The Linq expression trees are extremely powerful tool which is the core of abstracting Linq queries from the source of the object sequences. Essentially the expression trees are data structures representing pieces of code not only expressions but also statements like new, if, switch, throw, try and catch, etc. If they are data structures the programmer should be able to store and retrieve them. For a tree data structure undoubtedly the most proper serialization schema should be tree-like, e.g. XML.
The goal of this project is to provide the application programmer with easy to use and integrate component which serializes Linq expression tree to and from XML.
- Very simple interface. Essentially the interface consists of two methods (with a couple of convenient overloads) on the class XmlExpressionSerializer from the namespace vm.Aspects.ExpressionSerialization:
- public static XElement ToXmlElement(Expression expression);
- public static Expression ToExpression(XElement document);
- The overloads allow for serializing to and from whole XDocument objects.
- The serializer supports the following constant data types:
- all primitive types;
- enum types;
- nullable types;
- most FCL basic types like: string, DateTime, TimeSpan, Uri, Guid, DBNull;
- any serializable types;
- any types marked with DataContractAttribute;
- anonymous types;
- arrays and generic sequences of the above;
- The XML documents are validated against a schema: urn:schemas-vm-com:Aspects.Expression
For serialization the code leverages the visitor pattern (see G4 patterns
) provided for by the Expression
class' methods Accept
and the abstract class ExpressionVisitor
For deserialization the code mimics the same pattern by “visiting” the XML elements of the serialized expression and materializing the structures.
The projects target .NET 4.0 and 4.5.
The source code includes the source code of the object dumper
which is used extensively in the unit tests.
I hope you would agree that deserializing and running a serialized expression should be considered equal to running a downloaded unknown code. At least at the moment it is outside of the scope of this project to secure the expressions' serialization/deserialization process. However there are well known standardized ways to secure (sign and possibly encrypt) an XML document. If you like this project and consider using it in your work, please, consider carefully the security requirements and environment in which it will be placed. Make sure that you trust the source of the expressions, the communication lines, the storage, etc. that the serialized expressions goes through. Make sure that the source and the destination of the serialized expressions trust each other and can verify the expressions (XML document) flow.