3

I have created some utility code that allows me to take text entered into our content management system and dynamically compile and invoke it with a method similar to this.

But this raises a security risk--since a content author could mistakenly (or worse--maliciously) enter code that would do things outside of what I am looking for. Any recommendations for keeping this functionality open, but be able to prevent certain types of code from being written? For example, there are obvious things to limit like writing to the file system.

My initial thought is excluding certain assemblies, but I am curious if anyone has any clever ideas on this.

Community
  • 1
  • 1
John Tabernik
  • 332
  • 3
  • 12
  • 1
    How to run partially trusted code in a sandbox: http://msdn.microsoft.com/en-us/library/bb763046.aspx – asawyer Jun 11 '13 at 18:09
  • Ideally you just wouldn't do this in the first place, if at all possible... – Servy Jun 11 '13 at 18:13
  • Depending on what you need to do, and how much time you have, it might not be that hard to write your own scripting engine, that would be limited to exactly what you enable it to do. I've done this for formulas (engineering type stuff), where the user would enter basic math functions, if statements, and access various system values to return a desired result. – Kratz Jun 11 '13 at 18:26
  • Your options are (in order of preference) **1)** Don't do it and find another way. **2)** Use partially trusted code and only allow actions that you know won't cause trouble. [Here is a similar question](http://stackoverflow.com/questions/9794596/how-to-provide-isolation) to yours and a more detailed answer I provided on the subject of partially trusted code. – Scott Chamberlain Jun 11 '13 at 18:26
  • 1
    You could also look at creating a domain specific language for your needs. http://www.codeproject.com/Articles/26975/Writing-Your-First-Domain-Specific-Language-Part-1 – asawyer Jun 11 '13 at 18:27

2 Answers2

6

Don't do this. There are endless possibilities for what a user could write and you won't be able to prevent them all. In security you should always specify what a user can do instead of what he can't do (whitelist instead of blacklist) because you will miss something if you do it otherwise.

In this specific case, allowing a user to write arbitrary code never seems like a good idea. Instead, you should choose specific operations that a user can perform and add a button/control for each one.

nmat
  • 7,430
  • 6
  • 30
  • 43
1

If you REALLY need such functionality consider creating very limited functionality. Don't allow users to enter text; give them "blocks". Start with very basic, limited set of instructions and add new ones only when asked to.

Peuczynski
  • 4,591
  • 1
  • 19
  • 33