Skip to content

Latest commit

 

History

History
132 lines (99 loc) · 6.32 KB

ca2361.md

File metadata and controls

132 lines (99 loc) · 6.32 KB
Raw
title description ms.date author ms.author dev_langs f1_keywords
CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data (code analysis)
Learn about code analysis rule CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data
08/11/2020
dotpaul
paulming
CSharp
CA2361

CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data

Property Value
Rule ID CA2361
Title Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data
Category Security
Fix is breaking or non-breaking Non-breaking
Enabled by default in .NET 8 No

Cause

The xref:System.Data.DataSet.ReadXml%2A?displayProperty=nameWithType method was called or referenced, and is within autogenerated code.

This rule classifies autogenerated code b:

  • Being inside a method named ReadXmlSerializable.
  • The ReadXmlSerializable method has a xref:System.Diagnostics.DebuggerNonUserCodeAttribute?displayProperty=nameWithType.
  • The ReadXmlSerializable method is within a type that has a xref:System.ComponentModel.DesignerCategoryAttribute?displayProperty=nameWithType.

CA2351 is a similar rule, for when xref:System.Data.DataSet.ReadXml%2A?displayProperty=nameWithType appears within non-autogenerated code.

Rule description

When deserializing a xref:System.Data.DataSet with untrusted input, an attacker can craft malicious input to perform a denial of service attack. There may be unknown remote code execution vulnerabilities.

This rule is like CA2351, but for autogenerated code for an in-memory representation of data within a GUI application. Usually, these autogenerated classes aren't deserialized from untrusted input. Your application's usage may vary.

For more information, see DataSet and DataTable security guidance.

How to fix violations

  • If possible, use Entity Framework rather than the xref:System.Data.DataSet.
  • Make the serialized data tamper-proof. After serialization, cryptographically sign the serialized data. Before deserialization, validate the cryptographic signature. Protect the cryptographic key from being disclosed and design for key rotations.

When to suppress warnings

[!INCLUDEinsecure-deserializers-common-safe-to-suppress]

Suppress a warning

If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.

#pragma warning disable CA2361
// The code that's violating the rule is on this line.
#pragma warning restore CA2361

To disable the rule for a file, folder, or project, set its severity to none in the configuration file.

[*.{cs,vb}]
dotnet_diagnostic.CA2361.severity = none

For more information, see How to suppress code analysis warnings.

Pseudo-code examples

Violation

namespace ExampleNamespace
{
    /// <summary>
    ///Represents a strongly typed in-memory cache of data.
    ///</summary>
    [global::System.Serializable()]
    [global::System.ComponentModel.DesignerCategoryAttribute("code")]
    [global::System.ComponentModel.ToolboxItem(true)]
    [global::System.Xml.Serialization.XmlSchemaProviderAttribute("GetTypedDataSetSchema")]
    [global::System.Xml.Serialization.XmlRootAttribute("Package")]
    [global::System.ComponentModel.Design.HelpKeywordAttribute("vs.data.DataSet")]
    public partial class Something : global::System.Data.DataSet {

        [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
        [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Data.Design.TypedDataSetGenerator", "4.0.0.0")]
        protected override void ReadXmlSerializable(global::System.Xml.XmlReader reader) {
            if ((this.DetermineSchemaSerializationMode(reader) == global::System.Data.SchemaSerializationMode.IncludeSchema)) {
                this.Reset();
                global::System.Data.DataSet ds = new global::System.Data.DataSet();
                ds.ReadXml(reader);
                if ((ds.Tables["Something"] != null)) {
                    base.Tables.Add(new SomethingTable(ds.Tables["Something"]));
                }
                this.DataSetName = ds.DataSetName;
                this.Prefix = ds.Prefix;
                this.Namespace = ds.Namespace;
                this.Locale = ds.Locale;
                this.CaseSensitive = ds.CaseSensitive;
                this.EnforceConstraints = ds.EnforceConstraints;
                this.Merge(ds, false, global::System.Data.MissingSchemaAction.Add);
                this.InitVars();
            }
            else {
                this.ReadXml(reader);
                this.InitVars();
            }
        }
    }
}

Related rules

CA2350: Ensure DataTable.ReadXml()'s input is trusted

CA2351: Ensure DataSet.ReadXml()'s input is trusted

CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks

CA2353: Unsafe DataSet or DataTable in serializable type

CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack

CA2355: Unsafe DataSet or DataTable in deserialized object graph

CA2356: Unsafe DataSet or DataTable in web deserialized object graph

CA2362: Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks