Kaganapan
Mar 17, 9 PM - Mar 21, 10 AM
Sumali sa serye ng meetup upang bumuo ng mga scalable AI solusyon batay sa mga kaso ng paggamit ng tunay na mundo sa mga kapwa developer at eksperto.
Magparehistro naCA5367: Do not serialize types with pointer fields
| Property | Value |
|---|---|
| Rule ID | CA5367 |
| Title | Do not serialize types with pointer fields |
| Category | Security |
| Fix is breaking or non-breaking | Non-breaking |
| Enabled by default in .NET 9 | No |
Pointers are not type safe, which means you cannot guarantee the correctness of the memory they point at. So, serializing types with pointer fields is a security risk, as it may allow an attacker to control the pointer.
This rule checks whether there’s a serializable class with a pointer field or property. Members that can’t be serialized can be a pointer, such as static members or fields marked with System.NonSerializedAttribute.
Don't use pointer types for members in a serializable class or don't serialize the members that are pointers.
Don't take the risk to use pointers in serializable types.
C#
using System;
[Serializable()]
unsafe class TestClassA
{
private int* pointer;
}
C#
using System;
[Serializable()]
unsafe class TestClassA
{
private int i;
}
C#
using System;
[Serializable()]
unsafe class TestClassA
{
private static int* pointer;
}
Makipagtulungan sa amin sa GitHub
Ang pinagmulan para sa content na ito ay mahahanap sa GitHub, kung saan maaari ka ring lumikha at sumuri ng mga isyu at mga pull request. Para sa higit pang impormasyon, tingnan ang aming gabay sa contributor.
Feedback sa .NET
Ang .NET ay isang open source na project. Pumili ng link para magbibigay ng feedback: