Do not declare read only mutable reference types

Do not declare read only mutable re...

Switch on low bandwidth view

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

Visual Studio Team System

Do not declare read only mutable reference types

TypeName	DoNotDeclareReadOnlyMutableReferenceTypes
CheckId	CA2104
Category	Microsoft.Security
Breaking Change	Non Breaking

Cause

An externally visible type contains an externally visible read-only field that is a mutable reference type.

Rule Description

A mutable type is a type whose instance data can be modified. The System.Text..::.StringBuilder class is an example of a mutable reference type. It contains members that can change the value of an instance of the class. An example of an immutable reference type is the System..::.String class. After it has been instantiated, its value can never change.

The read-only modifier (readonly (C# Reference) in C#, ReadOnly (Visual Basic) in Visual Basic, and const (C++) in C++) on a reference type field (pointer in C++) prevents the field from being replaced by a different instance of the reference type but does not prevent the field's instance data from being modified through the reference type.

Read-only array fields are exempt from this rule but instead cause a violation of the Array fields should not be read only rule.

How to Fix Violations

To fix a violation of this rule, remove the read-only modifier or, if a breaking change is acceptable, replace the field with an immutable type.

When to Suppress Warnings

It is safe to suppress a warning from this rule if the field type is immutable.

Example

The following example shows a field declaration that causes a violation of this rule.

Visual Basic

Imports System
Imports System.Text

Namespace SecurityLibrary

    Public Class MutableReferenceTypes

        Shared Protected ReadOnly SomeStringBuilder As StringBuilder

        Shared Sub New()
            SomeStringBuilder = New StringBuilder()
        End Sub

    End Class

End Namespace

using System;
using System.Text;

namespace SecurityLibrary
{
    public class MutableReferenceTypes
    {
        static protected readonly StringBuilder SomeStringBuilder;

        static MutableReferenceTypes()
        {
            SomeStringBuilder = new StringBuilder();
        }
    }
}

Visual C++

using namespace System;
using namespace System::Text;

namespace SecurityLibrary
{
    public ref class MutableReferenceTypes
    {
    protected:
        static StringBuilder^ const SomeStringBuilder = 
           gcnew StringBuilder();

    private:
        static MutableReferenceTypes()
        {
        }
    };
}

Tags

: Add a tag

Community Content

Add new content

Annotations

Readonly Mutable Reference types

CommonGenius.com | Edit | Show History

The article implies that there would never be any time when you would want to create a readonly field for a mutable reference type. But why should that necessarily be true? After all, we create readonly properties that return mutable collections; the purpose of the readonly property is to prevent the user from replacing the collection with a new collection instance. Why couldn't a similar situation occur for readonly fields?

Tags

: Add a tag

Flag as ContentBug

Valid cases if it is intended to be a singleton

Daniel Beekeeper | Edit | Show History

I have several cases where I have valid resons to have the static object declared as readonly. It is a singleton and I do not want anyone to change the reference but it is ok to change the content.

Tags

: Add a tag

Flag as ContentBug

Valid cases if it is intended to be a singleton

Daniel Beekeeper | Edit | Show History

I have several cases where I have valid resons to have the static object declared as readonly. It is a singleton and I do not want anyone to change the reference but it is ok to change the content.

Tags

: Add a tag

Flag as ContentBug