visual studio 2012 - Avoiding CA2122 from Code Analysis in VS2012 with SecuritySafeCritical fails -

-

i have here c++/cli solution isn't mixed native c++ (although have type too). consists of 3 projects, 2 relevant question.

the first 1 static library (.lib) , deals acitve diretytory matters.
second 1 executable main project (.exe) depends on other projects.

i'm new visual studio 2012 , want use advantages of tools code analysis. running code analysis on solution reveals several ca2122 warnings:

ca2122 not indirectly expose methods link demands

i understand security concerns related warning , think understood how deal it, although i'm new security stuff. warnings related active directory code when whole solution examined, while examining lib-project not appear , seems ok.

now core of problem:

  1. i tried mark methods i'm warned securitysafecritical attribute
    --> no changes, same warnings
  2. i've solved warning in project marking whole assembly securitycritical , adding securitysafecritical problematic method. not work since adding assemblyinfo.cpp marking assembly securitycritical not affect problem. (i know *.cpp seem obsolete in managed static librarys since code seem have complete in header files making kind of project obsolete... don't want have .dll every small part , want have stuff capsulated in own project instead of having loose header files or have mixed other regions)
  3. after tried mark whole assembly of main project securitytransparent because far understand securitysafecritical marked code can called securitytransparent or securitycritical code (what me every kind of security). --> securitysafecritical marked methods marked ca2141 warnings , many other methods produce new warnings (most of them related exception handling):

    ca2141:transparent methods must not satisfy linkdemands
    ca2140: transparent code must not reference security critical items

  4. so decided try marking assembly securitycritical too.
    --> securitysafecritical methods produce no warnings, there still these other warnings methods having exceptionhandling.
don't know how solve problem. assume having managed static library problem , when having dll-project maybe solve problem mentionend in 2., want avoid share *.dll project our programs.
searched solution found nothing in case. informations on topic rare, out of date (because related .net framework 2.0 while whole security thing seems changed massively .net framework 4.0) or hard understand me. hope has idea try or should do.


Comments

Post a Comment

Popular posts from this blog

Unable to remove the www from url on https using .htaccess -

-
i want remove www site url. ie. https://www.domainname.com.au https://domainname.com.au . i have tried various .htacces code nothing work me. here present code remove www http not work https. rewriteengine on rewritebase / rewritecond %{http_host} ^www\.(.*)$ [nc] rewriterule ^/(.*)$ http://%1/$1 [r=301,l] rewritecond %{https} off rewriterule ^(.*)$ https://domainname.com.au/$1 [r=301,l] rewriterule ^code-of-conducts/(.*)/$ code-of-conducts.php?type=$1 rewriterule ^parents/post-a-job/(.*)/edit/$ parents/post-a-job.php?action=edit&id=$1 rewriterule ^parents/post-a-job/(.*)/$ parents/post-a-job.php?job_type=$1 rewriterule ^parents/open-jobs/(.*)/delete/$ parents/open-jobs.php?action=delete&id=$1 rewriterule ^parent-profile/(.*)/$ parent-profile.php?id=$1 rewriterule ^parents/job-details/(.*)$ parents/job-details.php?applied_id=$1 rewriterule ^sitterprofile/(.*)/$ sitterprofile.php?id=$1 rewriterule ^sitter/job-board/state/(.*)/page/(.*)/$ sitter/job-board.ph...
Read more