title | description | ms.date | author | ms.author | dev_langs | f1_keywords | ||
---|---|---|---|---|---|---|---|---|
CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data (code analysis) |
Learn about code analysis rule CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data |
08/11/2020 |
dotpaul |
paulming |
|
|
Property | Value |
---|---|
Rule ID | CA2361 |
Title | Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data |
Category | Security |
Fix is breaking or non-breaking | Non-breaking |
Enabled by default in .NET 8 | No |
The xref:System.Data.DataSet.ReadXml%2A?displayProperty=nameWithType method was called or referenced, and is within autogenerated code.
This rule classifies autogenerated code b:
- Being inside a method named
ReadXmlSerializable
. - The
ReadXmlSerializable
method has a xref:System.Diagnostics.DebuggerNonUserCodeAttribute?displayProperty=nameWithType. - The
ReadXmlSerializable
method is within a type that has a xref:System.ComponentModel.DesignerCategoryAttribute?displayProperty=nameWithType.
CA2351 is a similar rule, for when xref:System.Data.DataSet.ReadXml%2A?displayProperty=nameWithType appears within non-autogenerated code.
When deserializing a xref:System.Data.DataSet with untrusted input, an attacker can craft malicious input to perform a denial of service attack. There may be unknown remote code execution vulnerabilities.
This rule is like CA2351, but for autogenerated code for an in-memory representation of data within a GUI application. Usually, these autogenerated classes aren't deserialized from untrusted input. Your application's usage may vary.
For more information, see DataSet and DataTable security guidance.
- If possible, use Entity Framework rather than the xref:System.Data.DataSet.
- Make the serialized data tamper-proof. After serialization, cryptographically sign the serialized data. Before deserialization, validate the cryptographic signature. Protect the cryptographic key from being disclosed and design for key rotations.
[!INCLUDEinsecure-deserializers-common-safe-to-suppress]
If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.
#pragma warning disable CA2361
// The code that's violating the rule is on this line.
#pragma warning restore CA2361
To disable the rule for a file, folder, or project, set its severity to none
in the configuration file.
[*.{cs,vb}]
dotnet_diagnostic.CA2361.severity = none
For more information, see How to suppress code analysis warnings.
namespace ExampleNamespace
{
/// <summary>
///Represents a strongly typed in-memory cache of data.
///</summary>
[global::System.Serializable()]
[global::System.ComponentModel.DesignerCategoryAttribute("code")]
[global::System.ComponentModel.ToolboxItem(true)]
[global::System.Xml.Serialization.XmlSchemaProviderAttribute("GetTypedDataSetSchema")]
[global::System.Xml.Serialization.XmlRootAttribute("Package")]
[global::System.ComponentModel.Design.HelpKeywordAttribute("vs.data.DataSet")]
public partial class Something : global::System.Data.DataSet {
[global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Data.Design.TypedDataSetGenerator", "4.0.0.0")]
protected override void ReadXmlSerializable(global::System.Xml.XmlReader reader) {
if ((this.DetermineSchemaSerializationMode(reader) == global::System.Data.SchemaSerializationMode.IncludeSchema)) {
this.Reset();
global::System.Data.DataSet ds = new global::System.Data.DataSet();
ds.ReadXml(reader);
if ((ds.Tables["Something"] != null)) {
base.Tables.Add(new SomethingTable(ds.Tables["Something"]));
}
this.DataSetName = ds.DataSetName;
this.Prefix = ds.Prefix;
this.Namespace = ds.Namespace;
this.Locale = ds.Locale;
this.CaseSensitive = ds.CaseSensitive;
this.EnforceConstraints = ds.EnforceConstraints;
this.Merge(ds, false, global::System.Data.MissingSchemaAction.Add);
this.InitVars();
}
else {
this.ReadXml(reader);
this.InitVars();
}
}
}
}
CA2350: Ensure DataTable.ReadXml()'s input is trusted
CA2351: Ensure DataSet.ReadXml()'s input is trusted
CA2353: Unsafe DataSet or DataTable in serializable type
CA2355: Unsafe DataSet or DataTable in deserialized object graph
CA2356: Unsafe DataSet or DataTable in web deserialized object graph