Open njannink opened 3 years ago
Closed in PR #52
Reopened because serialization is still used in some cases.
I got bit by this in a way I couldn't workaround with EnableUnsafeBinaryFormatterSerialization, so I ended up making a quick replacement using https://github.com/Cysharp/MemoryPack, hope this helps someone else experiencing the same issue until this gets fixed:
public partial class FileCache<T>
{
private readonly string path;
private readonly Dictionary<string, (DateTimeOffset, T)> cache;
public FileCache(string path)
{
this.path = path;
if (File.Exists(path))
{
var bytes = File.ReadAllBytes(path);
this.cache = MemoryPackSerializer.Deserialize<Dictionary<string, (DateTimeOffset, T)>>(bytes);
}
else
{
this.cache = new();
}
}
public async Task<T> GetOrAddAsync(string key, Func<Task<T>> valueFactory, DateTimeOffset absoluteExpiration)
{
if (!this.cache.ContainsKey(key) || DateTime.Now > this.cache[key].Item1)
{
this.cache[key] = (absoluteExpiration, await valueFactory());
var bytes = MemoryPackSerializer.Serialize(this.cache);
await File.WriteAllBytesAsync(this.path, bytes);
}
return this.cache[key].Item2;
}
}
I updated my project to Net5 and now I get an exception because the BinaryFormatter has been marked insecure and throws and exception
https://docs.microsoft.com/nl-nl/dotnet/standard/serialization/binaryformatter-security-guide