问题
I'm looking for a .NET library that does a specific task.
Say my app has been sent a program (in some script language) and I want my app to run that script. That script could come from an openly hostile individual, but I want to run it anyway. (Like JavaScript in a browser.)
var sc = new SecureScript("SomeFileFromAnUnknownPossiblyHostileSource.xyz");
/* Set some event handlers. */
sc.Run();
During the Run call, the script could construct it's own data, mess around with simple data types, do whatever it wants as long the effects are contained within it's own world.
If the script attempts to OpenFile("C:/WINDOWS/SOMETHING.EXE"), that will fail, because I haven't registered an OpenFile function. The only way the script could interact with the outside world is by using a function I've especially registered for use by the script. By doing that, I'm taking responsibility that the script can't do anything bad with it. Sure, I could neglect to validate the parameters, but that's not the interpreter's job.
If a script allocated too much memory, or take too many CPU cycles, the interpreter class would invoke my event handler once a threshold has been passed and give me the power to stop the script dead.
I'm more interested in the interpreter being secure rather than fast. Javascript JIT compilers are all very nice, but I hear of browsers being updated due to a vulnerability a bit too often for my liking.
So, there's my plea. Maybe this already exists or I need to build it myself. I'd prefer a .NET/Mono library but I am open to other platforms.
Many thanks.
回答1:
In other words, you need to sandbox the execution of your script.
There is a native .NET mechanism which allows you to do that: AppDomain permissions.
Have a look at How to: Run Partially Trusted Code in a Sandbox
However, that will not be enough if you want to implement machine resource-specific restrictions (memory and CPU). An arguably simple way to run your code in a restricted AppDomain AND to limit machine resources consumption would be to use the Managed AddIn framework, and particularly its AddInProccess class (see Managing Add-Ins: Advanced Versioning and Reliable Hosting, Machine Resource Exhaustions section).
来源:https://stackoverflow.com/questions/5095988/looking-for-a-locked-down-script-interpreter