Updated TypeFilterLevel to match the .NET defaults.

Removed old pre-1.1 stuff and conditional compilation symbols from the Mono classes.

SafeDeserializationHelpers.Tests/SafeDeserializationHelpers.Tests.csproj

@@ -72,8 +72,5 @@
   <ItemGroup>
     <Service Include="{82A7F48D-3B50-4B1E-B82E-3ADA8210C358}" />
   </ItemGroup>
-  <ItemGroup>
-    <None Include="Zyan.SafeDeserializationHelpers.snk" />
-  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
 </Project>

SafeDeserializationHelpers/Channels/SafeBinaryClientFormatterSink.cs

@@ -37,14 +37,16 @@
 using System.IO;
 using System.Runtime.Remoting.Channels;
 using System.Runtime.Remoting.Messaging;
+using System.Runtime.Serialization.Formatters;
 using System.Security.Permissions;
 
 namespace Zyan.SafeDeserializationHelpers.Channels
 {
     public class SafeBinaryClientFormatterSink : IClientFormatterSink,
         IMessageSink, IClientChannelSink, IChannelSinkBase
     {
-        SafeBinaryCore _binaryCore = SafeBinaryCore.DefaultInstance;
+        private const TypeFilterLevel DefaultFilterLevel = SafeBinaryClientFormatterSinkProvider.DefaultFilterLevel;
+        SafeBinaryCore _binaryCore = new SafeBinaryCore(DefaultFilterLevel);
         IClientChannelSink _nextInChain;
 
         public SafeBinaryClientFormatterSink(IClientChannelSink nextSink)

SafeDeserializationHelpers/Channels/SafeBinaryClientFormatterSinkProvider.cs

@@ -33,31 +33,30 @@
 
 using System.Collections;
 using System.Runtime.Remoting.Channels;
+using System.Runtime.Serialization.Formatters;
 using System.Security.Permissions;
 
 namespace Zyan.SafeDeserializationHelpers.Channels
 {
     public class SafeBinaryClientFormatterSinkProvider :
         IClientFormatterSinkProvider, IClientChannelSinkProvider
     {
+        // default type filter level for BinaryServerFormatterSink is full
+        public const TypeFilterLevel DefaultFilterLevel = TypeFilterLevel.Full;
         IClientChannelSinkProvider next = null;
         SafeBinaryCore _binaryCore;
 
-#if NET_1_1
-		static string[] allowedProperties = new string [] { "includeVersions", "strictBinding", "typeFilterLevel" };
-#else
-        static string[] allowedProperties = new string[] { "includeVersions", "strictBinding" };
-#endif
+        static string[] allowedProperties = new string [] { "includeVersions", "strictBinding", "typeFilterLevel" };
 
         public SafeBinaryClientFormatterSinkProvider()
         {
-            _binaryCore = SafeBinaryCore.DefaultInstance;
+            _binaryCore = new SafeBinaryCore(DefaultFilterLevel);
         }
 
         public SafeBinaryClientFormatterSinkProvider(IDictionary properties,
             ICollection providerData)
         {
-            _binaryCore = new SafeBinaryCore(this, properties, allowedProperties);
+            _binaryCore = new SafeBinaryCore(DefaultFilterLevel, this, properties, allowedProperties);
         }
 
         public IClientChannelSinkProvider Next

SafeDeserializationHelpers/Channels/SafeBinaryCore.cs

@@ -30,8 +30,6 @@
 
 #pragma warning disable 1591 // missing XML comments
 
-#define NET_1_1
-
 using System;
 using System.Collections;
 using System.Runtime.Remoting;
@@ -49,15 +47,11 @@ internal class SafeBinaryCore
         bool _includeVersions = true;
         bool _strictBinding = false;
         IDictionary _properties;
+        TypeFilterLevel _filterLevel;
 
-#if NET_1_1
-        TypeFilterLevel _filterLevel = TypeFilterLevel.Low;
-#endif
-
-        public static SafeBinaryCore DefaultInstance = new SafeBinaryCore();
-
-        public SafeBinaryCore(object owner, IDictionary properties, string[] allowedProperties)
+        public SafeBinaryCore(TypeFilterLevel defaultFilterLevel, object owner, IDictionary properties, string[] allowedProperties)
         {
+            _filterLevel = defaultFilterLevel;
             _properties = properties;
 
             if (_properties == null)
@@ -81,7 +75,6 @@ public SafeBinaryCore(object owner, IDictionary properties, string[] allowedProp
                         _strictBinding = Convert.ToBoolean(property.Value);
                         break;
 
-#if NET_1_1
                     case "typeFilterLevel":
                         if (property.Value is TypeFilterLevel)
                             _filterLevel = (TypeFilterLevel)property.Value;
@@ -91,15 +84,15 @@ public SafeBinaryCore(object owner, IDictionary properties, string[] allowedProp
                             _filterLevel = (TypeFilterLevel)Enum.Parse(typeof(TypeFilterLevel), s);
                         }
                         break;
-#endif
                 }
             }
 
             Init();
         }
 
-        public SafeBinaryCore()
+        public SafeBinaryCore(TypeFilterLevel defaultFilterLevel)
         {
+            _filterLevel = defaultFilterLevel;
             _properties = new Hashtable();
             Init();
         }
@@ -109,18 +102,10 @@ public void Init()
             RemotingSurrogateSelector surrogateSelector = new RemotingSurrogateSelector();
             StreamingContext context = new StreamingContext(StreamingContextStates.Remoting, null);
 
-#if !TARGET_JVM
             _serializationFormatter = new BinaryFormatter(surrogateSelector, context).Safe();
             _deserializationFormatter = new BinaryFormatter(null, context).Safe();
-#else
-            _serializationFormatter = (BinaryFormatter) vmw.@internal.remoting.BinaryFormatterUtils.CreateBinaryFormatter (surrogateSelector, context, false);
-            _deserializationFormatter = (BinaryFormatter) vmw.@internal.remoting.BinaryFormatterUtils.CreateBinaryFormatter (null, context, false);
-#endif
-
-#if NET_1_1
             _serializationFormatter.FilterLevel = _filterLevel;
             _deserializationFormatter.FilterLevel = _filterLevel;
-#endif
 
             if (!_includeVersions || !_strictBinding)
             {
@@ -144,12 +129,10 @@ public IDictionary Properties
             get { return _properties; }
         }
 
-#if NET_1_1
         public TypeFilterLevel TypeFilterLevel
         {
             get { return _filterLevel; }
         }
-#endif
     }
 }
 

SafeDeserializationHelpers/Channels/SafeBinaryServerFormatterSink.cs

@@ -51,7 +51,8 @@ public enum Protocol
             Other = 1,
         }
 
-        SafeBinaryCore _binaryCore = SafeBinaryCore.DefaultInstance;
+        private const TypeFilterLevel DefaultFilterLevel = SafeBinaryServerFormatterSinkProvider.DefaultFilterLevel;
+        SafeBinaryCore _binaryCore = new SafeBinaryCore(DefaultFilterLevel);
 
         IServerChannelSink next_sink;
         Protocol protocol;
@@ -90,7 +91,6 @@ public IDictionary Properties
             }
         }
 
-#if NET_1_1
         [ComVisible(false)]
         public TypeFilterLevel TypeFilterLevel
         {
@@ -99,10 +99,9 @@ public TypeFilterLevel TypeFilterLevel
             {
                 IDictionary props = (IDictionary)((ICloneable)_binaryCore.Properties).Clone();
                 props["typeFilterLevel"] = value;
-                _binaryCore = new SafeBinaryCore(this, props, SafeBinaryServerFormatterSinkProvider.AllowedProperties);
+                _binaryCore = new SafeBinaryCore(DefaultFilterLevel, this, props, SafeBinaryServerFormatterSinkProvider.AllowedProperties);
             }
         }
-#endif
 
         [SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.Infrastructure)]
         public void AsyncProcessResponse(IServerResponseChannelSinkStack sinkStack, object state,

SafeDeserializationHelpers/Channels/SafeBinaryServerFormatterSinkProvider.cs

@@ -31,8 +31,6 @@
 
 #pragma warning disable 1591 // missing XML comments
 
-#define NET_1_1
-
 using System.Collections;
 using System.Runtime.Serialization.Formatters;
 using System.Runtime.InteropServices;
@@ -45,24 +43,22 @@ namespace Zyan.SafeDeserializationHelpers.Channels
     public class SafeBinaryServerFormatterSinkProvider :
         IServerFormatterSinkProvider, IServerChannelSinkProvider
     {
+        // default type filter level for BinaryServerFormatterSink is low
+        public const TypeFilterLevel DefaultFilterLevel = TypeFilterLevel.Low;
         IServerChannelSinkProvider next = null;
         SafeBinaryCore _binaryCore;
 
-#if NET_1_0
-		internal static string[] AllowedProperties = new string [] { "includeVersions", "strictBinding" };
-#else
         internal static string[] AllowedProperties = new string[] { "includeVersions", "strictBinding", "typeFilterLevel" };
-#endif
 
         public SafeBinaryServerFormatterSinkProvider()
         {
-            _binaryCore = SafeBinaryCore.DefaultInstance;
+            _binaryCore = new SafeBinaryCore(DefaultFilterLevel);
         }
 
         public SafeBinaryServerFormatterSinkProvider(IDictionary properties,
             ICollection providerData)
         {
-            _binaryCore = new SafeBinaryCore(this, properties, AllowedProperties);
+            _binaryCore = new SafeBinaryCore(DefaultFilterLevel, this, properties, AllowedProperties);
         }
 
         public IServerChannelSinkProvider Next
@@ -80,7 +76,6 @@ public IServerChannelSinkProvider Next
             }
         }
 
-#if NET_1_1
         [ComVisible(false)]
         public TypeFilterLevel TypeFilterLevel
         {
@@ -89,10 +84,9 @@ public TypeFilterLevel TypeFilterLevel
             {
                 IDictionary props = (IDictionary)((ICloneable)_binaryCore.Properties).Clone();
                 props["typeFilterLevel"] = value;
-                _binaryCore = new SafeBinaryCore(this, props, AllowedProperties);
+                _binaryCore = new SafeBinaryCore(DefaultFilterLevel, this, props, AllowedProperties);
             }
         }
-#endif
 
         [SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.Infrastructure)]
         public IServerChannelSink CreateSink(IChannelReceiver channel)

SafeDeserializationHelpers/SafeDeserializationHelpers.csproj

@@ -21,7 +21,7 @@
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
     <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE;NET_1_1</DefineConstants>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <DocumentationFile>bin\Debug\Zyan.SafeDeserializationHelpers.xml</DocumentationFile>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
@@ -30,7 +30,7 @@
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
     <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE;NET_1_1</DefineConstants>
+    <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <DocumentationFile>bin\Release\Zyan.SafeDeserializationHelpers.xml</DocumentationFile>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
@@ -73,7 +73,6 @@
   </ItemGroup>
   <ItemGroup>
     <None Include="packages.config" />
-    <None Include="Zyan.SafeDeserializationHelpers.snk" />
   </ItemGroup>
   <ItemGroup>
     <Analyzer Include="..\packages\StyleCop.Analyzers.1.1.0-beta006\analyzers\dotnet\cs\StyleCop.Analyzers.CodeFixes.dll" />

SafeDeserializationHelpers/Zyan.SafeDeserializationHelpers.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd">
   <metadata>
     <id>Zyan.SafeDeserializationHelpers</id>
-    <version>0.1</version>
+    <version>0.2</version>
     <title>Zyan.SafeDeserializationHelpers</title>
     <authors>yallie</authors>
     <owners>Alexey Yakovlev</owners>
@@ -11,7 +11,7 @@
     <requireLicenseAcceptance>false</requireLicenseAcceptance>
     <description>Safe deserialization helper library to fix known BinaryFormatter vulnerabilities.</description>
     <summary>Safe deserialization helper library to fix known BinaryFormatter vulnerabilities.</summary>
-    <releaseNotes>Initial beta release.</releaseNotes>
+    <releaseNotes>Updated TypeFilterLevel to match the .NET defaults.</releaseNotes>
     <language>en-US</language>
     <tags>security deserialization BinaryFormatter</tags>
   </metadata>