Share via


CA2139: Transparent methods might not use the HandleProcessCorruptingExceptions attribute

Item Value
RuleId CA2139
Category Microsoft.Security
Breaking change Breaking

Cause

A transparent method is marked with the HandleProcessCorruptedStateExceptionsAttribute attribute.

Note

This rule has been deprecated. For more information, see Deprecated rules.

Rule description

This rule fires any method which is transparent and attempts to handle a process corrupting exception by using the HandleProcessCorruptedStateExceptionsAttribute attribute. A process corrupting exception is a CLR version 4.0 exception classification of exceptions such AccessViolationException. The HandleProcessCorruptedStateExceptionsAttribute attribute may only be used by security critical methods, and will be ignored if it is applied to a transparent method. To handle process corrupting exceptions, this method must become security critical or security safe-critical.

How to fix violations

To fix a violation of this rule, remove the HandleProcessCorruptedStateExceptionsAttribute attribute, or mark the method with the SecurityCriticalAttribute or the SecuritySafeCriticalAttribute attribute.

When to suppress warnings

Do not suppress a warning from this rule.

Example

In this example, a transparent method is marked with the HandleProcessCorruptedStateExceptionsAttribute attribute and will fail the rule. The method should also be marked with the SecurityCriticalAttribute or the SecuritySafeCriticalAttribute attribute.

using System;
using System.Runtime.InteropServices;
using System.Runtime.ExceptionServices;
using System.Security;

namespace TransparencyWarningsDemo
{

    public class HandleProcessCorruptedStateExceptionClass
    {
        [DllImport("SomeModule.dll")]
        private static extern void NativeCode();

        // CA2139 violation - transparent method attempting to handle a process corrupting exception
        [HandleProcessCorruptedStateExceptions]
        public void HandleCorruptingExceptions()
        {
            try
            {
                NativeCode();
            }
            catch (AccessViolationException) { }
        }
    }

}