ENikS
commented
5 years ago @s-bauer You are creating new exception. Would going back and using old exception solve the problem? It would probably be better legacy support...
Closed s-bauer closed 5 years ago
ENikS
commented
5 years ago @s-bauer You are creating new exception. Would going back and using old exception solve the problem? It would probably be better legacy support...
s-bauer
commented
5 years ago @ENikS Sorry, but I don't quite understand what you mean
s-bauer
commented
5 years ago @ENikS Ok, so I'm still using the same exception, just a different way of serializing and deserializing the exception. The other solution would be to either remove the GetObjectData completely or remove the SecurityTransparent assembly attribute. I think both of them would cause more trouble than the current solution.
ENikS
commented
5 years ago Thank you for your help. Perhaps you could take look at other issues?
s-bauer
commented
5 years ago @ENikS Sure, now I'm already familiar with the project. You can expect several PRs in the future!
The
Unity.RegistrationByConventionassembly is marked asSecurityTransparent, meaning I cannot add the SecurityCriticalAttribute at theGetObjectDatamethod (or at least it has no effect).For .NET Framework there is a
ISafeSerializationDataInterface with which the Serialization can be handled without needing to deal with SecurityPermissions. This is however not supported in .NET Core so I just excluded it using compiler flag.I also added a Limited PermissionSet test which is going to run the Serialization/Deserialization process with a very limited permission set.
In addition I fixed the test, so they are executed for all .NET versions. Thanks to @GreenKn1ght and his commit https://github.com/GreenKn1ght/registration-by-convention/commit/538f3e6d8257521c83cf8ca05897654c1881c0d8
Let me know if you have any concerns or questions!