Mark ISerializable types with serializable

Article
08/20/2007

TypeName	MarkISerializableTypesWithSerializable
CheckId	CA2237
Category	Microsoft.Usage
Breaking Change	NonBreaking

Cause

An externally visible type implements the System.Runtime.Serialization.ISerializable interface and the type is not marked with the System.SerializableAttribute attribute. The rule ignores derived types whose base type is not serializable.

Rule Description

To be recognized by the common language runtime as serializable, types must be marked with the SerializableAttribute attribute even if the type uses a custom serialization routine through implementation of the ISerializable interface.

How to Fix Violations

To fix a violation of this rule, apply the SerializableAttribute attribute to the type.

When to Exclude Warnings

Do not exclude a warning from this rule for exception classes because they must be serializable to work correctly across application domains.

Example

The following example shows a type that violates the rule. Uncomment the SerializableAttribute attribute line to satisfy the rule.

Imports System
Imports System.Runtime.Serialization
Imports System.Security.Permissions

Namespace UsageLibrary

   ' <SerializableAttribute> _ 
   Public Class BaseType
      Implements ISerializable
   
      Dim baseValue As Integer

      Sub New()
         baseValue = 3
      End Sub

      Protected Sub New( _ 
         info As SerializationInfo, context As StreamingContext)
      
         baseValue = info.GetInt32("baseValue")

      End Sub

      <SecurityPermissionAttribute(SecurityAction.Demand, _ 
          SerializationFormatter := True)> _ 
      Overridable Sub GetObjectData( _ 
         info As SerializationInfo, context As StreamingContext) _ 
         Implements ISerializable.GetObjectData
      
         info.AddValue("baseValue", baseValue)

      End Sub

   End Class

End Namespace

using System;
using System.Runtime.Serialization;
using System.Security.Permissions;

namespace UsageLibrary
{
   // [SerializableAttribute]
   public class BaseType : ISerializable
   {
      int baseValue;

      public BaseType()
      {
         baseValue = 3;
      }

      protected BaseType(
         SerializationInfo info, StreamingContext context)
      {
         baseValue = info.GetInt32("baseValue");
      }

      [SecurityPermissionAttribute(SecurityAction.Demand, 
          SerializationFormatter = true)]
      public virtual void GetObjectData(
         SerializationInfo info, StreamingContext context)
      {
         info.AddValue("baseValue", baseValue);
      }
   }
}

Call base class methods on ISerializable types

Implement ISerializable correctly

Implement serialization constructors

Implement serialization methods correctly

Mark all non-serializable fields

Provide deserialization methods for optional fields

Secure GetObjectData overrides

Secure serialization constructors