Skip to content
/ UserDefinedExpressions Public

Library to safely invoke (evaluate) User Defined Expressions (Formulas) using Roslyn Scripting Engine

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Drizin/UserDefinedExpressions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

src

src

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

Repository files navigation

UserDefinedExpressions

UserDefinedExpressions is a .NET library to safely invoke (evaluate) User Defined Expressions (Formulas) using Roslyn Scripting Engine

One of the most common tasks in business applications is to allow end-users to configure business rules on their own. This library allows dynamic evaluation of C# expressions (which can be written by end-users as if they were writing Excel formulas) but it's safe against malicious code.

Installation

Just install nuget package UserDefinedExpressions, add using UserDefinedExpressions and start using (see examples below).
See documentation below, or more examples in unit tests.

Documentation

Sample usage:

public class SalesOrderHeader
{
    public decimal TotalDue { get; set; }
    public decimal Freight { get; set; }
}

var isHeavyOrExpensiveFormula = UserDefinedExpression<SalesOrderHeader, bool>
    .Create("TotalDue > 1000 || Freight > 1000");

var order = new SalesOrderHeader() { TotalDue = 1200, Freight = 700 };

bool isHeavyOrExpensive = isHeavyOrExpensiveFormula.Invoke(order);

Unsafe expressions are blocked:

If you use an unsafe expression, you'll get an UnsafeExpressionException exception:

var unsafeFormula = UserDefinedExpression<SalesOrderHeader, bool>
    .Create("System.IO.File.Create(\"dummy\")");

var order = new SalesOrderHeader() { TotalDue = 1200, Freight = 700 };

try 
{
    bool isHeavyOrExpensive = unsafeFormula.Invoke(order);
}
catch(UnsafeExpressionException ex)
{
    //ex.Message: 'ForbiddenCall: Cannot use System.IO.File (location : (0,0)-(0,30)): System.IO.File.Create("dummy")'
}

Passing Complex Models as Expressions Input:

var creditInfo = new CreditInfo()
{
  HardInquiries = new List<DateTime>() 
  { 
    new DateTime(2020, 12, 12), 
    new DateTime(2019, 05, 06),
    new DateTime(2017, 03, 03)
  },
  Accounts = new List<CreditAccount>()
  {
    new CreditAccount() { TotalCredit = 10000, UsedCredit = 3000 },
    new CreditAccount() { TotalCredit = 5000, UsedCredit = 300 }
  }
};

// The input model (CreditInfo) is automatically added to white-list, 
// but other non-primitive types should be explicitly added
SafetyValidators.TypesValidator.Defaults.AddAllowedType(typeof(CreditAccount));

// Past 2 years
var recentHardInquiriesFormula = UserDefinedExpression<CreditInfo, int>
  .Create("HardInquiries.Count(h => h.Date > DateTime.Today.AddYears(-2))");

var creditUsageFormula = UserDefinedExpression<CreditInfo, decimal>
  .Create("Accounts.Sum(a => a.UsedCredit) / Accounts.Sum(a => a.TotalCredit)");


var recentHardInquiries = recentHardInquiriesFormula.Invoke(creditInfo); // 2 
var creditUsage = creditUsageFormula.Invoke(creditInfo); // 0.22

About

Library to safely invoke (evaluate) User Defined Expressions (Formulas) using Roslyn Scripting Engine

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages