-Added IgnoreSerializableInterface to DefaultContractResolver

-Changed serializing ISerializable types under partial trust to error to fix security issue -Fixed LinqBridge collision error in .NET 2.0 by moving types to a different namespace -Fixed JObject.Keys error when object has no items
author: James Newton-King <james@newtonking.com> 2012-03-18 07:24:30 +0400
committer: James Newton-King <james@newtonking.com> 2012-03-18 07:24:30 +0400
commit: 8471c4ffe1cb800a4afd747b71dbb5ba31d5ca90 (patch)
tree: c497bfaf1258541fd9fc0a0dd0fc358fa4d71c69 /Src/Newtonsoft.Json/Serialization
parent: 9c7fb730f2774d116398f0dcc045b0c386b19a6b (diff)
18 files changed, 91 insertions, 43 deletions
diff --git a/Src/Newtonsoft.Json/Serialization/CachedAttributeGetter.cs b/Src/Newtonsoft.Json/Serialization/CachedAttributeGetter.cs
index 255f748..6aca84f 100644
--- a/Src/Newtonsoft.Json/Serialization/CachedAttributeGetter.cs
+++ b/Src/Newtonsoft.Json/Serialization/CachedAttributeGetter.cs
@@ -24,10 +24,7 @@
 #endregion
 
 using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Reflection;
-using System.Text;
 using Newtonsoft.Json.Utilities;
 #if NETFX_CORE
 using ICustomAttributeProvider = Newtonsoft.Json.Utilities.CustomAttributeProvider;
diff --git a/Src/Newtonsoft.Json/Serialization/DefaultContractResolver.cs b/Src/Newtonsoft.Json/Serialization/DefaultContractResolver.cs
index ce4ea62..6199e99 100644
--- a/Src/Newtonsoft.Json/Serialization/DefaultContractResolver.cs
+++ b/Src/Newtonsoft.Json/Serialization/DefaultContractResolver.cs
@@ -34,7 +34,6 @@ using System.ComponentModel;
 using System.Dynamic;
 #endif
 using System.Globalization;
-using System.Linq;
 using System.Reflection;
 using System.Runtime.Serialization;
 #if !NETFX_CORE
@@ -48,6 +47,11 @@ using System.Runtime.CompilerServices;
 #if NETFX_CORE
 using ICustomAttributeProvider = Newtonsoft.Json.Utilities.CustomAttributeProvider;
 #endif
+#if NET20
+using Newtonsoft.Json.Utilities.LinqBridge;
+#else
+using System.Linq;
+#endif
 
 namespace Newtonsoft.Json.Serialization
 {
@@ -147,6 +151,16 @@ namespace Newtonsoft.Json.Serialization
     /// </value>
     public bool SerializeCompilerGeneratedMembers { get; set; }
 
+#if !SILVERLIGHT && !PocketPC && !NETFX_CORE
+    /// <summary>
+    /// Gets or sets a value indicating whether to ignore the ISerializable interface when serializing and deserializing types.
+    /// </summary>
+    /// <value>
+    /// 	<c>true</c> if the ISerializable interface will be ignored when serializing and deserializing types; otherwise, <c>false</c>.
+    /// </value>
+    public bool IgnoreSerializableInterface { get; set; }
+#endif
+
     /// <summary>
     /// Initializes a new instance of the <see cref="DefaultContractResolver"/> class.
     /// </summary>
@@ -686,7 +700,7 @@ namespace Newtonsoft.Json.Serialization
         return CreateStringContract(objectType);
 
 #if !SILVERLIGHT && !PocketPC && !NETFX_CORE
-      if (typeof(ISerializable).IsAssignableFrom(t))
+      if (!IgnoreSerializableInterface && typeof(ISerializable).IsAssignableFrom(t))
         return CreateISerializableContract(objectType);
 #endif
 
diff --git a/Src/Newtonsoft.Json/Serialization/DefaultReferenceResolver.cs b/Src/Newtonsoft.Json/Serialization/DefaultReferenceResolver.cs
index b1de3f7..3d9b95b 100644
--- a/Src/Newtonsoft.Json/Serialization/DefaultReferenceResolver.cs
+++ b/Src/Newtonsoft.Json/Serialization/DefaultReferenceResolver.cs
@@ -24,10 +24,6 @@
 #endregion
 
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Runtime.CompilerServices;
-using System.Text;
 using Newtonsoft.Json.Utilities;
 using System.Globalization;
 
diff --git a/Src/Newtonsoft.Json/Serialization/DynamicValueProvider.cs b/Src/Newtonsoft.Json/Serialization/DynamicValueProvider.cs
index ec302bb..1e464d3 100644
--- a/Src/Newtonsoft.Json/Serialization/DynamicValueProvider.cs
+++ b/Src/Newtonsoft.Json/Serialization/DynamicValueProvider.cs
@@ -26,7 +26,9 @@
 #if !PocketPC && !SILVERLIGHT
 using System;
 using System.Collections.Generic;
-using System.Linq;
+#if NET20
+using Newtonsoft.Json.Utilities.LinqBridge;
+#endif
 using System.Text;
 using System.Reflection;
 using Newtonsoft.Json.Utilities;
diff --git a/Src/Newtonsoft.Json/Serialization/ErrorContext.cs b/Src/Newtonsoft.Json/Serialization/ErrorContext.cs
index 75cc87b..c7bfff0 100644
--- a/Src/Newtonsoft.Json/Serialization/ErrorContext.cs
+++ b/Src/Newtonsoft.Json/Serialization/ErrorContext.cs
@@ -24,9 +24,6 @@
 #endregion
 
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
 
 namespace Newtonsoft.Json.Serialization
 {
diff --git a/Src/Newtonsoft.Json/Serialization/ErrorEventArgs.cs b/Src/Newtonsoft.Json/Serialization/ErrorEventArgs.cs
index f4c7c5b..5886a03 100644
--- a/Src/Newtonsoft.Json/Serialization/ErrorEventArgs.cs
+++ b/Src/Newtonsoft.Json/Serialization/ErrorEventArgs.cs
@@ -1,7 +1,4 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
 
 namespace Newtonsoft.Json.Serialization
 {
diff --git a/Src/Newtonsoft.Json/Serialization/IContractResolver.cs b/Src/Newtonsoft.Json/Serialization/IContractResolver.cs
index 7545922..4c20192 100644
--- a/Src/Newtonsoft.Json/Serialization/IContractResolver.cs
+++ b/Src/Newtonsoft.Json/Serialization/IContractResolver.cs
@@ -24,9 +24,6 @@
 #endregion
 
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
 
 namespace Newtonsoft.Json.Serialization
 {
diff --git a/Src/Newtonsoft.Json/Serialization/JsonArrayContract.cs b/Src/Newtonsoft.Json/Serialization/JsonArrayContract.cs
index 234cca3..8582a3b 100644
--- a/Src/Newtonsoft.Json/Serialization/JsonArrayContract.cs
+++ b/Src/Newtonsoft.Json/Serialization/JsonArrayContract.cs
@@ -25,10 +25,14 @@
 
 using System;
 using System.Collections.Generic;
-using System.Linq;
 using System.Reflection;
 using Newtonsoft.Json.Utilities;
 using System.Collections;
+#if NET20
+using Newtonsoft.Json.Utilities.LinqBridge;
+#else
+using System.Linq;
+#endif
 
 namespace Newtonsoft.Json.Serialization
 {
diff --git a/Src/Newtonsoft.Json/Serialization/JsonDictionaryContract.cs b/Src/Newtonsoft.Json/Serialization/JsonDictionaryContract.cs
index bf36008..762cbdb 100644
--- a/Src/Newtonsoft.Json/Serialization/JsonDictionaryContract.cs
+++ b/Src/Newtonsoft.Json/Serialization/JsonDictionaryContract.cs
@@ -28,6 +28,9 @@ using System.Collections.Generic;
 using System.Reflection;
 using Newtonsoft.Json.Utilities;
 using System.Collections;
+#if NET20
+using Newtonsoft.Json.Utilities.LinqBridge;
+#endif
 
 namespace Newtonsoft.Json.Serialization
 {
diff --git a/Src/Newtonsoft.Json/Serialization/JsonFormatterConverter.cs b/Src/Newtonsoft.Json/Serialization/JsonFormatterConverter.cs
index 49f19b4..a2fee70 100644
--- a/Src/Newtonsoft.Json/Serialization/JsonFormatterConverter.cs
+++ b/Src/Newtonsoft.Json/Serialization/JsonFormatterConverter.cs
@@ -25,11 +25,8 @@
 
 #if !(SILVERLIGHT || NETFX_CORE)
 using System;
-using System.Collections.Generic;
 using System.Globalization;
-using System.Linq;
 using System.Runtime.Serialization;
-using System.Text;
 using Newtonsoft.Json.Utilities;
 using Newtonsoft.Json.Linq;
 
diff --git a/Src/Newtonsoft.Json/Serialization/JsonISerializableContract.cs b/Src/Newtonsoft.Json/Serialization/JsonISerializableContract.cs
index b8b9a11..403968a 100644
--- a/Src/Newtonsoft.Json/Serialization/JsonISerializableContract.cs
+++ b/Src/Newtonsoft.Json/Serialization/JsonISerializableContract.cs
@@ -25,10 +25,6 @@
 
 #if !SILVERLIGHT && !PocketPC && !NETFX_CORE
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using Newtonsoft.Json.Utilities;
 
 namespace Newtonsoft.Json.Serialization
 {
diff --git a/Src/Newtonsoft.Json/Serialization/JsonLinqContract.cs b/Src/Newtonsoft.Json/Serialization/JsonLinqContract.cs
index 1f10088..e44aba1 100644
--- a/Src/Newtonsoft.Json/Serialization/JsonLinqContract.cs
+++ b/Src/Newtonsoft.Json/Serialization/JsonLinqContract.cs
@@ -1,7 +1,4 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
 
 namespace Newtonsoft.Json.Serialization
 {
diff --git a/Src/Newtonsoft.Json/Serialization/JsonProperty.cs b/Src/Newtonsoft.Json/Serialization/JsonProperty.cs
index f2240ec..4f0952a 100644
--- a/Src/Newtonsoft.Json/Serialization/JsonProperty.cs
+++ b/Src/Newtonsoft.Json/Serialization/JsonProperty.cs
@@ -24,6 +24,9 @@
 #endregion
 
 using System;
+#if NET20
+using Newtonsoft.Json.Utilities.LinqBridge;
+#endif
 
 namespace Newtonsoft.Json.Serialization
 {
diff --git a/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalReader.cs b/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalReader.cs
index 7684298..e9f451e 100644
--- a/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalReader.cs
+++ b/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalReader.cs
@@ -31,11 +31,15 @@ using System.Collections.ObjectModel;
 using System.Dynamic;
 #endif
 using System.Globalization;
-using System.Linq;
 using System.Reflection;
 using System.Runtime.Serialization;
 using Newtonsoft.Json.Linq;
 using Newtonsoft.Json.Utilities;
+#if NET20
+using Newtonsoft.Json.Utilities.LinqBridge;
+#else
+using System.Linq;
+#endif
 
 namespace Newtonsoft.Json.Serialization
 {
@@ -825,6 +829,12 @@ To force JSON arrays to deserialize add the JsonArrayAttribute to the type.".For
     {
       Type objectType = contract.UnderlyingType;
 
+      if (!JsonTypeReflector.FullyTrusted)
+      {
+        throw new JsonSerializationException(@"Type '{0}' implements ISerializable but cannot be deserialized using the ISerializable interface because the current application is not fully trusted and ISerializable can expose secure data.
+To fix this error either change the environment to be fully trusted, change the application to not deserialize the type, add to JsonObjectAttribute to the type or change the JsonSerializer setting ContractResolver to use a new DefaultContractResolver with IgnoreSerializableInterface set to true.".FormatWith(CultureInfo.InvariantCulture, objectType));
+      }
+
       SerializationInfo serializationInfo = new SerializationInfo(contract.UnderlyingType, GetFormatterConverter());
 
       bool exit = false;
diff --git a/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalWriter.cs b/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalWriter.cs
index 03705d7..77e6142 100644
--- a/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalWriter.cs
+++ b/Src/Newtonsoft.Json/Serialization/JsonSerializerInternalWriter.cs
@@ -31,13 +31,15 @@ using System.ComponentModel;
 using System.Dynamic;
 #endif
 using System.Globalization;
-using System.Linq;
-using System.Reflection;
-using System.Runtime.Serialization.Formatters;
+using System.Security;
 using Newtonsoft.Json.Linq;
 using Newtonsoft.Json.Utilities;
 using System.Runtime.Serialization;
-using System.Security;
+#if NET20
+using Newtonsoft.Json.Utilities.LinqBridge;
+#else
+using System.Linq;
+#endif
 
 namespace Newtonsoft.Json.Serialization
 {
@@ -469,6 +471,12 @@ namespace Newtonsoft.Json.Serialization
 #endif
     private void SerializeISerializable(JsonWriter writer, ISerializable value, JsonISerializableContract contract, JsonProperty member, JsonContract collectionValueContract)
     {
+      if (!JsonTypeReflector.FullyTrusted)
+      {
+        throw new JsonSerializationException(@"Type '{0}' implements ISerializable but cannot be serialized using the ISerializable interface because the current application is not fully trusted and ISerializable can expose secure data.
+To fix this error either change the environment to be fully trusted, change the application to not deserialize the type, add to JsonObjectAttribute to the type or change the JsonSerializer setting ContractResolver to use a new DefaultContractResolver with IgnoreSerializableInterface set to true.".FormatWith(CultureInfo.InvariantCulture, value.GetType()));
+      }
+
       contract.InvokeOnSerializing(value, Serializer.Context);
       _serializeStack.Add(value);
 
diff --git a/Src/Newtonsoft.Json/Serialization/JsonStringContract.cs b/Src/Newtonsoft.Json/Serialization/JsonStringContract.cs
index b76925e..370828b 100644
--- a/Src/Newtonsoft.Json/Serialization/JsonStringContract.cs
+++ b/Src/Newtonsoft.Json/Serialization/JsonStringContract.cs
@@ -24,9 +24,6 @@
 #endregion
 
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
 
 namespace Newtonsoft.Json.Serialization
 {
diff --git a/Src/Newtonsoft.Json/Serialization/JsonTypeReflector.cs b/Src/Newtonsoft.Json/Serialization/JsonTypeReflector.cs
index 12e8ea5..180ce08 100644
--- a/Src/Newtonsoft.Json/Serialization/JsonTypeReflector.cs
+++ b/Src/Newtonsoft.Json/Serialization/JsonTypeReflector.cs
@@ -26,16 +26,20 @@
 using System;
 using System.ComponentModel;
 using System.Globalization;
-using System.Linq;
 using System.Reflection;
-using System.Runtime.Serialization;
 #if !NETFX_CORE
+using System.Runtime.Serialization;
 using System.Security.Permissions;
 #endif
 using Newtonsoft.Json.Utilities;
 #if NETFX_CORE
 using ICustomAttributeProvider = Newtonsoft.Json.Utilities.CustomAttributeProvider;
 #endif
+#if NET20
+using Newtonsoft.Json.Utilities.LinqBridge;
+#else
+using System.Linq;
+#endif
 
 namespace Newtonsoft.Json.Serialization
 {
@@ -350,6 +354,19 @@ namespace Newtonsoft.Json.Serialization
     }
 
     private static bool? _dynamicCodeGeneration;
+    private static bool? _fullyTrusted;
+
+#if DEBUG
+    internal static void SetFullyTrusted(bool fullyTrusted)
+    {
+      _fullyTrusted = fullyTrusted;
+    }
+
+    internal static void SetDynamicCodeGeneration(bool dynamicCodeGeneration)
+    {
+      _dynamicCodeGeneration = dynamicCodeGeneration;
+    }
+#endif
 
     public static bool DynamicCodeGeneration
     {
@@ -380,6 +397,25 @@ namespace Newtonsoft.Json.Serialization
       }
     }
 
+    public static bool FullyTrusted
+    {
+      get
+      {
+        if (_fullyTrusted == null)
+        {
+#if !(NET20 || NET35 || SILVERLIGHT)
+          AppDomain appDomain = AppDomain.CurrentDomain;
+
+          _fullyTrusted = appDomain.IsHomogenous && appDomain.IsFullyTrusted;
+#else
+          _fullyTrusted = true;
+#endif
+        }
+
+        return _fullyTrusted.Value;
+      }
+    }
+
     public static ReflectionDelegateFactory ReflectionDelegateFactory
     {
       get
diff --git a/Src/Newtonsoft.Json/Serialization/ReflectionValueProvider.cs b/Src/Newtonsoft.Json/Serialization/ReflectionValueProvider.cs
index 4013cf3..5b2b1de 100644
--- a/Src/Newtonsoft.Json/Serialization/ReflectionValueProvider.cs
+++ b/Src/Newtonsoft.Json/Serialization/ReflectionValueProvider.cs
@@ -24,9 +24,6 @@
 #endregion
 
 using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
 using System.Reflection;
 using Newtonsoft.Json.Utilities;
 using System.Globalization;
author	James Newton-King <james@newtonking.com>	2012-03-18 07:24:30 +0400
committer	James Newton-King <james@newtonking.com>	2012-03-18 07:24:30 +0400
commit	8471c4ffe1cb800a4afd747b71dbb5ba31d5ca90 (patch)
tree	c497bfaf1258541fd9fc0a0dd0fc358fa4d71c69 /Src/Newtonsoft.Json/Serialization
parent	9c7fb730f2774d116398f0dcc045b0c386b19a6b (diff)