Skip to content

Latest commit

 

History

History
109 lines (77 loc) · 4.71 KB

ca2354.md

File metadata and controls

109 lines (77 loc) · 4.71 KB
Raw
title description ms.date author ms.author dev_langs f1_keywords
CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack (code analysis)
Learn about code analysis rule CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack
07/14/2020
dotpaul
paulming
CSharp
CA2354

CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack

Property Value
Rule ID CA2354
Title Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack
Category Security
Fix is breaking or non-breaking Non-breaking
Enabled by default in .NET 8 No

Cause

Deserializing with an xref:System.Runtime.Serialization.IFormatter?displayProperty=nameWithType serialized, and the casted type's object graph can include a xref:System.Data.DataSet or xref:System.Data.DataTable.

This rule uses a different approach to a similar rule, CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks.

Rule description

When deserializing untrusted input with xref:System.Runtime.Serialization.Formatters.Binary.BinaryFormatter and the deserialized object graph contains a xref:System.Data.DataSet or xref:System.Data.DataTable, an attacker can craft a malicious payload to perform a remote code execution attack.

For more information, see DataSet and DataTable security guidance.

How to fix violations

  • If possible, use Entity Framework rather than xref:System.Data.DataSet and xref:System.Data.DataTable.
  • Make the serialized data tamper-proof. After serialization, cryptographically sign the serialized data. Before deserialization, validate the cryptographic signature. Protect the cryptographic key from being disclosed and design for key rotations.

When to suppress warnings

[!INCLUDEinsecure-deserializers-common-safe-to-suppress]

Suppress a warning

If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.

#pragma warning disable CA2354
// The code that's violating the rule is on this line.
#pragma warning restore CA2354

To disable the rule for a file, folder, or project, set its severity to none in the configuration file.

[*.{cs,vb}]
dotnet_diagnostic.CA2354.severity = none

For more information, see How to suppress code analysis warnings.

Pseudo-code examples

Violation

using System.Data;
using System.IO;
using System.Runtime.Serialization;

[Serializable]
public class MyClass
{
    public MyOtherClass OtherClass { get; set; }
}

[Serializable]
public class MyOtherClass
{
    private DataSet myDataSet;
}

public class ExampleClass
{
    public MyClass Deserialize(Stream stream)
    {
        BinaryFormatter bf = new BinaryFormatter();
        return (MyClass) bf.Deserialize(stream);
    }
}

Related rules

CA2350: Ensure DataTable.ReadXml()'s input is trusted

CA2351: Ensure DataSet.ReadXml()'s input is trusted

CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks

CA2353: Unsafe DataSet or DataTable in serializable type

CA2355: Unsafe DataSet or DataTable in deserialized object graph

CA2356: Unsafe DataSet or DataTable in web deserialized object graph

CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data

CA2362: Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks