mcs/class/corlib/System.Runtime.Serialization.Formatters.Binary/BinaryFormatter.cs

   1 // BinaryFormatter.cs
   2 //
   3 // Author:
   4 //      Dick Porter (dick@ximian.com)
   5 //  Lluis Sanchez Gual (lluis@ideary.com)
   6 //
   7 // (C) 2002 Ximian, Inc.  http://www.ximian.com
   8 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
   9 //
  10 // Permission is hereby granted, free of charge, to any person obtaining
  11 // a copy of this software and associated documentation files (the
  12 // "Software"), to deal in the Software without restriction, including
  13 // without limitation the rights to use, copy, modify, merge, publish,
  14 // distribute, sublicense, and/or sell copies of the Software, and to
  15 // permit persons to whom the Software is furnished to do so, subject to
  16 // the following conditions:
  17 //
  18 // The above copyright notice and this permission notice shall be
  19 // included in all copies or substantial portions of the Software.
  20 //
  21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  28 //
  29
  30 using System.Collections;
  31 using System.IO;
  32 using System.Reflection;
  33 using System.Runtime.InteropServices;
  34 using System.Runtime.Remoting.Messaging;
  35 using System.Security.Permissions;
  36
  37 namespace System.Runtime.Serialization.Formatters.Binary {
  38
  39         [ComVisible (true)]
  40         public sealed class BinaryFormatter : IRemotingFormatter, IFormatter
  41         {
  42                 private FormatterAssemblyStyle assembly_format = FormatterAssemblyStyle.Simple;
  43                 private SerializationBinder binder;
  44                 private StreamingContext context;
  45                 private ISurrogateSelector surrogate_selector;
  46                 private FormatterTypeStyle type_format = FormatterTypeStyle.TypesAlways;
  47                 private TypeFilterLevel filter_level = TypeFilterLevel.Full;
  48
  49                 public BinaryFormatter()
  50                 {
  51                         surrogate_selector=DefaultSurrogateSelector;
  52                         context=new StreamingContext(StreamingContextStates.All);
  53                 }
  54
  55                 public BinaryFormatter(ISurrogateSelector selector, StreamingContext context)
  56                 {
  57                         surrogate_selector=selector;
  58                         this.context=context;
  59                 }
  60
  61
  62                 // Deserializing objects of type Dictionary<,> List<> and friends does not work in a CoreCLR sandbox, because
  63                 // the default deserialization code uses reflection to do its job, and the fields being reflected on live in mscorlib.dll.
  64                 // DefaultSurrogateSelector enables embedders to provide an alternative method of deserializing specific types in a way
  65                 // that does not violate the CoreCLR rules. See https://gist.github.com/878267 for some actual code that provides CoreCLR safe
  66                 // deserialization code for List<> and Dictionary<,>.
  67                 // DefaultSurrogateSelector is private, and needs to be set by the embedder trough reflection, so we do not expose any public
  68                 // API point that is not present in .NET
  69                 static ISurrogateSelector DefaultSurrogateSelector { get; set; }
  70
  71                 public FormatterAssemblyStyle AssemblyFormat
  72                 {
  73                         get {
  74                                 return(assembly_format);
  75                         }
  76                         set {
  77                                 assembly_format=value;
  78                         }
  79                 }
  80
  81                 public SerializationBinder Binder
  82                 {
  83                         get {
  84                                 return(binder);
  85                         }
  86                         set {
  87                                 binder=value;
  88                         }
  89                 }
  90
  91                 public StreamingContext Context
  92                 {
  93                         get {
  94                                 return(context);
  95                         }
  96                         set {
  97                                 context=value;
  98                         }
  99                 }
 100
 101                 public ISurrogateSelector SurrogateSelector
 102                 {
 103                         get {
 104                                 return(surrogate_selector);
 105                         }
 106                         set {
 107                                 surrogate_selector=value;
 108                         }
 109                 }
 110
 111                 public FormatterTypeStyle TypeFormat
 112                 {
 113                         get {
 114                                 return(type_format);
 115                         }
 116                         set {
 117                                 type_format=value;
 118                         }
 119                 }
 120
 121                 public TypeFilterLevel FilterLevel
 122                 {
 123                         get { return filter_level; }
 124                         set { filter_level = value; }
 125                 }
 126
 127                 [SecurityPermission (SecurityAction.Demand, SerializationFormatter = true)]
 128                 public object Deserialize (Stream serializationStream)
 129                 {
 130                         return NoCheckDeserialize (serializationStream, null);
 131                 }
 132
 133                 [SecurityPermission (SecurityAction.Demand, SerializationFormatter = true)]
 134                 public object Deserialize (Stream serializationStream, HeaderHandler handler)
 135                 {
 136                         return NoCheckDeserialize (serializationStream, handler);
 137                 }
 138
 139                 // shared by Deserialize and UnsafeDeserialize which both involve different security checks
 140                 private object NoCheckDeserialize (Stream serializationStream, HeaderHandler handler)
 141                 {
 142                         if(serializationStream==null)
 143                         {
 144                                 throw new ArgumentNullException("serializationStream");
 145                         }
 146                         if(serializationStream.CanSeek &&
 147                                 serializationStream.Length==0)
 148                         {
 149                                 throw new SerializationException("serializationStream supports seeking, but its length is 0");
 150                         }
 151
 152                         BinaryReader reader = new BinaryReader (serializationStream);
 153
 154                         bool hasHeader;
 155                         ReadBinaryHeader (reader, out hasHeader);
 156
 157                         // Messages are read using a special static method, which does not use ObjectReader
 158                         // if it is not needed. This saves time and memory.
 159
 160                         BinaryElement elem = (BinaryElement) reader.Read ();
 161
 162                         if (elem == BinaryElement.MethodCall) {
 163                                 return MessageFormatter.ReadMethodCall (elem, reader, hasHeader, handler, this);
 164                         }
 165                         else if (elem == BinaryElement.MethodResponse) {
 166                                 return MessageFormatter.ReadMethodResponse (elem, reader, hasHeader, handler, null, this);
 167                         }
 168                         else {
 169                                 ObjectReader serializer = new ObjectReader (this);
 170
 171                                 object result;
 172                                 Header[] headers;
 173                                 serializer.ReadObjectGraph (elem, reader, hasHeader, out result, out headers);
 174                                 if (handler != null) handler(headers);
 175                                 return result;
 176                         }
 177                 }
 178
 179                 [SecurityPermission (SecurityAction.Demand, SerializationFormatter = true)]
 180                 public object DeserializeMethodResponse (Stream serializationStream, HeaderHandler handler, IMethodCallMessage methodCallMessage)
 181                 {
 182                         return NoCheckDeserializeMethodResponse (serializationStream, handler, methodCallMessage);
 183                 }
 184
 185                 // shared by DeserializeMethodResponse and UnsafeDeserializeMethodResponse which both involve different security checks
 186                 private object NoCheckDeserializeMethodResponse (Stream serializationStream, HeaderHandler handler, IMethodCallMessage methodCallMessage)
 187                 {
 188                         if(serializationStream==null) {
 189                                 throw new ArgumentNullException("serializationStream");
 190                         }
 191                         if(serializationStream.CanSeek &&
 192                            serializationStream.Length==0) {
 193                                 throw new SerializationException("serializationStream supports seeking, but its length is 0");
 194                         }
 195
 196                         BinaryReader reader = new BinaryReader (serializationStream);
 197
 198                         bool hasHeader;
 199                         ReadBinaryHeader (reader, out hasHeader);
 200                         return MessageFormatter.ReadMethodResponse (reader, hasHeader, handler, methodCallMessage, this);
 201                 }
 202
 203                 public void Serialize(Stream serializationStream, object graph)
 204                 {
 205                         Serialize (serializationStream, graph, null);
 206                 }
 207
 208                 [SecurityPermission (SecurityAction.Demand, SerializationFormatter = true)]
 209                 public void Serialize(Stream serializationStream, object graph, Header[] headers)
 210                 {
 211                         if(serializationStream==null) {
 212                                 throw new ArgumentNullException ("serializationStream");
 213                         }
 214
 215                         BinaryWriter writer = new BinaryWriter (serializationStream);
 216                         WriteBinaryHeader (writer, headers!=null);
 217
 218                         if (graph is IMethodCallMessage) {
 219                                 MessageFormatter.WriteMethodCall (writer, graph, headers, this);
 220                         }
 221                         else if (graph is IMethodReturnMessage)  {
 222                                 MessageFormatter.WriteMethodResponse (writer, graph, headers, this);
 223                         }
 224                         else {
 225                                 ObjectWriter serializer = new ObjectWriter (this);
 226                                 serializer.WriteObjectGraph (writer, graph, headers);
 227                         }
 228                         writer.Flush();
 229                 }
 230
 231                 // faster version (under CAS) as this requires a LinkDemand versus full Demand (i.e. a stack-walk)
 232                 // shouldn't be called unless the code is intended to be executed at full-trust
 233                 [ComVisible (false)]
 234                 [SecurityPermission (SecurityAction.LinkDemand, SerializationFormatter = true)]
 235                 public object UnsafeDeserialize (Stream serializationStream, HeaderHandler handler)
 236                 {
 237                         return NoCheckDeserialize (serializationStream, handler);
 238                 }
 239
 240                 // faster version (under CAS) as this requires a LinkDemand versus full Demand (i.e. a stack-walk)
 241                 // shouldn't be called unless the code is intended to be executed at full-trust
 242                 [ComVisible (false)]
 243                 [SecurityPermission (SecurityAction.LinkDemand, SerializationFormatter = true)]
 244                 public object UnsafeDeserializeMethodResponse (Stream serializationStream, HeaderHandler handler, IMethodCallMessage methodCallMessage)
 245                 {
 246                         return NoCheckDeserializeMethodResponse (serializationStream, handler, methodCallMessage);
 247                 }
 248
 249                 private void WriteBinaryHeader (BinaryWriter writer, bool hasHeaders)
 250                 {
 251                         writer.Write ((byte)BinaryElement.Header);
 252                         writer.Write ((int)1);
 253                         if (hasHeaders) writer.Write ((int)2);
 254                         else writer.Write ((int)-1);
 255                         writer.Write ((int)1);
 256                         writer.Write ((int)0);
 257                 }
 258
 259                 private void ReadBinaryHeader (BinaryReader reader, out bool hasHeaders)
 260                 {
 261                         reader.ReadByte();
 262                         reader.ReadInt32();
 263                         int val = reader.ReadInt32();
 264                         hasHeaders = (val==2);
 265                         reader.ReadInt32();
 266                         reader.ReadInt32();
 267                 }
 268         }
 269 }