"ISerializable" should be implemented correctly

Posted chucklu

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了"ISerializable" should be implemented correctly相关的知识,希望对你有一定的参考价值。

https://rules.sonarsource.com/csharp/RSPEC-3925

The ISerializable interface is the mechanism to control the type serialization process. If not implemented correctly this could result in an invalid serialization and hard to detect bugs.

This rules raises an issue on types that implement ISerializable without following the serialization pattern recommended by Microsoft.

Specifically this rule checks for these problems:

  • The System.SerializableAttribute attribute is missing.
  • Non-serializable fields are not marked with the System.NonSerializedAttribute attribute.
  • There is no serialization constructor.
  • An unsealed type has a serialization constructor that is not protected.
  • A sealed type has a serialization constructor that is not private.
  • An unsealed type has a ISerializable.GetObjectData that is not both public and virtual.
  • A derived type has a serialization constructor that does not call the base constructor.
  • A derived type has a ISerializable.GetObjectData method that does not call the base method.
  • A derived type has serializable fields but the ISerializable.GetObjectData method is not overridden. 

 

What is the correct way to make a custom .NET Exception serializable?

 下面这个是第二个回答,原链接的第一回答更详细和复杂

Exception is already serializable, but you need to override the GetObjectData method to store your variables and provide a constructor which can be called when re-hydrating your object.

So your example becomes:

[Serializable]
public class MyException : Exception
{
    private readonly string resourceName;
    private readonly IList<string> validationErrors;

    public MyException(string resourceName, IList<string> validationErrors)
    {
        this.resourceName = resourceName;
        this.validationErrors = validationErrors;
    }

    public string ResourceName
    {
        get { return this.resourceName; }
    }

    public IList<string> ValidationErrors
    {
        get { return this.validationErrors; }
    }

    [SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter=true)]
    protected MyException(SerializationInfo info, StreamingContext context) : base (info, context)
    {
        this.resourceName = info.GetString("MyException.ResourceName");
        this.validationErrors = info.GetValue("MyException.ValidationErrors", typeof(IList<string>));
    }

    [SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter=true)]
    public override void GetObjectData(SerializationInfo info, StreamingContext context)
    {
        base.GetObjectData(info, context);

        info.AddValue("MyException.ResourceName", this.ResourceName);

        // Note: if "List<T>" isn‘t serializable you may need to work out another
        //       method of adding your list, this is just for show...
        info.AddValue("MyException.ValidationErrors", this.ValidationErrors, typeof(IList<string>));
    }

}
 
 
 
 

 

以上是关于"ISerializable" should be implemented correctly的主要内容,如果未能解决你的问题,请参考以下文章

ISerializable 与递归子级

具有 ISerializable 构造函数的可序列化类

ISerializable 对象应该如何存储二进制数据?

为啥我不能在同一个类上使用 WCF DataContract 和 ISerializable?

.NET 二进制序列化有条件地没有 ISerializable

将 ISerializable 与 DataContractSerializer 一起使用时,如何阻止序列化程序输出类型信息?