From 87af0bbc66aa2381de79c3b1cd9f212639eb669c Mon Sep 17 00:00:00 2001
From: Genevieve Warren <24882762+gewarren@users.noreply.github.com>
Date: Fri, 4 Oct 2024 15:41:43 -0700
Subject: [PATCH] New security analyzers (#42851)

---
 docs/core/compatibility/9.0.md                |  1 +
 docs/core/compatibility/toc.yml               |  4 ++
 .../windows-forms/9.0/security-analyzers.md   | 60 +++++++++++++++++++
 3 files changed, 65 insertions(+)
 create mode 100644 docs/core/compatibility/windows-forms/9.0/security-analyzers.md

diff --git a/docs/core/compatibility/9.0.md b/docs/core/compatibility/9.0.md
index 0fc07844d35df..723c3b2c5edc0 100644
--- a/docs/core/compatibility/9.0.md
+++ b/docs/core/compatibility/9.0.md
@@ -99,6 +99,7 @@ If you're migrating an app to .NET 9, the breaking changes listed here might aff
 | [ComponentDesigner.Initialize throws ArgumentNullException](windows-forms/9.0/componentdesigner-initialize.md) | Behavioral change | Preview 1          |
 | [DataGridViewRowAccessibleObject.Name starting row index](windows-forms/9.0/datagridviewrowaccessibleobject-name-row.md) | Behavioral change | Preview 1 |
 | [IMsoComponent support is opt-in](windows-forms/9.0/imsocomponent-support.md)           | Behavioral change   | Preview 2          |
+| [New security analyzers](windows-forms/9.0/security-analyzers.md)                       | Source incompatible | RC 1               |
 | [No exception if DataGridView is null](windows-forms/9.0/datagridviewheadercell-nre.md) | Behavioral change   | Preview 1          |
 | [PictureBox raises HttpClient exceptions](windows-forms/9.0/httpclient-exceptions.md)   | Behavioral change   | Preview 6          |
 
diff --git a/docs/core/compatibility/toc.yml b/docs/core/compatibility/toc.yml
index 35162f3203b32..255c067adbf79 100644
--- a/docs/core/compatibility/toc.yml
+++ b/docs/core/compatibility/toc.yml
@@ -96,6 +96,8 @@ items:
                 href: windows-forms/9.0/datagridviewrowaccessibleobject-name-row.md
               - name: IMsoComponent support is opt-in
                 href: windows-forms/9.0/imsocomponent-support.md
+              - name: New security analyzers
+                href: windows-forms/9.0/security-analyzers.md
               - name: No exception if DataGridView is null
                 href: windows-forms/9.0/datagridviewheadercell-nre.md
               - name: PictureBox raises HttpClient exceptions
@@ -1940,6 +1942,8 @@ items:
                 href: windows-forms/9.0/datagridviewrowaccessibleobject-name-row.md
               - name: IMsoComponent support is opt-in
                 href: windows-forms/9.0/imsocomponent-support.md
+              - name: New security analyzers
+                href: windows-forms/9.0/security-analyzers.md
               - name: No exception if DataGridView is null
                 href: windows-forms/9.0/datagridviewheadercell-nre.md
               - name: PictureBox raises HttpClient exceptions
diff --git a/docs/core/compatibility/windows-forms/9.0/security-analyzers.md b/docs/core/compatibility/windows-forms/9.0/security-analyzers.md
new file mode 100644
index 0000000000000..8a35c79c69e1c
--- /dev/null
+++ b/docs/core/compatibility/windows-forms/9.0/security-analyzers.md
@@ -0,0 +1,60 @@
+---
+title: "Breaking change: New security analyzers"
+description: Learn about the .NET 9 breaking change in Windows Forms where new security analyzers have been introduced to prevent accidental leaks of sensitive data.
+ms.date: 10/04/2024
+---
+# New security analyzers
+
+New security analyzers have been introduced to prevent the accidental leaking of user data through certain properties. These analyzers enforce best practices by identifying properties that lack explicit serialization settings, for example:
+
+- <xref:System.ComponentModel.DesignerSerializationVisibilityAttribute>
+- <xref:System.ComponentModel.DefaultValueAttribute>
+- `ShouldSerialize[propertyName]` methods
+
+The analyzers produce warnings such as:
+
+> WFO1000: Property 'property' does not configure the code serialization for its property content.
+
+By default, each analyzer produces an error, ensuring that developers are made aware of potential security and data leakage issues early in the development process.
+
+This change aims to enhance the security and maintainability of Windows Forms apps by enforcing proper serialization practices, thus reducing the risk of accidental data exposure.
+
+## Previous behavior
+
+Previously, properties in Windows Forms and <xref:System.Windows.Forms.UserControl> controls could be serialized by the designer without explicit configuration of their serialization behavior. This could result in unintended data being included in the generated code or resource files, creating a potential security risk. This behavior was particularly problematic in custom line-of-business <xref:System.Windows.Forms.UserControl> objects, where it was easy to overlook the serialization of sensitive data that should not have been exposed. For example, properties containing sensitive information, such as user data or internal configurations, could be written directly into the designer-generated *.cs* files or embedded within *.resx* files.
+
+## New behavior
+
+Starting in .NET 9, the new Windows Forms security analyzers enforce stricter control over the serialization of properties in controls and <xref:System.Windows.Forms.UserControl> objects. By default, the analyzer produces an error if a property does not have its CodeDOM serialization behavior explicitly defined. This behavior ensures that properties aren't inadvertently serialized. You can adjust the *.editorconfig* settings to change the analyzer's [severity](../../../../fundamentals/code-analysis/configuration-options.md#severity-level) or suppress the error.
+
+## Version introduced
+
+.NET 9 RC 1
+
+## Type of breaking change
+
+This change can affect [source compatibility](../../categories.md#source-compatibility).
+
+## Reason for change
+
+This change was made for two primary reasons:
+
+- Enhanced security: By forcing explicit serialization definitions, the analyzer significantly reduces the risk of unintentional data exposure, particularly in LOB applications. This has happened in the past, and it's all the more necessary now in the context of the [BinaryFormatter serializer removal](../../serialization/9.0/binaryformatter-removal.md). By preventing as much as possible from being serialized by accident to begin with, there won't be backwards compatibility or security issues around binary serialization in resource files for types that don't have a dedicated type converter.
+
+- Improved code clarity and maintainability: This feature ensures that serialization behavior is transparent and intentional, which aids in code reviews and future maintenance.
+
+## Recommended action
+
+- Review the properties flagged by the analyzer and configure appropriate serialization settings as needed.
+- For a quick fix (not recommended), add the following entry in an *.editorconfig* file at the solution folder or project folder level:
+
+  ```ini
+  [*.cs]
+
+  # WFO1000: A property should determine its property content serialization with the DesignerSerializationVisibilityAttribute, DefaultValueAttribute or the ShouldSerializeProperty method
+  dotnet_diagnostic.WFO1000.severity = silent
+  ```
+
+## Affected APIs
+
+- N/A