This documentation is archived and is not being maintained.

Microsoft Security Rules Code Analysis Rule Set

You should include the Microsoft Security Rules rule set to maximize the number of potential security issues that are reported.



CA2116: APTCA methods should only call APTCA methods

When the APTCA (AllowPartiallyTrustedCallers) attribute is present on a fully trusted assembly, and the assembly executes code in another assembly that does not allow partially trusted callers, a security exploit is possible.

CA2117: APTCA types should only extend APTCA base types

When the APTCA (AllowPartiallyTrustedCallers) attribute is present on a fully trusted assembly, and a type in the assembly inherits from a type that does not allow partially trusted callers, a security exploit is possible.

CA2105: Array fields should not be read only

When you apply the read-only (ReadOnly in Visual Basic) modifier to a field that contains an array, the field cannot be changed to reference a different array. However, the elements of the array stored in a read-only field can be changed.

CA2210: Assemblies should have valid strong names

The strong name protects clients from unknowingly loading an assembly that has been tampered with. Assemblies without strong names should not be deployed outside very limited scenarios. If you share or distribute assemblies that are not correctly signed, the assembly can be tampered with, the common language runtime might not load the assembly, or the user might have to disable verification on his or her computer.

CA2115: Call GC.KeepAlive when using native resources

This rule detects errors that might occur because an unmanaged resource is being finalized while it is still being used in unmanaged code.

CA2102: Catch non-CLSCompliant exceptions in general handlers

A member in an assembly that is not marked with the RuntimeCompatibilityAttribute or is marked RuntimeCompatibility(WrapNonExceptionThrows = false) contains a catch block that handles System.Exception and does not contain an immediately following general catch block.

CA2104: Do not declare read only mutable reference types

An externally visible type contains an externally visible read-only field that is a mutable reference type. A mutable type is a type whose instance data can be modified.

CA2122: Do not indirectly expose methods with link demands

A public or protected member has Link Demands and is called by a member that does not perform any security checks. A link demand checks the permissions of the immediate caller only.

CA2114: Method security should be a superset of type

A method should not have both method-level and type-level declarative security for the same action.

CA2123: Override link demands should be identical to base

This rule matches a method to its base method, which is either an interface or a virtual method in another type, and then compares the link demands on each. If this rule is violated, a malicious caller can bypass the link demand just by calling the unsecured method.

CA2111: Pointers should not be visible

A pointer is not private, internal, or read-only. Malicious code can change the value of the pointer, potentially allowing access to arbitrary locations in memory or causing application or system failures.

CA2108: Review declarative security on value types

A public or protected value type is secured by Data Access or Link Demands.

CA2107: Review deny and permit only usage

Using the PermitOnly method and CodeAccessPermission.Deny security actions should be used only by those with an advanced knowledge of .NET Framework security. Code that uses these security actions should undergo a security review.

CA2103: Review imperative security

A method uses imperative security and might be constructing the permission by using state information or return values that can change while the demand is active. Use declarative security whenever possible.

CA2100: Review SQL queries for security vulnerabilities

A method sets the System.Data.IDbCommand.CommandText property by using a string that is built from a string argument to the method. This rule assumes that the string argument contains user input. A SQL command string built from user input is vulnerable to SQL injection attacks.

CA2118: Review SuppressUnmanagedCodeSecurityAttribute usage

SuppressUnmanagedCodeSecurityAttribute changes the default security system behavior for members that execute unmanaged code that uses COM interop or platform invocation. This attribute is primarily used to increase performance; however, the performance gains come with significant security risks.

CA2109: Review visible event handlers

A public or protected event-handling method was detected. Event-handling methods should not be exposed unless absolutely necessary.

CA2119: Seal methods that satisfy private interfaces

An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface. To fix a violation of this rule, prevent the method from being overridden outside the assembly.

CA2106: Secure asserts

A method asserts a permission and no security checks are performed on the caller. Asserting a security permission without performing any security checks can leave an exploitable security weakness in your code.

CA2120: Secure serialization constructors

This type has a constructor that takes a System.Runtime.Serialization.SerializationInfo object and a System.Runtime.Serialization.StreamingContext object (the signature of the serialization constructor). This constructor is not secured by a security check, but one or more of the regular constructors in the type are secured.

CA2112: Secured types should not expose fields

A public or protected type contains public fields and is secured by Link Demands. If code has access to an instance of a type that is secured by a link demand, the code does not have to satisfy the link demand to access the type's fields.

CA2136: Members should not have conflicting transparency annotations

Critical code cannot occur in a 100%-transparent assembly. This rule analyzes 100%-transparent assemblies for any SecurityCritical annotations at the type, field, and method levels.

CA2147: Transparent methods may not use security asserts

This rule analyzes all methods and types in an assembly that is either 100% transparent or mixed transparent/critical, and flags any declarative or imperative use of Assert.

CA2140: Transparent code must not reference security critical items

Methods that are marked with SecurityTransparentAttribute call non-public members that are marked as SecurityCritical. This rule analyzes all methods and types in an assembly that is mixed transparent/critical, and flags any calls from transparent code to non-public critical code that are not marked SecurityTreatAsSafe.

CA2121: Static constructors should be private

The system calls the static constructor before the first instance of the type is created or any static members are referenced. If a static constructor is not private, it can be called by code other than the system. Depending on the operations that are performed in the constructor, this can cause unexpected behavior.

CA2126: Type link demands require inheritance demands

A public unsealed type is protected with a link demand and has an overridable method. Neither the type nor the method is protected with an inheritance demand.

CA2124: Wrap vulnerable finally clauses in outer try

A public or protected method contains a try/finally block. The finally block appears to reset the security state and is not itself enclosed in a finally block.