C# 限制对私有文本字段的反射
我正在尝试使用应用程序域构建一个沙盒,以隔离潜在错误代码的执行 除此之外,我想限制反射 我以这种方式构建沙箱:C# 限制对私有文本字段的反射,c#,.net,reflection,appdomain,reflectionpermission,C#,.net,Reflection,Appdomain,Reflectionpermission,我正在尝试使用应用程序域构建一个沙盒,以隔离潜在错误代码的执行 除此之外,我想限制反射 我以这种方式构建沙箱: AppDomainSetup sandboxSetup = new AppDomainSetup { ApplicationBase = "." }; PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(new SecurityPermiss
AppDomainSetup sandboxSetup = new AppDomainSetup
{
ApplicationBase = "."
};
PermissionSet permissions = new PermissionSet(PermissionState.None);
permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
AppDomain sandbox = AppDomain.CreateDomain("sandbox", null, sandboxSetup, permissions);
private const string PASSWORD = "secret";
private string password = "secret";
private string Password
{
get
{
return "secret";
}
}
string password = typeof(User).GetField("PASSWORD", BindingFlags.NonPublic | BindingFlags.Static).GetValue(currentUser) as string; // OK no problem take it, it's free!
感谢您的帮助。当您获得常量的
FieldInfoMdFieldInfoMdFieldInfo[DebuggerHidden]
[DebuggerStepThrough]
[TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]
public override object GetValue(object obj)
{
return this.GetValue(false);
}
[SecuritySafeCritical]
private object GetValue(bool raw)
{
object obj = MdConstant.GetValue(this.GetRuntimeModule().MetadataImport, this.m_tkField, this.FieldType.GetTypeHandleInternal(), raw);
if (obj == DBNull.Value)
throw new NotSupportedException(Environment.GetResourceString("Arg_EnumLitValueNotFound"));
else
return obj;
}
public override object GetValue(object obj)
{
StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
return this.InternalGetValue(obj, ref stackMark);
}
[SecuritySafeCritical]
[DebuggerStepThrough]
[DebuggerHidden]
internal object InternalGetValue(object obj, ref StackCrawlMark stackMark)
{
INVOCATION_FLAGS invocationFlags = this.InvocationFlags;
RuntimeType runtimeType1 = this.DeclaringType as RuntimeType;
if ((invocationFlags & INVOCATION_FLAGS.INVOCATION_FLAGS_NO_INVOKE) != INVOCATION_FLAGS.INVOCATION_FLAGS_UNKNOWN)
{
if (runtimeType1 != (RuntimeType) null && this.DeclaringType.ContainsGenericParameters)
throw new InvalidOperationException(Environment.GetResourceString("Arg_UnboundGenField"));
if (runtimeType1 == (RuntimeType) null && this.Module.Assembly.ReflectionOnly || runtimeType1 is ReflectionOnlyType)
throw new InvalidOperationException(Environment.GetResourceString("Arg_ReflectionOnlyField"));
else
throw new FieldAccessException();
}
else
{
this.CheckConsistency(obj);
if ((invocationFlags & INVOCATION_FLAGS.INVOCATION_FLAGS_NON_W8P_FX_API) != INVOCATION_FLAGS.INVOCATION_FLAGS_UNKNOWN)
{
RuntimeAssembly executingAssembly = RuntimeAssembly.GetExecutingAssembly(ref stackMark);
if ((Assembly) executingAssembly != (Assembly) null && !executingAssembly.IsSafeForReflection())
throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_APIInvalidForCurrentContext", new object[1]
{
(object) this.FullName
}));
}
RuntimeType runtimeType2 = (RuntimeType) this.FieldType;
if ((invocationFlags & INVOCATION_FLAGS.INVOCATION_FLAGS_NEED_SECURITY) != INVOCATION_FLAGS.INVOCATION_FLAGS_UNKNOWN)
RtFieldInfo.PerformVisibilityCheckOnField(this.m_fieldHandle, obj, this.m_declaringType, this.m_fieldAttributes, (uint) (this.m_invocationFlags & ~INVOCATION_FLAGS.INVOCATION_FLAGS_IS_CTOR));
return this.UnsafeGetValue(obj);
}
}
当您得到非常量值的
FieldInfoRtFieldInfoRtFieldInfo[DebuggerHidden]
[DebuggerStepThrough]
[TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]
public override object GetValue(object obj)
{
return this.GetValue(false);
}
[SecuritySafeCritical]
private object GetValue(bool raw)
{
object obj = MdConstant.GetValue(this.GetRuntimeModule().MetadataImport, this.m_tkField, this.FieldType.GetTypeHandleInternal(), raw);
if (obj == DBNull.Value)
throw new NotSupportedException(Environment.GetResourceString("Arg_EnumLitValueNotFound"));
else
return obj;
}
public override object GetValue(object obj)
{
StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
return this.InternalGetValue(obj, ref stackMark);
}
[SecuritySafeCritical]
[DebuggerStepThrough]
[DebuggerHidden]
internal object InternalGetValue(object obj, ref StackCrawlMark stackMark)
{
INVOCATION_FLAGS invocationFlags = this.InvocationFlags;
RuntimeType runtimeType1 = this.DeclaringType as RuntimeType;
if ((invocationFlags & INVOCATION_FLAGS.INVOCATION_FLAGS_NO_INVOKE) != INVOCATION_FLAGS.INVOCATION_FLAGS_UNKNOWN)
{
if (runtimeType1 != (RuntimeType) null && this.DeclaringType.ContainsGenericParameters)
throw new InvalidOperationException(Environment.GetResourceString("Arg_UnboundGenField"));
if (runtimeType1 == (RuntimeType) null && this.Module.Assembly.ReflectionOnly || runtimeType1 is ReflectionOnlyType)
throw new InvalidOperationException(Environment.GetResourceString("Arg_ReflectionOnlyField"));
else
throw new FieldAccessException();
}
else
{
this.CheckConsistency(obj);
if ((invocationFlags & INVOCATION_FLAGS.INVOCATION_FLAGS_NON_W8P_FX_API) != INVOCATION_FLAGS.INVOCATION_FLAGS_UNKNOWN)
{
RuntimeAssembly executingAssembly = RuntimeAssembly.GetExecutingAssembly(ref stackMark);
if ((Assembly) executingAssembly != (Assembly) null && !executingAssembly.IsSafeForReflection())
throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_APIInvalidForCurrentContext", new object[1]
{
(object) this.FullName
}));
}
RuntimeType runtimeType2 = (RuntimeType) this.FieldType;
if ((invocationFlags & INVOCATION_FLAGS.INVOCATION_FLAGS_NEED_SECURITY) != INVOCATION_FLAGS.INVOCATION_FLAGS_UNKNOWN)
RtFieldInfo.PerformVisibilityCheckOnField(this.m_fieldHandle, obj, this.m_declaringType, this.m_fieldAttributes, (uint) (this.m_invocationFlags & ~INVOCATION_FLAGS.INVOCATION_FLAGS_IS_CTOR));
return this.UnsafeGetValue(obj);
}
}