remove usage of BinaryFormatter, which was made obsolete due to secur…

…ity vulnerability (#2851)
AzureAD · Sep 27, 2024 · 2b363ca · 2b363ca
1 parent 005c0ce
commit 2b363ca
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 20 deletions.
diff --git a/test/Microsoft.IdentityModel.TestUtils/SecurityKeyCustomConverter.cs b/test/Microsoft.IdentityModel.TestUtils/SecurityKeyCustomConverter.cs
@@ -23,7 +23,6 @@
 // OTHER DEALINGS IN THE SOFTWARE.
 #endregion
 
-#if NET8_0_OR_GREATER
 using System;
 using System.Text.Json;
 using System.Text.Json.Serialization;
@@ -100,4 +99,3 @@ public override void Write(
         }
     }
 }
-#endif
diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/SecurityTokenExceptionTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/SecurityTokenExceptionTests.cs
@@ -5,11 +5,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Runtime.Serialization;
-#if NET8_0_OR_GREATER
 using System.Text.Json;
-#else
-using System.Runtime.Serialization.Formatters.Binary;
-#endif
 using Microsoft.IdentityModel.TestUtils;
 using Xunit;
 
@@ -31,27 +27,13 @@ public void SecurityTokenExceptionSerializationTests(SecurityTokenExceptionTheor
 
                 var memoryStream = new MemoryStream();
 
-#if NET8_0_OR_GREATER
                 var serializerOptions = new JsonSerializerOptions();
                 serializerOptions.Converters.Add(new SecurityKeyConverterWithTypeDiscriminator());
 
                 JsonSerializer.Serialize(memoryStream, exception, theoryData.ExceptionType, serializerOptions);
                 memoryStream.Seek(0, SeekOrigin.Begin);
                 var serializedException = JsonSerializer.Deserialize(memoryStream, theoryData.ExceptionType, serializerOptions);
-#else
-                BinaryFormatter formatter = new BinaryFormatter();
-#pragma warning disable SYSLIB0011 // Type or member is obsolete
-                formatter.Serialize(memoryStream, exception);
-#pragma warning restore SYSLIB0011 // Type or member is obsolete
 
-                memoryStream.Seek(0, SeekOrigin.Begin);
-
-                formatter.Binder = new ExceptionSerializationBinder();
-#pragma warning disable SYSLIB0011 // Type or member is obsolete
-                var serializedException = formatter.Deserialize(memoryStream);
-#pragma warning restore SYSLIB0011 // Type or member is obsolete
-
-#endif
                 theoryData.ExpectedException.ProcessNoException(context);
 
                 IdentityComparer.AreEqual(exception, serializedException, context);