// Constructor internal ScriptAssembly(ScriptDomain domain, Assembly rawAssembly, CodeSecurityEngine securityEngine, CompilationResult compileResult = null) { this.domain = domain; this.rawAssembly = rawAssembly; this.securityEngine = securityEngine; this.compileResult = compileResult; // Create cached types foreach (Type type in rawAssembly.GetTypes()) { scriptTypes.Add(type.FullName, new ScriptType(this, type)); } }
// Methods /// <summary> /// Run security verification on this assembly using the specified security restrictions. /// </summary> /// <param name="restrictions">The restrictions used to verify the assembly</param> /// <returns>True if the assembly passes security verification or false if it fails</returns> public bool SecurityCheckAssembly(CodeSecurityRestrictions restrictions) { // Check for already checked if (securityEngine == null) { return(isSecurityValidated); } // Run code valdiation isSecurityValidated = securityEngine.SecurityCheckAssembly(restrictions); // Release security engine securityEngine = null; return(isSecurityValidated); }
/// <summary> /// Attempts to load a managed assembly from the specified raw bytes. /// Use <see cref="SecurityResult"/> to get the output from the code validation request. /// </summary> /// <param name="assemblyBytes">The raw data representing the file structure of the managed assembly, The result of <see cref="File.ReadAllBytes(string)"/> for example.</param> /// <returns>An instance of <see cref="ScriptAssembly"/> representing the loaded assembly or null if an error occurs</returns> /// <param name="securityMode">The security mode which determines whether code validation will run</param> public ScriptAssembly LoadAssembly(byte[] assemblyBytes, ScriptSecurityMode securityMode = ScriptSecurityMode.UseSettings) { // Check for disposed CheckDisposed(); // Load the assembly Assembly assembly = sandbox.Load(assemblyBytes); CodeSecurityEngine securityEngine = null; // Create the security engine if (assembly != null) { securityEngine = new CodeSecurityEngine(assemblyBytes); } // Create script assembly return(RegisterAssembly(assembly, securityMode, securityEngine, false)); }
/// <summary> /// Attempts to load the specified managed assembly into the sandbox app domain. /// Use <see cref="SecurityResult"/> to get the output from the code validation request. /// </summary> /// <param name="name">The <see cref="AssemblyName"/> representing the assembly to load</param> /// <param name="securityMode">The security mode which determines whether code validation will run</param> /// <returns>An instance of <see cref="ScriptAssembly"/> representing the loaded assembly or null if an error occurs</returns> public ScriptAssembly LoadAssembly(AssemblyName name, ScriptSecurityMode securityMode = ScriptSecurityMode.UseSettings) { // Check for disposed CheckDisposed(); // Load the assembly Assembly assembly = sandbox.Load(name); CodeSecurityEngine securityEngine = null; // Initialize security engine if (assembly != null) { securityEngine = new CodeSecurityEngine(assembly.Location); } // Create script assembly return(RegisterAssembly(assembly, securityMode, securityEngine, false)); }
/// <summary> /// Run security verification on this assembly using the specified security restrictions and output a security report /// </summary> /// <param name="restrictions">The restrictions used to verify the assembly</param> /// <param name="report">The security report generated by the assembly checker</param> /// <returns>True if the assembly passes security verification or false if it fails</returns> public bool SecurityCheckAssembly(CodeSecurityRestrictions restrictions, out CodeSecurityReport report) { // Check for already checked if (securityEngine == null) { report = securityReport; return(isSecurityValidated); } // Run code validation isSecurityValidated = securityEngine.SecurityCheckAssembly(restrictions, out report); // Release security engine and store report securityEngine = null; securityReport = report; return(isSecurityValidated); }
/// <summary> /// Compile and load the specified C# source files. /// Use <see cref="CompileResult"/> to get the output from the compile request. /// Use <see cref="SecurityResult"/> to get the output from the code validation request. /// </summary> /// <param name="cSharpFiles">An array of filepaths to C# source files</param> /// <param name="securityMode">The code validation used to verify the code</param> /// <returns>The compiled and loaded assembly or null if the compil or security verification failed</returns> public ScriptAssembly CompileAndLoadFiles(string[] cSharpFiles, ScriptSecurityMode securityMode = ScriptSecurityMode.UseSettings, IMetadataReferenceProvider[] additionalReferenceAssemblies = null) { // Make sure the compiler is initialized and the domain is valid CheckDisposed(); CheckCompiler(); lock (this) { // Compile from file compileResult = sharedCompiler.CompileFromFiles(cSharpFiles, additionalReferenceAssemblies); // Log to console LogCompilerOutputToConsole(); // Create the security engine CodeSecurityEngine securityEngine = CreateSecurityEngine(compileResult); // Security check return(RegisterAssembly(compileResult.OutputAssembly, securityMode, securityEngine, true, compileResult)); } }
/// <summary> /// Run security verification on this assembly using the specified security restrictions and output a security report /// </summary> /// <param name="restrictions">The restrictions used to verify the assembly</param> /// <param name="report">The security report generated by the assembly checker</param> /// <returns>True if the assembly passes security verification or false if it fails</returns> public bool SecurityCheckAssembly(CodeSecurityRestrictions restrictions, out CodeSecurityReport report) { // Skip checks if (isSecurityValidated == true && restrictions.RestrictionsHash == securityValidatedHash) { report = securityReport; return(true); } // Create the security engine CodeSecurityEngine securityEngine = CreateSecurityEngine(); // Check for already checked if (securityEngine == null) { report = securityReport; return(isSecurityValidated); } // Must dispose once finished using (securityEngine) { // Run code valdiation isSecurityValidated = securityEngine.SecurityCheckAssembly(restrictions, out securityReport); // Check for verified if (isSecurityValidated == true) { // Store the hash so that the same restirctions will not need to run again securityValidatedHash = restrictions.RestrictionsHash; } else { securityValidatedHash = -1; } report = securityReport; return(isSecurityValidated); } }
/// <summary> /// Attempts to load the specified managed assembly into the sandbox app domain. /// Use <see cref="SecurityResult"/> to get the output from the code validation request. /// </summary> /// <param name="fullPath">The full path the the .dll file</param> /// <param name="securityMode">The security mode which determines whether code validation will run</param> /// <returns>An instance of <see cref="ScriptAssembly"/> representing the loaded assembly or null if an error occurs</returns> public ScriptAssembly LoadAssembly(string fullPath, ScriptSecurityMode securityMode = ScriptSecurityMode.UseSettings) { // Check for disposed CheckDisposed(); // Create an assembly name object AssemblyName name = AssemblyName.GetAssemblyName(fullPath);// new AssemblyName(); //name.CodeBase = fullPath; // Load the assembly Assembly assembly = sandbox.Load(name); CodeSecurityEngine securityEngine = null; // Create the security engine if (fullPath != null) { securityEngine = new CodeSecurityEngine(fullPath); } // Create script assembly return(RegisterAssembly(assembly, securityMode, securityEngine, false)); }
private ScriptAssembly RegisterAssembly(Assembly assembly, ScriptSecurityMode securityMode, CodeSecurityEngine securityEngine, bool isRuntimeCompiled, CompilationResult compileResult = null) { // Check for error if (assembly == null) { return(null); } // Reset report securityResult = null; // Create script assembly ScriptAssembly scriptAssembly = new ScriptAssembly(this, assembly, securityEngine, compileResult); // Check for ensure security mode bool performSecurityCheck = (securityMode == ScriptSecurityMode.EnsureSecurity); // Get value from settings if (securityMode == ScriptSecurityMode.UseSettings) { performSecurityCheck = RoslynCSharp.Settings.SecurityCheckCode; } // Check for security checks if (performSecurityCheck == true) { // Perform code validation if (scriptAssembly.SecurityCheckAssembly(RoslynCSharp.Settings.SecurityRestrictions, out securityResult) == false) { // Log the error RoslynCSharp.LogError(securityResult.GetSummaryText()); RoslynCSharp.LogError(securityResult.GetAllText(true)); // Dont load the assembly return(null); } else { RoslynCSharp.Log(securityResult.GetSummaryText()); } } // Mark as runtime compiled if (isRuntimeCompiled == true) { scriptAssembly.MarkAsRuntimeCompiled(); } lock (this) { // Register with domain this.loadedAssemblies.Add(scriptAssembly); } // Return result return(scriptAssembly); }