CA2240:正确实现 ISerializable
类型名 |
ImplementISerializableCorrectly |
CheckId |
CA2240 |
类别 |
Microsoft.Usage |
是否重大更改 |
否 |
原因
外部可见的类型可以赋给 ISerializable 接口,且下列条件之一为真:
该类型继承但并不重写 ISerializable.GetObjectData 方法,且该类型声明的实例字段没有使用 NonSerializedAttribute 特性进行标记。
该类型没有密封,并且实现了外部不可见且不能重写的 GetObjectData 方法。
规则说明
在继承 ISerializable 接口的类型中声明的实例字段并不自动包括在序列化进程中。要包括这些字段,该类型必须实现 GetObjectData 方法和序列化构造函数。如果不应序列化这些字段,请将 NonSerializedAttribute 特性应用于这些字段以显式指示这一决定。
在没有密封的类型中,GetObjectData 方法的实现应该是外部可见的。因此,该方法可由派生类型调用,并且是可重写的。
如何解决冲突
要修复与该规则的冲突,请使 GetObjectData 方法可见且可以重写,并确保所有实例字段包括在序列化进程中,或者使用 NonSerializedAttribute 特性显式标记所有实例字段。
何时禁止显示警告
不要禁止显示此规则发出的警告。
示例
下面的示例显示了两个与该规则冲突的可序列化类型。
Imports System
Imports System.Security.Permissions
Imports System.Runtime.Serialization
Namespace Samples1
' Violates this rule
<Serializable()> _
Public Class Book
Implements ISerializable
Private ReadOnly _Title As String
Public Sub New(ByVal title As String)
If (title Is Nothing) Then Throw New ArgumentNullException("title")
_Title = title
End Sub
Protected Sub New(ByVal info As SerializationInfo, ByVal context As StreamingContext)
If (info Is Nothing) Then Throw New ArgumentNullException("info")
_Title = info.GetString("Title")
End Sub
Public ReadOnly Property Title() As String
Get
Return _Title
End Get
End Property
<SecurityPermissionAttribute(SecurityAction.LinkDemand, Flags:=SecurityPermissionFlag.SerializationFormatter)> _
Public Sub GetObjectData(ByVal info As SerializationInfo, ByVal context As StreamingContext) _
Implements ISerializable.GetObjectData
If (info Is Nothing) Then Throw New ArgumentNullException("info")
info.AddValue("Title", _Title)
End Sub
End Class
' Violates this rule
<Serializable()> _
Public Class LibraryBook
Inherits Book
Private ReadOnly _CheckedOut As Date
Public Sub New(ByVal text As String, ByVal checkedOut As Date)
MyBase.New(text)
_CheckedOut = checkedOut
End Sub
Public ReadOnly Property CheckedOut() As Date
Get
Return _CheckedOut
End Get
End Property
End Class
End Namespace
using System;
using System.Security.Permissions;
using System.Runtime.Serialization;
namespace Samples1
{
// Violates this rule
[Serializable]
public class Book : ISerializable
{
private readonly string _Text;
public Book(string text)
{
if (text == null)
throw new ArgumentNullException("text");
_Text = text;
}
protected Book(SerializationInfo info, StreamingContext context)
{
if (info == null)
throw new ArgumentNullException("info");
_Text = info.GetString("Text");
}
public string Text
{
get { return _Text; }
}
[SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
public void GetObjectData(SerializationInfo info, StreamingContext context)
{
if (info == null)
throw new ArgumentNullException("info");
info.AddValue("Text", _Text);
}
}
// Violates this rule
[Serializable]
public class LibraryBook : Book
{
private readonly DateTime _CheckedOut;
public LibraryBook(string text, DateTime checkedOut)
: base(text)
{
_CheckedOut = checkedOut;
}
public DateTime CheckedOut
{
get { return _CheckedOut; }
}
}
}
using namespace System;
using namespace System::Security::Permissions;
using namespace System::Runtime::Serialization;
namespace Samples1
{
// Violates this rule
[Serializable]
public ref class Book : ISerializable
{
private:
initonly String^ _Title;
public:
Book(String^ title)
{
if (title == nullptr)
throw gcnew ArgumentNullException("title");
_Title = title;
}
property String^ Title
{
String^ get()
{
return _Title;
}
}
protected:
Book(SerializationInfo^ info, StreamingContext context)
{
if (info == nullptr)
throw gcnew ArgumentNullException("info");
_Title = info->GetString("Title");
}
private:
[SecurityPermission(SecurityAction::LinkDemand, Flags = SecurityPermissionFlag::SerializationFormatter)]
void virtual GetObjectData(SerializationInfo^ info, StreamingContext context) sealed = ISerializable::GetObjectData
{
if (info == nullptr)
throw gcnew ArgumentNullException("info");
info->AddValue("Title", _Title);
}
};
// Violates this rule
[Serializable]
public ref class LibraryBook : Book
{
initonly DateTime _CheckedOut;
public:
LibraryBook(String^ title, DateTime checkedOut) : Book(title)
{
_CheckedOut = checkedOut;
}
property DateTime CheckedOut
{
DateTime get()
{
return _CheckedOut;
}
}
};
}
下面的示例通过如下方法修复了前面的两个冲突:在 Book 类中提供 [ISerializable.GetObjectData] 的可重写实现,并在 Library 类中提供 [ISerializable.GetObjectData] 的实现。
Imports System
Imports System.Security.Permissions
Imports System.Runtime.Serialization
Namespace Samples2
<Serializable()> _
Public Class Book
Implements ISerializable
Private ReadOnly _Title As String
Public Sub New(ByVal title As String)
If (title Is Nothing) Then Throw New ArgumentNullException("title")
_Title = title
End Sub
Protected Sub New(ByVal info As SerializationInfo, ByVal context As StreamingContext)
If (info Is Nothing) Then Throw New ArgumentNullException("info")
_Title = info.GetString("Title")
End Sub
Public ReadOnly Property Title() As String
Get
Return _Title
End Get
End Property
<SecurityPermissionAttribute(SecurityAction.LinkDemand, Flags:=SecurityPermissionFlag.SerializationFormatter)> _
Protected Overridable Sub GetObjectData(ByVal info As SerializationInfo, ByVal context As StreamingContext) _
Implements ISerializable.GetObjectData
If (info Is Nothing) Then Throw New ArgumentNullException("info")
info.AddValue("Title", _Title)
End Sub
End Class
<Serializable()> _
Public Class LibraryBook
Inherits Book
Private ReadOnly _CheckedOut As Date
Public Sub New(ByVal text As String, ByVal checkedOut As Date)
MyBase.New(text)
_CheckedOut = checkedOut
End Sub
Protected Sub New(ByVal info As SerializationInfo, ByVal context As StreamingContext)
MyBase.New(info, context)
_CheckedOut = info.GetDateTime("CheckedOut")
End Sub
Public ReadOnly Property CheckedOut() As Date
Get
Return _CheckedOut
End Get
End Property
<SecurityPermissionAttribute(SecurityAction.LinkDemand, Flags:=SecurityPermissionFlag.SerializationFormatter)> _
Protected Overrides Sub GetObjectData(ByVal info As System.Runtime.Serialization.SerializationInfo, _
ByVal context As System.Runtime.Serialization.StreamingContext)
MyBase.GetObjectData(info, context)
info.AddValue("CheckedOut", _CheckedOut)
End Sub
End Class
End Namespace
using System;
using System.Security.Permissions;
using System.Runtime.Serialization;
namespace Samples2
{
[Serializable]
public class Book : ISerializable
{
private readonly string _Title;
public Book(string title)
{
if (title == null)
throw new ArgumentNullException("title");
_Title = title;
}
protected Book(SerializationInfo info, StreamingContext context)
{
if (info == null)
throw new ArgumentNullException("info");
_Title = info.GetString("Title");
}
public string Title
{
get { return _Title; }
}
[SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
protected virtual void GetObjectData(SerializationInfo info, StreamingContext context)
{
info.AddValue("Title", _Title);
}
[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.SerializationFormatter)]
void ISerializable.GetObjectData(SerializationInfo info, StreamingContext context)
{
if (info == null)
throw new ArgumentNullException("info");
GetObjectData(info, context);
}
}
[Serializable]
public class LibraryBook : Book
{
private readonly DateTime _CheckedOut;
public LibraryBook(string title, DateTime checkedOut)
: base(title)
{
_CheckedOut = checkedOut;
}
protected LibraryBook(SerializationInfo info, StreamingContext context)
: base(info, context)
{
_CheckedOut = info.GetDateTime("CheckedOut");
}
public DateTime CheckedOut
{
get { return _CheckedOut; }
}
[SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
protected override void GetObjectData(SerializationInfo info, StreamingContext context)
{
base.GetObjectData(info, context);
info.AddValue("CheckedOut", _CheckedOut);
}
}
}
using namespace System;
using namespace System::Security::Permissions;
using namespace System::Runtime::Serialization;
namespace Samples2
{
[Serializable]
public ref class Book : ISerializable
{
private:
initonly String^ _Title;
public:
Book(String^ title)
{
if (title == nullptr)
throw gcnew ArgumentNullException("title");
_Title = title;
}
property String^ Title
{
String^ get()
{
return _Title;
}
}
protected:
Book(SerializationInfo^ info, StreamingContext context)
{
if (info == nullptr)
throw gcnew ArgumentNullException("info");
_Title = info->GetString("Title");
}
[SecurityPermission(SecurityAction::LinkDemand, Flags = SecurityPermissionFlag::SerializationFormatter)]
void virtual GetObjectData(SerializationInfo^ info, StreamingContext context) = ISerializable::GetObjectData
{
if (info == nullptr)
throw gcnew ArgumentNullException("info");
info->AddValue("Title", _Title);
}
};
[Serializable]
public ref class LibraryBook : Book
{
initonly DateTime _CheckedOut;
public:
LibraryBook(String^ title, DateTime checkedOut)
: Book(title)
{
_CheckedOut = checkedOut;
}
property DateTime CheckedOut
{
DateTime get()
{
return _CheckedOut;
}
}
protected:
LibraryBook(SerializationInfo^ info, StreamingContext context) : Book(info, context)
{
_CheckedOut = info->GetDateTime("CheckedOut");
}
[SecurityPermission(SecurityAction::LinkDemand, Flags = SecurityPermissionFlag::SerializationFormatter)]
void virtual GetObjectData(SerializationInfo^ info, StreamingContext context) override
{
Book::GetObjectData(info, context);
info->AddValue("CheckedOut", _CheckedOut);
}
};
}
相关规则
CA2236:对 ISerializable 类型调用基类方法