"ISerializable" should be implemented correctly
https://rules.sonarsource.com/csharp/RSPEC-3925
The ISerializable interface is the mechanism to control the type serialization process. If not implemented correctly this could result in an invalid serialization and hard to detect bugs.
This rules raises an issue on types that implement ISerializable without following the serialization pattern recommended by Microsoft.
Specifically this rule checks for these problems:
- The
System.SerializableAttributeattribute is missing. - Non-serializable fields are not marked with the
System.NonSerializedAttributeattribute. - There is no serialization constructor.
- An unsealed type has a serialization constructor that is not
protected. - A sealed type has a serialization constructor that is not
private. - An unsealed type has a
ISerializable.GetObjectDatathat is not bothpublicandvirtual. - A derived type has a serialization constructor that does not call the
baseconstructor. - A derived type has a
ISerializable.GetObjectDatamethod that does not call thebasemethod. - A derived type has serializable fields but the
ISerializable.GetObjectDatamethod is not overridden.
What is the correct way to make a custom .NET Exception serializable?
下面这个是第二个回答,原链接的第一回答更详细和复杂
Exception is already serializable, but you need to override the GetObjectData method to store your variables and provide a constructor which can be called when re-hydrating your object.
So your example becomes:
[Serializable]
public class MyException : Exception
{
private readonly string resourceName;
private readonly IList<string> validationErrors;
public MyException(string resourceName, IList<string> validationErrors)
{
this.resourceName = resourceName;
this.validationErrors = validationErrors;
}
public string ResourceName
{
get { return this.resourceName; }
}
public IList<string> ValidationErrors
{
get { return this.validationErrors; }
}
[SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter=true)]
protected MyException(SerializationInfo info, StreamingContext context) : base (info, context)
{
this.resourceName = info.GetString("MyException.ResourceName");
this.validationErrors = info.GetValue("MyException.ValidationErrors", typeof(IList<string>));
}
[SecurityPermissionAttribute(SecurityAction.Demand, SerializationFormatter=true)]
public override void GetObjectData(SerializationInfo info, StreamingContext context)
{
base.GetObjectData(info, context);
info.AddValue("MyException.ResourceName", this.ResourceName);
// Note: if "List<T>" isn't serializable you may need to work out another
// method of adding your list, this is just for show...
info.AddValue("MyException.ValidationErrors", this.