From 6ef177b8f8c30d5bafb9995d190f4fb70697741b Mon Sep 17 00:00:00 2001 From: yallie Date: Mon, 30 Apr 2018 13:26:06 +0300 Subject: [PATCH] Added more blacklisted namespaces to the delegate validator. --- README.md | 1 + SafeDeserializationHelpers/DelegateValidator.cs | 8 ++++++++ .../Properties/AssemblyInfo.cs | 2 +- .../Zyan.SafeDeserializationHelpers.nuspec | 13 ++++++++++--- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index bb3fb33..2c7e3d3 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ This tiny library tries to fix several known BinaryFormatter vulnerabilities. When a malicious payload is detected, the library throws an `UnsafeDeserializationException` instead of deserializing the data that is able to produce bad side effects. +[![GitQ](https://gitq.com/badge.svg)](https://gitq.com/zyanfx/Zyan) [![appveyor](https://ci.appveyor.com/api/projects/status/github/zyanfx/safedeserializationhelpers?svg=true)](https://ci.appveyor.com/project/yallie/safedeserializationhelpers) [![tests](https://img.shields.io/appveyor/tests/yallie/safedeserializationhelpers.svg)](https://ci.appveyor.com/project/yallie/safedeserializationhelpers/build/tests) [![nuget](https://img.shields.io/nuget/v/Zyan.SafeDeserializationHelpers.svg)](https://nuget.org/packages/Zyan.SafeDeserializationHelpers) diff --git a/SafeDeserializationHelpers/DelegateValidator.cs b/SafeDeserializationHelpers/DelegateValidator.cs index 47854d9..6ed5ab4 100644 --- a/SafeDeserializationHelpers/DelegateValidator.cs +++ b/SafeDeserializationHelpers/DelegateValidator.cs @@ -15,6 +15,14 @@ public class DelegateValidator : IDelegateValidator { "System.IO", "System.Diagnostics", + "System.Management", + "System.Reflection", + "System.Configuration", + "System.Security", + "System.Web", + "System.ServiceModel", + "System.Activities", + "System.Workflow", }; /// diff --git a/SafeDeserializationHelpers/Properties/AssemblyInfo.cs b/SafeDeserializationHelpers/Properties/AssemblyInfo.cs index 64e0fed..51692c2 100644 --- a/SafeDeserializationHelpers/Properties/AssemblyInfo.cs +++ b/SafeDeserializationHelpers/Properties/AssemblyInfo.cs @@ -30,5 +30,5 @@ // Revision // [assembly: AssemblyVersion("0.1.0.0")] -[assembly: AssemblyFileVersion("0.1.0.0")] +[assembly: AssemblyFileVersion("0.3.0.0")] [assembly: InternalsVisibleTo("Zyan.SafeDeserializationHelpers, PublicKey=002400000480000014010000060200000024000052534131000800000100010009f12bb1d0b268900b17ce1f11cbb27ded300eb14eb2ad469aa108a2df0566c28a37681ba7bfda1c3222e8a4bee7f76c6b9dbb7bbd41eea6047c266312e905142b6e1e739ef1da481527825222396b9eb0e8f7efb14f2fd3bc7bd66207c39914897057eda9ac9c5263848b6cdcba79a8567335b2f88a813723fe9dcc01dc41d5c56886f13eae33c525f1614f314d97f4c82907e1bc848358b6f233fe9bd2318e0346b3248e5b17163948cc5a4f1c1798c153d8428896ee97affcce529c1f6aae393b81a616790dbec006ab8b6be117989f01bc0c31a813814b296491375b63505d00491fad37c20c68cc46d130ba537cfd460817e7190125711832a49d32e6b9")] diff --git a/SafeDeserializationHelpers/Zyan.SafeDeserializationHelpers.nuspec b/SafeDeserializationHelpers/Zyan.SafeDeserializationHelpers.nuspec index 62cdb1e..2add7da 100644 --- a/SafeDeserializationHelpers/Zyan.SafeDeserializationHelpers.nuspec +++ b/SafeDeserializationHelpers/Zyan.SafeDeserializationHelpers.nuspec @@ -2,7 +2,7 @@ Zyan.SafeDeserializationHelpers - 0.2 + 0.3 Zyan.SafeDeserializationHelpers yallie Alexey Yakovlev @@ -11,9 +11,16 @@ false Safe deserialization helper library to fix known BinaryFormatter vulnerabilities. Safe deserialization helper library to fix known BinaryFormatter vulnerabilities. - Updated TypeFilterLevel to match the .NET defaults. + + v0.3.0: + - Added more blacklisted namespaces to the delegate validator. + v0.2.0: + - Updated TypeFilterLevel to match the .NET defaults. + v0.1.0: + - Initial release. + en-US - security deserialization BinaryFormatter + security deserialization vulnerability BinaryFormatter