As much as I love the idea behind extension methods, I can’t help but start to think about how it could be used for malicious purposes.
Take this scenario:
- You’re a disgruntled employee of Evil Inc., the makers of the well known library VeryUsefulAssemblies.NET.
- I’m a developer at Good & co., using your
Tree<T>class in an assembly called Evil.UsefulAssembly.
- Before quitting your job, you decide to add an extension method,
System.String.Format(params object args), that sends sensitive information back to you and then calls
System.String.Format(string format, params object args)so no one notices.
- I have now unwillingly compromised all of my clients and could never know it, unless I manually check my IL or use a sniffer.
But wait! There’s more:
- A fellow developer in my company, Norman I. Huntington, decides to write his own
Tree<T>and replace all of the references to your Tree<T>, but he forgets to remove the reference to your assembly.
- Now my application doesn’t even use your assembly, but is still hijacked!
Problem? I think so.