3

我正在尝试将 IronPython 集成到 C# 应用程序中以进行脚本编写。我还希望脚本在一组限制它们访问文件系统/网络/敏感系统资源的安全策略下运行。

研究表明,最流行的方法是使用 CAS。这很好用,它不允许用户使用套接字、访问文件系统等。但是,当我尝试为脚本注入变量以与之交互时,每次访问某些参数时都会出现安全异常。这只发生在我在程序集中定义的变量上。如果我使用标准的 .NET 类型(如 Dictionary),它就可以正常工作。

我的代码:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Reflection;
using System.Security.Policy;
using System.Security.Permissions;
using System.Security;
using System.IO;
using Microsoft.Scripting.Hosting;
using IronPython.Hosting;
using System.Runtime.Remoting;
using System.Net;

namespace python_in_appdomain
{
    [Serializable]
    public class Whatever
    {
        public int i;
        public Whatever(int i)
        {
            this.i = i;
        }
    }

    class Program
    {
        static void Main(string[] args)
        {
            Remoting();
        }

        public static void Remoting()
        {
            AppDomainSetup setup = new AppDomainSetup();
            Assembly thisAssembly = Assembly.GetExecutingAssembly();
            setup.ApplicationBase = Path.GetDirectoryName(thisAssembly.Location);

            AssemblyName name = typeof(Program).Assembly.GetName();
            StrongName sn = new StrongName(
                new StrongNamePublicKeyBlob(name.GetPublicKey()),
                name.Name,
                name.Version
            );

            PermissionSet pset = new PermissionSet(PermissionState.None);
            pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
            pset.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));

            setup.PartialTrustVisibleAssemblies = new[] { sn.Name + ", PublicKey=" + sn.PublicKey.ToString() };
            AppDomain domain = AppDomain.CreateDomain("Sandbox", AppDomain.CurrentDomain.Evidence, setup, pset, sn);

            String script = @"
d.Add('hello', 1)
w.i = 5
";

            Whatever w = new Whatever(4);
            Dictionary<string, int> d = new Dictionary<string,int>();

            ScriptRuntime py = Python.CreateRuntime(domain);
            ScriptEngine engine = py.GetEngine("py");
            ScriptScope scope = engine.CreateScope();
            scope.SetVariable("w", w);
            scope.SetVariable("d", d);

            int result;
            Console.WriteLine(w.i);
            d.TryGetValue("hello", out result);
            Console.WriteLine(result);
            Console.WriteLine("-----");

            try
            {
                engine.Execute(script, scope);
            }
            catch (Exception exc)
            {
                Console.WriteLine(exc.ToString());
            }

            w = scope.GetVariable<Whatever>("w");
            d = scope.GetVariable<Dictionary<string,int>>("d");

            Console.WriteLine("-----");
            Console.WriteLine(w.i);
            d.TryGetValue("hello", out result);
            Console.WriteLine(result);

        }
    }
}

注释掉第 55 行的“wi=5”会导致程序在受限的安全设置下正常执行。在第 47 行将 PermissionState 设置为 Unrestricted 允许脚本的两行正常执行。以下是我收到的错误消息:

System.Security.SecurityException: Request failed.
   at System.Runtime.CompilerServices.RuntimeHelpers._CompileMethod(IRuntimeMethodInfo method)
   at System.Reflection.Emit.DynamicMethod.CreateDelegate(Type delegateType, Object target)
   at System.Dynamic.Utils.TypeExtensions.CreateDelegate(MethodInfo methodInfo, Type delegateType, Object target)
   at System.Linq.Expressions.Compiler.LambdaCompiler.CreateDelegate()
   at System.Linq.Expressions.Compiler.LambdaCompiler.Compile(LambdaExpression lambda, DebugInfoGenerator debugInfoGenerator)
   at System.Linq.Expressions.Expression`1.Compile()
   at System.Runtime.CompilerServices.CallSiteBinder.BindCore[T](CallSite`1 site, Object[] args)
   at System.Dynamic.UpdateDelegates.UpdateAndExecute2[T0,T1,TRet](CallSite site, T0 arg0, T1 arg1)
   at Microsoft.Scripting.Interpreter.DynamicInstruction`3.Run(InterpretedFrame frame)
   at Microsoft.Scripting.Interpreter.Interpreter.Run(InterpretedFrame frame)
   at Microsoft.Scripting.Interpreter.LightLambda.Run2[T0,T1,TRet](T0 arg0, T1 arg1)
   at IronPython.Compiler.PythonScriptCode.RunWorker(CodeContext ctx)
   at IronPython.Compiler.PythonScriptCode.Run(Scope scope)
   at IronPython.Compiler.RuntimeScriptCode.InvokeTarget(Scope scope)
   at IronPython.Compiler.RuntimeScriptCode.Run(Scope scope)
   at Microsoft.Scripting.SourceUnit.Execute(Scope scope, ErrorSink errorSink)
   at Microsoft.Scripting.Hosting.ScriptSource.Execute(ScriptScope scope)
   at Microsoft.Scripting.Hosting.ScriptEngine.Execute(String expression, ScriptScope scope)
   at Microsoft.Scripting.Hosting.ScriptEngine.Execute(String expression, ScriptScope scope)
   at python_in_appdomain.Program.Remoting() in C:\Users\dave\Documents\Visual Studio 2010\Projects\IronPythonTest\IronPythonTest\Program.cs:line 7
6
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.PermissionSet
The demand was for:
<PermissionSet class="System.Security.PermissionSet"
version="1"
Unrestricted="true"/>

The granted set of the failing assembly was:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Unrestricted="true"/>
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Execution"/>
</PermissionSet>

The assembly or AppDomain that failed was:
Microsoft.Dynamic, Version=1.1.0.20, Culture=neutral, PublicKeyToken=7f709c5b713576e1
The method that caused the failure was:
Int32 Run(Microsoft.Scripting.Interpreter.InterpretedFrame)
The Zone of the assembly that failed was:
Internet
The Url of the assembly that failed was:
file:///C:/Users/dave/Documents/Visual Studio 2010/Projects/IronPythonTest/IronPythonTest/bin/Debug/Microsoft.Dynamic.DLL

Unhandled Exception: System.Security.SecurityException: Request failed.
   at System.Delegate.BindToMethodInfo(Object target, IRuntimeMethodInfo method, RuntimeType methodType, DelegateBindingFlags flags)
   at System.Delegate.CreateDelegate(Type type, MethodInfo method, Boolean throwOnBindFailure)
   at System.Dynamic.Utils.TypeExtensions.CreateDelegate(MethodInfo methodInfo, Type delegateType)
   at System.Runtime.CompilerServices.CallSite`1.MakeUpdateDelegate()
   at System.Runtime.CompilerServices.CallSite`1.GetUpdateDelegate(T& addr)
   at System.Runtime.CompilerServices.CallSite`1.GetUpdateDelegate()
   at System.Runtime.CompilerServices.CallSite`1.Create(CallSiteBinder binder)
   at System.Func`2.Invoke(T arg)
   at Microsoft.Scripting.Runtime.DynamicOperations.GetOrCreateSite[T](CallSiteBinder siteBinder, Func`2 factory)
   at Microsoft.Scripting.Runtime.DynamicOperations.GetOrCreateSite[T1,TResult](CallSiteBinder siteBinder)
   at Microsoft.Scripting.Runtime.DynamicOperations.ConvertTo[T](Object obj)
   at IronPython.Runtime.PythonContext.ScopeGetVariable[T](Scope scope, String name)
   at Microsoft.Scripting.Hosting.ScriptScope.GetVariable[T](String name)
   at Microsoft.Scripting.Hosting.ScriptScope.GetVariable[T](String name)
   at python_in_appdomain.Program.Remoting() in C:\Users\dave\Documents\Visual Studio 2010\Projects\IronPythonTest\IronPythonTest\Program.cs:line 8
3
   at python_in_appdomain.Program.Main(String[] args) in C:\Users\dave\Documents\Visual Studio 2010\Projects\IronPythonTest\IronPythonTest\Program.
cs:line 31

这个错误令人震惊地直截了当。它说它期望完全不受限制地访问这种操作。有没有办法解决?为什么字典有效但我的变量无效?有没有办法让 IronPython 像字典一样对待我的变量?我错过了一些非常明显的东西吗?

非常感谢您的帮助。

2012 年 12 月 21 日更新

我一直在胡闹,想出了一个可行的解决方案。像这样(使用相同的权限对象)创建 AppDomain 可以让一切正常工作。

AppDomainSetup setup = new AppDomainSetup();
            setup.ApplicationBase = System.Environment.CurrentDirectory;
AppDomain domain = AppDomain.CreateDomain("IPyEngine", new Evidence(), setup, pset);

我不能说我完全理解为什么,尽管我可以看到我没有提供我的程序集的证据,也没有将任何程序集添加到信任列表中。在我确定我没有做任何非常愚蠢的事情之前,我不想将其标记为答案。

4

1 回答 1

0

这很可疑:

The Zone of the assembly that failed was:
Internet
The Url of the assembly that failed was:
file:///C:/Users/dave/Documents/Visual Studio 2010/Projects/IronPythonTest/IronPythonTest/bin/Debug/Microsoft.Dynamic.DLL

我想知道该文件是否具有区域标识符。您可以检查文件属性,并在必要时取消阻止它吗?

于 2012-12-21T16:48:44.270 回答