2

Is there an easy way to make all classes in an assembly serializable instead of putting [Serializable] manually on top of each class?

I can't use reflection as attributes are static metadata and cannot be added dynamically, and I'm out of ideas how to achieve this.

Why

I'm writing a security library that repeatedly checks state of its classes and throws MemoryInjectionException if a class has been modified by any external modifications. In order to achieve this I serialize all classes and save the hash of their serialization in a dictionary.

Edit: Ended up using a self-modified version of SharpSerializer

U. Bulle
  • 1,075
  • 9
  • 20
  • 2
    Sounds like something [PostSharp](https://www.postsharp.net/) might be able to do – stuartd Aug 06 '16 at 19:00
  • 2
    You can use a serializer which doesn't care about the `Serializable` attribute (like `XmlSerializer`, for example) – Jcl Aug 06 '16 at 19:05
  • 2
    I wonder if your application detects that the code that detects modifications has been modified. – GSerg Aug 06 '16 at 19:11
  • As a plan B (or C or D) you could write a unit test to ensure that all the classes are serializable. It won't add the attribute but you'll know if someone leaves it off. – Scott Hannen Aug 06 '16 at 19:28
  • @stuartd PostSharp is too expensive. I wonder if I can achieve this easily with Fody. I have no idea how to code for Fody. – U. Bulle Aug 06 '16 at 19:40
  • 1
    @GSerg Well I use strong-named assembly in order to avoid this. – U. Bulle Aug 06 '16 at 19:40
  • @Jcl Thanks for the advice. Binary serialization is much faster (almost double). Fastest is the best as I use this check in my factory class (every time a new class is requested). – U. Bulle Aug 06 '16 at 19:41
  • 2
    @U.Bulle you may want to try `http://www.sharpserializer.com/` which has comparable speeds to `BinaryFormatter` and doesn't require `[Serializable]`. It's not -as fast-, but it's pretty much ok. Other than that, Fody might do, but if you are not familiarized with it (or with compilation processes and IL opcodes), programming a fody add-in has a decently steep learning curve – Jcl Aug 06 '16 at 19:48
  • 1
    What's wrong with having to write `[Serializable]` once in each class? Are there really that many to make this option so onerous? It would be rather simple to have a unit test to make sure all classes defined in the assembly are serializable so that can't be an issue either. – InBetween Aug 06 '16 at 20:04
  • If you don't want to pay for postsharp, use mono.cecil – Mr Anderson Aug 06 '16 at 20:43
  • 1
    Find and replace `public class` with `[Serializable] public class`. Then look for build errors where `[Serializable]` is added twice and delete one. – Scott Hannen Aug 06 '16 at 22:45
  • @Jcl Thanks for this awesome library! It's much better than .NET's serialization. I've moved to it and my problem is solved. – U. Bulle Aug 10 '16 at 01:32
  • @ScottHannen that's pretty genius :) – Amos Egel Nov 10 '21 at 16:36

0 Answers0