Share via


Secure asserts

TypeName

SecureAsserts

CheckId

CA2106

Category

Microsoft.Security

Breaking Change

Breaking

Cause

A method asserts a permission and no security checks are performed on the caller.

Rule Description

Asserting a security permission without performing any security checks can leave an exploitable security weakness in your code. A security stack walk stops when a security permission is asserted. If you assert a permission without performing any checks on the caller, the caller might be able to indirectly execute code using your permissions. Asserts without security checks are only permissible when you are certain that the assert cannot be used in a harmful manner, namely, if the code you call is harmless, or users have no way to pass arbitrary information to code that you call.

How to Fix Violations

To fix a violation of this rule, add a security demand to the method or its declaring type.

When to Exclude Warnings

Only exclude a warning from this rule after a careful security review.

See Also

Reference

System.Security.CodeAccessPermission.Assert

Other Resources

Secure Coding Guidelines