I have used the following code in a number of applications to load .DLL assemblies that expose plugins.
However, I previously was always concerned with functionality, rather than security.
I am now planning to use this method on a web application that could be used by groups other than me, and I would like to make sure that the security of the function is up-to-snuff.
private void LoadPlugins(string pluginsDirectory)
{
List<IPluginFactory> factories = new List<IPluginFactory>();
foreach (string path in Directory.GetFiles(pluginsDirectory, "*.dll"))
{
Assembly assembly = Assembly.LoadFile(path);
foreach (Type type in assembly.GetTypes())
{
IPluginEnumerator instance = null;
if (type.GetInterface("IPluginEnumerator") != null)
instance = (IPluginEnumerator)Activator.CreateInstance(type);
if (instance != null)
{
factories.AddRange(instance.EnumerateFactories());
}
}
}
// Here, I would usually collate the plugins into List<ISpecificPlugin>, etc.
}
The first few concerns I have:
- This function reads the entire directory and doesn't care about what assemblies it loads, and instead just loads all of them. Is there a way to detect whether an assembly is a valid, functional .NET assembly before loading it with Assembly.LoadFile()?
- What kind of exception handling should be added to the function to prevent initialization of the assembly from halting my code?
- If I want to deny the assembly the right to do the following: Read/Write files, Read/Wite the registry, etc, how would I do that?
Are there any other security concerns I should be worried about?
EDIT: Keep in mind that I want anybody to be able to write a plug-in, but I still want to be secure.