BinaryFormatter should be replaced #49
Comments
|
Closed in PR #52 |
|
Reopened because serialization is still used in some cases. |
|
I got bit by this in a way I couldn't workaround with EnableUnsafeBinaryFormatterSerialization, so I ended up making a quick replacement using https://github.com/Cysharp/MemoryPack, hope this helps someone else experiencing the same issue until this gets fixed: public partial class FileCache<T>
{
private readonly string path;
private readonly Dictionary<string, (DateTimeOffset, T)> cache;
public FileCache(string path)
{
this.path = path;
if (File.Exists(path))
{
var bytes = File.ReadAllBytes(path);
this.cache = MemoryPackSerializer.Deserialize<Dictionary<string, (DateTimeOffset, T)>>(bytes);
}
else
{
this.cache = new();
}
}
public async Task<T> GetOrAddAsync(string key, Func<Task<T>> valueFactory, DateTimeOffset absoluteExpiration)
{
if (!this.cache.ContainsKey(key) || DateTime.Now > this.cache[key].Item1)
{
this.cache[key] = (absoluteExpiration, await valueFactory());
var bytes = MemoryPackSerializer.Serialize(this.cache);
await File.WriteAllBytesAsync(this.path, bytes);
}
return this.cache[key].Item2;
}
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I updated my project to Net5 and now I get an exception because the BinaryFormatter has been marked insecure and throws and exception
https://docs.microsoft.com/nl-nl/dotnet/standard/serialization/binaryformatter-security-guide
The text was updated successfully, but these errors were encountered: