Class ExceptionSettings
- Namespace
- StreamJsonRpc
- Assembly
- StreamJsonRpc.dll
Contains security-related settings that influence how errors are serialized and deserialized.
public abstract record ExceptionSettings : IEquatable<ExceptionSettings>
- Inheritance
-
ExceptionSettings
- Implements
- Inherited Members
Constructors
ExceptionSettings(int)
Initializes a new instance of the ExceptionSettings class.
protected ExceptionSettings(int recursionLimit)
Parameters
recursionLimit
intThe maximum number of nested errors to serialize or deserialize.
Fields
TrustedData
The recommended settings for use when communicating with a trusted party.
public static readonly ExceptionSettings TrustedData
Field Value
UntrustedData
The recommended settings for use when communicating with an untrusted party.
public static readonly ExceptionSettings UntrustedData
Field Value
Properties
RecursionLimit
Gets the maximum number of nested errors to serialize or deserialize.
public int RecursionLimit { get; init; }
Property Value
- int
The default value is 50.
Remarks
This can help mitigate DoS attacks from unbounded recursion that otherwise error deserialization becomes perhaps uniquely vulnerable to since the data structure allows recursion.
Methods
CanDeserialize(Type)
Tests whether a type can be deserialized as part of deserializing an exception.
public abstract bool CanDeserialize(Type type)
Parameters
type
TypeThe type that may be deserialized.
Returns
Remarks
The default implementation returns true for all types in TrustedData-based instances; or for UntrustedData-based instances will return true for Exception-derived types that are expected to be safe to deserialize.
Exception-derived types that may deserialize data that would be unsafe coming from an untrusted party should consider the StreamingContext passed to their deserializing constructor and skip deserializing of potentitally dangerous data when State includes the Remoting flag.