1

I'm creating dynamic expression invocation and need to have security mechanism for code execution. The parameter of context below is visible to the "world", so someone who can write some piece of a script.

Simple expression:

context => "a" + "b"

Parsing:

Expression<Context, int> expression = Parse(@"context => \"a\" + \"b\"");

Now, let's assume that context has some properties on which it can operate, so the expression could look like this and this is correct:

context => context.State.Value1 + "c";

Here is the problem. Someone who writes the script can also do something like:

context => string.Join(", ", context.GetType().Assembly.GetTypes().Where(...)

and access some core classes, invoke unauthorized logic etc.

Also it's worth to say that someone could do this:

context => Assembly.GetExecutingAssembly().GetTypes().Where(...)

So the question is - how to prevent this and separate context of exeucution which should handle only neccessary data and should be executed in isolation from main/calling assembly.

I'm not sure if separate AppDomain will help. Checking input against keywords, method access - I think it's not a solution, we cannot prevent all available unathorized method access. It can be done in too many ways.

Xeo
  • 110
  • 1
  • 6
  • 1
    _"e cannot prevent all available unathorized method access.. It can be done in too many ways."_ Exactly, there's no easy way to allow the execution of arbitrary code in a secure context, so don't let them run arbitrary code! Perhaps you should think about ways you can build a simple (non C#) expression parser and only implement the operations you need. – phuzi Jan 04 '23 at 15:27
  • Since .NET Core/.NET no longer supports multiple AppDomain instances, https://learn.microsoft.com/en-us/dotnet/core/porting/net-framework-tech-unavailable#application-domains you'd better consider alternatives. – Lex Li Jan 04 '23 at 19:32

0 Answers0