The Linq expression trees are extremely powerful tool which is the core of abstracting Linq queries from the source of the object sequences. Essentially the expression trees are data structures representing pieces of code not only expressions
but also statements like new, if, switch, throw, try and catch, etc. If they are data structures the programmer should be able to store and retrieve them. For a tree data structure undoubtedly the most proper serialization schema should be tree-like, e.g.
The goal of this project is to provide the application programmer with easy to use and integrate component which serializes Linq expression tree to and from XML.
- Very simple interface. Essentially the interface consists of two methods (with a couple of convenient overloads) on the class
XmlExpressionSerializer from the namespace
- public static XElement ToXmlElement(Expression expression);
- public static Expression ToExpression(XElement document);
- The overloads allow for serializing to and from whole
- The serializer supports the following constant data types:
- all primitive types;
- enum types;
- nullable types;
- most FCL basic types like: string, DateTime, TimeSpan, Uri, Guid, DBNull;
- any serializable types;
- any types marked with DataContractAttribute;
- anonymous types;
- arrays and generic sequences of the above;
- The XML documents are validated against a schema:
For serialization the code leverages the visitor pattern (see G4 patterns
) provided for by the
and the abstract class
For deserialization the code mimics the same pattern by “visiting” the XML elements of the serialized expression and materializing the structures.
The projects target .NET 4.0 and 4.5.
The source code includes the source code of the
which is used extensively in the unit tests.
the project has moved to GitHub: https://github.com/vmelamed/vm/tree/master/Aspects/Linq/Expressions/Serialization.
I hope you would agree that deserializing and running a serialized expression is equal to running a downloaded code. It is outside of the scope of this project to secure the products of the expressions' serialization/deserialization process. However
there are standard ways to secure (sign and encrypt) XML documents. For example the
Ciphers project has easy to use classes that encrypt and sign XML documents and elements. If you consider using this project in your work, please, also consider the security requirements and environment in which
it will be placed. Make sure that you trust the source of the expressions, the communication lines, the storage, etc. that the serialized expressions goes through. Make sure that the source and the destination of the serialized expressions trust each other
and can verify the expressions (XML document) flow.