Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add BinaryFormatter auditing EventSource #39874

Merged
merged 7 commits into from
Jul 29, 2020
Merged

Add BinaryFormatter auditing EventSource #39874

merged 7 commits into from
Jul 29, 2020

Conversation

GrabYourPitchforks
Copy link
Member

This is the last of the 5.0 runtime changes per the BinaryFormatter obsoletion document. This introduces a new EventSource used by the serialization infrastructure to tell you when calls to BinaryFormatter.Serialize or BinaryFormatter.Deserialize take place. The are currently 6 events raised in total:

  • Serialization started (no args)
  • Serialization ended (no args)
  • Serialization of a non-primitive object is occurring (Type.AssemblyQualifiedName is provided as an arg)
  • Deserialization started (no args)
  • Deserialization ended (no args)
  • Deserialization of a non-primitive object is occurring (Type.AssemblyQualifiedName is provided as an arg)

This feature is not a "global SerializationBinder" or a "global surrogate selector" and cannot be used to substitute types at runtime. Rather, as we begin to wind down BinaryFormatter within the runtime and libraries, it's meant to help app authors discover hidden BinaryFormatter dependencies within their own code or within any assemblies they pull into their apps.

There is an open question as to whether it would be useful to port this feature back to Full Framework as part of an overall defense-in-depth mechanism. I'm not considering that at the moment, but this code was designed such that it can be easily backported to Full Framework if needed. The code to hook up an EventListener would look the same both in Full Framework and in .NET 5.0+.

@GrabYourPitchforks GrabYourPitchforks added this to the 5.0.0 milestone Jul 23, 2020
@GrabYourPitchforks
Copy link
Member Author

@tarekgh @noahfalk You're on the review mainly as an FYI to make sure I haven't done anything bonkers with EventSource. :)

noahfalk
noahfalk reviewed Jul 28, 2020
View reviewed changes
Copy link
Member

@noahfalk noahfalk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I spotted a few minor things you might want to address, overall looked good 👍

....Formatters/src/System/Runtime/Serialization/Formatters/Binary/BinaryFormatterEventSource.cs Outdated Show resolved Hide resolved
....Formatters/src/System/Runtime/Serialization/Formatters/Binary/BinaryFormatterEventSource.cs Outdated
[Event(EventId_SerializationStarted, Opcode = EventOpcode.Start, Keywords = Keywords.Serialization, Level = EventLevel.Informational)]
public void SerializationStarted()
{
if (IsEnabled(EventLevel.Informational, Keywords.Serialization) && !_writeInProgress.Value)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I typically suggest people not to worry about adding IsEnabled() checks unless you are on a very hot code-path trying to shave a few nanoseconds. The implementation within WriteEvent() will do an appropriate check.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Followed up offline. Will leave them in for now since at least one of the operations (Type.get_AssemblyQualifiedName) guarded by the initial check might have side effects that we don't want to run if nobody is listening.

....Formatters/src/System/Runtime/Serialization/Formatters/Binary/BinaryFormatterEventSource.cs Outdated Show resolved Hide resolved
....Formatters/src/System/Runtime/Serialization/Formatters/Binary/BinaryFormatterEventSource.cs Outdated Show resolved Hide resolved
@GrabYourPitchforks
Copy link
Member Author

@noahfalk @jkotas @tarekgh Thanks all for your feedback, both here and offline! I think the latest iteration addresses all of it. Please let me know if you have further suggestions. :)

@GrabYourPitchforks GrabYourPitchforks merged commit b165cbb into dotnet:master Jul 29, 2020
@GrabYourPitchforks GrabYourPitchforks deleted the bf_etw branch July 29, 2020 22:48
Jacksondr5 pushed a commit to Jacksondr5/runtime that referenced this pull request Aug 10, 2020
@GrabYourPitchforks @Jacksondr5
Add BinaryFormatter auditing EventSource (dotnet#39874)
d6976aa
@ghost ghost locked as resolved and limited conversation to collaborators Dec 8, 2020
@jkotas jkotas added the binaryformatter-migration Issues related to the removal of BinaryFormatter and migrations away from it label May 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@noahfalk noahfalk noahfalk left review comments

@AaronRobinsonMSFT AaronRobinsonMSFT AaronRobinsonMSFT left review comments

@jkotas jkotas jkotas approved these changes

@tarekgh tarekgh tarekgh approved these changes

@blowdart blowdart Awaiting requested review from blowdart

@bartonjs bartonjs Awaiting requested review from bartonjs

@joperezr joperezr Awaiting requested review from joperezr

Assignees
No one assigned
Labels
area-Serialization binaryformatter-migration Issues related to the removal of BinaryFormatter and migrations away from it
Projects
None yet
Milestone
5.0.0
Development

Successfully merging this pull request may close these issues.
6 participants
@GrabYourPitchforks @noahfalk @jkotas @tarekgh @joperezr @AaronRobinsonMSFT