-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add BinaryFormatter auditing EventSource #39874
Conversation
....Formatters/src/System/Runtime/Serialization/Formatters/Binary/BinaryFormatterEventSource.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Runtime.Serialization.Formatters/tests/BinaryFormatterEventSourceTests.cs
Outdated
Show resolved
Hide resolved
....Formatters/src/System/Runtime/Serialization/Formatters/Binary/BinaryFormatterEventSource.cs
Outdated
Show resolved
Hide resolved
....Formatters/src/System/Runtime/Serialization/Formatters/Binary/BinaryFormatterEventSource.cs
Outdated
Show resolved
Hide resolved
....Runtime.Serialization.Formatters/tests/System.Runtime.Serialization.Formatters.Tests.csproj
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I spotted a few minor things you might want to address, overall looked good 👍
....Formatters/src/System/Runtime/Serialization/Formatters/Binary/BinaryFormatterEventSource.cs
Outdated
Show resolved
Hide resolved
[Event(EventId_SerializationStarted, Opcode = EventOpcode.Start, Keywords = Keywords.Serialization, Level = EventLevel.Informational)] | ||
public void SerializationStarted() | ||
{ | ||
if (IsEnabled(EventLevel.Informational, Keywords.Serialization) && !_writeInProgress.Value) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: I typically suggest people not to worry about adding IsEnabled() checks unless you are on a very hot code-path trying to shave a few nanoseconds. The implementation within WriteEvent() will do an appropriate check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Followed up offline. Will leave them in for now since at least one of the operations (Type.get_AssemblyQualifiedName
) guarded by the initial check might have side effects that we don't want to run if nobody is listening.
This is the last of the 5.0 runtime changes per the
BinaryFormatter
obsoletion document. This introduces a newEventSource
used by the serialization infrastructure to tell you when calls toBinaryFormatter.Serialize
orBinaryFormatter.Deserialize
take place. The are currently 6 events raised in total:Type.AssemblyQualifiedName
is provided as an arg)Type.AssemblyQualifiedName
is provided as an arg)This feature is not a "global
SerializationBinder
" or a "global surrogate selector" and cannot be used to substitute types at runtime. Rather, as we begin to wind downBinaryFormatter
within the runtime and libraries, it's meant to help app authors discover hiddenBinaryFormatter
dependencies within their own code or within any assemblies they pull into their apps.There is an open question as to whether it would be useful to port this feature back to Full Framework as part of an overall defense-in-depth mechanism. I'm not considering that at the moment, but this code was designed such that it can be easily backported to Full Framework if needed. The code to hook up an
EventListener
would look the same both in Full Framework and in .NET 5.0+.