Compartir a través de


CA2001: Avoid calling problematic methods

Applies to: yesVisual Studio noVisual Studio for Mac

Note

This article applies to Visual Studio 2017. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here

Item Value
RuleId CA2001
Category Microsoft.Reliability
Breaking change Non-breaking

Cause

A member calls a potentially dangerous or problematic method.

Rule description

Avoid making unnecessary and potentially dangerous method calls. A violation of this rule occurs when a member calls one of the following methods:

Method Description
System.GC.Collect Calling GC.Collect can significantly affect application performance and is rarely necessary. For more information, see Rico Mariani's Performance Tidbits blog entry on MSDN.
System.Threading.Thread.Resume

System.Threading.Thread.Suspend
Thread.Suspend and Thread.Resume have been deprecated because of their unpredictable behavior. Use other classes in the System.Threading namespace, such as Monitor, Mutex, and Semaphore, to synchronize threads or protect resources.
System.Runtime.InteropServices.SafeHandle.DangerousGetHandle The DangerousGetHandle method poses a security risk because it can return a handle that's not valid. For more information about how to use the DangerousGetHandle method safely, see the DangerousAddRef and DangerousRelease methods.
System.Reflection.Assembly.LoadFrom

System.Reflection.Assembly.LoadFile

System.Reflection.Assembly.LoadWithPartialName
These methods can load assemblies from unexpected locations. For example, see Suzanne Cook's .NET CLR Notes blog posts LoadFile vs. LoadFrom and Choosing a Binding Context for information about methods that load assemblies.
CoSetProxyBlanket

CoInitializeSecurity
By the time the user code starts executing in a managed process, it's too late to reliably call CoSetProxyBlanket. The common language runtime (CLR) takes initialization actions that may prevent the users P/Invoke from succeeding.

If you do have to call CoSetProxyBlanket for a managed application, we recommend that you start the process by using a native code (C++) executable, call CoSetProxyBlanket in the native code, and then start your managed code application in process. (Be sure to specify a runtime version number.)

How to fix violations

To fix a violation of this rule, remove or replace the call to the dangerous or problematic method.

When to suppress warnings

Suppress messages from this rule only when no alternatives to the problematic method are available.

See also