-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New security analyzers #42851
Merged
Merged
New security analyzers #42851
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
60 changes: 60 additions & 0 deletions
60
docs/core/compatibility/windows-forms/9.0/security-analyzers.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
--- | ||
title: "Breaking change: New security analyzers" | ||
description: Learn about the .NET 9 breaking change in Windows Forms where new security analyzers have been introduced to prevent accidental leaks of sensitive data. | ||
ms.date: 10/04/2024 | ||
--- | ||
# New security analyzers | ||
|
||
New security analyzers have been introduced to prevent the accidental leaking of user data through certain properties. These analyzers enforce best practices by identifying properties that lack explicit serialization settings, for example: | ||
|
||
- <xref:System.ComponentModel.DesignerSerializationVisibilityAttribute> | ||
- <xref:System.ComponentModel.DefaultValueAttribute> | ||
- `ShouldSerialize[propertyName]` methods | ||
|
||
The analyzers produce warnings such as: | ||
|
||
> WFO1000: Property 'property' does not configure the code serialization for its property content. | ||
|
||
By default, each analyzer produces an error, ensuring that developers are made aware of potential security and data leakage issues early in the development process. | ||
|
||
This change aims to enhance the security and maintainability of Windows Forms apps by enforcing proper serialization practices, thus reducing the risk of accidental data exposure. | ||
|
||
## Previous behavior | ||
|
||
Previously, properties in Windows Forms and <xref:System.Windows.Forms.UserControl> controls could be serialized by the designer without explicit configuration of their serialization behavior. This could result in unintended data being included in the generated code or resource files, creating a potential security risk. This behavior was particularly problematic in custom line-of-business <xref:System.Windows.Forms.UserControl> objects, where it was easy to overlook the serialization of sensitive data that should not have been exposed. For example, properties containing sensitive information, such as user data or internal configurations, could be written directly into the designer-generated *.cs* files or embedded within *.resx* files. | ||
|
||
## New behavior | ||
|
||
Starting in .NET 9, the new Windows Forms security analyzers enforce stricter control over the serialization of properties in controls and <xref:System.Windows.Forms.UserControl> objects. By default, the analyzer produces an error if a property does not have its CodeDOM serialization behavior explicitly defined. This behavior ensures that properties aren't inadvertently serialized. You can adjust the *.editorconfig* settings to change the analyzer's [severity](../../../../fundamentals/code-analysis/configuration-options.md#severity-level) or suppress the error. | ||
|
||
## Version introduced | ||
|
||
.NET 9 RC 1 | ||
|
||
## Type of breaking change | ||
|
||
This change can affect [source compatibility](../../categories.md#source-compatibility). | ||
|
||
## Reason for change | ||
|
||
This change was made for two primary reasons: | ||
|
||
- Enhanced security: By forcing explicit serialization definitions, the analyzer significantly reduces the risk of unintentional data exposure, particularly in LOB applications. This has happened in the past, and it's all the more necessary now in the context of the [BinaryFormatter serializer removal](../../serialization/9.0/binaryformatter-removal.md). By preventing as much as possible from being serialized by accident to begin with, there won't be backwards compatibility or security issues around binary serialization in resource files for types that don't have a dedicated type converter. | ||
|
||
- Improved code clarity and maintainability: This feature ensures that serialization behavior is transparent and intentional, which aids in code reviews and future maintenance. | ||
|
||
## Recommended action | ||
|
||
- Review the properties flagged by the analyzer and configure appropriate serialization settings as needed. | ||
- For a quick fix (not recommended), add the following entry in an *.editorconfig* file at the solution folder or project folder level: | ||
|
||
```ini | ||
[*.cs] | ||
|
||
# WFO1000: A property should determine its property content serialization with the DesignerSerializationVisibilityAttribute, DefaultValueAttribute or the ShouldSerializeProperty method | ||
dotnet_diagnostic.WFO1000.severity = silent | ||
``` | ||
|
||
## Affected APIs | ||
|
||
- N/A |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@adegeo Will these errors be documented?