Visual Studio Team System
Do not declare read only mutable reference types

TypeName

DoNotDeclareReadOnlyMutableReferenceTypes

CheckId

CA2104

Category

Microsoft.Security

Breaking Change

Non Breaking

Cause

An externally visible type contains an externally visible read-only field that is a mutable reference type.

Rule Description

A mutable type is a type whose instance data can be modified. The System.Text..::.StringBuilder class is an example of a mutable reference type. It contains members that can change the value of an instance of the class. An example of an immutable reference type is the System..::.String class. After it has been instantiated, its value can never change.

The read-only modifier (readonly (C# Reference) in C#, ReadOnly (Visual Basic) in Visual Basic, and const (C++) in C++) on a reference type field (pointer in C++) prevents the field from being replaced by a different instance of the reference type but does not prevent the field's instance data from being modified through the reference type.

Read-only array fields are exempt from this rule but instead cause a violation of the Array fields should not be read only rule.

How to Fix Violations

To fix a violation of this rule, remove the read-only modifier or, if a breaking change is acceptable, replace the field with an immutable type.

When to Suppress Warnings

It is safe to suppress a warning from this rule if the field type is immutable.

Example

The following example shows a field declaration that causes a violation of this rule.

Visual Basic 
Imports System
Imports System.Text

Namespace SecurityLibrary

    Public Class MutableReferenceTypes

        Shared Protected ReadOnly SomeStringBuilder As StringBuilder

        Shared Sub New()
            SomeStringBuilder = New StringBuilder()
        End Sub

    End Class

End Namespace
C# 
using System;
using System.Text;

namespace SecurityLibrary
{
    public class MutableReferenceTypes
    {
        static protected readonly StringBuilder SomeStringBuilder;

        static MutableReferenceTypes()
        {
            SomeStringBuilder = new StringBuilder();
        }
    }
}
Visual C++ 
using namespace System;
using namespace System::Text;

namespace SecurityLibrary
{
    public ref class MutableReferenceTypes
    {
    protected:
        static StringBuilder^ const SomeStringBuilder = 
           gcnew StringBuilder();

    private:
        static MutableReferenceTypes()
        {
        }
    };
}
Tags :


Community Content

CommonGenius.com
Readonly Mutable Reference types
The article implies that there would never be any time when you would want to create a readonly field for a mutable reference type. But why should that necessarily be true? After all, we create readonly properties that return mutable collections; the purpose of the readonly property is to prevent the user from replacing the collection with a new collection instance. Why couldn't a similar situation occur for readonly fields?
Tags :

Daniel Beekeeper
Valid cases if it is intended to be a singleton

I have several cases where I have valid resons to have the static object declared as readonly. It is a singleton and I do not want anyone to change the reference but it is ok to change the content.

Tags :

Daniel Beekeeper
Valid cases if it is intended to be a singleton
I have several cases where I have valid resons to have the static object declared as readonly. It is a singleton and I do not want anyone to change the reference but it is ok to change the content.
Tags :

Page view tracker