Roslyn c# scripting sandbox

Question

Is there a way to sandbox execution of a script such that it a) Can't do anything "dangerous" and b) it can access any files it wants to so long as the file is within the same directory as the script file itself. Kind-of as-if it were to treat all file-paths as relative.

I guess I'm asking about Roslyn's scripting security measures and their level of customization.

Answer 1

This is possible, but as SLaks says, it is a hard problem. You should probably read In .NET 4.0, how do I 'sandbox' an in-memory assembly and execute a method?. You would need the following steps

• Use a CSharpCodeProvider or VBCodeProvider to compile the source to an assembly on the harddrive.
• Create a new AppDomain granting it only those permissions you would like it to have.
• Use MarshalByRefObject's to communicate back and forth between your original AppDomain and the child AppDomain you've just created. See this and this.