SecureCSharpEval 25.2.28.2

.NET 6.0 This package targets .NET 6.0. The package is compatible with this framework or higher. 
dotnet add package SecureCSharpEval --version 25.2.28.2
                    


                    

                
NuGet\Install-Package SecureCSharpEval -Version 25.2.28.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="SecureCSharpEval" Version="25.2.28.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="SecureCSharpEval" Version="25.2.28.2" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="SecureCSharpEval" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add SecureCSharpEval --version 25.2.28.2
                    


                    

                
#r "nuget: SecureCSharpEval, 25.2.28.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#addin nuget:?package=SecureCSharpEval&version=25.2.28.2
                    


                            Install SecureCSharpEval as a Cake Addin
                        

                    

                
#tool nuget:?package=SecureCSharpEval&version=25.2.28.2
                    


                            Install SecureCSharpEval as a Cake Tool

SecureCSharpEval

SecureCSharpEval is a secure and sandboxed C# script execution library that allows users to evaluate C# code dynamically while ensuring safety and preventing malicious activities.

Illustration

Features

  • Execute C# scripts dynamically with controlled parameters.
  • Prevents unsafe operations such as file access, process execution, and system manipulation.
  • Configurable execution timeout and memory limits.
  • Optimized for .NET – Fully compatible with .NET 6/7/8/9.
  • Optional shell execution support (DISABLED by default for security).

Installation

You can install this library via NuGet Package Manager:

Install-Package SecureCSharpEval

Usage

  • Using Conditional Statements, Loops and the new method
class Program
{
    private static string checkPrime = @"
    static bool IsPrime(int n)
    {
        if (n < 2) return false;
        for (int i = 2; i * i <= n; i++)
        {
            if (n % i == 0) return false;
        }
        return true;
    };
    return IsPrime(number);
    ";
    static async Task Main(string[] args)
    {
        var n = 4;
        var evaluator = new ScriptEvaluator();

        Console.WriteLine("Before: {0}",n);

        var parameters = new Dictionary<string, object>
        {
            { "number", n },
        };
        
        var result = await evaluator.EvaluateAsync(checkPrime, parameters);

        if (result.HasError)
        {
            Console.WriteLine($"Error: {result.ErrorMessage}");
        }
        else
        {
            Console.WriteLine($"Is Prime: {result.Result}");
            Console.WriteLine($"Execution Time: {result.ExecutionTimeMs}ms");
        }

        Console.ReadKey();
    }
}

Configuring Security Options

ScriptEvaluator(new SecurityConfiguration()
{
    TimeoutMs = 3000,  // Increase timeout to 3 seconds
    BlockedKeywords  = new HashSet<string>{}, // optional
    BlockedNamespaces =  new HashSet<string>{}; // optional
}

Security Configuration Default

- AllowedNamespaces: [
    System,
    System.Collections.Generic,
    System.Linq,
    System.Text,
    System.Threading.Tasks ]
- BlockedNamespaces: [
    System.IO,
    System.Net,
    System.Reflection,
    System.Diagnostics,
    System.Runtime,
    Microsoft.Win32]
- BlockedKeywords: [
    unsafe,
    fixed,
    stackalloc,
    Process,
    File,
    Directory,
    Registry,
    Socket,
    WebClient,
    HttpClient]
- TimeoutMs: 5000ms (5 seconds)

- Execution time limit

Execution time limit

- Prevent remote command execution

Prevent remote command execution

- Prevent remote command execution

Prevent access to a file or folder

Security Considerations

  • By default, execution is sandboxed and restricted from running system commands.
  • Avoid allowing user-provided scripts without proper review.

Contact

For any questions, feel free to contact me or create an issue in the repository.

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
25.2.28.2 91 2/27/2025
25.2.28 91 2/27/2025
25.2.27 86 2/26/2025
25.2.26 96 2/26/2025