CA2134: Methods must keep consistent transparency when overriding base methods

Item Value
RuleId CA2134
Category Microsoft.Security
Breaking change Breaking

Cause

This rule fires when a method marked with the SecurityCriticalAttribute overrides a method that is transparent or marked with the SecuritySafeCriticalAttribute. The rule also fires when a method that is transparent or marked with the SecuritySafeCriticalAttribute overrides a method that is marked with a SecurityCriticalAttribute.

The rule is applied when overriding a virtual method or implementing an interface.

Note

This rule has been deprecated. For more information, see Deprecated rules.

Rule description

This rule fires on attempts to change the security accessibility of a method further up the inheritance chain. For example, if a virtual method in a base class is transparent or safe-critical, then the derived class must override it with a transparent or safe-critical method. Conversely, if the virtual is security critical, the derived class must override it with a security critical method. The same rule applies for implementing interface methods.

Transparency rules are enforced when the code is just-in-time (JIT) compiled instead of at run time, so that the transparency calculation does not have dynamic type information. Therefore, the result of the transparency calculation must be able to be determined solely from the static types being JIT-compiled, regardless of the dynamic type.

How to fix violations

To fix a violation of this rule, change the transparency of the method that is overriding a virtual method or implementing an interface to match the transparency of the virtual or interface method.

When to suppress warnings

Do not suppress warnings from this rule. Violations of this rule result in a run-time TypeLoadException for assemblies that use level 2 transparency.

Examples

Code

using System;
using System.Security;

namespace TransparencyWarningsDemo
{

    public interface IInterface
    {
        void TransparentInterfaceMethod();

        [SecurityCritical]
        void CriticalInterfaceMethod();
    }

    public class Base
    {
        public virtual void TransparentVirtual() { }

        [SecurityCritical]
        public virtual void CriticalVirtual() { }
    }

    public class Derived : Base, IInterface
    {
        // CA2134 violation - implementing a transparent method with a critical one.  This can be fixed by any of:
        //   1. Making IInterface.TransparentInterfaceMethod security critical
        //   2. Making Derived.TransparentInterfaceMethod transparent
        //   3. Making Derived.TransparentInterfaceMethod safe critical
        [SecurityCritical]
        public void TransparentInterfaceMethod() { }

        // CA2134 violation - implementing a critical method with a transparent one.  This can be fixed by any of:
        //   1. Making IInterface.CriticalInterfaceMethod transparent
        //   2. Making IInterface.CriticalInterfaceMethod safe critical
        //   3. Making Derived.TransparentInterfaceMethod critical
        public void CriticalInterfaceMethod() { }

        // CA2134 violation - overriding a transparent method with a critical one.  This can be fixed by any of:
        //   1. Making Base.TrasnparentVirtual critical
        //   2. Making Derived.TransparentVirtual transparent
        //   3. Making Derived.TransparentVirtual safe critical
        [SecurityCritical]
        public override void TransparentVirtual() { }

        // CA2134 violation - overriding a critical method with a transparent one.  This can be fixed by any of:
        //   1. Making Base.CriticalVirtual transparent
        //   2. Making Base.CriticalVirtual safe critical
        //   3. Making Derived.CriticalVirtual critical
        public override void CriticalVirtual() { }
    }

}

See also

Security-Transparent Code, Level 2