Re: Security Warnings From FXCop - CA2122 & CA2123
- From: "Nicholas Paldino [.NET/C# MVP]" <mvp@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 1 Aug 2005 12:57:43 -0400
Bill,
Kudos for running FxCop on your code. It's a good practice to engage
in.
To solve your problem, add the following attribute to your WndProc
method:
[SecurityPermission(SecurityAction.LinkDemand,
Flags=SecurityPermissionFlag.UnmanagedCode)]
This will cause a permission check to be made when the code is linked
to, to determine that the current permissions allow for unmanaged code to be
called.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mvp@xxxxxxxxxxxxxxxxxxxxxxxxxxx
<orekinbck@xxxxxxxxxxxx> wrote in message
news:1122887658.862215.55650@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hi There
>
> I am inheriting from DateTimePicker class to create a DateTimePicker
> control with a configurable back colour. I got the original code from
> http://dotnet.mvps.org/ then converted it to C# and it works OK in .NET
> 2.0 except for two warnings from CodeAnalysis:
>
> CA2123 : Microsoft.Security : The virtual method
> DateTimePicker.WndProc(Message&):Void defined by type
> 'System.Windows.Forms.DateTimePicker' and its override
> ExtendedDateTimePicker.WndProc(Message&):Void do not have the same
> LinkDemand status. Add a LinkDemand where required.
>
> CA2122 : Microsoft.Security :
> ExtendedDateTimePicker.WndProc(Message&):Void calls into
> DateTimePicker.WndProc(Message&):Void which has a LinkDemand. By making
> this call, DateTimePicker.WndProc(Message&):Void is indirectly exposed
> to user code. Review the following call stack that might expose a way
> to circumvent security protection:
> ->System.Windows.Forms.DateTimePicker.WndProc(System.Windows.Forms.Message@)
> : Void
> ->PickupBooking.ExtendedDateTimePicker.WndProc
>
> My knowledge of security is amatuer and I need to deploy this project
> with no security warnings ... I would greatly appreciate if anyone
> could show me how fix the warnings and/or point out some good .NET 2.0
> resources for security novices.
>
> Btw, my C# 2.0 code is below.
>
> TIA
> Bill
>
> using System;
> using System.Windows.Forms;
> using System.ComponentModel;
> using System.Drawing;
>
> namespace PickupBooking
> {
> public class ExtendedDateTimePicker : DateTimePicker
> {
> private SolidBrush m_BackBrush;
>
> [Browsable(true),
> DesignerSerializationVisibility(DesignerSerializationVisibility.Visible)]
>
> public override Color BackColor
> {
> get
> {
> return base.BackColor;
> }
> set
> {
> if (!(m_BackBrush == null))
> {
> m_BackBrush.Dispose();
> }
> base.BackColor = value;
> m_BackBrush = new SolidBrush(this.BackColor);
> this.Invalidate();
> }
> }
>
> protected override void WndProc(ref Message m)
> {
> const Int32 WM_ERASEBKGND = 20;
> if (m.Msg == WM_ERASEBKGND)
> {
> Graphics g = Graphics.FromHdc(m.WParam);
> if (m_BackBrush == null)
> {
> m_BackBrush = new SolidBrush(this.BackColor);
> }
> g.FillRectangle(m_BackBrush, this.ClientRectangle);
> g.Dispose();
> }
> else
> {
> base.WndProc(ref m);
> }
> }
>
> protected override void Dispose(bool disposing)
> {
> if (disposing && !(m_BackBrush == null))
> {
> m_BackBrush.Dispose();
> }
> base.Dispose(disposing);
> }
> }
> }
>
.
- Follow-Ups:
- Re: Security Warnings From FXCop - CA2122 & CA2123
- From: orekinbck
- Re: Security Warnings From FXCop - CA2122 & CA2123
- References:
- Security Warnings From FXCop - CA2122 & CA2123
- From: orekinbck
- Security Warnings From FXCop - CA2122 & CA2123
- Prev by Date: Error message with AutoNumber column issue- update DB
- Next by Date: Re: Passing Business Objects through nTier Web App
- Previous by thread: Security Warnings From FXCop - CA2122 & CA2123
- Next by thread: Re: Security Warnings From FXCop - CA2122 & CA2123
- Index(es):
Relevant Pages
|
