Securing a plugin system:
Is there any alternatives to app domains in dotnet 9 for preventing access to the file system when implementing a plugin system using AssemblyLoadContext?
11 Replies
Unknown User•2w ago
Message Not Public
Sign In & Join Server To View
The issue is I’m trying to use dependency injection to provide access to configuration and input details to the plugins
If I was to do a grpc style plugin system how would I register the plugins ?
personally i might recommend wasm, but it's in very early stages at the moment, especially for .net
a wasm component (or module) would be sandboxed
from there, you can use simple function imports and exports
and for even more complicated data transfer (wasm will only allow you to pass basic integers), you can allocate some shared memory, i believe, that both sides can read?
i'm not sure on that one, but check out
Extism if you wanna go that route. it's a library for wasm plugin creation
wasm gives you the extra advantage of being able to write the plugins in any language that can compile to wasm (which is basically every language)That would be interesting but can it use interfaces from C sharp? The idea is to have a cli tool that people can add custom plugins to, to suit their purposes
you would provide a compatibility layer, of course
your own plugin sdk
That looks really interesting actually
So instead of passing interfaces I’d need to write a compatibility layer that lets the plugin request data from the host application?
it's possible to write a compatibility layer for this direction, yes
if you would like the plugin to send data to the host, it might be more complicated, if not impossible
you cannot forward exports
from one project to another
Is it possible to get the list of functions a wasm plugin has ?
via c#?
i'm not sure
but you can also simply throw if an export doesn't exist :p
that's an exceptional case i wouldn't handle
extism might just have a way to query exports
but yeah this part of it isn't so nice to work with, it's not super easy to provide users with an actual ready to go solution
unless you wanna go with project templates or source generation
Unknown User•2w ago
Message Not Public
Sign In & Join Server To View
Using:
<PackageReference Include="DotNetIsolator" Version="0.1.0-preview.10032" />
Here's a MVE for WASM sandboxing in dotnet. Maybe this is useful to you. Steve Sanders has a video on his YT channel on the package.
https://github.com/SleepWellPupper/ConsoleApp1/blob/4d638be8f6f895532718b82bcb04647ea468d5d0/ConsoleApp1/Program.cs#L233-L304