CA2140: Transparent code must not reference security critical items

Item Value
RuleId CA2140
Category Microsoft.Security
Breaking change Breaking

Cause

A transparent method:

  • handles a security critical security exception type

  • has a parameter that is marked as a security critical type

  • has a generic parameter with a security critical constraints

  • has a local variable of a security critical type

  • references a type that is marked as security critical

  • calls a method that is marked as security critical

  • references a field that is marked as security critical

  • returns a type that is marked as security critical

Note

This rule has been deprecated. For more information, see Deprecated rules.

Rule description

A code element that is marked with the SecurityCriticalAttribute attribute is security critical. A transparent method cannot use a security critical element. If a transparent type attempts to use a security critical type a TypeAccessException, MethodAccessException , or FieldAccessException is raised.

How to fix violations

To fix a violation of this rule, do one of the following:

When to suppress warnings

Do not suppress a warning from this rule.

Example

In the following examples, a transparent method attempts to reference a security critical generic collection, a security critical field, and a security critical method.

using System;
using System.Security;
using System.Collections.Generic;

namespace TransparencyWarningsDemo
{

    [SecurityCritical]
    public class SecurityCriticalClass { }

    public class TransparentMethodsReferenceCriticalCodeClass
    {
        [SecurityCritical]
        private object m_criticalField;

        [SecurityCritical]
        private void CriticalMethod() { }

        public void TransparentMethod()
        {
            // CA2140 violation - transparent method accessing a critical type.  This can be fixed by any of:
            //  1. Make TransparentMethod critical
            //  2. Make TransparentMethod safe critical
            //  3. Make CriticalClass safe critical
            //  4. Make CriticalClass transparent
            List<SecurityCriticalClass> l = new List<SecurityCriticalClass>();

            // CA2140 violation - transparent method accessing a critical field.  This can be fixed by any of:
            //  1. Make TransparentMethod critical
            //  2. Make TransparentMethod safe critical
            //  3. Make m_criticalField safe critical
            //  4. Make m_criticalField transparent
            m_criticalField = l;

            // CA2140 violation - transparent method accessing a critical method.  This can be fixed by any of:
            //  1. Make TransparentMethod critical
            //  2. Make TransparentMethod safe critical
            //  3. Make CriticalMethod safe critical
            //  4. Make CriticalMethod transparent
            CriticalMethod();
        }
    }
}

See also