CA2351: Ensure DataSet.ReadXml()'s input is trusted

Is this page helpful?

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

	Value
Rule ID	CA2351
Category	Security
Fix is breaking or non-breaking	Non-breaking

Cause

The DataSet.ReadXml method was called or referenced, and not within autogenerated code.

This rule classifies autogenerated code b:

• Being inside a method named ReadXmlSerializable.
• The ReadXmlSerializable method has a System.Diagnostics.DebuggerNonUserCodeAttribute.
• The ReadXmlSerializable method is within a type that has a System.ComponentModel.DesignerCategoryAttribute.

CA2361 is a similar rule, for when DataSet.ReadXml appears within autogenerated code.

Rule description

When deserializing a DataSet with untrusted input, an attacker can craft malicious input to perform a denial of service attack. There may be unknown remote code execution vulnerabilities.

For more information, see DataSet and DataTable security guidance.

How to fix violations

• If possible, use Entity Framework rather than the DataSet.
• Make the serialized data tamper-proof. After serialization, cryptographically sign the serialized data. Before deserialization, validate the cryptographic signature. Protect the cryptographic key from being disclosed and design for key rotations.

When to suppress warnings

It's safe to suppress a warning from this rule if:

• You know the input is trusted. Consider that your application's trust boundary and data flows may change over time.
• You've taken one of the precautions in How to fix violations.

Pseudo-code examples

Violation

using System.Data;

public class ExampleClass
{
    public DataSet MyDeserialize(string untrustedXml)
    {
        DataSet dt = new DataSet();
        dt.ReadXml(untrustedXml);
    }
}

Related rules

CA2350: Ensure DataTable.ReadXml()'s input is trusted

CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks

CA2353: Unsafe DataSet or DataTable in serializable type

CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attack

CA2355: Unsafe DataSet or DataTable in deserialized object graph

CA2356: Unsafe DataSet or DataTable in web deserialized object graph

CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data

CA2362: Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks