Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add rules for serialization/deserialization (security) #11

Closed
JeremyLikness opened this issue Sep 4, 2020 · 1 comment
Closed

Add rules for serialization/deserialization (security) #11

JeremyLikness opened this issue Sep 4, 2020 · 1 comment
Assignees
@JeremyLikness
Labels
area-serialization Serialization functionality. enhancement New feature or request
Projects
Expression Power Tools 0.9-Beta
Milestone
0.8.x-alpha

Comments

@JeremyLikness
Copy link
Owner

Is your feature request related to a problem? Please describe.
Extend #10 to allow fluent configuration to opt-in and out of members to constrain serializer options and prevent calls. Use a default opt-in for Queryable, Enumerable, and string operations.

Describe the solution you'd like
Something like:

options => options
    .AllowDefaults()
    .AllowTypes(typeof(Product), typeof(ProductDetail))
    .AllowType<Category>()
    .Prohibit(typeof(Enumerable), nameof(Skip));

Describe alternatives you've considered
N/A

Additional context
This will be a client/server engine and it should not be possible to create expressions that call unauthorized methods like File.IO.
@JeremyLikness JeremyLikness added enhancement New feature or request area-serialization Serialization functionality. labels Sep 4, 2020
@JeremyLikness JeremyLikness added this to the 0.8.x-alpha milestone Sep 4, 2020
@JeremyLikness JeremyLikness added this to To do in Expression Power Tools 0.9-Beta via automation Sep 4, 2020
@JeremyLikness JeremyLikness self-assigned this Sep 4, 2020
@JeremyLikness
Copy link
Owner Author

Fixed with #12

Expression Power Tools 0.9-Beta automation moved this from To do to Done Sep 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JeremyLikness JeremyLikness

Labels
area-serialization Serialization functionality. enhancement New feature or request
Projects
Expression Power Tools 0.9-Beta
  
Done
Milestone
0.8.x-alpha
Development

No branches or pull requests
1 participant
@JeremyLikness