CA2137: Transparent methods must contain only verifiable IL


For the latest documentation on Visual Studio 2017 RC, see Visual Studio 2017 RC Documentation.

Breaking ChangeBreaking

A method contains unverifiable code or returns a type by reference.

This rule fires on attempts by security transparent code to execute unverifiable MSIL (Microsoft Intermediate Language). However, the rule does not contain a full IL verifier, and instead uses heuristics to catch most violations of MSIL verification.

To be certain that your code contains only verifiable MSIL, run Peverify.exe (PEVerify Tool) on your assembly. Run PEVerify with the /transparent option which limits the output to only unverifiable transparent methods which would cause an error. If the /transparent option is not used, PEVerify also verifies critical methods that are allowed to contain unverifiable code.

To fix a violation of this rule, mark the method with the SecurityCriticalAttribute or SecuritySafeCriticalAttribute attribute, or remove the unverifiable code.

Do not suppress a warning from this rule.

The method in this example uses unverifiable code and should be marked with the SecurityCriticalAttribute or SecuritySafeCriticalAttribute attribute.

using System;
using System.Security;

namespace TransparencyWarningsDemo

    public class UnverifiableMethodClass
        // CA2137 violation - transparent method with unverifiable code.  This method should become critical or
        // safe critical 
    //    public unsafe byte[] UnverifiableMethod(int length)
    //    {
    //        byte[] bytes = new byte[length];
    //        fixed (byte* pb = bytes)
    //        {
    //            *pb = (byte)length;
    //        }

    //        return bytes;
    //    }