Dela via


CA2136: Members should not have conflicting transparency annotations

TypeName

TransparencyAnnotationsShouldNotConflict

CheckId

CA2136

Category

Microsoft.Security

Breaking Change

Breaking

Cause

This rule fires when a type member is marked with a System.Security security attribute that has a different transparency than the security attribute of a container of the member.

Rule Description

Transparency attributes are applied from code elements of larger scope to elements of smaller scope. The transparency attributes of code elements with larger scope take precedence over transparency attributes of code elements that are contained in the first element. For example, a class that is marked with the SecurityCriticalAttribute attribute cannot contain a method that is marked with the SecuritySafeCriticalAttribute attribute.

How to Fix Violations

To fix this violation, remove the security attribute from the code element that has lower scope, or change its attribute to be the same as the containing code element.

When to Suppress Warnings

Do not suppress warnings from this rule.

Example

In the following example, a method is marked with the SecuritySafeCriticalAttribute attribute and it is a member of a class that is marked with the SecurityCriticalAttribute attribute. The security safe attribute should be removed.

using System;
using System.Security;

namespace TransparencyWarningsDemo
{

    [SecurityCritical]
    public class CriticalClass
    {
        // CA2136 violation - this method is not really safe critical, since the larger scoped type annotation 
        // has precidence over the smaller scoped method annotation.  This can be fixed by removing the 
        // SecuritySafeCritical attribute on this method
        [SecuritySafeCritical]
        public void SafeCriticalMethod()
        {
        }
    }
}