akkadotnet
diff --git a/‎RELEASE_NOTES.md‎
Lines changed: 30 additions & 0 deletions b/‎RELEASE_NOTES.md‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎build-system/linux-pr-validation.yaml‎
Lines changed: 0 additions & 22 deletions b/‎build-system/linux-pr-validation.yaml‎
Lines changed: 0 additions & 22 deletions
diff --git a/‎build-system/windows-pr-validation.yaml‎
Lines changed: 8 additions & 1 deletion b/‎build-system/windows-pr-validation.yaml‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎build.fsx‎
Lines changed: 4 additions & 3 deletions b/‎build.fsx‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎src/Hyperion.API.Tests/CoreApiSpec.ApproveApi.approved.txt‎
Lines changed: 8 additions & 0 deletions b/‎src/Hyperion.API.Tests/CoreApiSpec.ApproveApi.approved.txt‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/Hyperion.API.Tests/Hyperion.API.Tests.csproj‎
Lines changed: 4 additions & 3 deletions b/‎src/Hyperion.API.Tests/Hyperion.API.Tests.csproj‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎src/Hyperion.Akka.Integration.Tests/Hyperion.Akka.Integration.Tests.csproj‎
Lines changed: 3 additions & 2 deletions b/‎src/Hyperion.Akka.Integration.Tests/Hyperion.Akka.Integration.Tests.csproj‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎src/Hyperion.Benchmarks/Hyperion.Benchmarks.csproj‎
Lines changed: 3 additions & 3 deletions b/‎src/Hyperion.Benchmarks/Hyperion.Benchmarks.csproj‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/Hyperion.Tests/ExpressionTests.cs‎
Lines changed: 1 addition & 0 deletions b/‎src/Hyperion.Tests/ExpressionTests.cs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Hyperion.Tests/Hyperion.Tests.csproj‎
Lines changed: 11 additions & 8 deletions b/‎src/Hyperion.Tests/Hyperion.Tests.csproj‎
Lines changed: 11 additions & 8 deletions
@@ -1,3 +1,33 @@
+### 0.11.1 August 17 2021 ####
+* Add [unsafe deserialization type blacklist](https://github.com/akkadotnet/Hyperion/pull/242)
+* Bump [Akka version from 1.4.21 to 1.4.23](https://github.com/akkadotnet/Hyperion/pull/246)
+
+We've added a deserialization safety check to block dangerous types from being deserialized. 
+This is done to add a layer of security from possible code injection and code execution attack.
+Currently it is an all or nothing feature that can be turned on and off by using the new `DisallowUnsafeTypes` flag inside `SerializerOptions` (defaults to true).
+
+The unsafe types that are currently blocked are:
+- System.Security.Claims.ClaimsIdentity
+- System.Windows.Forms.AxHost.State
+- System.Windows.Data.ObjectDataProvider
+- System.Management.Automation.PSObject
+- System.Web.Security.RolePrincipal
+- System.IdentityModel.Tokens.SessionSecurityToken
+- SessionViewStateHistoryItem
+- TextFormattingRunProperties
+- ToolboxItemContainer
+- System.Security.Principal.WindowsClaimsIdentity
+- System.Security.Principal.WindowsIdentity
+- System.Security.Principal.WindowsPrincipal
+- System.CodeDom.Compiler.TempFileCollection
+- System.IO.FileSystemInfo
+- System.Activities.Presentation.WorkflowDesigner
+- System.Windows.ResourceDictionary
+- System.Windows.Forms.BindingSource
+- Microsoft.Exchange.Management.SystemManager.WinForms.ExchangeSettingsProvider
+- System.Diagnostics.Process
+- System.Management.IWbemClassObjectFreeThreaded
+
 ### 0.11.0 July 8 2021 ####
 * [Fix array of user defined structs serialization failure](https://github.com/akkadotnet/Hyperion/pull/235)
 * [Remove dynamic keyword usage from array serializer](https://github.com/akkadotnet/Hyperion/pull/139)
 
@@ -19,4 +19,11 @@ jobs:
     name: Windows
     vmImage: 'windows-2019'
     scriptFileName: build.cmd
-    scriptArgs: all
+    scriptArgs: all
+- template: azure-pipeline.template.yaml
+  parameters:
+    name: 'linux_pr'
+    displayName: 'Linux PR Validation'
+    vmImage: 'ubuntu-18.04'
+    scriptFileName: ./build.sh
+    scriptArgs: all
@@ -25,7 +25,7 @@ let output = __SOURCE_DIRECTORY__  @@ "bin"
 let outputTests = __SOURCE_DIRECTORY__ @@ "TestResults"
 let outputPerfTests = __SOURCE_DIRECTORY__ @@ "PerfResults"
 let outputBinaries = output @@ "binaries"
-let outputBinariesNet461 = outputBinaries @@ "net461"
+let outputBinariesNet461 = outputBinaries @@ "net471"
 let outputBinariesNetStandard = outputBinaries @@ "netstandard2.0"
 let outputBinariesNet = outputBinaries @@ "net5.0"
 let outputNuGet = output @@ "nuget"
@@ -52,7 +52,7 @@ let versionSuffix =
     | str -> str
 
 // Configuration values for tests
-let testNetFrameworkVersion = "net461"
+let testNetFrameworkVersion = "net471"
 let testNetCoreVersion = "netcoreapp3.1"
 let testNetVersion = "net5.0"
 
@@ -115,7 +115,8 @@ Target "RunTests" (fun _ ->
     let projects = 
         match (isWindows) with 
         | true -> !! "./src/**/*.Tests.csproj"
-        | _ -> !! "./src/**/*.Tests.csproj" // if you need to filter specs for Linux vs. Windows, do it here
+        | _ -> !! "./src/**/*.Tests.csproj"
+               -- "./src/**/*.API.Tests.csproj" // if you need to filter specs for Linux vs. Windows, do it here
 
     let runSingleProject project =
         let arguments =
 
@@ -91,7 +91,10 @@ namespace Hyperion
         public static readonly Hyperion.SerializerOptions Default;
         [System.Obsolete]
         public SerializerOptions(bool versionTolerance = false, bool preserveObjectReferences = false, System.Collections.Generic.IEnumerable<Hyperion.Surrogate> surrogates = null, System.Collections.Generic.IEnumerable<Hyperion.SerializerFactories.ValueSerializerFactory> serializerFactories = null, System.Collections.Generic.IEnumerable<System.Type> knownTypes = null, bool ignoreISerializable = false) { }
+        [System.Obsolete]
         public SerializerOptions(bool versionTolerance, bool preserveObjectReferences, System.Collections.Generic.IEnumerable<Hyperion.Surrogate> surrogates, System.Collections.Generic.IEnumerable<Hyperion.SerializerFactories.ValueSerializerFactory> serializerFactories, System.Collections.Generic.IEnumerable<System.Type> knownTypes, bool ignoreISerializable, System.Collections.Generic.IEnumerable<System.Func<string, string>> packageNameOverrides) { }
+        public SerializerOptions(bool versionTolerance, bool preserveObjectReferences, System.Collections.Generic.IEnumerable<Hyperion.Surrogate> surrogates, System.Collections.Generic.IEnumerable<Hyperion.SerializerFactories.ValueSerializerFactory> serializerFactories, System.Collections.Generic.IEnumerable<System.Type> knownTypes, bool ignoreISerializable, System.Collections.Generic.IEnumerable<System.Func<string, string>> packageNameOverrides, bool disallowUnsafeTypes) { }
+        public Hyperion.SerializerOptions WithDisallowUnsafeType(bool disallowUnsafeType) { }
         public Hyperion.SerializerOptions WithIgnoreSerializable(bool ignoreISerializable) { }
         public Hyperion.SerializerOptions WithKnownTypes(System.Collections.Generic.IEnumerable<System.Type> knownTypes) { }
         public Hyperion.SerializerOptions WithPackageNameOverrides(System.Collections.Generic.IEnumerable<System.Func<string, string>> packageNameOverrides) { }
@@ -350,6 +353,11 @@ namespace Hyperion.Internal
         public string Contract { get; }
         public bool ForceFullStates { get; }
     }
+    public class EvilDeserializationException : System.Security.SecurityException
+    {
+        public EvilDeserializationException(string message, string typeString) { }
+        public string BadTypeString { get; }
+    }
     [System.AttributeUsage(System.AttributeTargets.Property | System.AttributeTargets.Field | System.AttributeTargets.Parameter | System.AttributeTargets.All)]
     public sealed class HtmlAttributeValueAttribute : System.Attribute
     {
 
@@ -1,22 +1,23 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <Import Project="..\common.props" />
+  <Import Project="..\xunitSettings.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp3.1;net5.0</TargetFrameworks>
+    <TargetFrameworks>$(NetFrameworkTestVersion);$(NetTestVersion);$(NetCoreTestVersion)</TargetFrameworks>
 
     <IsPackable>false</IsPackable>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="ApprovalTests" Version="5.5.0" />
+    <PackageReference Include="ApprovalTests" Version="5.7.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
     <PackageReference Include="PublicApiGenerator" Version="10.2.0" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitRunnerVersion)">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="coverlet.collector" Version="3.0.3">
+    <PackageReference Include="coverlet.collector" Version="3.1.0">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
 
@@ -1,8 +1,9 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <Import Project="..\common.props" />
+  <Import Project="..\xunitSettings.props" />
 
   <PropertyGroup>
-    <TargetFrameworks>net461;netcoreapp3.1;net5.0</TargetFrameworks>
+    <TargetFrameworks>$(NetFrameworkTestVersion);$(NetTestVersion);$(NetCoreTestVersion)</TargetFrameworks>
 
     <IsPackable>false</IsPackable>
   </PropertyGroup>
@@ -18,7 +19,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="coverlet.collector" Version="3.0.3">
+    <PackageReference Include="coverlet.collector" Version="3.1.0">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
 
@@ -1,13 +1,13 @@
 <Project Sdk="Microsoft.NET.Sdk">
-
+  <Import Project="..\common.props" />
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFrameworks>$(NetFrameworkTestVersion);$(NetTestVersion);$(NetCoreTestVersion)</TargetFrameworks>
     <IsPackable>false</IsPackable> <!-- prevents it from being published as NuGet package -->
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="BenchmarkDotNet" Version="0.13.0" />
+    <PackageReference Include="BenchmarkDotNet" Version="0.13.1" />
   </ItemGroup>
 
   <ItemGroup>
 
@@ -9,6 +9,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Linq.Expressions;
 
@@ -1,22 +1,30 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <Import Project="..\common.props" />
+  <Import Project="..\xunitSettings.props" />
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFrameworks>net461;netcoreapp3.1;net5.0</TargetFrameworks>
+    <TargetFrameworks>$(NetFrameworkTestVersion);$(NetTestVersion);$(NetCoreTestVersion)</TargetFrameworks>
     <TargetLatestRuntimePatch>true</TargetLatestRuntimePatch>
     <LangVersion>latest</LangVersion>
     <StartupObject>Hyperion.Tests.Generator.Program</StartupObject>
   </PropertyGroup>
 
-  <PropertyGroup Condition=" '$(TargetFramework)' == 'netcoreapp3.1' or '$(TargetFramework)' == 'net5.0' ">
+  <PropertyGroup Condition=" '$(TargetFramework)' == '$(NetCoreTestVersion)' or '$(TargetFramework)' == '$(NetTestVersion)' ">
     <DefineConstants>$(DefineConstants);NETCOREAPP</DefineConstants>
   </PropertyGroup>
 
-  <PropertyGroup Condition=" '$(TargetFramework)' == 'net461' ">
+  <PropertyGroup Condition=" '$(TargetFramework)' == '$(NetFrameworkTestVersion)' ">
     <DefineConstants>$(DefineConstants);NETFX</DefineConstants>
   </PropertyGroup>
 
+  
+  <ItemGroup Condition="'$(TargetFramework)' == '$(NetFrameworkTestVersion)'">
+      <Reference Include="System.Drawing">
+        <Private>true</Private>
+      </Reference>
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="FluentAssertions" Version="$(FluentAssertionsVersion)" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
@@ -30,9 +38,4 @@
     <ProjectReference Include="..\Hyperion\Hyperion.csproj" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFramework)' == 'net461'">
-      <Reference Include="System.Drawing">
-        <Private>true</Private>
-      </Reference>
-  </ItemGroup>
 </Project>