CA2139: Transparent methods may not use the HandleProcessCorruptingExceptions attribute

 

The new home for Visual Studio documentation is Visual Studio 2017 Documentation on docs.microsoft.com.

The latest version of this topic can be found at CA2139: Transparent methods may not use the HandleProcessCorruptingExceptions attribute.

TypeName|TransparentMethodsMustNotHandleProcessCorruptingExceptions|
|CheckId|CA2139|
|Category|Microsoft.Security|
|Breaking Change|Breaking|

A transparent method is marked with the HandleProcessCorruptedStateExceptionsAttribute attribute.

This rule fires any method which is transparent and attempts to handle a process corrupting exception by using the HandleProcessCorruptedStateExceptionsAttribute attribute. A process corrupting exception is a CLR version 4.0 exception classification of exceptions such AccessViolationException. The HandleProcessCorruptedStateExceptionsAttribute attribute may only be used by security critical methods, and will be ignored if it is applied to a transparent method. To handle process corrupting exceptions, this method must become security critical or security safe-critical.

To fix a violation of this rule, remove the HandleProcessCorruptedStateExceptionsAttribute attribute, or mark the method with the SecurityCriticalAttribute or the SecuritySafeCriticalAttribute attribute.

Do not suppress a warning from this rule.

In this example, a transparent method is marked with the HandleProcessCorruptedStateExceptionsAttribute attribute and will fail the rule. The method should also be marked with the SecurityCriticalAttribute or the SecuritySafeCriticalAttribute attribute.

using System;
using System.Runtime.InteropServices;
using System.Runtime.ExceptionServices;
using System.Security;

namespace TransparencyWarningsDemo
{

    public class HandleProcessCorruptedStateExceptionClass
    {
        [DllImport("SomeModule.dll")]
        private static extern void NativeCode();

        // CA2139 violation - transparent method attempting to handle a process corrupting exception
        [HandleProcessCorruptedStateExceptions]
        public void HandleCorruptingExceptions()
        {
            try
            {
                NativeCode();
            }
            catch (AccessViolationException) { }
        }
    }

}

Show: