CA2001: Avoid calling problematic methods
Applies to: Visual Studio Visual Studio for Mac
Note
This article applies to Visual Studio 2017. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here
Item | Value |
---|---|
RuleId | CA2001 |
Category | Microsoft.Reliability |
Breaking change | Non-breaking |
Cause
A member calls a potentially dangerous or problematic method.
Rule description
Avoid making unnecessary and potentially dangerous method calls. A violation of this rule occurs when a member calls one of the following methods:
Method | Description |
---|---|
System.GC.Collect | Calling GC.Collect can significantly affect application performance and is rarely necessary. For more information, see Rico Mariani's Performance Tidbits blog entry on MSDN. |
System.Threading.Thread.Resume System.Threading.Thread.Suspend |
Thread.Suspend and Thread.Resume have been deprecated because of their unpredictable behavior. Use other classes in the System.Threading namespace, such as Monitor, Mutex, and Semaphore, to synchronize threads or protect resources. |
System.Runtime.InteropServices.SafeHandle.DangerousGetHandle | The DangerousGetHandle method poses a security risk because it can return a handle that's not valid. For more information about how to use the DangerousGetHandle method safely, see the DangerousAddRef and DangerousRelease methods. |
System.Reflection.Assembly.LoadFrom System.Reflection.Assembly.LoadFile System.Reflection.Assembly.LoadWithPartialName |
These methods can load assemblies from unexpected locations. For example, see Suzanne Cook's .NET CLR Notes blog posts LoadFile vs. LoadFrom and Choosing a Binding Context for information about methods that load assemblies. |
CoSetProxyBlanket CoInitializeSecurity |
By the time the user code starts executing in a managed process, it's too late to reliably call CoSetProxyBlanket . The common language runtime (CLR) takes initialization actions that may prevent the users P/Invoke from succeeding.If you do have to call CoSetProxyBlanket for a managed application, we recommend that you start the process by using a native code (C++) executable, call CoSetProxyBlanket in the native code, and then start your managed code application in process. (Be sure to specify a runtime version number.) |
How to fix violations
To fix a violation of this rule, remove or replace the call to the dangerous or problematic method.
When to suppress warnings
Suppress messages from this rule only when no alternatives to the problematic method are available.