I use CSharpCodeProvider
to compile instant plugins for my app.
Right now it is possible to try to compile a file, that looks good, but generates many errors, for example a C# code glued with a binary file. There are many characters, that are treated with error CS1056: Unexpected character
.
This behaviour is expected, but a compilation process of such a "malicious" file is very time consuming.
One solution that I find reasonable would be to limit the number of errors, after which CSharpCodeProvider.CompileAssemblyFromFile
returns.
Is it possible to set such a limit?
I don't really want to inspect the file very carefully in the first place, if it's possible to avoid.
I don't know if there's a property or field of CSharpCodeProvider that can control this, but a possible solution is to change the question you're asking- if the problem is the time it takes to attempt compilation, rather than the number of errors, my solution would be to run the CSharpCodeProvider on a separate task, but kill the task if it takes too long to complete.
Then you can provide your own error message:
"Your code is too bad. It can't be compiled in less than 5 minutes." :P
As for security, you might try running things in a separate AppDomain via Application.Run? Dunno how complex your application is, but you might start a new instance of your main form with the plugin injected.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With