Running a runtime compiled C# script in a sandbox AppDomain -
my application should scriptable users in c#, user's script should run in restricted appdomain prevent scripts accidentally causing damage, can't work, , since understanding of appdomains sadly limited, can't tell why.
the solution trying based on answer https://stackoverflow.com/a/5998886/276070.
this model of situation (everything except script.cs residing in named assembly). please excuse wall of code, not condense problem further.
class program { static void main(string[] args) { // compile script codedomprovider codeprovider = codedomprovider.createprovider("csharp"); compilerparameters parameters = new compilerparameters() { generateexecutable = false, outputassembly = system.io.path.gettempfilename() + ".dll", }; parameters.referencedassemblies.add(assembly.getentryassembly().location); compilerresults results = codeprovider.compileassemblyfromfile(parameters, "script.cs"); // ... here error checks happen ....// var sandbox = sandbox.create(); var script = (iexecutable)sandbox.createinstance(results.pathtoassembly, "script"); if(script != null) script.execute(); } } public interface iexecutable { void execute(); } the sandbox class:
public class sandbox : marshalbyrefobject { const string basedirectory = "untrusted"; const string domainname = "sandbox"; public static sandbox create() { var setup = new appdomainsetup() { applicationbase = path.combine(appdomain.currentdomain.basedirectory, basedirectory), applicationname = domainname, disallowbindingredirects = true, disallowcodedownload = true, disallowpublisherpolicy = true }; var permissions = new permissionset(permissionstate.none); permissions.addpermission(new reflectionpermission(reflectionpermissionflag.restrictedmemberaccess)); permissions.addpermission(new securitypermission(securitypermissionflag.execution)); var domain = appdomain.createdomain(domainname, null, setup, permissions, typeof(sandbox).assembly.evidence.gethostevidence<strongname>()); return (sandbox)activator.createinstancefrom(domain, typeof(sandbox).assembly.manifestmodule.fullyqualifiedname, typeof(sandbox).fullname).unwrap(); } public object createinstance(string assemblypath, string typename) { new fileiopermission(fileiopermissionaccess.read | fileiopermissionaccess.pathdiscovery, assemblypath).assert(); var assembly = assembly.loadfile(assemblypath); codeaccesspermission.revertassert(); type type = assembly.gettype(typename); // ****** null here if (type == null) return null; return activator.createinstance(type); } } the loaded script:
using system; public class script : iexecutable { public void execute() { console.writeline("boo"); } } in createinstance of sandbox, null @ marked line. tried various forms of giving name, including reading type name (or fuly qualified name) results.compiledassembly using reflection. doing wrong here?
the first thing i'll check if there compilation errors (i had several headache caused issues)
the second idea resolution of assemblies. add security check event handler appdomain.currentdomain.assemblyresolve, seek on known path missing assemblies. when not found assembly 1 compiled add static reference , return it.
what this:
- create new assembly on file system compiler
- load content file.readallbytes
- load dll assembly.load in appdomain in using object
- add appdomain.currentdomain.assemblyresolve event
just in case (since use lot) created small library accomply kind of things
the code , documentation here: kendar expression builder while nuget package here: nuget sharp template
Comments
Post a Comment