Isolator with References Scanning

Introduction

I recently posted about my projects Isolator and ReferencesScanner, which allow us, respectively, to run .NET code in isolation and to list all of an assembly's references. Now, I'm going to present a change to Isolator that allows checking for a plugin's references with white and black lists. Any references on the white list will be allowed, and any on the black list will be denied.

Using Isolator with References Scanning

There is a new class, ScannedIsolationHost, which features four new properties:

public HashSet<Type> SafeTypes { get; }
public HashSet<Assembly> SafeAssemblies { get; }
public HashSet<Type> UnsafeTypes { get; }
public HashSet<Assembly> UnsafeAssemblies { get; }

So, we have new properties:

  • SafeTypes: list of Type references that are safe to use
  • SafeAssemblies: list of Assembly references that are safe to use
  • UnsafeTypes: list of Type references that are unsafe to use
  • UnsafeAssemblies: list of Assembly references that are unsafe to use

ScannedIsolationHost must be instantiated with an existing IIsolationHost, and, possibly, with some of these collection properties filled.

In a nutshell:

  1. If either the SafeTypes or SafeAssemblies are specified, then every referenced method's type/assembly must be declared there
  2. No referenced method's type/assembly can be present in the UnsafeTypes/UnsafeAssemblies collections, if any is specified

The Isolator has been updated, both GitHub and NuGet, so you can use this already.

Conclusion

As always, happy to hear your thoughts on this, and I hope you find this useful!

Location: Coimbra, Portugal

Comments

Post a Comment

Popular posts from this blog

C# Magical Syntax

Introduction This post is an update to an old one on my  old blog  and it was inspired by my latest posts on C# versus Java . You may not have realized that some of the patterns that you’ve been using for ages in your C# programs are based on conventions, rather than on a specific API. What I mean by this is, some constructs in C# are based on some magical methods with well-defined names which are not defined in any base class or interface, but yet just work. Let’s see what they are. Enumerating Collections You are probably used to iterating through collections using the foreach statement. If you are, you may know that foreach actually wraps a call to a method called GetEnumerator , like the one that is defined by the IEnumerable and IEnumerable<T> interfaces. Thus, you might think, the magic occurs because the collection implements one or the two, but you would be wrong: it turns out that in order to iterate through a class using foreach all it takes is that the c...
Read more

OpenTelemetry with ASP.NET Core

Image
Introduction I wrote a post not too long ago about the building blocks of telemetry , or distributed tracing , with ASP.NET Core. Now I'm going to talk about how we can see it working using an open source bundle, otel-lgtm . Mind you, this may not be 100% suitable for production, but for development purposes, it should be fine, all concepts apply, of course. I won't cover everything about OpenTelemetry here, but should hopefully give you some insights as to what's there and how you can make good use of it. First, lets see what some of the concepts are. If you're interested in learning more about metrics, I suggest having a look at my post on this topic . OpenTelemetry OpenTelemetry  (OTel) provides a single, open-source standard, and a set of technologies to capture and export metrics, traces, and logs from your cloud-native applications and infrastructure. OTel is both a standard and a reference implementation that builds on other standards, such as W3C Distributed Tr...
Read more

ASP.NET Core Middleware

Image
Introduction This post is another of those "back to basics", still, there was one thing or two that I feel were not properly discussed elsewhere, hence this post. The ASP.NET Core Pipeline and Middleware You may know that ASP.NET Core defines a pipeline. This is where the incoming requests are processed and the response submitted. Each component in the pipeline - a middleware - can do things with the message (the request), such as check if it is authenticated and have rights to access the requested resource, turn the request into an MVC-style controller and action invocation, log it, and what not. You can read more about it here . The ASP.NET Core pipeline, from Microsoft The order by which the middleware is added to the pipeline matters. For example, the authorisation middleware must come after the authentication one, static files must come before routing, and exception handling must come before everything. The middleware order, from Microsoft A middleware is just a piece of...
Read more