Share via


CA2140: Transparent code must not reference security critical items

TypeName

TransparentMethodsMustNotReferenceCriticalCode

CheckId

CA2140

Category

Microsoft.Security

Breaking Change

Breaking

Cause

A transparent method:

  • handles a security critical security exception type

  • has a parameter that is marked as a security critical type

  • has a generic parameter with a security critical constraints

  • has a local variable of a security critical type

  • references a type that is marked as security critical

  • calls a method that is marked as security critical

  • references a field that is marked as security critical

  • returns a type that is marked as security critical

Rule Description

A code element that is marked with the SecurityCriticalAttribute attribute is security critical. A transparent method cannot use a security critical element. If a transparent type attempts to use a security critical type a TypeAccessException, MethodAccessException , or FieldAccessException is raised.

How to Fix Violations

To fix a violation of this rule, do one of the following:

When to Suppress Warnings

Do not suppress a warning from this rule.

Example

In the following examples, a transparent method attempts to reference a security critical generic collection, a security critical field, and a security critical method.

using System;
using System.Security;
using System.Collections.Generic;

namespace TransparencyWarningsDemo
{

    [SecurityCritical]
    public class SecurityCriticalClass { }

    public class TransparentMethodsReferenceCriticalCodeClass
    {
        [SecurityCritical]
        private object m_criticalField;

        [SecurityCritical]
        private void CriticalMethod() { }

        public void TransparentMethod()
        {
            // CA2140 violation - transparent method accessing a critical type.  This can be fixed by any of: 
            //  1. Make TransparentMethod critical 
            //  2. Make TransparentMethod safe critical 
            //  3. Make CriticalClass safe critical 
            //  4. Make CriticalClass transparent
            List<SecurityCriticalClass> l = new List<SecurityCriticalClass>();

            // CA2140 violation - transparent method accessing a critical field.  This can be fixed by any of: 
            //  1. Make TransparentMethod critical 
            //  2. Make TransparentMethod safe critical 
            //  3. Make m_criticalField safe critical 
            //  4. Make m_criticalField transparent
            m_criticalField = l;

            // CA2140 violation - transparent method accessing a critical method.  This can be fixed by any of: 
            //  1. Make TransparentMethod critical 
            //  2. Make TransparentMethod safe critical 
            //  3. Make CriticalMethod safe critical 
            //  4. Make CriticalMethod transparent
            CriticalMethod();
        }
    }
}

See Also

Reference

SecurityTransparentAttribute

SecurityCriticalAttribute

SecurityTransparentAttribute

SecurityTreatAsSafeAttribute

System.Security