CA2140: Transparent code must not reference security critical items
TypeName |
TransparentMethodsMustNotReferenceCriticalCode |
CheckId |
CA2140 |
Category |
Microsoft.Security |
Breaking Change |
Breaking |
Cause
A transparent method:
handles a security critical security exception type
has a parameter that is marked as a security critical type
has a generic parameter with a security critical constraints
has a local variable of a security critical type
references a type that is marked as security critical
calls a method that is marked as security critical
references a field that is marked as security critical
returns a type that is marked as security critical
Rule Description
A code element that is marked with the SecurityCriticalAttribute attribute is security critical. A transparent method cannot use a security critical element. If a transparent type attempts to use a security critical type a TypeAccessException, MethodAccessException , or FieldAccessException is raised.
How to Fix Violations
To fix a violation of this rule, do one of the following:
Mark the code element that uses the security critical code with the SecurityCriticalAttribute attribute
- or -
Remove the SecurityCriticalAttribute attribute from the code elements that are marked as security critical and instead mark them with the SecuritySafeCriticalAttribute or SecurityTransparentAttribute attribute.
When to Suppress Warnings
Do not suppress a warning from this rule.
Example
In the following examples, a transparent method attempts to reference a security critical generic collection, a security critical field, and a security critical method.
using System;
using System.Security;
using System.Collections.Generic;
namespace TransparencyWarningsDemo
{
[SecurityCritical]
public class SecurityCriticalClass { }
public class TransparentMethodsReferenceCriticalCodeClass
{
[SecurityCritical]
private object m_criticalField;
[SecurityCritical]
private void CriticalMethod() { }
public void TransparentMethod()
{
// CA2140 violation - transparent method accessing a critical type. This can be fixed by any of:
// 1. Make TransparentMethod critical
// 2. Make TransparentMethod safe critical
// 3. Make CriticalClass safe critical
// 4. Make CriticalClass transparent
List<SecurityCriticalClass> l = new List<SecurityCriticalClass>();
// CA2140 violation - transparent method accessing a critical field. This can be fixed by any of:
// 1. Make TransparentMethod critical
// 2. Make TransparentMethod safe critical
// 3. Make m_criticalField safe critical
// 4. Make m_criticalField transparent
m_criticalField = l;
// CA2140 violation - transparent method accessing a critical method. This can be fixed by any of:
// 1. Make TransparentMethod critical
// 2. Make TransparentMethod safe critical
// 3. Make CriticalMethod safe critical
// 4. Make CriticalMethod transparent
CriticalMethod();
}
}
}