1

How can I allow a user to enter a string into a winforms application and then use reflection to parse that string which can be executed at runtime?

Thanks

GurdeepS
  • 65,107
  • 109
  • 251
  • 387
  • Execute what? a method in a class? a mathematical expression? more detail on what you want to execute. – Adriaan Stander Oct 03 '09 at 11:39
  • Sorry. A method in a class which takes a func as a parameter. – GurdeepS Oct 03 '09 at 11:40
  • 3
    Reflection does not parse strings. A compiler (parser) does. You might consider using `IronPython`, Dynamic LINQ, or an expression parsing library, depending on the nature of the problem. – Mehrdad Afshari Oct 03 '09 at 11:40
  • I've done this with building assembly with class from string (can't find source anymore where i found it). I/O was through hashtables. Anyway - in general this is a really bad idea. – Arnis Lapsa Oct 03 '09 at 11:53

4 Answers4

4

Security holes galore, I think, unless you do this with the utmost care! If you really want to do this however, you'll want to look into using the CodeDOM. Since C# is not (yet) a dynamic language, it does not have an eval feature, and dynamically compiling assemblies with the CodeDOM is the closest you'll get.

For an example, see my answer to this related question, which uses CSharpCodeProvider along with the CodeDOM to achieve the goal. Beware though, if you want to make your app even reasonably secure, you'll want to run the code with its own AppDomain, and possibly its own process (with some form of IPC).

Community
  • 1
  • 1
Noldorin
  • 144,213
  • 56
  • 264
  • 302
  • "Dynamic language" (like C# 4.0) usually means "dynamically typed language." It doesn't have much to do with `eval`. – Mehrdad Afshari Oct 03 '09 at 11:44
  • @Mehrdad: I have to disagree with that. 'Dynamic language' is a very different term to 'dynamically typed language'. See the wikipedia article for clarification: http://en.wikipedia.org/wiki/Dynamic_language – Noldorin Oct 03 '09 at 11:46
  • Note that 'eval' is listed as the first feature of a dynamic language. :) Anyway, I've added the wiki link in my post to clarify things. – Noldorin Oct 03 '09 at 11:47
  • Although you are generally right about possible security holes there are enough scenarios where his idea is legit. He might be coding a development tool of some sort where the users are developers, too. Also it makes sense to add scripting to an application in order for users to be able to extend its functionality. – Robert Petermeier Oct 03 '09 at 11:51
  • I agree about the broad definition of dynamic language. My comment specifically applies to C# 4.0 (which might be inferred from "not yet"), which is a dynamically typed language, but doesn't have dynamic compilation. Anyway, I just wanted to point out that `eval` and dynamic typing are orthogonal and not necessarily required for each other. – Mehrdad Afshari Oct 03 '09 at 11:54
  • @Robert: Yeah, was just trying to stress how careful he must be. :) I know this from experience in the area. – Noldorin Oct 03 '09 at 12:32
  • @Mehrdad: My "not yet" refers to C# not yet having the compiler-as-a-service feature, which is rumoured for .NET 5.0/C# 5.0. Indeed, dynamic languages (including `eval`) and dynamic typing are largely orthogonal, though the first *tends* to imply the latter. – Noldorin Oct 03 '09 at 12:33
  • Thanks for this guys. This is not a definate feature, but was something which is useful and being considered for an internal application. – GurdeepS Oct 03 '09 at 16:56
2

You can't use reflection to parse a string.

You could use the CSharpCodeProvider class to compile the string (assuming it contains C#) into a temporary assembly. From that you can create objects, locate methods on them and execute them.

Daniel Earwicker
  • 114,894
  • 38
  • 205
  • 284
0

This thread might give you some hints.

Community
  • 1
  • 1
Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
0

This might help you.

TODO list extracted from there:

  1. Transform and wrap user defined method/function body with appropriate method, class, namespace, etc. declarations using the CodeDom (so to get the ready to compile sources either into memory or physical file)

  2. Compile the resulting Dom into the assembly (I'll be using physical files)

  3. Create a separate application domain and load compiled assembly into it.

  4. Extract the generated method from the loaded assembly and invoke it against the execution context (in this case it will be a Window)

  5. Free resources, unload second application domain and perform a temporary files cleanup.

P.s. - DON'T DO IT!

Community
  • 1
  • 1
Arnis Lapsa
  • 45,880
  • 29
  • 115
  • 195