I'm creating dynamic expression invocation and need to have security mechanism for code execution.
The parameter of context below is visible to the "world", so someone who can write some piece of a script.
Simple expression:
context => "a" + "b"
Parsing:
Expression<Context, int> expression = Parse(#"context => \"a\" + \"b\"");
Now, let's assume that context has some properties on which it can operate, so the expression could look like this and this is correct:
context => context.State.Value1 + "c";
Here is the problem. Someone who writes the script can also do something like:
context => string.Join(", ", context.GetType().Assembly.GetTypes().Where(...)
and access some core classes, invoke unauthorized logic etc.
Also it's worth to say that someone could do this:
context => Assembly.GetExecutingAssembly().GetTypes().Where(...)
So the question is - how to prevent this and separate context of exeucution which should handle only neccessary data and should be executed in isolation from main/calling assembly.
I'm not sure if separate AppDomain will help.
Checking input against keywords, method access - I think it's not a solution, we cannot prevent all available unathorized method access. It can be done in too many ways.
Related
I have a use case in Q# where I have qubit register qs and need to apply the CNOT gate on every qubit except the first one, using the first one as control. Using a for loop I can do it as follows:
for (i in 1..Length(qs)-1) {
CNOT(qs[0], qs[i]);
}
Now, I wanted to give it a more functional flavor and tried instead to do something like:
ApplyToEach(q => CNOT(qs[0], q), qs[1..Length(qs)-1]);
The Q# compiler does not accept an expression like this, informing me that it encountered an unexpected code fragment. That's not too informative for my taste. Some documents claim that Q# supports anonymous functions a'la C#, hence the attempt above. Can anybody point me to a correct usage of lambdas in Q# or dispel my false belief?
At the moment, Q# doesn't support lambda functions and operations (though that would be a great feature request to file at https://github.com/microsoft/qsharp-compiler/issues/new/choose). That said, you can get a lot of the functional flavor that you get from lambdas by using partial application. In your example, for instance, I could also write that for loop as:
ApplyToEach(CNOT(Head(qs), _), Rest(qs));
Here, since CNOT has type (Qubit, Qubit) => Unit is Adj + Ctl, filling in one of the two inputs as CNOT(Head(qs), _) results in an operation of type Qubit => Unit is Adj + Ctl.
Partial application is a very powerful feature, and is used all throughout the Q# standard libraries to provide a functional way to build up quantum programs. If you're interested in learning more, I recommend checking out the docs at https://learn.microsoft.com/quantum/language/expressions#callable-invocation-expressions.
Why can't I use lambda expressions while debugging in “Quick watch” window?
UPD: see also
Link
Link
No you cannot use lambda expressions in the watch / locals / immediate window. As Marc has pointed out this is incredibly complex. I wanted to dive a bit further into the topic though.
What most people don't consider with executing an anonymous function in the debugger is that it does not occur in a vaccuum. The very act of defining and running an anonymous function changes the underlying structure of the code base. Changing the code, in general, and in particular from the immediate window, is a very difficult task.
Consider the following code.
void Example() {
var v1 = 42;
var v2 = 56;
Func<int> func1 = () => v1;
System.Diagnostics.Debugger.Break();
var v3 = v1 + v2;
}
This particular code creates a single closure to capture the value v1. Closure capture is required whenever an anonymous function uses a variable declared outside it's scope. For all intents and purposes v1 no longer exists in this function. The last line actually looks more like the following
var v3 = closure1.v1 + v2;
If the function Example is run in the debugger it will stop at the Break line. Now imagine if the user typed the following into the watch window
(Func<int>)(() => v2);
In order to properly execute this the debugger (or more appropriate the EE) would need to create a closure for variable v2. This is difficult but not impossible to do.
What really makes this a tough job for the EE though is that last line. How should that line now be executed? For all intents and purposes the anonymous function deleted the v2 variable and replaced it with closure2.v2. So the last line of code really now needs to read
var v3 = closure1.v1 + closure2.v2;
Yet to actually get this effect in code requires the EE to change the last line of code which is actually an ENC action. While this specific example is possible, a good portion of the scenarios are not.
What's even worse is executing that lambda expression shouldn't be creating a new closure. It should actually be appending data to the original closure. At this point you run straight on into the limitations ENC.
My small example unfortunately only scratches the surface of the problems we run into. I keep saying I'll write a full blog post on this subject and hopefully I'll have time this weekend.
Lambda expressions, like anonymous methods, are actually very complex beasts. Even if we rule out Expression (.NET 3.5), that still leaves a lot of complexity, not least being captured variables, which fundamentally re-structure the code that uses them (what you think of as variables become fields on compiler-generated classes), with a bit of smoke and mirrors.
As such, I'm not in the least surprised that you can't use them idly - there is a lot of compiler work (and type generation behind the scenes) that supports this magic.
You can't use lambda expressions in the Immediate or Watch windows.
You can however use System.Linq.Dynamic expressions, which take the form .Where("Id = #0", 2) - it doesn't have the full range of methods available in standard Linq, and doesn't have the full power of lambda expressions, but still, it's better than nothing!
The future has come!
Support for debugging lambda expressions has been added to Visual Studio 2015 (Preview at the time of writing).
Expression Evaluator had to be rewritten, so many features are missing: remote debugging ASP.NET, declaring variables in Immediate window, inspecting dynamic variables etc. Also lambda expressions that require calls to native functions aren't currently supported.
this might help:
Extended Immediate Window for Visual Studio (use Linq, Lambda Expr in Debugging)
http://extendedimmediatewin.codeplex.com/
http://dvuyka.spaces.live.com/blog/cns!305B02907E9BE19A!381.entry
All the best,
Patrick
Lambda expressions are not supported by the debugger's expression evaluator... which is hardly surprising since at compile time they are used to create methods (or Expression Trees) rather than expressions (take a look in Reflector with the display switched to .NET 2 to see them).
Plus of course they could form a closure, another whole layer of structure.
In VS 2015 you can do so now,this is one of the new feature they added.
If you still need to use Visual Studio 2013, you can actually write a loop, or lambda expression in the immediate window using also the package manager console window. In my case, I added a list at the top of the function:
private void RemoveRoleHierarchy()
{
#if DEBUG
var departments = _unitOfWork.DepartmentRepository.GetAll().ToList();
var roleHierarchies = _unitOfWork.RoleHierarchyRepository.GetAll().ToList();
#endif
try
{
//RoleHierarchy
foreach (SchoolBo.RoleHierarchy item in _listSoRoleHierarchy.Where(r => r.BusinessKeyMatched == false))
_unitOfWork.RoleHierarchyRepository.Remove(item.Id);
_unitOfWork.Save();
}
catch (Exception e)
{
Debug.WriteLine(e.ToString());
throw;
}
}
Where my GetAll() function is:
private DbSet<T> _dbSet;
public virtual IList<T> GetAll()
{
List<T> list;
IQueryable<T> dbQuery = _dbSet;
list = dbQuery
.ToList<T>();
return list;
}
Here I kept getting the following error, so I wanted to print out all the items in the various repositories:
InnerException {"The DELETE statement conflicted with the REFERENCE constraint \"FK_dbo.Department_dbo.RoleHierarchy_OranizationalRoleId\". The conflict occurred in database \"CC_Portal_SchoolObjectModel\", table \"dbo.Department\", column 'OranizationalRoleId'.\r\nThe statement has been terminated."} System.Exception {System.Data.SqlClient.SqlException}
Then, I find out how many records are in the department repository by executing this in the immediate window:
_unitOfWork.DepartmentRepository.GetAll().ToList().Count
Which returned 243.
So, if you execute the following in the package manager console, it prints out all the items:
PM> for($i = 0; $i -lt 243; $i++) { $a = $dte.Debugger.GetExpression("departments[$i].OrgagnizationalRoleId"); Write-Host $a.Value $i }
The author for the idea can be found here
To answer your question, here's the Visual Studio Program Manager's official explanation of why you can't do this. In short, because "it's really, really hard" to implement in VS. But the feature is currently in progress (as updated on Aug 2014).
Allow the evaluation of lambda expressions while debugging
Add your vote while you're there!
Can you please guide me how can I test my lambda expressions inside Razor view engine setting a break point?
For example, I have below code:
#(Html.DropDownList("Condition4",
new SelectList(Model
.Conditions
.Where(c =>
c.TxCondition.TxConditionTypeId == Model.ConditionTypes.Single
ct => ct.TxConditionType.ConditionTypeCode == "Region")
.TxConditionType
.TxConditionTypeId),
"TxCondition.TxConditionId",
"ConditionTitle",
Model.SearchCondition.Condition4),
"All"))
On break point I tried testing the following code using "Quick Watch Windows" but the error was "Expression cannot contain lambda expressions"
Can you please guide me how to test lambda expressions in MVC Razor view ?
Thank you so much for your time and help.
Model.Conditions.Where(c => c.TxCondition.TxConditionTypeId == 1)
Debugging and Lambda is always tricky to deal with.
A user asked this question: Visual Studio debugging "quick watch" tool and lambda expressions and it was explained that anonymous functions are actually very complex and require a lot of work on the compiler's part. Therefore you can't really put them into the quick watch or similar.
I can't really solve your problem, but I'd like to suggest a slightly different approach.
In MVC views are supposed to be stupid; they should really be "doing stuff". What I mean is that they shouldn't really concern themselves with creating variables, performing logic, selecting or instantiating objects and so on. Instead the should simply take objects that are given to it and attempt to display them.
This forces you to put all of those things elsewhere in your codebase. Appropriate usage of good architecture, layering, and separation of concerns will help you organise things, including business logic. Furthermore I'd suggest that, when writing logic using Lambda and if that Lambda is a little complex, divide the components into pieces so that it's easier to debug and step through.
ICollection<object> filter1 = someCollection.Where(x => x.IsAvailable);
object myObject = filter1.SingleOrDefault(x => x.SomeString = "aValue").Distinct();
You can dissociate your lamba expression in order to inspect it (may not be the exact Razor syntax):
var conditionTypeId = Model
.ConditionTypes
.Single(ct => ct.TxConditionType.ConditionTypeCode == "Region")
.TxConditionType
.TxConditionTypeId;
var selectListContent = Model
.Conditions
.Where(c => c.TxCondition.TxConditionTypeId == conditionTypeId)
.ToList();
#(Html.DropDownList("Condition4",
new SelectList(selectListContent, "TxCondition.TxConditionId", "ConditionTitle",Model.SearchCondition.Condition4),
"All"))
Take a look at the .ToList() after the Where statement, this way you can inspect the content of the result list when debugging. Besides this will add some readability to your code (other developers will thank you, as well as your future-yourself).
Keeping conditionTypeId in a separate variable will evaluate once.
I have a custom MVC framework in which I'm overhauling the routing API. I'm trying to think of a clean way to segregate "setup" and "execution" in my framework which makes extensive use of delegates and generics. Right now I envision this from the calling side:
//setup
MyRouter.AddRoute("/foo", () => new MyHandler(), (h) => h.MyMethod);
//h.MyMethod only exists in MyHandler, not in HttpHandler
//execution
MyRouter.Execute(HttpContext);
I can make the AddRoute method signature "work" currently:
delegate T HandlerInvoker<T>();
delegate string HandlerCallMethod<T>(T handler);
...
public void AddRoute<T>(string pattern, HandlerInvoker<T> invoker, HandlerCallMethod<T> caller) where T is HttpHandler{...}
If I didn't need to store the invoker and caller and could do it all right then, this would work fine. But, I do need to store the invoker and caller to later execute.
Current things I've thought about doing:
Storing them in a List<object> and then using reflection to call them. This seems extremely complicated and probably not too good of performance
Moving AddRoute to execution. This can make it harder for people using my API, but might end up being my only "good" choice
Ask a SO question :)
Is there any good way of storing these generic types without a ton of painful reflection?
You could store an anonymous delegate that performs all the conversion for you.
It looks like the following would work (not tested in any way):
List<Action> handlers;
handlers.Add(() => caller(invoker()));
Note that this wouldn't work if you were caching invoker.
In that case you need to make preserve the value, Lazy should do the trick.
List<Action> handlers;
Lazy<T> lazy = new Lazy<T>(invoker);
handlers.Add(() => caller(lazy.Value);
That latter will only create one instance of the return value of invoker per call to the method. And since lazy is a local variable, it is automatically shoved into a class which is held onto as long as handlers holds onto a reference for you.
Note that I ignored pattern, but it seems you don't need any help there.
Disclaimer 1: Crazy pedantic language-bending drivel ahead.
Disclaimer 2: To any clients present or future - I am not billing you for this.
Alright, so this is not really necessary but I'm messing around with creating plugins for xunit.net and an interesting scenario comes up
Currently, the example of the SubSpec extension that ships with the source works something like this:
[Specification]
void calculator_addition() {
Calculator calc = null;
User user = null;
"Given a calculator and a user".Context(()=> {
calc = new Calculator();
user = new User(calculationQuota: 100);
});
"adding 1 + 1".Do(()=>result = calc.Add(1, 1));
"will equal 2".Assert(()=>calc.Result.ShouldEqual(2));
"will decrease user's quota by one".Assert(()=>user.CalculationsLeft.ShouldEqual(99));
}
That's not the beautiful, elegant C# that I know and love - I don't like declaring uninitialized variables and I prefer not to declare them at all. I would much prefer to do something like this:
[Specification]
void calculator_addition() {
var _ =
"Given a calculator and a user".Context(()=> new {
Calc = new Calculator(),
User = new User(calculationQuota: 100),
});
"adding 1 + 1".Do(()=>_.Calc.Add(1, 1));
"will equal 2".Assert(()=>_.Calc.Result.ShouldEqual(2));
"will decrease user's quota by one".Assert(()=>_.User.CalculationsLeft.ShouldEqual(99));
}
In this case, the Context() extension method would have the signature void Context(this string, Action setUpWith) would have the signature T Context<T>(this string, Func<T> setUpWith). An interesting problem arises in implementation though since the setUpWith delegate isn't actually executed at this time, it is merely stored and then executed later by the custom Specification attribute. This means that there is not really a T to return at this time. However, since the stored delegates are executed in order, I can guarantee that it will exist by the time the delegate in the Do() method is called.
So what I would be nice is to return a dynamic proxy for T, but this is not really feasible since one of the things I'd like to be able to do is use anonymous types which would make T sealed.
Now in C++ land I believe that it would be possible to allocate memory to the object and return the "object" as a reference to that bit of space which will then get filled in eventually. This is essentially what would happen if I passed T in as a ref parameter (but then I'd have to declare it defeating the point).
Still, there are corners of C# that I have not explored. Can anyone think of a way to squeeze my desired syntax out of this?
PS. I have a couple solutions with slight modifications to the syntax which I will post as answers below.
There is surely a way to design the API in a way such that you don't have to use uninitialized variables and set their values in a lambda (in fact, functional programming can live without mutation quite easily).
I'm not all that familiar with the API you're talking about, but if you modified the API to look roughly like this, then I think it should work nicely without mutation:
"Given a calculator and a user"
// Constructs and returns anonymous object that will hold the state
// ('Context' takes 'Func<T>' and returns some wrapper)
.Context(() => new { Calc = new Calculator();
User = new User(calculationQuota: 100) })
.Then(ctx => {
"adding 1 + 1".Do(() => result = ctx.Calc.Add(1, 1));
"will equal 2".Assert(() => ctx.Calc.Result.ShouldEqual(2));
"will decrease user's quota by one".Assert(() =>
ctx.User.CalculationsLeft.ShouldEqual(99));
});
By wrapping the body that should be run after the context is initialized into another lambda expression, you should be able to avoid the problem with initialization. The Then method would simply store the lambda function somewhere (and call it with the returned context once the state is initialized).
Ok, so here are my possible solutions that get me close to the syntax that I want
I change the method signature to the following:
dynamic Context(this string msg, Func<dynamic> setUpWith);
Here I would return an implementation of DynamicObject that passes through any requests for properties or methods to whatever is returned when setUpWith executes.
Pros: Pretty close to what I want
Cons: C#4.0 only. Implementing DynamicObject is a hassle. No intellisense support.
I change the method signature to the following:
Lazy<T> Context<T>(this string msg, Func<T> setUpWith);
Pros: Intellisense. Simple to implement.
Cons: Have to call .Value before accessing underlying type which is annoying.
I change the other methods signatures to the following:
void Do(this string msg, Func<dynamic> doThis);
which are invoked with
"adding 1 + 1".Do(x=>x.Calc.Add(1, 1));
"will decrease user's quota by one".Assert(x=>x.User.CalculationsLeft.ShouldEqual(99));
Where the value is stored and injected by the specification framework.
Pros: No need to track the variables outside the closure scope at all.
Cons: No intellisense. Have to change two methods instead of one so more code to refactor.