Dela via


Type link demands require inheritance demands

TypeName

TypeLinkDemandsRequireInheritanceDemands

CheckId

CA2126

Category

Microsoft.Security

Breaking Change

Breaking

Cause

A public unsealed type is protected with a link demand, has an overridable method, and neither the type nor the method is protected with an inheritance demand.

Rule Description

A link demand on a method or its declaring type requires the immediate caller of the method to have the specified permission. An inheritance demand on a method requires an overriding method to have the specified permission. An inheritance demand on a type requires a deriving class to have the specified permission.

How to Fix Violations

To fix a violation of this rule, secure the type or the method with an inheritance demand for the same permission as the link demand.

When to Suppress Warnings

Do not suppress a warning from this rule.

Example

The following example shows a type that violates the rule.

Imports System
Imports System.Security.Permissions

Namespace SecurityLibrary

    <EnvironmentPermission(SecurityAction.LinkDemand, Read:="PATH")> _
    Public Class TypesWithLinkDemands

        Protected Overridable Sub UnsecuredMethod()
        End Sub

        <EnvironmentPermission(SecurityAction.InheritanceDemand, Read:="PATH")> _
        Protected Overridable Sub SecuredMethod()
        End Sub 

    End Class 

End Namespace
using System;
using System.Security.Permissions;

namespace SecurityLibrary
{
   [EnvironmentPermission(SecurityAction.LinkDemand, Read = "PATH")]
   public class TypesWithLinkDemands
   {
      public virtual void UnsecuredMethod() {}

      [EnvironmentPermission(SecurityAction.InheritanceDemand, Read = "PATH")]
      public virtual void SecuredMethod() { }
   }
}
using namespace System;
using namespace System::Security::Permissions;

namespace SecurityLibrary
{
    [EnvironmentPermission(SecurityAction::LinkDemand, Read = "PATH")]
    public ref class TypesWithLinkDemands
    {
    protected:
        virtual void UnsecuredMethod() {}

        [EnvironmentPermission(SecurityAction::InheritanceDemand, 
           Read = "PATH")]
        virtual void SecuredMethod() {}
    };
}

Review declarative security on value types

Secured types should not expose fields

Do not indirectly expose methods with link demands

Override link demands should be identical to base

See Also

Concepts

Inheritance Demands

Link Demands

Other Resources

Secure Coding Guidelines

Data Access