Safe Scripting with Sandboxing

WinWrap® Basic is an embedded macro language component available for .NET and COM 32/64 bit Windows applications. The WinWrap® Basic Component is an alternative to Visual Basic for Applications (VBA), ActiveX (e.g. VBScript, JScript, PerlScript, Rexx-based WSH engines and others), and VSTA for this purpose. The WinWrap® Basic Component is compatible with VBA, Sax Basic, VB.NET and Visual Basic 6.0 style scripts.

Restrict Script Access to the Safe Subset of the .NET Framework

Safe end-user scripting
Block unsafe script instructions by setting Sandboxed property
Allow script access to safe .NET functionality
Permit language extensions marked as Scriptable
Protect server applications from unsafe scripts

Safe Scriptable Architecture

Safe scripting in a .NET application provides powerful .NET script access without compromising functionality. Windows desktop and server applications can be safely scripted by end-users.

Run WinWrap® Basic Scripts with Sandboxing

Constrain script access to safe .NET functionality when basicNoUIObj.Sandboxed is set to true.

basicNoUIObj.Sandboxed = true;

Allow end-user's to safely script server applications.
Simplify scripts to a restricted subset of the .NET framework.
Use BasicIdeCtl.Sandboxed = True in desktop editors for server-side scripts.

Add Assemblies with Access Control

Provide script access to assemblies.

AddReference: Access all public types and members allowed by SandboxRules.
AddSafeReference: Access all public types and members.
AddScriptableReference: Access all [Scriptable] public types and members.
AddScriptableObjectModel: Access all [Scriptable] public types and members.

Only members with allowed result and parameter types are allowed (see IsTypeAllowed).

Allowed Access to .NET Types and Members

The SandboxRules property and class control script access to the .NET framework.

IsDynamicAllowed: Allow dynamic access (object.member).
IsMemberAllowed: Allow member of a type access.
IsResultAllowed: Allow result (of type) access.
IsTypeAllowed: Allow type access.

Unsafe Types, Methods, Properties and Events Cause Parse Errors

Block unsafe .NET Framework instructions by setting Sandboxed property. For example, using System.Assembly is blocked at parse-time:

The sandbox rules control exactly what part of the .NET framework is accessible.

Unsafe Dynamic Method and Property Access Cause Run-time Errors

Block unsafe run-time instructions by setting Sandboxed property. For example, using late binding to get an instance of System.Assembly is blocked at run-time:

The sandbox rules control exactly what part of the .NET framework is accessible.

Scripts use Allowed .NET Functionality

Safe .NET Framework functionality, like generic collections, string operations, and Math functions are allowed with Sandboxed = True.

'#Language "WWB.NET" Imports System Imports System.Collections.Generic Dim WithEvents anincident1 As Incident = TheIncident Private Sub anincident1_Started() Handles anincident1.Started anincident1.FilledInBy = ScriptName() Dim alist As List(Of Integer) = New List(Of Integer) Dim rand As Random = New Random() alist.Add(rand.Next(1, 100)) anincident1.Data = String.Format("Random(1, 100) => {0}", alist.Item(0).ToString) anincident1.LogMe() End Sub

Editor Applications Show Available Types and Members

When Sandboxed is True the IDE's autocompletion only shows the types and members allowed.

Conclusion: Server-Side Scripts are Protected from Unsafe use of the .NET Framework

WinWrap® Basic provides a comprehensive solution to adding scripting to your server application.

See WinWrap Examples for instructions on how to download and run "Example 4 - Sandboxing".