 32 | ## Allow file access: 33 | ``` csharp 34 | using System; 35 | using hhnl.ProcessIsolation.Windows; 36 | 37 | // Allows read and write access to the desktop 38 | var desktopPath = Environment.ExpandEnvironmentVariables("%userprofile%\\Desktop"); 39 | var desktopFileAccess = new FileAccess(desktopPath, FileAccess.Right.Read | FileAccess.Right.Write); 40 | 41 | isolator.StartIsolatedProcess("MyIsolatedProcess", "myapp.exe", fileAccess: new[] { desktopFileAccess }); 42 | ``` 43 | ## Attach child process: 44 | By default the create process will be attached to the current process. 45 | This will cause the new process to be closed once the current process is close. 46 | To prevent this behaviour you can set `attachToCurrentProcess = false` 47 | 48 | -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.30626.31 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "hhnl.ProcessIsolation", "hhnl.ProcessIsolation\hhnl.ProcessIsolation.csproj", "{6C4272F2-EC9D-4BC7-97DC-9FD90D953853}" 7 | EndProject 8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "hhnl.ProcessIsolation.Communication", "hhnl.ProcessIsolation.Communication\hhnl.ProcessIsolation.Communication.csproj", "{CEACA9F7-59F3-492F-84DF-86F41A7D56A6}" 9 | EndProject 10 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "hhnl.ProcessIsolation.Tests", "hhnl.ProcessIsolation.Tests\hhnl.ProcessIsolation.Tests.csproj", "{769307D6-618F-459A-9914-BCEBF04368FF}" 11 | EndProject 12 | Global 13 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 14 | Debug|Any CPU = Debug|Any CPU 15 | Release|Any CPU = Release|Any CPU 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {6C4272F2-EC9D-4BC7-97DC-9FD90D953853}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 19 | {6C4272F2-EC9D-4BC7-97DC-9FD90D953853}.Debug|Any CPU.Build.0 = Debug|Any CPU 20 | {6C4272F2-EC9D-4BC7-97DC-9FD90D953853}.Release|Any CPU.ActiveCfg = Release|Any CPU 21 | {6C4272F2-EC9D-4BC7-97DC-9FD90D953853}.Release|Any CPU.Build.0 = Release|Any CPU 22 | {CEACA9F7-59F3-492F-84DF-86F41A7D56A6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 23 | {CEACA9F7-59F3-492F-84DF-86F41A7D56A6}.Debug|Any CPU.Build.0 = Debug|Any CPU 24 | {CEACA9F7-59F3-492F-84DF-86F41A7D56A6}.Release|Any CPU.ActiveCfg = Release|Any CPU 25 | {CEACA9F7-59F3-492F-84DF-86F41A7D56A6}.Release|Any CPU.Build.0 = Release|Any CPU 26 | {769307D6-618F-459A-9914-BCEBF04368FF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 27 | {769307D6-618F-459A-9914-BCEBF04368FF}.Debug|Any CPU.Build.0 = Debug|Any CPU 28 | {769307D6-618F-459A-9914-BCEBF04368FF}.Release|Any CPU.ActiveCfg = Release|Any CPU 29 | {769307D6-618F-459A-9914-BCEBF04368FF}.Release|Any CPU.Build.0 = Release|Any CPU 30 | EndGlobalSection 31 | GlobalSection(SolutionProperties) = preSolution 32 | HideSolutionNode = FALSE 33 | EndGlobalSection 34 | GlobalSection(ExtensibilityGlobals) = postSolution 35 | SolutionGuid = {06242262-334F-4F86-8E16-9436BE19FBED} 36 | EndGlobalSection 37 | EndGlobal 38 | -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation.Communication/IsolatedProcessClientStream.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO.Pipes; 3 | using System.Threading; 4 | using System.Threading.Tasks; 5 | 6 | namespace hhnl.ProcessIsolation.Communication 7 | { 8 | public class IsolatedProcessClientStream : IIsolatedPipeStream, IDisposable, IAsyncDisposable 9 | { 10 | private readonly NamedPipeClientStream _clientStream; 11 | 12 | public IsolatedProcessClientStream(IIsolatedProcess process, string pipeName) 13 | { 14 | var fullPipeName = 15 | $"\\Sessions\\{process.SessionId}\\AppContainerNamedObjects\\{process.SecurityIdentifier}\\{pipeName}"; 16 | _clientStream = new NamedPipeClientStream(".", 17 | fullPipeName, 18 | PipeDirection.InOut, 19 | PipeOptions.Asynchronous); 20 | } 21 | 22 | public IsolatedProcessClientStream(NamedPipeClientStream clientStream) 23 | { 24 | _clientStream = clientStream; 25 | } 26 | 27 | public PipeStream Stream => _clientStream; 28 | 29 | public Task StartAsync(CancellationToken token = default) 30 | { 31 | return ConnectAsync(token); 32 | } 33 | 34 | public Task StopAsync() 35 | { 36 | _clientStream.Close(); 37 | return Task.CompletedTask; 38 | } 39 | 40 | public ValueTask DisposeAsync() 41 | { 42 | return _clientStream.DisposeAsync(); 43 | } 44 | 45 | public void Dispose() 46 | { 47 | _clientStream.Dispose(); 48 | } 49 | 50 | public Task ConnectAsync() 51 | { 52 | return _clientStream.ConnectAsync(); 53 | } 54 | 55 | public Task ConnectAsync(int timeout) 56 | { 57 | return _clientStream.ConnectAsync(timeout); 58 | } 59 | 60 | public Task ConnectAsync(CancellationToken cancellationToken) 61 | { 62 | return _clientStream.ConnectAsync(cancellationToken); 63 | } 64 | 65 | public Task ConnectAsync(int timeout, CancellationToken cancellationToken) 66 | { 67 | return _clientStream.ConnectAsync(timeout, cancellationToken); 68 | } 69 | 70 | public void Close() 71 | { 72 | _clientStream.Close(); 73 | } 74 | } 75 | } -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | # 7 | # ******** NOTE ******** 8 | # We have attempted to detect the languages in your repository. Please check 9 | # the `language` matrix defined below to confirm you have the correct set of 10 | # supported CodeQL languages. 11 | # 12 | name: "CodeQL" 13 | 14 | on: 15 | push: 16 | branches: [ main ] 17 | pull_request: 18 | # The branches below must be a subset of the branches above 19 | branches: [ main ] 20 | schedule: 21 | - cron: '38 17 * * 1' 22 | 23 | jobs: 24 | analyze: 25 | name: Analyze 26 | runs-on: ubuntu-latest 27 | 28 | strategy: 29 | fail-fast: false 30 | matrix: 31 | language: [ 'csharp' ] 32 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] 33 | # Learn more: 34 | # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed 35 | 36 | steps: 37 | - name: Checkout repository 38 | uses: actions/checkout@v2 39 | 40 | # Initializes the CodeQL tools for scanning. 41 | - name: Initialize CodeQL 42 | uses: github/codeql-action/init@v1 43 | with: 44 | languages: ${{ matrix.language }} 45 | # If you wish to specify custom queries, you can do so here or in a config file. 46 | # By default, queries listed here will override any specified in a config file. 47 | # Prefix the list here with "+" to use these queries and those in the config file. 48 | # queries: ./path/to/local/query, your-org/your-repo/queries@main 49 | 50 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 51 | # If this step fails, then you should remove it and run the build manually (see below) 52 | - name: Autobuild 53 | uses: github/codeql-action/autobuild@v1 54 | 55 | # ℹ️ Command-line programs to run using the OS shell. 56 | # 📚 https://git.io/JvXDl 57 | 58 | # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines 59 | # and modify them (or add more) to build your code if your project 60 | # uses a compiled language 61 | 62 | #- run: | 63 | # make bootstrap 64 | # make release 65 | 66 | - name: Perform CodeQL Analysis 67 | uses: github/codeql-action/analyze@v1 68 | -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation.Communication/IsolatedProcessChannel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Buffers; 3 | using System.Threading; 4 | using System.Threading.Channels; 5 | using System.Threading.Tasks; 6 | 7 | namespace hhnl.ProcessIsolation.Communication 8 | { 9 | public class IsolatedProcessChannel : IDisposable, IAsyncDisposable 10 | { 11 | private const int HeaderSize = sizeof(int); 12 | private readonly ITransportSerializer _serializer; 13 | private readonly IIsolatedPipeStream _stream; 14 | private readonly Channel _sendChannel; 15 | private CancellationTokenSource? _cts; 16 | private Task? _sendTask; 17 | 18 | public IsolatedProcessChannel(IIsolatedPipeStream stream, ITransportSerializer serializer, int sendMessageBuffer = 32) 19 | { 20 | _stream = stream; 21 | _serializer = serializer; 22 | _sendChannel = Channel.CreateBounded(sendMessageBuffer); 23 | } 24 | 25 | public async Task ReceiveAsync(CancellationToken cancellationToken = default) 26 | { 27 | byte[]? headerBuffer = null; 28 | byte[]? messageBuffer = null; 29 | 30 | try 31 | { 32 | // Read header 33 | headerBuffer = ArrayPool.Shared.Rent(HeaderSize); 34 | var headerReadBytes = await _stream.Stream.ReadAsync(headerBuffer, 0, HeaderSize, cancellationToken); 35 | 36 | cancellationToken.ThrowIfCancellationRequested(); 37 | 38 | // Verify header 39 | if (headerReadBytes != HeaderSize) 40 | throw new InvalidOperationException("Unable to read message header."); 41 | var messageLength = BitConverter.ToInt32(headerBuffer); 42 | if (messageLength < 1) 43 | throw new InvalidOperationException($"Invalid message length {messageLength}"); 44 | 45 | // Read message 46 | messageBuffer = ArrayPool.Shared.Rent(messageLength); 47 | var bytesRead = await _stream.Stream.ReadAsync(messageBuffer, 0, messageLength, cancellationToken); 48 | 49 | cancellationToken.ThrowIfCancellationRequested(); 50 | 51 | if(bytesRead != messageLength) 52 | throw new InvalidOperationException($"Could not read message til the end."); 53 | 54 | return _serializer.Deserialize(((ReadOnlySpan)messageBuffer).Slice(0, messageLength)); 55 | } 56 | finally 57 | { 58 | if (headerBuffer is not null) 59 | ArrayPool.Shared.Return(headerBuffer); 60 | 61 | if (messageBuffer is not null) 62 | ArrayPool.Shared.Return(messageBuffer); 63 | } 64 | } 65 | 66 | public ValueTask EnqueueMessageAsync(TSend message, CancellationToken cancellationToken = default) 67 | { 68 | return _sendChannel.Writer.WriteAsync(message, cancellationToken); 69 | } 70 | 71 | private async Task SendInternalAsync(CancellationToken cancellationToken) 72 | { 73 | while (!cancellationToken.IsCancellationRequested) 74 | { 75 | var message = await _sendChannel.Reader.ReadAsync(cancellationToken); 76 | 77 | var (messageLength, messageBuffer) = _serializer.Serialize(message); 78 | 79 | // Send header 80 | var header = BitConverter.GetBytes(messageLength); 81 | await _stream.Stream.WriteAsync(header, cancellationToken); 82 | 83 | if (cancellationToken.IsCancellationRequested) 84 | return; 85 | 86 | // Send message 87 | await _stream.Stream.WriteAsync(messageBuffer, 0, messageLength, cancellationToken); 88 | } 89 | } 90 | 91 | public async Task StartAsync(CancellationToken cancellationToken = default) 92 | { 93 | if (_cts is not null) 94 | throw new InvalidOperationException("Channel already started."); 95 | 96 | _cts = new CancellationTokenSource(); 97 | 98 | await _stream.StartAsync(cancellationToken); 99 | _sendTask = SendInternalAsync(_cts.Token); 100 | } 101 | 102 | public async Task StopAsync(CancellationToken cancellationToken = default) 103 | { 104 | if (_cts is null) 105 | throw new InvalidOperationException("Channel not yet started."); 106 | 107 | _cts?.Cancel(); 108 | 109 | if (_sendTask is not null) 110 | { 111 | try 112 | { 113 | await _sendTask; 114 | } 115 | catch (OperationCanceledException) 116 | { 117 | } 118 | } 119 | 120 | await _stream.StopAsync(); 121 | 122 | _cts?.Dispose(); 123 | _cts = null; 124 | } 125 | 126 | public void Dispose() 127 | { 128 | _stream.Dispose(); 129 | _cts?.Dispose(); 130 | } 131 | 132 | public async ValueTask DisposeAsync() 133 | { 134 | await _stream.DisposeAsync(); 135 | _cts?.Dispose(); 136 | } 137 | } 138 | 139 | public class IsolatedProcessChannel : IsolatedProcessChannel 140 | { 141 | public IsolatedProcessChannel(IIsolatedPipeStream stream, ITransportSerializer serializer) : base(stream, serializer) 142 | { 143 | } 144 | } 145 | } -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation.Tests/IsolatedProcessChannelTests.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO.Pipes; 3 | using System.Text; 4 | using System.Threading.Tasks; 5 | using hhnl.ProcessIsolation.Communication; 6 | using Newtonsoft.Json; 7 | using NUnit.Framework; 8 | 9 | namespace hhnl.ProcessIsolation.Tests 10 | { 11 | public class IsolatedProcessChannelTests 12 | { 13 | private IsolatedProcessChannel _clientChannel; 14 | private IsolatedProcessChannel _serverChannel; 15 | 16 | [SetUp] 17 | public async Task Setup() 18 | { 19 | var transportSerializer = new MockSerializer(); 20 | var pipeName = Guid.NewGuid().ToString(); 21 | 22 | var pipeServer = new IsolatedProcessServerStream(new NamedPipeServerStream(pipeName, 23 | PipeDirection.InOut, 24 | 1, 25 | PipeTransmissionMode.Byte, 26 | PipeOptions.Asynchronous)); 27 | 28 | var pipeClient = 29 | new IsolatedProcessClientStream(new NamedPipeClientStream(".", 30 | pipeName, 31 | PipeDirection.InOut, 32 | PipeOptions.Asynchronous)); 33 | 34 | _clientChannel = new IsolatedProcessChannel(pipeClient, transportSerializer); 35 | _serverChannel = new IsolatedProcessChannel(pipeServer, transportSerializer); 36 | 37 | var serverStart = _serverChannel.StartAsync(); 38 | 39 | await _clientChannel.StartAsync(); 40 | await serverStart; 41 | } 42 | 43 | [TearDown] 44 | public async Task TearDown() 45 | { 46 | await Task.WhenAll(_clientChannel.StopAsync(), _serverChannel.StopAsync()); 47 | await _clientChannel.DisposeAsync(); 48 | await _serverChannel.DisposeAsync(); 49 | } 50 | 51 | [Test] 52 | public async Task Client_can_send_to_server() 53 | { 54 | // Act 55 | await _serverChannel.EnqueueMessageAsync("test"); 56 | var result = await _clientChannel.ReceiveAsync(); 57 | 58 | // Assert 59 | Assert.AreEqual("test", result, "Message length mismatch."); 60 | } 61 | 62 | [Test] 63 | public async Task Server_can_send_to_client() 64 | { 65 | // Act 66 | await _clientChannel.EnqueueMessageAsync("test"); 67 | var result = await _serverChannel.ReceiveAsync(); 68 | 69 | // Assert 70 | Assert.AreEqual("test", result, "Message length mismatch."); 71 | } 72 | 73 | [Test] 74 | public async Task Can_send_bi_directional() 75 | { 76 | const int messageCount = 1000; 77 | 78 | var clientSendTask = Task.Run(async () => 79 | { 80 | for (var i = 0; i < messageCount; i++) 81 | { 82 | await _clientChannel.EnqueueMessageAsync(i.ToString()); 83 | } 84 | }); 85 | var clientReceiveTask = Task.Run(async () => 86 | { 87 | for (var i = 0; i < messageCount; i++) 88 | { 89 | await _clientChannel.ReceiveAsync(); 90 | } 91 | }); 92 | var serverSendTask = Task.Run(async () => 93 | { 94 | for (var i = 0; i < messageCount; i++) 95 | { 96 | await _serverChannel.EnqueueMessageAsync(i.ToString()); 97 | } 98 | }); 99 | var serverReceiveTask = Task.Run(async () => 100 | { 101 | for (var i = 0; i < messageCount; i++) 102 | { 103 | await _serverChannel.ReceiveAsync(); 104 | } 105 | }); 106 | 107 | await Task.WhenAll(clientSendTask, clientReceiveTask, serverSendTask, serverReceiveTask); 108 | } 109 | 110 | [Test] 111 | public async Task Can_send_simultaneously_directional() 112 | { 113 | const int messageCount = 1000; 114 | 115 | var clientSendTask1 = Task.Run(async () => 116 | { 117 | for (var i = 0; i < messageCount; i++) 118 | { 119 | await _clientChannel.EnqueueMessageAsync(i.ToString()); 120 | } 121 | }); 122 | var clientSendTask2 = Task.Run(async () => 123 | { 124 | for (var i = 0; i < messageCount; i++) 125 | { 126 | await _clientChannel.EnqueueMessageAsync(i.ToString()); 127 | } 128 | }); 129 | var clientSendTask3 = Task.Run(async () => 130 | { 131 | for (var i = 0; i < messageCount; i++) 132 | { 133 | await _clientChannel.EnqueueMessageAsync(i.ToString()); 134 | } 135 | }); 136 | var clientSendTask4 = Task.Run(async () => 137 | { 138 | for (var i = 0; i < messageCount; i++) 139 | { 140 | await _clientChannel.EnqueueMessageAsync(i.ToString()); 141 | } 142 | }); 143 | 144 | for (var i = 0; i < messageCount * 4; i++) 145 | { 146 | await _serverChannel.ReceiveAsync(); 147 | } 148 | 149 | await Task.WhenAll(clientSendTask1, clientSendTask2, clientSendTask3, clientSendTask4); 150 | } 151 | 152 | private class MockSerializer : ITransportSerializer 153 | { 154 | public (int Length, byte[] buffer) Serialize(T message) 155 | { 156 | var json = JsonConvert.SerializeObject(message); 157 | var bytes = Encoding.Unicode.GetBytes(json); 158 | return (bytes.Length, bytes); 159 | } 160 | 161 | public T Deserialize(ReadOnlySpan bytes) 162 | { 163 | var json = Encoding.Unicode.GetString(bytes); 164 | return JsonConvert.DeserializeObject(json); 165 | } 166 | } 167 | } 168 | } -------------------------------------------------------------------------------- /src/hhnl.ProcessIsolation/hhnl.ProcessIsolation/Windows/AppContainerIsolator.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.IO; 4 | using System.Linq; 5 | using NtApiDotNet; 6 | using NtApiDotNet.Win32; 7 | using NtApiDotNet.Win32.Security; 8 | using NtApiDotNet.Win32.Security.Authorization; 9 | 10 | namespace hhnl.ProcessIsolation.Windows 11 | { 12 | public class AppContainerIsolator : IProcessIsolator 13 | { 14 | private static readonly Lazy _childProcessCascadeCloseJob = new Lazy( 15 | () => 16 | { 17 | var job = NtJob.Create(); 18 | job.SetLimitFlags(JobObjectLimitFlags.KillOnJobClose); 19 | 20 | return job; 21 | }); 22 | 23 | public bool IsCurrentProcessIsolated() 24 | { 25 | using NtToken token = NtToken.OpenProcessToken(); 26 | 27 | return token.AppContainer; 28 | } 29 | 30 | ///

31 | /// Starts the process isolated. 32 | ///

33 | /// Name identifier for the isolation. This has to be unique. Under windows this is the name of the AppContainerIsolator. 34 | /// The path to the executable. 35 | /// The command line arguments. 36 | /// The network permissions the process should have. 37 | /// 38 | /// If set to true the started process will be terminated when the current 39 | /// process exits. 40 | /// 41 | /// The extended file access. Allows for custom file and folder access rights. 42 | /// 43 | /// By default the folder containing the executable will be made available to the process to allow loading dependencies. 44 | /// Set this to false to suppress this behaviour. 45 | /// 46 | /// 47 | /// The working directory of the process. 48 | /// 49 | /// 50 | /// The process object. Needs to be disposed. 51 | /// 52 | /// $"Couldn't resolve directory for '{path}'. 53 | public IIsolatedProcess StartIsolatedProcess( 54 | string isolationIdentifier, 55 | string path, 56 | string[]? commandLineArguments = null, 57 | NetworkPermissions networkPermissions = NetworkPermissions.None, 58 | bool attachToCurrentProcess = true, 59 | IEnumerable? fileAccess = null, 60 | bool makeApplicationDirectoryReadable = true, 61 | string? workingDirectory = null) 62 | { 63 | string applicationName = Path.GetFileNameWithoutExtension(path); 64 | 65 | var container = AppContainerProfile.Create( 66 | isolationIdentifier, 67 | $"{applicationName} Container ({isolationIdentifier})", 68 | $"Application container for {applicationName}"); 69 | 70 | var config = new Win32ProcessConfig 71 | { 72 | ApplicationName = path, 73 | CommandLine = commandLineArguments is not null ? string.Join(" ", commandLineArguments) : string.Empty, 74 | ChildProcessMitigations = ChildProcessMitigationFlags.Restricted, 75 | AppContainerSid = container.Sid, 76 | TerminateOnDispose = true, 77 | CurrentDirectory = workingDirectory is null ? null : Path.GetFullPath(workingDirectory), 78 | }; 79 | 80 | // Allow the process to access it's own files. 81 | if (makeApplicationDirectoryReadable) 82 | { 83 | var appDirectory = Path.GetDirectoryName(path) ?? 84 | throw new ArgumentException($"Couldn't resolve directory for '{path}'."); 85 | AllowFileAccess(container, appDirectory, FileAccessRights.GenericRead); 86 | } 87 | 88 | // Apply user folder and file permissions 89 | if (fileAccess is not null) 90 | { 91 | foreach (var cur in fileAccess) 92 | { 93 | if (!Directory.Exists(cur.Path) && !File.Exists(cur.Path)) 94 | throw new ArgumentException($"The file or folder '{cur.Path}' does not exist."); 95 | 96 | AllowFileAccess( 97 | container, 98 | cur.Path, 99 | (FileAccessRights)cur.AccessRight); 100 | } 101 | } 102 | 103 | // Apply network networkPermissions 104 | if ((networkPermissions & NetworkPermissions.LocalNetwork) != 0) 105 | config.AddCapability(KnownSids.CapabilityPrivateNetworkClientServer); 106 | 107 | if ((networkPermissions & NetworkPermissions.Internet) != 0) 108 | config.AddCapability(KnownSids.CapabilityInternetClient); 109 | 110 | var process = Win32Process.CreateProcess(config); 111 | 112 | // Make sure the new process gets killed when the current process stops. 113 | if (attachToCurrentProcess) 114 | _childProcessCascadeCloseJob.Value.AssignProcess(process.Process); 115 | 116 | return new IsolatedWin32Process(process, container); 117 | } 118 | 119 | private static void AllowFileAccess(AppContainerProfile container, string folder, FileAccessRights accessRights) 120 | { 121 | var securityInfo = Win32Security.GetSecurityInfo( 122 | folder, 123 | SeObjectType.File, 124 | SecurityInformation.Dacl); 125 | 126 | var existingAce = securityInfo.Dacl.FirstOrDefault(d => d.Sid == container.Sid); 127 | 128 | if (existingAce is not null && 129 | existingAce.Type == AceType.Allowed && 130 | existingAce.Mask == accessRights && 131 | existingAce.Flags == (AceFlags.ContainerInherit | AceFlags.ObjectInherit)) 132 | { 133 | // Ace already exists. 134 | return; 135 | } 136 | 137 | var ace = new Ace( 138 | AceType.Allowed, 139 | AceFlags.ContainerInherit | AceFlags.ObjectInherit, 140 | accessRights, 141 | container.Sid); 142 | 143 | securityInfo.AddAce(ace); 144 | 145 | Win32Security.SetSecurityInfo( 146 | folder, 147 | SeObjectType.File, 148 | SecurityInformation.Dacl, 149 | securityInfo, 150 | true); 151 | } 152 | } 153 | } -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Mono auto generated files 17 | mono_crash.* 18 | 19 | # Build results 20 | [Dd]ebug/ 21 | [Dd]ebugPublic/ 22 | [Rr]elease/ 23 | [Rr]eleases/ 24 | x64/ 25 | x86/ 26 | [Aa][Rr][Mm]/ 27 | [Aa][Rr][Mm]64/ 28 | bld/ 29 | [Bb]in/ 30 | [Oo]bj/ 31 | [Ll]og/ 32 | [Ll]ogs/ 33 | 34 | # Visual Studio 2015/2017 cache/options directory 35 | .vs/ 36 | # Uncomment if you have tasks that create the project's static files in wwwroot 37 | #wwwroot/ 38 | 39 | # Visual Studio 2017 auto generated files 40 | Generated\ Files/ 41 | 42 | # MSTest test Results 43 | [Tt]est[Rr]esult*/ 44 | [Bb]uild[Ll]og.* 45 | 46 | # NUnit 47 | *.VisualState.xml 48 | TestResult.xml 49 | nunit-*.xml 50 | 51 | # Build Results of an ATL Project 52 | [Dd]ebugPS/ 53 | [Rr]eleasePS/ 54 | dlldata.c 55 | 56 | # Benchmark Results 57 | BenchmarkDotNet.Artifacts/ 58 | 59 | # .NET Core 60 | project.lock.json 61 | project.fragment.lock.json 62 | artifacts/ 63 | 64 | # StyleCop 65 | StyleCopReport.xml 66 | 67 | # Files built by Visual Studio 68 | *_i.c 69 | *_p.c 70 | *_h.h 71 | *.ilk 72 | *.meta 73 | *.obj 74 | *.iobj 75 | *.pch 76 | *.pdb 77 | *.ipdb 78 | *.pgc 79 | *.pgd 80 | *.rsp 81 | *.sbr 82 | *.tlb 83 | *.tli 84 | *.tlh 85 | *.tmp 86 | *.tmp_proj 87 | *_wpftmp.csproj 88 | *.log 89 | *.vspscc 90 | *.vssscc 91 | .builds 92 | *.pidb 93 | *.svclog 94 | *.scc 95 | 96 | # Chutzpah Test files 97 | _Chutzpah* 98 | 99 | # Visual C++ cache files 100 | ipch/ 101 | *.aps 102 | *.ncb 103 | *.opendb 104 | *.opensdf 105 | *.sdf 106 | *.cachefile 107 | *.VC.db 108 | *.VC.VC.opendb 109 | 110 | # Visual Studio profiler 111 | *.psess 112 | *.vsp 113 | *.vspx 114 | *.sap 115 | 116 | # Visual Studio Trace Files 117 | *.e2e 118 | 119 | # TFS 2012 Local Workspace 120 | $tf/ 121 | 122 | # Guidance Automation Toolkit 123 | *.gpState 124 | 125 | # ReSharper is a .NET coding add-in 126 | _ReSharper*/ 127 | *.[Rr]e[Ss]harper 128 | *.DotSettings.user 129 | 130 | # TeamCity is a build add-in 131 | _TeamCity* 132 | 133 | # DotCover is a Code Coverage Tool 134 | *.dotCover 135 | 136 | # AxoCover is a Code Coverage Tool 137 | .axoCover/* 138 | !.axoCover/settings.json 139 | 140 | # Visual Studio code coverage results 141 | *.coverage 142 | *.coveragexml 143 | 144 | # NCrunch 145 | _NCrunch_* 146 | .*crunch*.local.xml 147 | nCrunchTemp_* 148 | 149 | # MightyMoose 150 | *.mm.* 151 | AutoTest.Net/ 152 | 153 | # Web workbench (sass) 154 | .sass-cache/ 155 | 156 | # Installshield output folder 157 | [Ee]xpress/ 158 | 159 | # DocProject is a documentation generator add-in 160 | DocProject/buildhelp/ 161 | DocProject/Help/*.HxT 162 | DocProject/Help/*.HxC 163 | DocProject/Help/*.hhc 164 | DocProject/Help/*.hhk 165 | DocProject/Help/*.hhp 166 | DocProject/Help/Html2 167 | DocProject/Help/html 168 | 169 | # Click-Once directory 170 | publish/ 171 | 172 | # Publish Web Output 173 | *.[Pp]ublish.xml 174 | *.azurePubxml 175 | # Note: Comment the next line if you want to checkin your web deploy settings, 176 | # but database connection strings (with potential passwords) will be unencrypted 177 | *.pubxml 178 | *.publishproj 179 | 180 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 181 | # checkin your Azure Web App publish settings, but sensitive information contained 182 | # in these scripts will be unencrypted 183 | PublishScripts/ 184 | 185 | # NuGet Packages 186 | *.nupkg 187 | # NuGet Symbol Packages 188 | *.snupkg 189 | # The packages folder can be ignored because of Package Restore 190 | **/[Pp]ackages/* 191 | # except build/, which is used as an MSBuild target. 192 | !**/[Pp]ackages/build/ 193 | # Uncomment if necessary however generally it will be regenerated when needed 194 | #!**/[Pp]ackages/repositories.config 195 | # NuGet v3's project.json files produces more ignorable files 196 | *.nuget.props 197 | *.nuget.targets 198 | 199 | # Microsoft Azure Build Output 200 | csx/ 201 | *.build.csdef 202 | 203 | # Microsoft Azure Emulator 204 | ecf/ 205 | rcf/ 206 | 207 | # Windows Store app package directories and files 208 | AppPackages/ 209 | BundleArtifacts/ 210 | Package.StoreAssociation.xml 211 | _pkginfo.txt 212 | *.appx 213 | *.appxbundle 214 | *.appxupload 215 | 216 | # Visual Studio cache files 217 | # files ending in .cache can be ignored 218 | *.[Cc]ache 219 | # but keep track of directories ending in .cache 220 | !?*.[Cc]ache/ 221 | 222 | # Others 223 | ClientBin/ 224 | ~$* 225 | *~ 226 | *.dbmdl 227 | *.dbproj.schemaview 228 | *.jfm 229 | *.pfx 230 | *.publishsettings 231 | orleans.codegen.cs 232 | 233 | # Including strong name files can present a security risk 234 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 235 | #*.snk 236 | 237 | # Since there are multiple workflows, uncomment next line to ignore bower_components 238 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 239 | #bower_components/ 240 | 241 | # RIA/Silverlight projects 242 | Generated_Code/ 243 | 244 | # Backup & report files from converting an old project file 245 | # to a newer Visual Studio version. Backup files are not needed, 246 | # because we have git ;-) 247 | _UpgradeReport_Files/ 248 | Backup*/ 249 | UpgradeLog*.XML 250 | UpgradeLog*.htm 251 | ServiceFabricBackup/ 252 | *.rptproj.bak 253 | 254 | # SQL Server files 255 | *.mdf 256 | *.ldf 257 | *.ndf 258 | 259 | # Business Intelligence projects 260 | *.rdl.data 261 | *.bim.layout 262 | *.bim_*.settings 263 | *.rptproj.rsuser 264 | *- [Bb]ackup.rdl 265 | *- [Bb]ackup ([0-9]).rdl 266 | *- [Bb]ackup ([0-9][0-9]).rdl 267 | 268 | # Microsoft Fakes 269 | FakesAssemblies/ 270 | 271 | # GhostDoc plugin setting file 272 | *.GhostDoc.xml 273 | 274 | # Node.js Tools for Visual Studio 275 | .ntvs_analysis.dat 276 | node_modules/ 277 | 278 | # Visual Studio 6 build log 279 | *.plg 280 | 281 | # Visual Studio 6 workspace options file 282 | *.opt 283 | 284 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 285 | *.vbw 286 | 287 | # Visual Studio LightSwitch build output 288 | **/*.HTMLClient/GeneratedArtifacts 289 | **/*.DesktopClient/GeneratedArtifacts 290 | **/*.DesktopClient/ModelManifest.xml 291 | **/*.Server/GeneratedArtifacts 292 | **/*.Server/ModelManifest.xml 293 | _Pvt_Extensions 294 | 295 | # Paket dependency manager 296 | .paket/paket.exe 297 | paket-files/ 298 | 299 | # FAKE - F# Make 300 | .fake/ 301 | 302 | # CodeRush personal settings 303 | .cr/personal 304 | 305 | # Python Tools for Visual Studio (PTVS) 306 | __pycache__/ 307 | *.pyc 308 | 309 | # Cake - Uncomment if you are using it 310 | # tools/** 311 | # !tools/packages.config 312 | 313 | # Tabs Studio 314 | *.tss 315 | 316 | # Telerik's JustMock configuration file 317 | *.jmconfig 318 | 319 | # BizTalk build output 320 | *.btp.cs 321 | *.btm.cs 322 | *.odx.cs 323 | *.xsd.cs 324 | 325 | # OpenCover UI analysis results 326 | OpenCover/ 327 | 328 | # Azure Stream Analytics local run output 329 | ASALocalRun/ 330 | 331 | # MSBuild Binary and Structured Log 332 | *.binlog 333 | 334 | # NVidia Nsight GPU debugger configuration file 335 | *.nvuser 336 | 337 | # MFractors (Xamarin productivity tool) working folder 338 | .mfractor/ 339 | 340 | # Local History for Visual Studio 341 | .localhistory/ 342 | 343 | # BeatPulse healthcheck temp database 344 | healthchecksdb 345 | 346 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 347 | MigrationBackup/ 348 | 349 | # Ionide (cross platform F# VS Code tools) working folder 350 | .ionide/ 351 | --------------------------------------------------------------------------------