generalinformation-404439-security-suppress-new-processes-initiated-by-net-controls.md
DevExpress UI controls can initiate new processes in response to user actions. For example, DevExpress RichEdit or HyperlinkEdit controls can open a system’s default browser when a user clicks a hyperlink. Use the DevExpress.Data.Utils.ProcessStartPolicy class to apply a policy that manages processes.
To apply a policy, call one of the following methods of the DevExpress.Data.Utils.ProcessStartPolicy class at application startup:
If none of these methods are called, DevExpress UI controls allow all processes to start. All exceptions that indicate failed processes are suppressed.
The following code demonstrates how to suppress all user-invoked processes in a Windows Forms app:
static void Main() {
DevExpress.Data.Utils.ProcessStartPolicy.SuppressAll();
// ...
Application.Run(new Form1());
}
Shared Sub Main()
DevExpress.Data.Utils.ProcessStartPolicy.SuppressAll()
' ...
Application.Run(New Form1)
End Sub
The ThrowAlways and RequireConfirmation policies allow you to setup trusted documents, commands, or URLs. Processes for trusted resources bypass exceptions or confirmation dialogs.
To register a trusted resource, use the static RegisterTrustedProcess method:
DevExpress.Data.Utils.ProcessStartPolicy.RegisterTrustedProcess("https://www.devexpress.com");
DevExpress.Data.Utils.ProcessStartPolicy.RegisterTrustedProcess("https://www.devexpress.com")
Handle the following events of the ProcessStartPolicy class to perform custom actions when a DevExpress UI control starts a process:
Starting – Fires before a process starts and allows you to cancel the process.
Started – Fires after a process has started. This is a notification event.
static void Main() {
ProcessStartPolicy.Started += ProcessStartPolicy_Started;
// ...
}
private static void ProcessStartPolicy_Started(object sender, EventArgs e) {
Process process = sender as Process;
// ...
// Log.WriteMessage("process started");
}
Shared Sub Main()
AddHandler ProcessStartPolicy.Started, AddressOf ProcessStartPolicy_Started
' ...
End Sub
Private Shared Sub ProcessStartPolicy_Started(sender As Object, e As EventArgs)
Dim process As Process = CType(sender, Process)
' ...
' Log.WriteMessage("process started")
End Sub
Exceptions are not raised if a process fails to start. To throw exceptions in this instance, call the static ThrowOnErrors method at application startup.
You can also handle the Failed event to respond to associated failures. The following example demonstrates how to suppress an internal exception and display a message box:
static void Main() {
DevExpress.Data.Utils.ProcessStartPolicy.Failed += ProcessStartPolicy_Failed;
//...
}
private static void ProcessStartPolicy_Failed(object sender, DevExpress.Data.Utils.ProcessStartPolicy.ProcessStartFailedExceptionEventArgs e) {
if(e.Exception is Win32Exception) {
System.Diagnostics.ProcessStartInfo si = sender as System.Diagnostics.ProcessStartInfo;
e.Throw = false;
MessageBox.Show("File not found: " + si.FileName);
}
}
Public Class Form1
Shared Sub Main()
AddHandler DevExpress.Data.Utils.ProcessStartPolicy.Failed, AddressOf ProcessStartPolicy_Failed
Application.EnableVisualStyles()
Application.SetCompatibleTextRenderingDefault(False)
Application.Run(New Form1)
End Sub
Private Shared Sub ProcessStartPolicy_Failed(ByVal sender As Object, ByVal e As DevExpress.Data.Utils.ProcessStartPolicy.ProcessStartFailedExceptionEventArgs)
If TypeOf e.Exception Is Win32Exception Then
Dim si As System.Diagnostics.ProcessStartInfo = TryCast(sender, System.Diagnostics.ProcessStartInfo)
e.Throw = False
MessageBox.Show("File not found: " & si.FileName)
End If
End Sub
End Class