unoplatform
/
Uno.Wasm.Bootstrap
зеркало из https://github.com/unoplatform/Uno.Wasm.Bootstrap.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Uno.Wasm.Bootstrap/doc/features-obfuscation.md

3.0 KiB
Исходник Ответственный История

uid
UnoWasmBootstrap.Features.Obfuscation

Assemblies obfuscation

The Bootstrapper provides a way to obfuscate served assemblies in order to avoid incorrect flagging by anti-virus and firewalls.

Description

Assemblies currently a critical part of the behavior of .NET, even when using AOT. Original assemblies are still required for metadata (Reflection) and non-AOTable pieces of code (as of .NET 7, part of try/catch/finally blocks).

The Uno bootstrapper packages .NET assemblies as part of the final generated web content. Those files are fetched the application directly and the default extension used by the bootstrapper for these files are .clr as a minimal attempt to avoid blocking.

Changing the assemblies extensions

This feature allows to change the .clr extension for another extension. Add the following to your csproj file:

<PropertyGroup Condition="'$(Configuration)'=='Release'">
    <WasmShellAssembliesExtension>.custom</WasmShellAssembliesExtension>
</PropertyGroup>

[!NOTE] Changing this extension requires the adjustment of web.config or staticwebapp.config.json to provide the proper application/octet-stream mime type.

[!NOTE] As of Bootstrapper 7.0, changing the extension does not permit local Visual Studio debugging and serving. Using dotnet-serve is required.

Extension-less mode for assemblies

This feature allows to remove the extension from the assemblies URI, by removing all . from the assembly file names.

Add the following to your csproj file:

<PropertyGroup Condition="'$(Configuration)'=='Release'">
    <WasmShellAssembliesFileNameObfuscationMode>NoDots</WasmShellAssembliesFileNameObfuscationMode>
</PropertyGroup>

Note that serving extension-less files requires a special fallback in servers:

  • For IIS:

    <staticContent>
    ...
    <mimeMap fileExtension="." mimeType="application/octet-stream" />
</staticContent>

  • For ASP.NET Core, using a StaticFileOptions

    app.UseStaticFiles(new StaticFileOptions
{
    ...
    DefaultContentType = MediaTypeNames.Application.Octet,
    ServeUnknownFileTypes = true
});

Obfuscating the contents of assemblies

This feature allows to change the contents of the files using a simple XOR transformation applied to the generated site.

[!WARNING] Ensure that enabling this feature is conforming to the requirements of the deployment environment, commonly defined by an IT department.

To use this feature, add the following to your csproj file:

<PropertyGroup Condition="'$(Configuration)'=='Release'">
    <WasmShellObfuscateAssemblies>true</WasmShellObfuscateAssemblies>
</PropertyGroup>

[!WARNING] Enabling this feature has an impact on the startup time of the application, as additional process is required to de-obfuscate the downloaded assemblies.