static void Main() { //Setting the AppDomainSetup. It is very important to set the ApplicationBase to a folder //other than the one in which the sandboxer resides. AppDomainSetup adSetup = new AppDomainSetup(); adSetup.ApplicationBase = Path.GetFullPath(pathToUntrusted); //Setting the permissions for the AppDomain. We give the permission to execute and to //read/discover the location where the untrusted code is loaded. PermissionSet permSet = new PermissionSet(PermissionState.None); permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); //We want the sandboxer assembly's strong name, so that we can add it to the full trust list. StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence <StrongName>(); //Now we have everything we need to create the AppDomain, so let's create it. AppDomain newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, fullTrustAssembly); //Use CreateInstanceFrom to load an instance of the Sandboxer class into the //new AppDomain. ObjectHandle handle = Activator.CreateInstanceFrom( newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName, typeof(Sandboxer).FullName ); //Unwrap the new domain instance into a reference in this domain and use it to execute the //untrusted code. Sandboxer newDomainInstance = (Sandboxer)handle.Unwrap(); newDomainInstance.ExecuteUntrustedCode(untrustedAssembly, untrustedClass, entryPoint, parameters); }
static void Main() { //Permissions are set to only be able to execute the assembly PermissionSet permSet = new PermissionSet(PermissionState.None); permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); // could have used Evidence instead //Setting the AppDomainSetup. It is very important to set the ApplicationBase to a folder //other than the one in which the sandboxer resides // - mitigates the risk that the pathToUntrusted cannot exploit AppDomainSetup adSetup = new AppDomainSetup(); adSetup.ApplicationBase = Path.GetFullPath(pathToUntrusted); // create the AppDomain AppDomain newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, null); //Use CreateInstanceFrom to load an instance of the Sandboxer class into the //new AppDomain. ObjectHandle handle = Activator.CreateInstanceFrom( newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName, typeof(Sandboxer).FullName ); //Unwrap the new domain instance into a reference in this domain and use it to execute the //untrusted code. Sandboxer newDomainInstance = (Sandboxer)handle.Unwrap(); newDomainInstance.ExecuteUntrustedCode(untrustedAssembly, untrustedClass, entryPoint, parameters); }
static void Main(String[] args) { if (args.Length < 2) { Console.WriteLine("Usage: sandbox <directory> <assembly> [allowed_files ...]"); return; } AppDomainSetup adSetup = new AppDomainSetup(); adSetup.ApplicationBase = Path.GetFullPath(args[0]); PermissionSet permSet = new PermissionSet(PermissionState.None); permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); permSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess)); permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, Path.GetFullPath(args[1]))); for (int i = 2; i < args.Length; ++i) { permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, args[i])); } StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence <StrongName>(); AppDomain newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, fullTrustAssembly); ObjectHandle handle = Activator.CreateInstanceFrom( newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName, typeof(Sandboxer).FullName ); Sandboxer newDomainInstance = (Sandboxer)handle.Unwrap(); Environment.Exit(newDomainInstance.ExecuteUntrustedCode(Path.GetFullPath(args[1]))); }
}//end of submit assignment //the method which we call the scheduler to run public decimal ProcessSubmission(string filePathForGrade, string fileName, int assgnId, string langUsed) { decimal result; //the grading of the assignment is done here (the scheduler adds this to queue) Sandboxer sandBoxedGrading = new Sandboxer(filePathForGrade, fileName, assgnId, langUsed); result = sandBoxedGrading.runSandboxedGrading(); return(result); }
static void Main(string[] args) { var assemblyPath = @"..\..\..\SignedClassLibrary\bin\Release\"; //Bad code 1: //var assembly = Assembly.LoadFrom(@"..\..\..\SignedClassLibrary\bin\Release\SignedClassLibrary.dll"); //var type = assembly.GetType("SignedClassLibrary.SomeClass"); //var attributes = type.GetMethod("Test").GetCustomAttributes(); //Bad code 2: //var obj = Activator.CreateInstance(type); //Bad code 3: //Console.WriteLine(typeof(SignedClassLibrary.SomeClass).FullName); var s = new Sandboxer(); s.Main(assemblyPath); Console.ReadLine(); }