Merge branch 'dev'

akkadotnet · Mar 31, 2022 · ead5056 · ead5056
2 parents ea7ef0f + 2190f14
commit ead5056
Show file tree

Hide file tree

Showing 25 changed files with 445 additions and 53 deletions.
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -1,3 +1,12 @@
+### 0.12.2 March 31 2022 ####
+
+* Fix [deserialization type cache was shared between multiple serializer instances](https://github.com/akkadotnet/Hyperion/pull/306) 
+
+### 0.12.1 March 23 2022 ####
+
+* Fix disallow-unsafe-type Akka.NET settings and harden unsafe type detection [301](https://github.com/akkadotnet/Hyperion/pull/301)
+* Bump [Akka version from 1.4.34 to 1.4.35](https://github.com/akkadotnet/akka.net/releases/tag/1.4.35)
+
 ### 0.12.0 January 12 2022 ####
 
 * Allow explicit control over which types can be deserialized [#281](https://github.com/akkadotnet/Hyperion/pull/281)

diff --git a/build-system/pr-validation.yaml b/build-system/pr-validation.yaml
@@ -21,10 +21,19 @@ jobs:
       vmImage: 'windows-2019'
       scriptFileName: build.cmd
       scriptArgs: all
+
   - template: azure-pipeline.template.yaml
     parameters:
-      name: 'linux_pr'
-      displayName: 'Linux PR Validation'
+      name: 'linux_pr_net_core'
+      displayName: 'Linux PR Validation (netcoreapp3.1)'
       vmImage: 'ubuntu-16.04'
       scriptFileName: ./build.sh
-      scriptArgs: all
+      scriptArgs: runTestsNetCore
+
+  - template: azure-pipeline.template.yaml
+    parameters:
+      name: 'linux_pr_net_5'
+      displayName: 'Linux PR Validation (net5.0)'
+      vmImage: 'ubuntu-16.04'
+      scriptFileName: ./build.sh
+      scriptArgs: runTestsNet
diff --git a/build-system/windows-pr-validation.yaml b/build-system/windows-pr-validation.yaml
@@ -20,10 +20,19 @@ jobs:
     vmImage: 'windows-2019'
     scriptFileName: build.cmd
     scriptArgs: all
+
 - template: azure-pipeline.template.yaml
   parameters:
-    name: 'linux_pr'
-    displayName: 'Linux PR Validation'
+    name: 'linux_pr_net_core'
+    displayName: 'Linux PR Validation (netcoreapp3.1)'
     vmImage: 'ubuntu-18.04'
     scriptFileName: ./build.sh
-    scriptArgs: all
+    scriptArgs: runTestsNetCore
+
+- template: azure-pipeline.template.yaml
+  parameters:
+    name: 'linux_pr_net_5'
+    displayName: 'Linux PR Validation (net5.0)'
+    vmImage: 'ubuntu-18.04'
+    scriptFileName: ./build.sh
+    scriptArgs: runTestsNet
diff --git a/build.fsx b/build.fsx
@@ -71,6 +71,8 @@ Target "Clean" (fun _ ->
 
     CleanDirs !! "./**/bin"
     CleanDirs !! "./**/obj"
+
+    CreateDir "bin/nuget"
 )
 
 Target "AssemblyInfo" (fun _ ->

diff --git a/src/Hyperion.API.Tests/Hyperion.API.Tests.csproj b/src/Hyperion.API.Tests/Hyperion.API.Tests.csproj
@@ -9,15 +9,15 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="ApprovalTests" Version="5.7.1" />
+    <PackageReference Include="ApprovalTests" Version="5.7.2" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
     <PackageReference Include="PublicApiGenerator" Version="10.2.0" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitRunnerVersion)">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="coverlet.collector" Version="3.1.0">
+    <PackageReference Include="coverlet.collector" Version="3.1.2">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

diff --git a/src/Hyperion.Akka.Integration.Tests/Hyperion.Akka.Integration.Tests.csproj b/src/Hyperion.Akka.Integration.Tests/Hyperion.Akka.Integration.Tests.csproj
@@ -19,7 +19,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="coverlet.collector" Version="3.1.0">
+    <PackageReference Include="coverlet.collector" Version="3.1.2">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

diff --git a/src/Hyperion.Akka.Integration.Tests/IntegrationSpec.cs b/src/Hyperion.Akka.Integration.Tests/IntegrationSpec.cs
@@ -1,12 +1,20 @@
 using System;
 using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Runtime.Serialization;
+using System.Security.Claims;
+using System.Security.Principal;
+using System.Threading.Tasks;
 using Akka.Actor;
 using Akka.Configuration;
 using Akka.Serialization;
 using Xunit;
 using Akka.TestKit;
 using Akka.TestKit.Xunit2;
 using FluentAssertions;
+using Hyperion.Internal;
 using Xunit.Abstractions;
 using AkkaSerializer = Akka.Serialization.Serializer;
 
@@ -72,6 +80,79 @@ public void Bugfix263_Akka_HyperionSerializer_should_serialize_ActorPath_list()
             deserialized.Destinations[0].Should().Be(deserialized.Destinations[1]);
         }
 
+        [Fact]
+        public async Task CanDeserializeANaughtyTypeWhenAllowed()
+        {
+            var config = ConfigurationFactory.ParseString(@"
+akka {
+    serialize-messages = on
+    actor {
+        serializers {
+            hyperion = ""Akka.Serialization.HyperionSerializer, Akka.Serialization.Hyperion""
+        }
+        serialization-bindings {
+            ""System.Object"" = hyperion
+        }
+        serialization-settings.hyperion.disallow-unsafe-type = false
+    }
+}");
+            var system = ActorSystem.Create("unsafeSystem", config);
+
+            try
+            {
+                var serializer = system.Serialization.FindSerializerForType(typeof(DirectoryInfo));
+                var di = new DirectoryInfo(@"c:\");
+
+                var serialized = serializer.ToBinary(di);
+                var deserialized = serializer.FromBinary<DirectoryInfo>(serialized);
+            }
+            finally
+            {
+                await system.Terminate();
+            }
+        }
+
+        [Fact]
+        public async Task CantDeserializeANaughtyTypeByDefault()
+        {
+            var config = ConfigurationFactory.ParseString(@"
+akka {
+    serialize-messages = on
+    actor {
+        serializers {
+            hyperion = ""Akka.Serialization.HyperionSerializer, Akka.Serialization.Hyperion""
+        }
+        serialization-bindings {
+            ""System.Object"" = hyperion
+        }
+        serialization-settings.hyperion.disallow-unsafe-type = true # this is the default value
+    }
+}");
+            var system = ActorSystem.Create("unsafeSystem", config);
+
+            try
+            {
+                var deserializer = system.Serialization.FindSerializerForType(typeof(DirectoryInfo));
+                var di = new DirectoryInfo(@"c:\");
+
+                byte[] serialized;
+                using (var stream = new MemoryStream())
+                {
+                    var serializer = new Serializer(SerializerOptions.Default.WithDisallowUnsafeType(false));
+                    serializer.Serialize(di, stream);
+                    stream.Position = 0;
+                    serialized = stream.ToArray();
+                }
+
+                var ex = Assert.Throws<SerializationException>(() => deserializer.FromBinary<DirectoryInfo>(serialized));
+                ex.InnerException.Should().BeOfType<EvilDeserializationException>();
+            }
+            finally
+            {
+                await system.Terminate();
+            }
+        }
+
         private class MyActor: ReceiveActor
         {
 

diff --git a/src/Hyperion.Benchmarks/TypeRejectionBenchmark.cs b/src/Hyperion.Benchmarks/TypeRejectionBenchmark.cs
@@ -0,0 +1,46 @@
+using System;
+using System.IO;
+using BenchmarkDotNet.Attributes;
+using Hyperion.Internal;
+
+namespace Hyperion.Benchmarks
+{
+    [Config(typeof(HyperionConfig))]
+    public class TypeRejectionBenchmark
+    {
+        private Serializer _serializer;
+        private Stream _dangerousStream;
+
+        [GlobalSetup]
+        public void Setup()
+        {
+            var di = new DirectoryInfo("C:\\Windows\\Windows32");
+            var serializer = new Serializer(SerializerOptions.Default.WithDisallowUnsafeType(false));
+            _dangerousStream = new MemoryStream();
+            serializer.Serialize(di, _dangerousStream);
+
+            _serializer = new Serializer();
+        }
+
+        [GlobalCleanup]
+        public void Cleanup()
+        {
+            _dangerousStream.Dispose();
+        }
+
+        [Benchmark]
+        public void DeserializeDanger()
+        {
+            _dangerousStream.Position = 0;
+            try
+            {
+                _serializer.Deserialize<DirectoryInfo>(_dangerousStream);
+            }
+            catch(EvilDeserializationException)
+            {
+                // no-op
+            }
+        }
+
+    }
+}
diff --git a/src/Hyperion.Tests.FSharpData/Hyperion.Tests.FSharpData.fsproj b/src/Hyperion.Tests.FSharpData/Hyperion.Tests.FSharpData.fsproj
@@ -9,7 +9,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Update="FSharp.Core" Version="6.0.1" />
+    <PackageReference Update="FSharp.Core" Version="6.0.3" />
   </ItemGroup>
 
 </Project>
diff --git a/src/Hyperion.Tests/Hyperion.Tests.csproj b/src/Hyperion.Tests/Hyperion.Tests.csproj
@@ -18,17 +18,54 @@
     <DefineConstants>$(DefineConstants);NETFX</DefineConstants>
   </PropertyGroup>
 
-
   <ItemGroup Condition="'$(TargetFramework)' == '$(NetFrameworkTestVersion)'">
-      <Reference Include="System.Drawing">
-        <Private>true</Private>
-      </Reference>
+    <Reference Include="System.Web">
+      <HintPath>./lib</HintPath>
+      <Private>true</Private>
+    </Reference>
+    <Reference Include="System.Web.Mobile">
+      <HintPath>./lib</HintPath>
+      <Private>true</Private>
+    </Reference>
+    <Reference Include="System.Windows.Forms">
+      <HintPath>./lib</HintPath>
+      <Private>true</Private>
+    </Reference>
+    <Reference Include="PresentationFramework">
+      <HintPath>./lib</HintPath>
+      <Private>true</Private>
+    </Reference>
+    <Reference Include="Microsoft.VisualStudio.Text.UI.Wpf">
+      <HintPath>./lib</HintPath>
+      <Private>true</Private>
+    </Reference>
+    <Reference Include="System.Drawing.Design">
+      <HintPath>./lib</HintPath>
+      <Private>true</Private>
+    </Reference>
+    <Reference Include="System.Drawing">
+      <HintPath>./lib</HintPath>
+      <Private>true</Private>
+    </Reference>
+    <Reference Include="System.IdentityModel">
+      <HintPath>./lib</HintPath>
+      <Private>true</Private>
+    </Reference>
+    <Reference Include="System.Activities.Presentation">
+      <HintPath>./lib</HintPath>
+      <Private>true</Private>
+    </Reference>
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)' != '$(NetFrameworkTestVersion)'">
+    <PackageReference Include="System.Management.Automation" Version="6.2.7" />
+  </ItemGroup>
+
   <ItemGroup>
     <PackageReference Include="FluentAssertions" Version="$(FluentAssertionsVersion)" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(TestSdkVersion)" />
     <PackageReference Include="System.Collections.Immutable" Version="5.0.0" />
+    <PackageReference Include="System.Security.Principal.Windows" Version="5.0.0" />
     <PackageReference Include="xunit" Version="$(XunitVersion)" />
     <PackageReference Include="xunit.runner.visualstudio" Version="$(XunitRunnerVersion)" />
   </ItemGroup>