public static object SafeBinaryFormatterDeserializeWithAllowList(Stream stream, IEnumerable <Type> allowList, SafeSerialization.TypeEncounteredDelegate typeEncounteredCallback = null) { SafeSerialization.ValidatingBinder binder = new SafeSerialization.ValidatingBinder(new SafeSerialization.AllowList(allowList), typeEncounteredCallback); BinaryFormatter binaryFormatter = ExchangeBinaryFormatterFactory.CreateBinaryFormatter(binder); return(binaryFormatter.Deserialize(stream)); }
private static bool IsSafeBinaryFormatterStreamCommon(SafeSerialization.ValidatingBinder binder, Stream serializationStream) { long position = serializationStream.Position; BinaryFormatter binaryFormatter = ExchangeBinaryFormatterFactory.CreateBinaryFormatter(binder); try { binaryFormatter.Deserialize(serializationStream); } catch (SafeSerialization.BlockedTypeException) { return(false); } finally { serializationStream.Seek(position, SeekOrigin.Begin); } return(true); }