DouglasDwyer.JitIlVerification 0.1.3

dotnet add package DouglasDwyer.JitIlVerification --version 0.1.3                
NuGet\Install-Package DouglasDwyer.JitIlVerification -Version 0.1.3                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="DouglasDwyer.JitIlVerification" Version="0.1.3" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add DouglasDwyer.JitIlVerification --version 0.1.3                
#r "nuget: DouglasDwyer.JitIlVerification, 0.1.3"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install DouglasDwyer.JitIlVerification as a Cake Addin
#addin nuget:?package=DouglasDwyer.JitIlVerification&version=0.1.3

// Install DouglasDwyer.JitIlVerification as a Cake Tool
#tool nuget:?package=DouglasDwyer.JitIlVerification&version=0.1.3                

JitIlVerification

NuGet version (DouglasDwyer.JitIlVerification)

This project implements the verification of .NET assemblies at runtime. Verified assemblies are guaranteed to have valid Common Intermediate Language (CIL) bytecode, and cannot directly cause memory unsafety or undefined behavior.

This project is a fork of the Microsoft.ILVerification library, which verifies assemblies by loading them (and all of their dependencies) from disk. The original library functions mainly as a compile-time static analysis tool. It is unsuited for verification of assemblies that a deployed application is loading, because the system libraries or other dependencies may not be known or available on disk. The main contribution of JitIlVerification is to integrate Microsoft's verification library with the C# runtime type system, so that assembly validation can occur at runtime.

Why use this

The original .NET runtime for Windows came with CIL verification. Whenever an assembly was loaded, if the assembly had partial/low trust (because it was loaded from an untrusted source, like the web) the runtime would verify the assembly to ensure that its CIL was valid. In .NET Core, however, this functionality has been removed. The .NET Core runtime will accept and load invalid or unsafe CIL. This makes it impossible to sandbox C# assemblies or load code from an untrusted source, since that code could have undefined behavior. This library re-adds runtime CIL verification.

How to use this

For detailed information, see the docs.

JitIlVerification defines a single public type - the VerifiableAssemblyLoader. This is a drop-in replacement for a System.Runtime.AssemblyLoadContext, but any assemblies loaded with the VerifiableAssemblyLoader will be checked for invalid CIL. If an invalid method from the assembly is called, an exception will immediately be thrown.

How it works

  • Whenever an assembly is loaded with VerifiableAssemblyLoader, the assembly bytecode is modified using Mono.Cecil. Guard instructions are inserted at the beginning of every CIL method.
  • The assembly is loaded normally by the .NET Core runtime.
  • When one of the guard instructions is hit for the first time, it passes the declaring method handle to the ILVerification algorithm. The algorithm loads the method bytecode using reflection and verifies it using the runtime type system.
  • If the method was verifiable, then it will run successfully. Otherwise, any attempt to call the method will throw an exception.
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on DouglasDwyer.JitIlVerification:

Package Downloads
DouglasDwyer.CasCore

Assembly-level sandboxing for .NET Core.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
0.1.3 135 10/21/2024
0.1.2 109 10/11/2024
0.1.0 102 10/8/2024