Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Property | Value |
---|---|
Rule ID | CA5367 |
Title | Do not serialize types with pointer fields |
Category | Security |
Fix is breaking or non-breaking | Non-breaking |
Enabled by default in .NET 9 | No |
Pointers are not type safe, which means you cannot guarantee the correctness of the memory they point at. So, serializing types with pointer fields is a security risk, as it may allow an attacker to control the pointer.
This rule checks whether there’s a serializable class with a pointer field or property. Members that can’t be serialized can be a pointer, such as static members or fields marked with System.NonSerializedAttribute.
Don't use pointer types for members in a serializable class or don't serialize the members that are pointers.
Don't take the risk to use pointers in serializable types.
using System;
[Serializable()]
unsafe class TestClassA
{
private int* pointer;
}
using System;
[Serializable()]
unsafe class TestClassA
{
private int i;
}
using System;
[Serializable()]
unsafe class TestClassA
{
private static int* pointer;
}
.NET feedback
.NET is an open source project. Select a link to provide feedback: