Why is this an issue?
Transparency attributes, SecurityCriticalAttribute
and SecuritySafeCriticalAttribute
are used to identify code that
performs security-critical operations. The second one indicates that it is safe to call this code from transparent, while the first one does not.
Since the transparency attributes of code elements with larger scope take precedence over transparency attributes of code elements that are contained
in the first element a class, for instance, with a SecurityCriticalAttribute
can not contain a method with a
SecuritySafeCriticalAttribute
.
This rule raises an issue when a member is marked with a System.Security
security attribute that has a different transparency than the
security attribute of a container of the member.
Noncompliant code example
using System;
using System.Security;
namespace MyLibrary
{
[SecurityCritical]
public class Foo
{
[SecuritySafeCritical] // Noncompliant
public void Bar()
{
}
}
}
Compliant solution
using System;
using System.Security;
namespace MyLibrary
{
[SecurityCritical]
public class Foo
{
public void Bar()
{
}
}
}
Resources