Microsoft Security Rules Code Analysis Rule Set
You should include the Microsoft Security Rules rule set to maximize the number of potential security issues that are reported.
Rule |
Description |
|---|---|
When the APTCA (AllowPartiallyTrustedCallers) attribute is present on a fully trusted assembly, and the assembly executes code in another assembly that does not allow partially trusted callers, a security exploit is possible. |
|
When the APTCA (AllowPartiallyTrustedCallers) attribute is present on a fully trusted assembly, and a type in the assembly inherits from a type that does not allow partially trusted callers, a security exploit is possible. |
|
When you apply the read-only (ReadOnly in Visual Basic) modifier to a field that contains an array, the field cannot be changed to reference a different array. However, the elements of the array stored in a read-only field can be changed. |
|
The strong name protects clients from unknowingly loading an assembly that has been tampered with. Assemblies without strong names should not be deployed outside very limited scenarios. If you share or distribute assemblies that are not correctly signed, the assembly can be tampered with, the common language runtime might not load the assembly, or the user might have to disable verification on his or her computer. |
|
This rule detects errors that might occur because an unmanaged resource is being finalized while it is still being used in unmanaged code. |
|
CA2102: Catch non-CLSCompliant exceptions in general handlers |
A member in an assembly that is not marked with the RuntimeCompatibilityAttribute or is marked RuntimeCompatibility(WrapNonExceptionThrows = false) contains a catch block that handles System.Exception and does not contain an immediately following general catch block. |
An externally visible type contains an externally visible read-only field that is a mutable reference type. A mutable type is a type whose instance data can be modified. |
|
A public or protected member has Link Demands and is called by a member that does not perform any security checks. A link demand checks the permissions of the immediate caller only. |
|
A method should not have both method-level and type-level declarative security for the same action. |
|
This rule matches a method to its base method, which is either an interface or a virtual method in another type, and then compares the link demands on each. If this rule is violated, a malicious caller can bypass the link demand just by calling the unsecured method. |
|
A pointer is not private, internal, or read-only. Malicious code can change the value of the pointer, potentially allowing access to arbitrary locations in memory or causing application or system failures. |
|
A public or protected value type is secured by Data Access or Link Demands. |
|
Using the PermitOnly method and CodeAccessPermission.Deny security actions should be used only by those with an advanced knowledge of .NET Framework security. Code that uses these security actions should undergo a security review. |
|
A method uses imperative security and might be constructing the permission by using state information or return values that can change while the demand is active. Use declarative security whenever possible. |
|
A method sets the System.Data.IDbCommand.CommandText property by using a string that is built from a string argument to the method. This rule assumes that the string argument contains user input. A SQL command string built from user input is vulnerable to SQL injection attacks. |
|
SuppressUnmanagedCodeSecurityAttribute changes the default security system behavior for members that execute unmanaged code that uses COM interop or platform invocation. This attribute is primarily used to increase performance; however, the performance gains come with significant security risks. |
|
A public or protected event-handling method was detected. Event-handling methods should not be exposed unless absolutely necessary. |
|
An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface. To fix a violation of this rule, prevent the method from being overridden outside the assembly. |
|
A method asserts a permission and no security checks are performed on the caller. Asserting a security permission without performing any security checks can leave an exploitable security weakness in your code. |
|
This type has a constructor that takes a System.Runtime.Serialization.SerializationInfo object and a System.Runtime.Serialization.StreamingContext object (the signature of the serialization constructor). This constructor is not secured by a security check, but one or more of the regular constructors in the type are secured. |
|
A public or protected type contains public fields and is secured by Link Demands. If code has access to an instance of a type that is secured by a link demand, the code does not have to satisfy the link demand to access the type's fields. |
|
CA2136: Members should not have conflicting transparency annotations |
Critical code cannot occur in a 100%-transparent assembly. This rule analyzes 100%-transparent assemblies for any SecurityCritical annotations at the type, field, and method levels. |
This rule analyzes all methods and types in an assembly that is either 100% transparent or mixed transparent/critical, and flags any declarative or imperative use of Assert. |
|
CA2140: Transparent code must not reference security critical items |
Methods that are marked with SecurityTransparentAttribute call non-public members that are marked as SecurityCritical. This rule analyzes all methods and types in an assembly that is mixed transparent/critical, and flags any calls from transparent code to non-public critical code that are not marked SecurityTreatAsSafe. |
The system calls the static constructor before the first instance of the type is created or any static members are referenced. If a static constructor is not private, it can be called by code other than the system. Depending on the operations that are performed in the constructor, this can cause unexpected behavior. |
|
A public unsealed type is protected with a link demand and has an overridable method. Neither the type nor the method is protected with an inheritance demand. |
|
A public or protected method contains a try/finally block. The finally block appears to reset the security state and is not itself enclosed in a finally block. |