[Ironpython-users] Restrict referencing of assemblies in hosted environment

[Markus Schaber]

Hi, Jeff,

> Von: Jeff Hardy [mailto:jdhardy at gmail.com]
> On Wed, Oct 17, 2012 at 3:08 AM, Markus Schaber <m.schaber at 3s-
> software.com> wrote:
> > We're using IronPython as a hosted script engine in our application.
> 
> > Now, we want to restrict the assemblies a user can reference from its
> > python script,
> >
> > Currently, we just forbid "import clr", by wrapping the import()
> > method, but this is a bit harsh, and the side-effects are a little bit
> to strong (e. G.
> > it causes "import minidom.py" to fail...)
> >
> 
> I'm pretty sure that importing of CLR classes also goes through
> __import__(). So you should be able to blacklist/whitelist whatever
> classes you want that way. This doesn't prevent loading the assemblies,
> but it does make the classes more difficult to access.
> 
> If whatever hook you're using to block `import clr` doesn't fire for
> `import System` as well, file an issue. And patch, preferably :).

It also fires for "import System".

However, this is a different granularity - our "natural" granularity in our existing framework is assemblies, and __import__() works on python modules and .net namespaces, and sometimes a namespace contains members from different assemblies.

I think I'll go with wrapping all the import methods on the clr module then.

Best regards

Markus Schaber
-- 
___________________________
We software Automation.

3S-Smart Software Solutions GmbH
Markus Schaber | Developer
Memminger Str. 151 | 87439 Kempten | Germany | Tel. +49-831-54031-0 | Fax +49-831-54031-50

Email: m.schaber at 3s-software.com | Web: http://www.3s-software.com 
CoDeSys internet forum: http://forum.3s-software.com
Download CoDeSys sample projects: http://www.3s-software.com/index.shtml?sample_projects

Managing Directors: Dipl.Inf. Dieter Hess, Dipl.Inf. Manfred Werner | Trade register: Kempten HRB 6186 | Tax ID No.: DE 167014915