-
Notifications
You must be signed in to change notification settings - Fork 3
Security
A lot of people think that using serializers to read untrusted data is unsafe.
AqlaSerializer is made to be able to stand against possible security exploits and is suitable to be used for reading untrusted data.
-
TypeModel.RecursionDepthLimitlimits recursion so that your application won't crash withStackOverflowException. A specified number is conventional i.e. it shouldn't be directly treated as stack frames count. Default is 500. -
MetaType.ArrayLengthReadLimitper type limits maximum array elements count. This setting is not applicable for other collection types because they are not pre-allocated preliminary so their size is limited by an input stream size. Default is 100000.
It means that deserializing an untrusted input stream may throw an exception (usually ProtoException, NullReferenceException or InvalidOperationException) which you should simply handle with a try-catch block but it won't crash your entire application.
When dealing with untrusted input stream it's strongly recommended to use type whitelisting mode to forbid any malicious code evaluation.
RuntimeTypeModel.AutoAddMissingTypes when set to false disables registering of unknown types during deserialization (i.e. enables type whitelisting). This setting is not applicable to precompiled dlls because they are "frozen" and don't support registering new types (whitelisting by design).
Dynamic non-primitive types are also subject for whitelisting.
Whitelisting is not applicable to Auxiliary mode and primitives. But Auxiliary mode can be applied only on a root type which is explicitly specified by your code when deserializing so it shouldn't be an issue. Mind that auxiliary mode works with precompiled dlls too.