public static object SafeBinaryFormatterDeserializeWithAllowList(Stream stream, IEnumerable <Type> allowList, SafeSerialization.TypeEncounteredDelegate typeEncounteredCallback = null) { SafeSerialization.ValidatingBinder binder = new SafeSerialization.ValidatingBinder(new SafeSerialization.AllowList(allowList), typeEncounteredCallback); BinaryFormatter binaryFormatter = ExchangeBinaryFormatterFactory.CreateBinaryFormatter(null); binaryFormatter.Binder = binder; return(binaryFormatter.Deserialize(stream)); }
private static bool IsSafeBinaryFormatterStreamCommon(SafeSerialization.ValidatingBinder binder, Stream serializationStream) { long position = serializationStream.Position; BinaryFormatter binaryFormatter = ExchangeBinaryFormatterFactory.CreateBinaryFormatter(null); try { binaryFormatter.Binder = binder; binaryFormatter.Deserialize(serializationStream); } catch (SafeSerialization.BlockedTypeException) { return(false); } finally { serializationStream.Seek(position, SeekOrigin.Begin); } return(true); }