Nustache icon indicating copy to clipboard operation
Nustache copied to clipboard

Published 20 hours ago verified publisher icon jdiamond

Add support for assembly in partial trust mode

Open Pxtl opened this issue 8 years ago • 3 comments

Allows the assembly to be used in SQLCLR for example.

  • Add AllowPartialTrustedCallers assembly attribute
  • Skip Getter Factories that error out because of partial trust

Pxtl avatar Mar 29 '16 19:03 Pxtl

Hey there, I'd love to include this however I think there could be some optimisation to be done by caching the ValueGetters that are removed as currently every time they will be removed and reset. I don't really have the time to do this but if you'd like to amend your contribution with the change i'd be happy to merge it.

Thanks,

Romanx avatar May 19 '16 19:05 Romanx

I'll have to do some experiments with this. My goal on this front was support for SQLCLR embedding the assembly into a database - with this patch, it works, as long as you strictly avoid any of the reflection-based components. If you throw a pile of dictionaries or XML or lists at it, Nustache runs inside a MSSQL Server like a champ.

The problem is that the errors if you don't are really hairy, and there's no good way for an assembly to know if it's running in a low-trust context other than the exceptions of "you're not allowed to do that" without jumping to a new C# version.

I'll probably have to keep a similar workflow of "just try it and if you get an exception fail over into low-trust-mode" but I would keep a flag and a 2nd listing of "these are the low-trust getter factories, and some better error-messages. Maybe a global setter to switch it into low-trust mode.

The challenge is that most of the getter factories are fine, it's the actual getters they instantiate that fail in low-trust mode. That could be handled with polite error messages.

The special problem is, iirc (haven't tried it without my patch in months), PropertyDescriptorValueGetterFactory, where the factory throws a HostProtectionException just checking if it's applicable.

The other problem, of course, is that unit testing low-trust features is agony, so I haven't bothered. NUnit doesn't have any support of switching trust modes to speak of.

Pxtl avatar May 24 '16 15:05 Pxtl

Another option is to use my other library Stubble. It's a little more configuration based which may work better in a low trust environment as you could remove those that. I've never actually done any work in that area but I'd be interested in your findings.

As for this pull request, the implementation with catching the exception does seem like the only real solution but performing that once and then caching that low trust list is probably more efficient although I have no numbers to back that up.

Romanx avatar May 24 '16 17:05 Romanx