Prevent unexpected access to other types using reflection for security #27

davideicardi · 2015-01-17T23:15:40Z

We should disable code that use reflection in a malicious way. For example if I reference type X inside the interpreter I should not be allowed to write an expression like:

typeof(X).Assembly

Because potentially in this way you can access and invoke any type defined in that assembly.
The same can be for instances:

xInstance.GetType().Assembly

Think about other similar security problems...

The text was updated successfully, but these errors were encountered:

davideicardi · 2015-01-18T14:20:29Z

Prevent unexpected access to types using reflection for security (#27) . From now expressions that call reflection throw a ReflectionNotAllowedException.
Added Interpreter.EnableReflection method to enable reflection features inside expression.

…amicexpresso#27)

davideicardi added the bug label Jan 17, 2015

davideicardi added this to the 1.3 milestone Jan 17, 2015

davideicardi added a commit that referenced this issue Jan 18, 2015

Prevent unexpected access to types using reflection for security (#27)

3b54dd4

davideicardi closed this as completed Jan 18, 2015

samuelcadieux pushed a commit to samuelcadieux/DynamicExpresso that referenced this issue May 4, 2015

Prevent unexpected access to types using reflection for security (dyn…

2359813

…amicexpresso#27)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prevent unexpected access to other types using reflection for security #27

Prevent unexpected access to other types using reflection for security #27

davideicardi commented Jan 17, 2015

davideicardi commented Jan 18, 2015

Prevent unexpected access to other types using reflection for security #27

Prevent unexpected access to other types using reflection for security #27

Comments

davideicardi commented Jan 17, 2015

davideicardi commented Jan 18, 2015