merken
commented
4 years ago Hi,
Thank you for your interest. Currently, there is no support for running a plugin in an isolated environment, I don't suppose this support is coming anytime soon to the .NET Core platform.
In terms of limiting the plugin, you can choose which Host services you wish to share with the plugin, I recommend defining these services (interfaces) inside the Contract and only exposing those required (or allowed) for the plugin to work.
You could expose an IPluginFileProvider from the Host and only allow files from a predefined folder to be accessed, you could guard it by not allowing this provider to traverse up to the root, by checking for the directory separator char https://docs.microsoft.com/en-us/dotnet/api/system.io.path.directoryseparatorchar?view=netcore-3.1
Hope this answers your question
I came across this interesting c# plugin loader, which is awesome and attract my interest to explore more.
This plugin loader is able to load DLL externally. On the other hand, it raises a security concern. Let's say the DLL is develop by external developer which may pose some security risk.
How can we control the loaded plugin such that it runs in a limited or isolated environment. E.g. the plugin has limited access to the file systems at the server?