-
Notifications
You must be signed in to change notification settings - Fork 998
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix WindowsFormsApplicationBase.IsSingleInstance #11258
base: main
Are you sure you want to change the base?
Fix WindowsFormsApplicationBase.IsSingleInstance #11258
Conversation
…r use in TryCreatePipeServer to avoid system wide blocking. Used in conjunction with PipeOptions.CurrentUserOnly
@weltkante had this suggestion and I ran with it. I think the concerns raised by @zanchey are technically valid, but block a pragmatic fix for most use cases. It might be mitigated by us using @Olina-Zhang could your team test this? I don't have a multi-user environment I can easily utilize for testing. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #11258 +/- ##
===================================================
- Coverage 74.34305% 74.27371% -0.06935%
===================================================
Files 3012 3025 +13
Lines 625885 626888 +1003
Branches 46553 46743 +190
===================================================
+ Hits 465302 465613 +311
- Misses 157190 157923 +733
+ Partials 3393 3352 -41
Flags with carried forward coverage won't be shown. Click here to find out more. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you remove ByVal and make private function parameters start with lower case character. If touching code, it should conform to current VB Style otherwise it will conflict with other PR's trying to clean up VB Code Style.
@elachlan tested this PR using following 2 apps(one is Winforms VB app, another is Winforms C#) in .Net 9.0 SDK build on a server with multi-users. Every logged in user can launch the app, issue is fixed. Thanks! |
|
||
#Disable Warning CA5351 ' We want speed over collision resistance. | ||
Private Shared Function GetFilePathAsGuid(filePath As String) As Guid | ||
Using md5 As MD5 = MD5.Create() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is MD5
okay here? really we are just taking a path and making a guid. I don't expect it to be an issue. Because its in the startup path I believe its quite important to have a fast hashing algorithm here as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that depends on whether you are treating the input (the file path) as a secret and/or want to prevent colissions with forged inputs - md5 is fine against accidental colissions - personally I don't think there's a security issue here, and if it were, then it needs to be adressed at the permission level since the named objects are visible and accessible to non-dotnet code as well, malicious code could interact with the named objects directly instead of going through the file path hashing
I have some concerns about using the filepath of the assembly because we are calling it using This needs to be tested with self-contained single file and AOT scenarios. As far as I know for self contained single file applications I've had to use I am unsure if this is still the case. @Olina-Zhang maybe your team could test this scenario? |
Use your new updated code to test these issues again, right? Or publish app with self-contained to test? |
Hi @elachlan, tested the updated code, here is the result:
|
That last scenario with published self-contained app and two users is interesting and unexpected. We will need to investigate further. |
@Olina-Zhang can you retest the published self-contained failure scenario with the latest? The event viewer will have a bit more detail hopefully. |
I didn't see any difference with updated code, same as Yesterday's: |
My change was to pass in the |
Add currentUserSID to
GetApplicationInstanceID
for use inTryCreatePipeServer
to avoid system wide blocking. Used in conjunction withPipeOptions.CurrentUserOnly
.Fixes #3715
Fixes #11232
Fixes #11365
Microsoft Reviewers: Open in CodeFlow