What would be the best way of making Delegates used in Linq Where and OrderBy methods 'trustable'?
For instance, if my code was being passed these types Func<T,Boolean>
and Func<T>
, what would be the best option to check that these will only operate on the object passed to them, and not, for instance, do nasty things such as access the filesystem, etc?
I suppose one way would be to startup have a partially-trusted AppDomain, and the delegates run in that, but I wonder if there is any other option?
Thanks
One option would be use
Expression<Func<...>>
instead ofFunc<...>
, then you simply walk the tree (fromx => x.Foo
etc) and validate what objects and methods are used - but you would have to limit to your objects, as obviously even.Foo
could be malign. The advantage here is that to the caller it looks and feels the same as passing a delegate as a lambda.An easier way may be for them to pass you a string (name) or enum that you use for the sort / filter / etc.