I have a property Foo on a class Bar:
public int Foo
{
get
{
return GetFoo();
}
set
{
SetFoo(value);
}
}
Both GetFoo
and SetFoo
are decorated with [SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
.
As a result, FxCop correctly complains that the Foo property (or rather its implicit getter and setter methods) doesn't have the same LinkDemand:
CA2122 : Microsoft.Security : 'Bar.Foo.get()' calls into 'Bar.GetFoo()' which has a LinkDemand. By making this call, 'Bar.GetFoo()' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection:
However, when I tried to apply the same SecurityPermission
attribute to the property to fix this warning, it turned out that properties are not a valid target for this attribute.
How do I fix this FxCop warning properly?
edit: to respond to Eric Lippert's comment "why on earth LinkDemand"?
- I wrote a function using Marshal.GetIUnknownForObject, which has LinkDemand for unmanaged code permission.
- I ran FxCop, which complained with CA2122
- I googled CA2122 looking for hints on what the error means and how to resolve it
- In the first first google hit I saw Micheal Fanning's advice to use LinkDemand to resolve the error
After reading your reaction which seems to question my sanity, I quickly guessed that Fanning's advice was not applicable in my case. I have now taken a look at the Demand vs. LinkDemand article and will try to use Demand instead.