Home Library Learn Samples Downloads Support Community Forums
MSDN Library
Development Tools and Languages
Visual Studio 2012
Application Development in Visual Studio
Quality and Diagnostic Tools
Analyzing Application Quality
Analyzing Managed Code Quality
Code Analysis for Managed Code Warnings
Security Warnings
CA2100: Review SQL queries for security vulnerabilities
CA2102: Catch non-CLSCompliant exceptions in general handlers
CA2103: Review imperative security
CA2104: Do not declare read only mutable reference types
CA2105: Array fields should not be read only
CA2106: Secure asserts
CA2107: Review deny and permit only usage
CA2108: Review declarative security on value types
CA2109: Review visible event handlers
CA2111: Pointers should not be visible
CA2112: Secured types should not expose fields
CA2114: Method security should be a superset of type
CA2115: Call GC.KeepAlive when using native resources
CA2116: APTCA methods should only call APTCA methods
CA2117: APTCA types should only extend APTCA base types
CA2118: Review SuppressUnmanagedCodeSecurityAttribute usage
CA2119: Seal methods that satisfy private interfaces
CA2120: Secure serialization constructors
CA2121: Static constructors should be private
CA2122: Do not indirectly expose methods with link demands
CA2123: Override link demands should be identical to base
CA2124: Wrap vulnerable finally clauses in outer try
CA2126: Type link demands require inheritance demands
CA2130: Security critical constants should be transparent
CA2131: Security critical types may not participate in type equivalence
CA2132: Default constructors must be at least as critical as base type default constructors
CA2133: Delegates must bind to methods with consistent transparency
CA2134: Methods must keep consistent transparency when overriding base methods
CA2135: Level 2 assemblies should not contain LinkDemands
CA2136: Members should not have conflicting transparency annotations
CA2137: Transparent methods must contain only verifiable IL
CA2138: Transparent methods must not call methods with the SuppressUnmanagedCodeSecurity attribute
CA2139: Transparent methods may not use the HandleProcessCorruptingExceptions attribute
CA2140: Transparent code must not reference security critical items
CA2141:Transparent methods must not satisfy LinkDemands
CA2142: Transparent code should not be protected with LinkDemands
CA2143: Transparent methods should not use security demands
CA2144: Transparent code should not load assemblies from byte arrays
CA2145: Transparent methods should not be decorated with the SuppressUnmanagedCodeSecurityAttribute
CA2146: Types must be at least as critical as their base types and interfaces
CA2147: Transparent methods may not use security asserts
CA2149: Transparent methods must not call into native code
Expand Minimize
This topic has not yet been rated - Rate this topic

CA2119: Seal methods that satisfy private interfaces

Visual Studio 2012

TypeName

SealMethodsThatSatisfyPrivateInterfaces

CheckId

CA2119

Category

Microsoft.Security

Breaking Change

Breaking

An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface.

Interface methods have public accessibility, which cannot be changed by the implementing type. An internal interface creates a contract that is not intended to be implemented outside the assembly that defines the interface. A public type that implements a method of an internal interface using the virtual (Overridable in Visual Basic) modifier allows the method to be overridden by a derived type that is outside the assembly. If a second type in the defining assembly calls the method and expects an internal-only contract, behavior might be compromised when, instead, the overridden method in the outside assembly is executed. This creates a security vulnerability.

To fix a violation of this rule, prevent the method from being overridden outside the assembly by using one of the following:

  • Make the declaring type sealed (NotInheritable in Visual Basic).

  • Change the accessibility of the declaring type to internal (Friend in Visual Basic).

  • Remove all public constructors from the declaring type.

  • Implement the method without using the virtual modifier.

  • Implement the method explicitly.

It is safe to suppress a warning from this rule if, after careful review, no security issues exist that might be exploitable if the method is overridden outside the assembly.

The following example shows a type, BaseImplementation, that violates this rule.

C#
C++
VB
Copy 
using System;

namespace SecurityLibrary
{
   // Internal by default. 
   interface IValidate
   {
      bool UserIsValidated();
   }

   public class BaseImplementation : IValidate
   {
      public virtual bool UserIsValidated()
      {
         return false;
      }
   }

   public class UseBaseImplementation
   {
      public void SecurityDecision(BaseImplementation someImplementation)
      {
         if(someImplementation.UserIsValidated() == true)
         {
            Console.WriteLine("Account number & balance.");
         }
         else
         {
            Console.WriteLine("Please login.");
         }
      }
   }
}

The following example exploits the virtual method implementation of the previous example.

C#
C++
VB
Copy 
using System;

namespace SecurityLibrary
{
    public class BaseImplementation 
    {
        public virtual bool UserIsValidated()
        {
            return false;
        }
    }

    public class UseBaseImplementation
    {
        public void SecurityDecision(BaseImplementation someImplementation)
        {
            if (someImplementation.UserIsValidated() == true)
            {
                Console.WriteLine("Account number & balance.");
            }
            else
            {
                Console.WriteLine("Please login.");
            }
        }
    }
}
Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.