RoyalPotato
Reputation: 525
Roslyn c# scripting sandbox
Is there a way to sandbox execution of a script such that it a) Can't do anything "dangerous" and b) it can access any files it wants to so long as the file is within the same directory as the script file itself. Kind-of as-if it were to treat all file-paths as relative.
I guess I'm asking about Roslyn's scripting security measures and their level of customization.
Upvotes: 10
Views: 2458
Answers (1)
Bert Cushman
Reputation: 801
This is possible, but as SLaks says, it is a hard problem. You should probably read In .NET 4.0, how do I 'sandbox' an in-memory assembly and execute a method?. You would need the following steps
- Use a CSharpCodeProvider or VBCodeProvider to compile the source to an assembly on the harddrive.
- Create a new AppDomain granting it only those permissions you would like it to have.
- Use MarshalByRefObject's to communicate back and forth between your original AppDomain and the child AppDomain you've just created. See this and this.
Upvotes: 1
Related Questions
- Could not find a part of the path ... bin\roslyn\csc.exe
- Microsoft Roslyn vs. CodeDom
- Are Roslyn SyntaxNodes reused?
- Safely sandbox and execute user submitted JavaScript?
- Using System.Dynamic in Roslyn
- Roslyn scripting - using aliases
- Should one use a custom SecurityManager to sandbox javax.script.ScriptEngine?
- Roslyn Scripting