CA2240: Implementar ISerializable correctamente
Nombre de tipo |
ImplementISerializableCorrectly |
Identificador de comprobación |
CA2240 |
Categoría |
Microsoft.Usage |
Cambio problemático |
No |
Motivo
Un tipo visible externamente se puede asignar a la interfaz System.Runtime.Serialization.ISerializable y si una de las condiciones siguientes es verdadera:
El tipo hereda pero no reemplaza el método ISerializable.GetObjectData y el tipo declara campos de instancia que no se marcan con el atributo System.NonSerializedAttribute.
El tipo no es sealed e implementa un método GetObjectData que no es visible externamente ni reemplazable.
Descripción de la regla
Los campos de instancia que se declaran en un tipo que hereda la interfaz System.Runtime.Serialization.ISerializable no se incluyen automáticamente en el proceso de serialización.Para incluir los campos, el tipo debe implementar el método GetObjectData y el constructor de serialización.Si los campos no se deben serializar, aplique el atributo NonSerializedAttribute a los campos para indicar explícitamente la decisión.
En tipos que no se sellan (sealed), las implementaciones del método GetObjectData deberían ser visibles externamente.Por tanto, se puede llamar al método mediante tipos derivados y se puede invalidar.
Cómo corregir infracciones
Para corregir una infracción de esta regla, haga que el método GetObjectData sea visible y reemplazable, y asegúrese de que todos los campos de instancia se incluyan en el proceso de serialización marcado explícitamente con el atributo NonSerializedAttribute.
Cuándo suprimir advertencias
No suprima las advertencias de esta regla.
Ejemplo
En el ejemplo siguiente se muestran dos tipos serializables que infringen la regla.
Imports System
Imports System.Security.Permissions
Imports System.Runtime.Serialization
Namespace Samples1
' Violates this rule
<Serializable()> _
Public Class Book
Implements ISerializable
Private ReadOnly _Title As String
Public Sub New(ByVal title As String)
If (title Is Nothing) Then Throw New ArgumentNullException("title")
_Title = title
End Sub
Protected Sub New(ByVal info As SerializationInfo, ByVal context As StreamingContext)
If (info Is Nothing) Then Throw New ArgumentNullException("info")
_Title = info.GetString("Title")
End Sub
Public ReadOnly Property Title() As String
Get
Return _Title
End Get
End Property
<SecurityPermissionAttribute(SecurityAction.LinkDemand, Flags:=SecurityPermissionFlag.SerializationFormatter)> _
Public Sub GetObjectData(ByVal info As SerializationInfo, ByVal context As StreamingContext) _
Implements ISerializable.GetObjectData
If (info Is Nothing) Then Throw New ArgumentNullException("info")
info.AddValue("Title", _Title)
End Sub
End Class
' Violates this rule
<Serializable()> _
Public Class LibraryBook
Inherits Book
Private ReadOnly _CheckedOut As Date
Public Sub New(ByVal text As String, ByVal checkedOut As Date)
MyBase.New(text)
_CheckedOut = checkedOut
End Sub
Public ReadOnly Property CheckedOut() As Date
Get
Return _CheckedOut
End Get
End Property
End Class
End Namespace
using System;
using System.Security.Permissions;
using System.Runtime.Serialization;
namespace Samples1
{
// Violates this rule
[Serializable]
public class Book : ISerializable
{
private readonly string _Text;
public Book(string text)
{
if (text == null)
throw new ArgumentNullException("text");
_Text = text;
}
protected Book(SerializationInfo info, StreamingContext context)
{
if (info == null)
throw new ArgumentNullException("info");
_Text = info.GetString("Text");
}
public string Text
{
get { return _Text; }
}
[SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
public void GetObjectData(SerializationInfo info, StreamingContext context)
{
if (info == null)
throw new ArgumentNullException("info");
info.AddValue("Text", _Text);
}
}
// Violates this rule
[Serializable]
public class LibraryBook : Book
{
private readonly DateTime _CheckedOut;
public LibraryBook(string text, DateTime checkedOut)
: base(text)
{
_CheckedOut = checkedOut;
}
public DateTime CheckedOut
{
get { return _CheckedOut; }
}
}
}
using namespace System;
using namespace System::Security::Permissions;
using namespace System::Runtime::Serialization;
namespace Samples1
{
// Violates this rule
[Serializable]
public ref class Book : ISerializable
{
private:
initonly String^ _Title;
public:
Book(String^ title)
{
if (title == nullptr)
throw gcnew ArgumentNullException("title");
_Title = title;
}
property String^ Title
{
String^ get()
{
return _Title;
}
}
protected:
Book(SerializationInfo^ info, StreamingContext context)
{
if (info == nullptr)
throw gcnew ArgumentNullException("info");
_Title = info->GetString("Title");
}
private:
[SecurityPermission(SecurityAction::LinkDemand, Flags = SecurityPermissionFlag::SerializationFormatter)]
void virtual GetObjectData(SerializationInfo^ info, StreamingContext context) sealed = ISerializable::GetObjectData
{
if (info == nullptr)
throw gcnew ArgumentNullException("info");
info->AddValue("Title", _Title);
}
};
// Violates this rule
[Serializable]
public ref class LibraryBook : Book
{
initonly DateTime _CheckedOut;
public:
LibraryBook(String^ title, DateTime checkedOut) : Book(title)
{
_CheckedOut = checkedOut;
}
property DateTime CheckedOut
{
DateTime get()
{
return _CheckedOut;
}
}
};
}
En el ejemplo siguiente se corrigen las dos infracciones anteriores proporcionando una implementación de [ISerializable.GetObjectData] de la clase Book que se puede invalidar y una implementación de [ISerializable.GetObjectData] de la clase Library.
Imports System
Imports System.Security.Permissions
Imports System.Runtime.Serialization
Namespace Samples2
<Serializable()> _
Public Class Book
Implements ISerializable
Private ReadOnly _Title As String
Public Sub New(ByVal title As String)
If (title Is Nothing) Then Throw New ArgumentNullException("title")
_Title = title
End Sub
Protected Sub New(ByVal info As SerializationInfo, ByVal context As StreamingContext)
If (info Is Nothing) Then Throw New ArgumentNullException("info")
_Title = info.GetString("Title")
End Sub
Public ReadOnly Property Title() As String
Get
Return _Title
End Get
End Property
<SecurityPermissionAttribute(SecurityAction.LinkDemand, Flags:=SecurityPermissionFlag.SerializationFormatter)> _
Protected Overridable Sub GetObjectData(ByVal info As SerializationInfo, ByVal context As StreamingContext) _
Implements ISerializable.GetObjectData
If (info Is Nothing) Then Throw New ArgumentNullException("info")
info.AddValue("Title", _Title)
End Sub
End Class
<Serializable()> _
Public Class LibraryBook
Inherits Book
Private ReadOnly _CheckedOut As Date
Public Sub New(ByVal text As String, ByVal checkedOut As Date)
MyBase.New(text)
_CheckedOut = checkedOut
End Sub
Protected Sub New(ByVal info As SerializationInfo, ByVal context As StreamingContext)
MyBase.New(info, context)
_CheckedOut = info.GetDateTime("CheckedOut")
End Sub
Public ReadOnly Property CheckedOut() As Date
Get
Return _CheckedOut
End Get
End Property
<SecurityPermissionAttribute(SecurityAction.LinkDemand, Flags:=SecurityPermissionFlag.SerializationFormatter)> _
Protected Overrides Sub GetObjectData(ByVal info As System.Runtime.Serialization.SerializationInfo, _
ByVal context As System.Runtime.Serialization.StreamingContext)
MyBase.GetObjectData(info, context)
info.AddValue("CheckedOut", _CheckedOut)
End Sub
End Class
End Namespace
using System;
using System.Security.Permissions;
using System.Runtime.Serialization;
namespace Samples2
{
[Serializable]
public class Book : ISerializable
{
private readonly string _Title;
public Book(string title)
{
if (title == null)
throw new ArgumentNullException("title");
_Title = title;
}
protected Book(SerializationInfo info, StreamingContext context)
{
if (info == null)
throw new ArgumentNullException("info");
_Title = info.GetString("Title");
}
public string Title
{
get { return _Title; }
}
[SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
protected virtual void GetObjectData(SerializationInfo info, StreamingContext context)
{
info.AddValue("Title", _Title);
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.SerializationFormatter)]
void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context)
{
if (info == null)
throw new ArgumentNullException("info");
GetObjectData(info, context);
}
}
[Serializable]
public class LibraryBook : Book
{
private readonly DateTime _CheckedOut;
public LibraryBook(string title, DateTime checkedOut)
: base(title)
{
_CheckedOut = checkedOut;
}
protected LibraryBook(SerializationInfo info, StreamingContext context)
: base(info, context)
{
_CheckedOut = info.GetDateTime("CheckedOut");
}
public DateTime CheckedOut
{
get { return _CheckedOut; }
}
[SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
protected override void GetObjectData(SerializationInfo info, StreamingContext context)
{
base.GetObjectData(info, context);
info.AddValue("CheckedOut", _CheckedOut);
}
}
}
using namespace System;
using namespace System::Security::Permissions;
using namespace System::Runtime::Serialization;
namespace Samples2
{
[Serializable]
public ref class Book : ISerializable
{
private:
initonly String^ _Title;
public:
Book(String^ title)
{
if (title == nullptr)
throw gcnew ArgumentNullException("title");
_Title = title;
}
property String^ Title
{
String^ get()
{
return _Title;
}
}
protected:
Book(SerializationInfo^ info, StreamingContext context)
{
if (info == nullptr)
throw gcnew ArgumentNullException("info");
_Title = info->GetString("Title");
}
[SecurityPermission(SecurityAction::LinkDemand, Flags = SecurityPermissionFlag::SerializationFormatter)]
void virtual GetObjectData(SerializationInfo^ info, StreamingContext context) = ISerializable::GetObjectData
{
if (info == nullptr)
throw gcnew ArgumentNullException("info");
info->AddValue("Title", _Title);
}
};
[Serializable]
public ref class LibraryBook : Book
{
initonly DateTime _CheckedOut;
public:
LibraryBook(String^ title, DateTime checkedOut)
: Book(title)
{
_CheckedOut = checkedOut;
}
property DateTime CheckedOut
{
DateTime get()
{
return _CheckedOut;
}
}
protected:
LibraryBook(SerializationInfo^ info, StreamingContext context) : Book(info, context)
{
_CheckedOut = info->GetDateTime("CheckedOut");
}
[SecurityPermission(SecurityAction::LinkDemand, Flags = SecurityPermissionFlag::SerializationFormatter)]
void virtual GetObjectData(SerializationInfo^ info, StreamingContext context) override
{
Book::GetObjectData(info, context);
info->AddValue("CheckedOut", _CheckedOut);
}
};
}
Reglas relacionadas
LCA2236: Llamar a métodos de clase base en tipos ISerializable
CA2229: Implementar constructores de serialización
CA2238: Implementar los métodos de serialización de forma correcta
CA2235: Marcar todos los campos no serializables
CA2237: Marcar los tipos ISerializable con SerializableAttribute
CA2239: Proporcionar métodos de deserialización para campos opcionales