Table of Contents

Class ExceptionSettings

Namespace
StreamJsonRpc
Assembly
StreamJsonRpc.dll

Contains security-related settings that influence how errors are serialized and deserialized.

public abstract record ExceptionSettings : IEquatable<ExceptionSettings>
Inheritance
ExceptionSettings
Implements
Inherited Members

Constructors

ExceptionSettings(int)

Initializes a new instance of the ExceptionSettings class.

protected ExceptionSettings(int recursionLimit)

Parameters

recursionLimit int

The maximum number of nested errors to serialize or deserialize.

Fields

TrustedData

The recommended settings for use when communicating with a trusted party.

public static readonly ExceptionSettings TrustedData

Field Value

ExceptionSettings

UntrustedData

The recommended settings for use when communicating with an untrusted party.

public static readonly ExceptionSettings UntrustedData

Field Value

ExceptionSettings

Properties

RecursionLimit

Gets the maximum number of nested errors to serialize or deserialize.

public int RecursionLimit { get; init; }

Property Value

int

The default value is 50.

Remarks

This can help mitigate DoS attacks from unbounded recursion that otherwise error deserialization becomes perhaps uniquely vulnerable to since the data structure allows recursion.

Methods

CanDeserialize(Type)

Tests whether a type can be deserialized as part of deserializing an exception.

public abstract bool CanDeserialize(Type type)

Parameters

type Type

The type that may be deserialized.

Returns

bool

true if the type is safe to deserialize; false otherwise.

Remarks

The default implementation returns true for all types in TrustedData-based instances; or for UntrustedData-based instances will return true for Exception-derived types that are expected to be safe to deserialize.

Exception-derived types that may deserialize data that would be unsafe coming from an untrusted party should consider the StreamingContext passed to their deserializing constructor and skip deserializing of potentitally dangerous data when State includes the Remoting flag.