title | description | ms.date | author | ms.author | dev_langs | f1_keywords | ||
---|---|---|---|---|---|---|---|---|
CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack (code analysis) |
Learn about code analysis rule CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack |
07/14/2020 |
dotpaul |
paulming |
|
|
CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack
Property | Value |
---|---|
Rule ID | CA2354 |
Title | Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack |
Category | Security |
Fix is breaking or non-breaking | Non-breaking |
Enabled by default in .NET 8 | No |
Deserializing with an xref:System.Runtime.Serialization.IFormatter?displayProperty=nameWithType serialized, and the casted type's object graph can include a xref:System.Data.DataSet or xref:System.Data.DataTable.
This rule uses a different approach to a similar rule, CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks.
When deserializing untrusted input with xref:System.Runtime.Serialization.Formatters.Binary.BinaryFormatter and the deserialized object graph contains a xref:System.Data.DataSet or xref:System.Data.DataTable, an attacker can craft a malicious payload to perform a remote code execution attack.
For more information, see DataSet and DataTable security guidance.
- If possible, use Entity Framework rather than xref:System.Data.DataSet and xref:System.Data.DataTable.
- Make the serialized data tamper-proof. After serialization, cryptographically sign the serialized data. Before deserialization, validate the cryptographic signature. Protect the cryptographic key from being disclosed and design for key rotations.
[!INCLUDEinsecure-deserializers-common-safe-to-suppress]
If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.
#pragma warning disable CA2354
// The code that's violating the rule is on this line.
#pragma warning restore CA2354
To disable the rule for a file, folder, or project, set its severity to none
in the configuration file.
[*.{cs,vb}]
dotnet_diagnostic.CA2354.severity = none
For more information, see How to suppress code analysis warnings.
using System.Data;
using System.IO;
using System.Runtime.Serialization;
[Serializable]
public class MyClass
{
public MyOtherClass OtherClass { get; set; }
}
[Serializable]
public class MyOtherClass
{
private DataSet myDataSet;
}
public class ExampleClass
{
public MyClass Deserialize(Stream stream)
{
BinaryFormatter bf = new BinaryFormatter();
return (MyClass) bf.Deserialize(stream);
}
}
CA2350: Ensure DataTable.ReadXml()'s input is trusted
CA2351: Ensure DataSet.ReadXml()'s input is trusted
CA2353: Unsafe DataSet or DataTable in serializable type
CA2355: Unsafe DataSet or DataTable in deserialized object graph
CA2356: Unsafe DataSet or DataTable in web deserialized object graph
CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data