受保護型別不應公開欄位
更新:2007 年 11 月
型別名稱 |
SecuredTypesShouldNotExposeFields |
CheckId |
CA2112 |
分類 |
Microsoft.Security |
中斷變更 |
中斷 |
原因
公用或保護的型別包含公用欄位,而且由連結要求保護。
規則描述
如果程式碼可存取受連結要求保護的型別執行個體,則程式碼不必滿足連結要求即可存取型別的欄位。
如何修正違規
若要修正此規則的違規情形,請將欄位設成非公用,並加入傳回欄位資料的公用屬性或方法。型別的 LinkDemand 安全性檢查會保護對型別之屬性和方法的存取。但是,程式碼存取安全性不會套用在欄位。
隱藏警告的時機
為了兼顧安全性問題以及理想的設計結果,建議您將公用欄位改為非公用欄位,以修正這些違規的情形。如果欄位並未儲存應該繼續受保護的資訊,而您又不依賴欄位的內容,則可以隱藏這項規則的警告。
範例
下列範例包含具有不安全欄位的程式庫型別 (SecuredTypeWithFields)、可以建立程式庫型別之執行個體而且會將執行個體誤傳給沒有權限建立執行個體之型別的型別 (Distributor),以及即使沒有保護型別的權限但是仍然可以讀取執行個體欄位的應用程式程式碼。
下列程式庫程式碼會違反規則。
using System;
using System.Reflection;
using System.Security;
using System.Security.Permissions;
namespace SecurityRulesLibrary
{
// This code requires immediate callers to have full trust.
[System.Security.Permissions.PermissionSetAttribute(
System.Security.Permissions.SecurityAction.LinkDemand,
Name="FullTrust")]
public class SecuredTypeWithFields
{
// Even though the type is secured, these fields are not.
// Violates rule: SecuredTypesShouldNotExposeFields.
public double xValue;
public double yValue;
public SecuredTypeWithFields (double x, double y)
{
xValue = x;
yValue = y;
Console.WriteLine(
"Creating an instance of SecuredTypeWithFields.");
}
public override string ToString()
{
return String.Format (
"SecuredTypeWithFields {0} {1}", xValue, yValue);
}
}
}
因為連結要求會防護受保護型別,因此應用程式無法建立執行個體。下列類別能夠讓應用程式取得受保護型別的執行個體。
using System;
using System.Reflection;
using System.Security;
using System.Security.Permissions;
// This assembly executes with full trust.
namespace SecurityRulesLibrary
{
// This type creates and returns instances of the secured type.
// The GetAnInstance method incorrectly gives the instance
// to a type that does not have the link demanded permission.
public class Distributor
{
static SecuredTypeWithFields s = new SecuredTypeWithFields(22,33);
public static SecuredTypeWithFields GetAnInstance ()
{
return s;
}
public static void DisplayCachedObject ()
{
Console.WriteLine(
"Cached Object fields: {0}, {1}", s.xValue , s.yValue);
}
}
}
下列應用程式說明如果沒有存取受保護型別之方法的權限時,程式碼如何存取欄位。
using System;
using System.Security;
using System.Security.Permissions;
using SecurityRulesLibrary;
// This code executes with partial trust.
[assembly: System.Security.Permissions.PermissionSetAttribute(
System.Security.Permissions.SecurityAction.RequestRefuse,
Name = "FullTrust")]
namespace TestSecurityExamples
{
public class TestLinkDemandOnField
{
[STAThread]
public static void Main()
{
// Get an instance of the protected object.
SecuredTypeWithFields secureType = Distributor.GetAnInstance();
// Even though this type does not have full trust,
// it can directly access the secured type's fields.
Console.WriteLine(
"Secured type fields: {0}, {1}",
secureType.xValue,
secureType.yValue);
Console.WriteLine("Changing secured type's field...");
secureType.xValue = 99;
// Distributor must call ToString on the secured object.
Distributor.DisplayCachedObject();
// If the following line is uncommented, a security
// exception is thrown at JIT-compilation time because
// of the link demand for full trust that protects
// SecuredTypeWithFields.ToString().
// Console.WriteLine("Secured type {0}",secureType.ToString());
}
}
}
這個範例產生下列輸出。
Creating an instance of SecuredTypeWithFields.
Secured type fields: 22, 33
Changing secured type's field...
Cached Object fields: 99, 33