diff --git a/SafeDeserializationHelpers.Tests/SafeDeserializationHelpers.Tests.csproj b/SafeDeserializationHelpers.Tests/SafeDeserializationHelpers.Tests.csproj
index 522fd35..97f2aa4 100644
--- a/SafeDeserializationHelpers.Tests/SafeDeserializationHelpers.Tests.csproj
+++ b/SafeDeserializationHelpers.Tests/SafeDeserializationHelpers.Tests.csproj
@@ -72,8 +72,5 @@
-
-
-
\ No newline at end of file
diff --git a/SafeDeserializationHelpers/Channels/SafeBinaryClientFormatterSink.cs b/SafeDeserializationHelpers/Channels/SafeBinaryClientFormatterSink.cs
index 1c8b235..b7994ed 100644
--- a/SafeDeserializationHelpers/Channels/SafeBinaryClientFormatterSink.cs
+++ b/SafeDeserializationHelpers/Channels/SafeBinaryClientFormatterSink.cs
@@ -37,6 +37,7 @@
using System.IO;
using System.Runtime.Remoting.Channels;
using System.Runtime.Remoting.Messaging;
+using System.Runtime.Serialization.Formatters;
using System.Security.Permissions;
namespace Zyan.SafeDeserializationHelpers.Channels
@@ -44,7 +45,8 @@ namespace Zyan.SafeDeserializationHelpers.Channels
public class SafeBinaryClientFormatterSink : IClientFormatterSink,
IMessageSink, IClientChannelSink, IChannelSinkBase
{
- SafeBinaryCore _binaryCore = SafeBinaryCore.DefaultInstance;
+ private const TypeFilterLevel DefaultFilterLevel = SafeBinaryClientFormatterSinkProvider.DefaultFilterLevel;
+ SafeBinaryCore _binaryCore = new SafeBinaryCore(DefaultFilterLevel);
IClientChannelSink _nextInChain;
public SafeBinaryClientFormatterSink(IClientChannelSink nextSink)
diff --git a/SafeDeserializationHelpers/Channels/SafeBinaryClientFormatterSinkProvider.cs b/SafeDeserializationHelpers/Channels/SafeBinaryClientFormatterSinkProvider.cs
index 2761e6e..dea2a2f 100644
--- a/SafeDeserializationHelpers/Channels/SafeBinaryClientFormatterSinkProvider.cs
+++ b/SafeDeserializationHelpers/Channels/SafeBinaryClientFormatterSinkProvider.cs
@@ -33,6 +33,7 @@
using System.Collections;
using System.Runtime.Remoting.Channels;
+using System.Runtime.Serialization.Formatters;
using System.Security.Permissions;
namespace Zyan.SafeDeserializationHelpers.Channels
@@ -40,24 +41,22 @@ namespace Zyan.SafeDeserializationHelpers.Channels
public class SafeBinaryClientFormatterSinkProvider :
IClientFormatterSinkProvider, IClientChannelSinkProvider
{
+ // default type filter level for BinaryServerFormatterSink is full
+ public const TypeFilterLevel DefaultFilterLevel = TypeFilterLevel.Full;
IClientChannelSinkProvider next = null;
SafeBinaryCore _binaryCore;
-#if NET_1_1
- static string[] allowedProperties = new string [] { "includeVersions", "strictBinding", "typeFilterLevel" };
-#else
- static string[] allowedProperties = new string[] { "includeVersions", "strictBinding" };
-#endif
+ static string[] allowedProperties = new string [] { "includeVersions", "strictBinding", "typeFilterLevel" };
public SafeBinaryClientFormatterSinkProvider()
{
- _binaryCore = SafeBinaryCore.DefaultInstance;
+ _binaryCore = new SafeBinaryCore(DefaultFilterLevel);
}
public SafeBinaryClientFormatterSinkProvider(IDictionary properties,
ICollection providerData)
{
- _binaryCore = new SafeBinaryCore(this, properties, allowedProperties);
+ _binaryCore = new SafeBinaryCore(DefaultFilterLevel, this, properties, allowedProperties);
}
public IClientChannelSinkProvider Next
diff --git a/SafeDeserializationHelpers/Channels/SafeBinaryCore.cs b/SafeDeserializationHelpers/Channels/SafeBinaryCore.cs
index ffdfb94..e3a635b 100644
--- a/SafeDeserializationHelpers/Channels/SafeBinaryCore.cs
+++ b/SafeDeserializationHelpers/Channels/SafeBinaryCore.cs
@@ -30,8 +30,6 @@
#pragma warning disable 1591 // missing XML comments
-#define NET_1_1
-
using System;
using System.Collections;
using System.Runtime.Remoting;
@@ -49,15 +47,11 @@ internal class SafeBinaryCore
bool _includeVersions = true;
bool _strictBinding = false;
IDictionary _properties;
+ TypeFilterLevel _filterLevel;
-#if NET_1_1
- TypeFilterLevel _filterLevel = TypeFilterLevel.Low;
-#endif
-
- public static SafeBinaryCore DefaultInstance = new SafeBinaryCore();
-
- public SafeBinaryCore(object owner, IDictionary properties, string[] allowedProperties)
+ public SafeBinaryCore(TypeFilterLevel defaultFilterLevel, object owner, IDictionary properties, string[] allowedProperties)
{
+ _filterLevel = defaultFilterLevel;
_properties = properties;
if (_properties == null)
@@ -81,7 +75,6 @@ public SafeBinaryCore(object owner, IDictionary properties, string[] allowedProp
_strictBinding = Convert.ToBoolean(property.Value);
break;
-#if NET_1_1
case "typeFilterLevel":
if (property.Value is TypeFilterLevel)
_filterLevel = (TypeFilterLevel)property.Value;
@@ -91,15 +84,15 @@ public SafeBinaryCore(object owner, IDictionary properties, string[] allowedProp
_filterLevel = (TypeFilterLevel)Enum.Parse(typeof(TypeFilterLevel), s);
}
break;
-#endif
}
}
Init();
}
- public SafeBinaryCore()
+ public SafeBinaryCore(TypeFilterLevel defaultFilterLevel)
{
+ _filterLevel = defaultFilterLevel;
_properties = new Hashtable();
Init();
}
@@ -109,18 +102,10 @@ public void Init()
RemotingSurrogateSelector surrogateSelector = new RemotingSurrogateSelector();
StreamingContext context = new StreamingContext(StreamingContextStates.Remoting, null);
-#if !TARGET_JVM
_serializationFormatter = new BinaryFormatter(surrogateSelector, context).Safe();
_deserializationFormatter = new BinaryFormatter(null, context).Safe();
-#else
- _serializationFormatter = (BinaryFormatter) vmw.@internal.remoting.BinaryFormatterUtils.CreateBinaryFormatter (surrogateSelector, context, false);
- _deserializationFormatter = (BinaryFormatter) vmw.@internal.remoting.BinaryFormatterUtils.CreateBinaryFormatter (null, context, false);
-#endif
-
-#if NET_1_1
_serializationFormatter.FilterLevel = _filterLevel;
_deserializationFormatter.FilterLevel = _filterLevel;
-#endif
if (!_includeVersions || !_strictBinding)
{
@@ -144,12 +129,10 @@ public IDictionary Properties
get { return _properties; }
}
-#if NET_1_1
public TypeFilterLevel TypeFilterLevel
{
get { return _filterLevel; }
}
-#endif
}
}
diff --git a/SafeDeserializationHelpers/Channels/SafeBinaryServerFormatterSink.cs b/SafeDeserializationHelpers/Channels/SafeBinaryServerFormatterSink.cs
index a6edb37..ed630a0 100644
--- a/SafeDeserializationHelpers/Channels/SafeBinaryServerFormatterSink.cs
+++ b/SafeDeserializationHelpers/Channels/SafeBinaryServerFormatterSink.cs
@@ -51,7 +51,8 @@ public enum Protocol
Other = 1,
}
- SafeBinaryCore _binaryCore = SafeBinaryCore.DefaultInstance;
+ private const TypeFilterLevel DefaultFilterLevel = SafeBinaryServerFormatterSinkProvider.DefaultFilterLevel;
+ SafeBinaryCore _binaryCore = new SafeBinaryCore(DefaultFilterLevel);
IServerChannelSink next_sink;
Protocol protocol;
@@ -90,7 +91,6 @@ public IDictionary Properties
}
}
-#if NET_1_1
[ComVisible(false)]
public TypeFilterLevel TypeFilterLevel
{
@@ -99,10 +99,9 @@ public TypeFilterLevel TypeFilterLevel
{
IDictionary props = (IDictionary)((ICloneable)_binaryCore.Properties).Clone();
props["typeFilterLevel"] = value;
- _binaryCore = new SafeBinaryCore(this, props, SafeBinaryServerFormatterSinkProvider.AllowedProperties);
+ _binaryCore = new SafeBinaryCore(DefaultFilterLevel, this, props, SafeBinaryServerFormatterSinkProvider.AllowedProperties);
}
}
-#endif
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.Infrastructure)]
public void AsyncProcessResponse(IServerResponseChannelSinkStack sinkStack, object state,
diff --git a/SafeDeserializationHelpers/Channels/SafeBinaryServerFormatterSinkProvider.cs b/SafeDeserializationHelpers/Channels/SafeBinaryServerFormatterSinkProvider.cs
index b6a684c..44cae58 100644
--- a/SafeDeserializationHelpers/Channels/SafeBinaryServerFormatterSinkProvider.cs
+++ b/SafeDeserializationHelpers/Channels/SafeBinaryServerFormatterSinkProvider.cs
@@ -31,8 +31,6 @@
#pragma warning disable 1591 // missing XML comments
-#define NET_1_1
-
using System.Collections;
using System.Runtime.Serialization.Formatters;
using System.Runtime.InteropServices;
@@ -45,24 +43,22 @@ namespace Zyan.SafeDeserializationHelpers.Channels
public class SafeBinaryServerFormatterSinkProvider :
IServerFormatterSinkProvider, IServerChannelSinkProvider
{
+ // default type filter level for BinaryServerFormatterSink is low
+ public const TypeFilterLevel DefaultFilterLevel = TypeFilterLevel.Low;
IServerChannelSinkProvider next = null;
SafeBinaryCore _binaryCore;
-#if NET_1_0
- internal static string[] AllowedProperties = new string [] { "includeVersions", "strictBinding" };
-#else
internal static string[] AllowedProperties = new string[] { "includeVersions", "strictBinding", "typeFilterLevel" };
-#endif
public SafeBinaryServerFormatterSinkProvider()
{
- _binaryCore = SafeBinaryCore.DefaultInstance;
+ _binaryCore = new SafeBinaryCore(DefaultFilterLevel);
}
public SafeBinaryServerFormatterSinkProvider(IDictionary properties,
ICollection providerData)
{
- _binaryCore = new SafeBinaryCore(this, properties, AllowedProperties);
+ _binaryCore = new SafeBinaryCore(DefaultFilterLevel, this, properties, AllowedProperties);
}
public IServerChannelSinkProvider Next
@@ -80,7 +76,6 @@ public IServerChannelSinkProvider Next
}
}
-#if NET_1_1
[ComVisible(false)]
public TypeFilterLevel TypeFilterLevel
{
@@ -89,10 +84,9 @@ public TypeFilterLevel TypeFilterLevel
{
IDictionary props = (IDictionary)((ICloneable)_binaryCore.Properties).Clone();
props["typeFilterLevel"] = value;
- _binaryCore = new SafeBinaryCore(this, props, AllowedProperties);
+ _binaryCore = new SafeBinaryCore(DefaultFilterLevel, this, props, AllowedProperties);
}
}
-#endif
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.Infrastructure)]
public IServerChannelSink CreateSink(IChannelReceiver channel)
diff --git a/SafeDeserializationHelpers/SafeDeserializationHelpers.csproj b/SafeDeserializationHelpers/SafeDeserializationHelpers.csproj
index f8af517..e704ca2 100644
--- a/SafeDeserializationHelpers/SafeDeserializationHelpers.csproj
+++ b/SafeDeserializationHelpers/SafeDeserializationHelpers.csproj
@@ -21,7 +21,7 @@
full
false
bin\Debug\
- DEBUG;TRACE;NET_1_1
+ DEBUG;TRACE
prompt
bin\Debug\Zyan.SafeDeserializationHelpers.xml
true
@@ -30,7 +30,7 @@
pdbonly
true
bin\Release\
- TRACE;NET_1_1
+ TRACE
prompt
bin\Release\Zyan.SafeDeserializationHelpers.xml
true
@@ -73,7 +73,6 @@
-
diff --git a/SafeDeserializationHelpers/Zyan.SafeDeserializationHelpers.nuspec b/SafeDeserializationHelpers/Zyan.SafeDeserializationHelpers.nuspec
index ab8d935..62cdb1e 100644
--- a/SafeDeserializationHelpers/Zyan.SafeDeserializationHelpers.nuspec
+++ b/SafeDeserializationHelpers/Zyan.SafeDeserializationHelpers.nuspec
@@ -2,7 +2,7 @@
Zyan.SafeDeserializationHelpers
- 0.1
+ 0.2
Zyan.SafeDeserializationHelpers
yallie
Alexey Yakovlev
@@ -11,7 +11,7 @@
false
Safe deserialization helper library to fix known BinaryFormatter vulnerabilities.
Safe deserialization helper library to fix known BinaryFormatter vulnerabilities.
- Initial beta release.
+ Updated TypeFilterLevel to match the .NET defaults.
en-US
security deserialization BinaryFormatter