public T Deserialize(string data)
{
//Security Warning: The following code is intentionally vulnerable to a serialization vulnerability
var ser = FsPickler.CreateJsonSerializer();
using (TextReader sr = new StringReader(data))
{
return(ser.Deserialize <T>(sr));
}
}
public string Serialize(T obj)
{
var ser = FsPickler.CreateJsonSerializer();
var output = new StringBuilder();
using (TextWriter sw = new StringWriter(output))
{
ser.Serialize <T>(sw, obj);
}
return(output.ToString());
}
/*
* Insecure FsPickler Deserialize usage
*/
public void FsPicklerDeserialization(string json)
{
try
{
var fsPickler = FsPickler.CreateJsonSerializer();
MemoryStream memoryStream = new MemoryStream(Convert.FromBase64String(json));
fsPickler.Deserialize <object>(memoryStream);
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
