I use
System.Linq.Dynamic.DynamicExpression.ParseLambda()
to dynamically build conditions for Where expression from user input.
Is DynamicExpression.ParseLambda known to be resistant against C# injection similar to famous SQL injection? I tried simple attack, like this one:
Where("Field1 == \"f1\" || Field2 == 222 || System.Diagnostics.Process.GetProcessById(100).Id == 100")
and got an exception as expected, but I would like to be sure ParseLambda can not do anything harmful to the server and only operations allowed are parameter's properties/fields evaluation and constant comparison operators execution.System.Linq.Dynamic.
