Skip to content

Instantly share code, notes, and snippets.

View GrabYourPitchforks's full-sized avatar
😵
On other projects, not checking GitHub notifications - ping via Teams if urgent.

Levi Broderick GrabYourPitchforks

😵
On other projects, not checking GitHub notifications - ping via Teams if urgent.
257 followers · 0 following
View GitHub Profile
@GrabYourPitchforks
GrabYourPitchforks / mcp-sample-threat-model.md
Last active April 16, 2025 16:56
Sample threat model for MCP weather API tutorial

Sample threat model for MCP weather API tutorial

Introduction

This is a sample showing how to threat model a library API. This model applies the "Introduction to Trust" principles to the C# helper functions located at https://modelcontextprotocol.io/quickstart/server as of Apr. 10, 2025 (Internet Archive link).

This sample discusses:

  • applying the "Introduction to Trust" guidance to take a structured approach to reasoning about assumptions, inputs, and data flows;
  • assessing these in the context of cross-party contract fulfillment;
  • applying reasonable beliefs to simplify our threat analysis;
@GrabYourPitchforks
GrabYourPitchforks / spoiler-listsort.cs
Last active December 20, 2024 00:39
Spoiler - sorting a list of ints in linear time
using System;
// It's a bit naive in that it performs more copies than necessary, but it's clearly linear time.
// The extra copies and other overhead can be optimized away if needed.
// [Yes, it's a naive implementation of radix sort. :)]
static void Sort(Span<uint> span)
{
Span<uint> scratch = new uint[span.Length];
@GrabYourPitchforks
GrabYourPitchforks / utf8_charcount.cs
Created June 25, 2024 20:38
UTF8 char count testing
using System;
using System.Buffers;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Runtime.Intrinsics;
using System.Runtime.Intrinsics.X86;
using System.Text;
using System.Text.Unicode;
using BenchmarkDotNet.Attributes;
@GrabYourPitchforks
GrabYourPitchforks / ref-asm.cs
Last active May 27, 2022 22:58
Type name parsing
public sealed class PublicKeyToken : IEquatable<PublicKeyToken>
{
public PublicKeyToken(byte[] publicKeyTokenBytes);
public PublicKeyToken(ReadOnlySpan<byte> publicKeyTokenBytes);
public PublicKeyToken(string publicKeyTokenHexString);
public PublicKeyToken(ReadOnlySpan<char> publicKeyTokenHexString);
public ReadOnlySpan<byte> RawBytes { get; }
public string TokenString { get; }
public byte[] GetPublicKeyTokenBytes();
@GrabYourPitchforks
GrabYourPitchforks / oob_rune.md
Created May 18, 2021 22:31
OOBing Rune

Problem summary

While working on the System.Text.Encodings.Web refactoring I noticed that we have several duplicates of the System.Text.Rune type (or its backing logic) throughout our projects.

The official implementation exposed by System.Runtime:

A copy used by the Utf8String OOB:

@GrabYourPitchforks
GrabYourPitchforks / fnptrs_reflection.md
Last active January 29, 2021 22:17
Draft function pointers in reflection spec

Draft function pointers in reflection spec

Passing function pointers as parameters to MethodInfo.Invoke

The reflection stack should treat function pointer arguments as standard pointer arguments for the purposes of method invocation. This means that boxed IntPtr arguments should be accepted as parameters to these methods in MethodInfo.Invoke scenarios. For methods which return function pointers, they should be returned as boxed IntPtrs.

The reflection stack, for convenience, should also consider allowing developers to pass System.Reflection.Pointer instances as input arguments to these methods.

Inspecting function pointer types

@GrabYourPitchforks
GrabYourPitchforks / csharp_singlecopy_struct.md
Last active March 31, 2021 17:46
C# single-copy struct proposal

Problem statement and core scenario

We want to introduce the idea of a value type where the underlying data is only ever "live" in at most one place. The canonical example is the internal ValueStringBuilder struct type, which performs internal ArrayPool management.

ValueStringBuilder builder = new ValueStringBuilder(); // VSB is a struct type
builder.Append("foo");
builder.Append(obj);
HelperMethod(ref builder); // builder passed by ref to helper methods
return builder.ToString(); // ToString releases underlying rented arrays back to pool
@GrabYourPitchforks
GrabYourPitchforks / fieldoffset.cs
Created November 28, 2020 23:22
FieldOffset as unsafe
using System;
using System.Runtime.InteropServices;
namespace FieldOffsetSample
{
class Program
{
static void Main(string[] args)
{
MyStruct myStruct = default;
@GrabYourPitchforks
GrabYourPitchforks / improving_dev_experience.md
Last active October 28, 2020 17:31
Improving the developer experience with regard to default string globalization

Improving the developer experience with regard to default string globalization

Note: This is a companion document to dotnet/docs#21249, which discusses the behaviors as they currently exist. It's assumed the reader is generally familiar with that document.

Summary

Since .NET 5 standardized on using ICU instead of NLS for globalization across all supported platforms (see breaking change notice), we've received a few reports of string and globalization APIs not behaving as expected.

These reports generally fall into one of two buckets:

@GrabYourPitchforks
GrabYourPitchforks / print_skeleton.cs
Created October 21, 2020 01:13
Print a class skeleton from an implementation
using System;
using System.Collections.Generic;
using System.Reflection;
using System.Text;
using System.Linq;
using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace ConsoleAppDumpCryptoApis
{