File: BinarySerialization.cs
Web Access
Project: src\src\Common\tests\TestUtilities\System.Private.Windows.Core.TestUtilities.csproj (System.Private.Windows.Core.TestUtilities)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.Serialization.Formatters;
using System.Runtime.Serialization.Formatters.Binary;
 
namespace System;
 
public static class BinarySerialization
{
    /// <summary>
    ///  Ensures the list of types marked as serializable under <paramref name="assemblyUnderTest"/> matches <paramref name="serializableTypes"/>.
    ///  If not, <see cref="NotSupportedException"/> is thrown.
    /// </summary>
    public static void EnsureSerializableAttribute(Assembly assemblyUnderTest, HashSet<string> serializableTypes)
    {
        foreach (Type type in assemblyUnderTest.GetTypes())
        {
            var attributes = Attribute.GetCustomAttributes(type);
            string? fullName = type.FullName;
            if (fullName is null)
            {
                continue;
            }
 
            if (!attributes.Any(a => a is SerializableAttribute))
            {
                // the type isn't marked as serializable, verify it is not one of the types
                // that we expect to be serializable
                if (serializableTypes.Contains(fullName))
                {
                    throw new NotSupportedException($"Serializable attribute is expected on {fullName}");
                }
 
                continue;
            }
 
            if (attributes.Any(a => a is CompilerGeneratedAttribute))
            {
                // ignore compiler generated types, we have no control over them
                continue;
            }
 
            // Ensure SerializableAttribute is not added to any types not in the known list.
            if (serializableTypes.Contains(fullName))
            {
                // we have marked the type as serializable, all good
                continue;
            }
 
            throw new NotSupportedException($"Serializable attribute is not expected on {type.FullName}");
        }
    }
 
    /// <summary>
    ///  Binary deserializes a base 64 string to <typeparamref name="T"/>. <paramref name="blob"/> is binary
    ///  deserialized with <see cref="BinaryFormatter"/> with <paramref name="assemblyStyle"/> taken into account.
    /// </summary>
#pragma warning disable SYSLIB0050 // Type or member is obsolete
    public static T EnsureDeserialize<T>(string blob, FormatterAssemblyStyle assemblyStyle = FormatterAssemblyStyle.Simple)
    {
        object @object = FromBase64String(blob, assemblyStyle);
        Assert.NotNull(@object);
        return Assert.IsType<T>(@object);
 
        static object FromBase64String(string base64String, FormatterAssemblyStyle assemblyStyle)
        {
            byte[] raw = Convert.FromBase64String(base64String);
            return FromByteArray(raw, assemblyStyle);
        }
 
        static object FromByteArray(byte[] raw, FormatterAssemblyStyle assemblyStyle)
        {
#pragma warning disable SYSLIB0011 // Type or member is obsolete
            // cs/binary-formatter-without-binder
            BinaryFormatter binaryFormatter = new() // CodeQL [SM04191] : Safe use because the deserialization process is performed on trusted data and the types are controlled and validated.
            {
                AssemblyFormat = assemblyStyle
            };
#pragma warning restore SYSLIB0011
 
            using MemoryStream serializedStream = new(raw);
 
            // cs/dangerous-binary-deserialization
            return binaryFormatter.Deserialize(serializedStream); // CodeQL[SM03722] : Testing legacy feature. This is a safe use of BinaryFormatter because the data is trusted and the types are controlled and validated.
        }
    }
 
    /// <summary>
    ///  Returns a base 64 string of the binary serialized <paramref name="object"/>.
    ///  <paramref name="object"/> is binary serialized using <see cref="BinaryFormatter"/>
    ///  with <paramref name="assemblyStyle"/> taken into account.
    /// </summary>
    public static string ToBase64String(object @object,
        FormatterAssemblyStyle assemblyStyle = FormatterAssemblyStyle.Simple)
    {
        byte[] raw = ToByteArray(@object, assemblyStyle);
        return Convert.ToBase64String(raw);
 
        static byte[] ToByteArray(object obj, FormatterAssemblyStyle assemblyStyle)
        {
#pragma warning disable SYSLIB0011 // Type or member is obsolete
            // cs/binary-formatter-without-binder
            BinaryFormatter binaryFormatter = new() // CodeQL [SM04191]: Safe use because the deserialization process is performed on trusted data and the types are controlled and validated.
            {
                AssemblyFormat = assemblyStyle
            };
#pragma warning restore SYSLIB0011
 
            using MemoryStream stream = new();
            binaryFormatter.Serialize(stream, obj);
            return stream.ToArray();
        }
    }
#pragma warning restore SYSLIB0050
}