RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5367 below:

CA5367: Do not serialize types with pointer fields (code analysis) - .NET

Property Value Rule ID CA5367 Title Do not serialize types with pointer fields Category Security Fix is breaking or non-breaking Non-breaking Enabled by default in .NET 9 No Cause

Pointers are not type safe, which means you cannot guarantee the correctness of the memory they point at. So, serializing types with pointer fields is a security risk, as it may allow an attacker to control the pointer.

Rule description

This rule checks whether thereâs a serializable class with a pointer field or property. Members that canât be serialized can be a pointer, such as static members or fields marked with System.NonSerializedAttribute.

How to fix violations

Don't use pointer types for members in a serializable class or don't serialize the members that are pointers.

When to suppress warnings

Don't take the risk to use pointers in serializable types.

Pseudo-code examples Violation

using System;

[Serializable()]
unsafe class TestClassA
{
    private int* pointer;
}

Solution 1

using System;

[Serializable()]
unsafe class TestClassA
{
    private int i;
}

Solution 2

using System;

[Serializable()]
unsafe class TestClassA
{
    private static int* pointer;
}

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4