public static object SafeBinaryFormatterDeserializeWithAllowList(Stream stream, IEnumerable <Type> allowList, SafeSerialization.TypeEncounteredDelegate typeEncounteredCallback = null)
{
SafeSerialization.ValidatingBinder binder = new SafeSerialization.ValidatingBinder(new SafeSerialization.AllowList(allowList), typeEncounteredCallback);
BinaryFormatter binaryFormatter = ExchangeBinaryFormatterFactory.CreateBinaryFormatter(null);
binaryFormatter.Binder = binder;
return(binaryFormatter.Deserialize(stream));
}
private static bool IsSafeBinaryFormatterStreamCommon(SafeSerialization.ValidatingBinder binder, Stream serializationStream)
{
long position = serializationStream.Position;
BinaryFormatter binaryFormatter = ExchangeBinaryFormatterFactory.CreateBinaryFormatter(null);
try
{
binaryFormatter.Binder = binder;
binaryFormatter.Deserialize(serializationStream);
}
catch (SafeSerialization.BlockedTypeException)
{
return(false);
}
finally
{
serializationStream.Seek(position, SeekOrigin.Begin);
}
return(true);
}
