Avoiding user code calling to Reflection in C#
https://stackoverflow.com/questions/11156274
-
16-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm implementing an automatic "evaluator" for a course I'm currently teaching. The overall idea is that every student delivers a DLL with some algorithms implemented. My evaluator loads all these DLLs using Reflection, finds the student implementations and evaluates them in a tournament. All these algorithms are black-box optimizers, which implement the following interface
public interface IContinuousMetaheuristic
{
// ... Some unimportant properties
Vector Evaluate(Function function, int maxEvaluations, ...);
}
The class definition for Function (at least the relevant part) is:
public class Function:
{
private Vector xopt; // The optimum point
private double fopt; // The optimum value
public double Evaluate(Vector x);
}
As you can see, I need to pass a Function instance to these metaheuristics. These functions are implemented by myself. Most of them are in some sense random, that is, I choose a random optimum point in the function constructor. That is why you can see an xopt field in the class. The problem is, I don't want my students to be able to access the xopt or fopt fields by Reflection or any other technique, since that would be cheating, or at least, find out if they do it so I can punish them accordingly ;).
So, the general question is: Is there any way to disallow the use of Reflection in a piece of code I have dynamically loaded, or in any other sense disallow this code from accessing private fields (cheating).
Thanks in advance.
Solution
Do they give you the source code? Write a separate tool that finds "using System.Reflection" and "System.Reflection." in the source. If they come up with a clever trick to avoid that, maybe they deserve the extra points they get by cheating. :)
Also, what about this in the code they use:
private double FakeOptimumPointWithAConvincingName{ get { return 12.07; } }
Then change that to this when you run your evaluator:
private double FakeOptimumPointWithAConvincingName{ get { throw new SomeoneCheatedException(); } }
There's a lot of other clever things to do along that line; point is you can use trickiness instead of technology to thwart them. And if they come up with better tricks, kudos. :)
OTHER TIPS
The short answer is that as long as the caller has full trust, until .Net 4.0 (see this for how to create sandboxed applications up to .Net. 3.5), you cannot avoid reflection discovery of private or internal methods.
For .Net 4, have you read Security Considerations for Reflection for .Net 4.0 on the MSDN?
If you load the optimum values from a configfile the moment you need them it will be hard to reflect them before that time
