How can one analyze the contents of an compiled .net.core assembly

Question

Background

We are looking to permit 3rd parties to upload compiled .NET.Core assemblies as plugins into custom AssemblyLoadContexts.

Objective

But the assembly needs the for security issues first, and if it fails, dumping the whole context.

Examples

For example:

• we may want the Plugin to only Reference Assemblies that contain APIs, and not lower assemblies that provide integration services (to the db, etc.)
• we may want to exclude the assembly if it is making calls to any type that has System.IO for example.
• Spot the use of new() so we can log what they are instantiating via an override of IServiceDepency?
• We'll learn, and the list will grow over time...

Constraints

Preferably, we'd like to do the inspecting with framework and/or freely available packages, rather than as per: Inspecting contents of compiled assemblies

Questions

• Can Roslyn be used for decompilation -- or is it only a code compiler?
• Could anyone point to a very simple example to get started?

Thank you!

Answer 1

Roslyin is a compiler technology and can't decompile compiled code.

You can look at the compiler code and learn the IL generation patterns to decompile the code or use something like ILSpy.