CA2106: Secure asserts

 

For the latest documentation on Visual Studio 2017, see Visual Studio 2017 Documentation.

For the latest documentation on Visual Studio 2017, see CA2106: Secure asserts on docs.microsoft.com.

TypeNameSecureAsserts
CheckIdCA2106
CategoryMicrosoft.Security
Breaking ChangeBreaking

A method asserts a permission and no security checks are performed on the caller.

Asserting a security permission without performing any security checks can leave an exploitable security weakness in your code. A security stack walk stops when a security permission is asserted. If you assert a permission without performing any checks on the caller, the caller could indirectly execute code by using your permissions. Asserts without security checks are permissible only when you are sure that the assert cannot be used in a harmful manner. An assert is harmless if the code you call is harmless, or users cannot pass arbitrary information to code that you call.

To fix a violation of this rule, add a security demand to the method or its declaring type.

Suppress a warning from this rule only after a careful security review.

CodeAccessPermission.Assert
Secure Coding Guidelines

Show: