-
-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to serialize DataSets / DataTables? #82
Comments
Ok, whatever, I won't stand in your way 😝 You can compile the code yourself, comment out the corrosponding part here: https://github.com/rikimaru0345/Ceras/blob/master/src/Ceras/Helpers/BannedTypes.cs#L74 But it is not a bug, the concern is valid. |
Thank you so much. Sorry for tagging this issue as bug. You're right, DataSet serialization has security issues and so it should only be used in a trusted environment and never exposed to the Internet. I'll try to extend settings with a "AllowDataSetSerialization" property, which is set false by default. |
I am going to second this request. I actually have a large number of applications that make use of large datatables and being able to cache these in something like redis would really help. I tried to muck with the BannedTypes but ran already into issues serializing CultureInfo. So an effort on DataTable would really be appreciated. |
@andreasmaier-abt Alright, noted.
What exactly is the problem with But if someone creates their own CultureInfo (based on some existing one and then just changing some properties), it's a little bit more complicated to serialize. Anyway, whatever the issue with it is, adding support for it in Ceras is most likely very easy. |
Describe the bug
What are you trying to do?
I try to serialize System.Data.DataSet types with Ceras.
What do you think should happen?
They should be serialized to byte[] properly.
May be I have to set some special config to allow DataSet seralization, but I don't know what to do.
The FAQ says nothing about DataSets.
I don't care if DataSets are rated bad or insecure by some people, because I have large applications with a big code base that I don't want to write from scratch.
What is actually happening?
I'm getting a Ceras.Formatters.BannedTypeException: The type 'System.Data.DataSet' cannot be serialized, please mark the field/property that caused this Type to be included with the [Exclude] attribute or filter it out using the 'ShouldSerialize' callback. Specific reason for this type being banned: "This type can be exploited when deserializing malicious data". You should open an issue on GitHub or join the Discord server for support.
at Ceras.Formatters.BannedTypes.ThrowIfBanned (System.Type type) [0x0017e] in :0
at Ceras.CerasSerializer.CreateMetaData (System.Type type, System.Boolean isStatic) [0x0001f] in :0
at Ceras.CerasSerializer.GetReferenceFormatter (System.Type type) [0x00000] in :0
at Ceras.CerasSerializer.Serialize[T] (T obj, System.Byte[]& buffer, System.Int32 offset) [0x00055] in :0
at Ceras.CerasSerializer.Serialize[T] (T obj) [0x00010] in :0
at CerasDataSetDemo.Program.Main (System.String[] args) [0x000f6] in :0
How to reproduce the bug
Here is my example code to reproduce the issue:
Platform
The text was updated successfully, but these errors were encountered: