none
Where is the documentation for "CA2151 Fields with critical types should be security critical."? RRS feed

  • Question

  • I have a managed C++ CLI application written in .NET 4 & targetting VC++ 2010. Due to .NET limitation, my managed projects are at SecurityLevel 2 (All binaries are SecurityCritical) and the C++ CLI projects are at SecuirtyLevel 1 (All binaries are Transparent).

    Now, along with "CA2123 OverrideLinkDemandsShouldBeIdenticalToBase" I am getting "CA2151 Fields with critical types should be security critical." But I am not able to find any documentation for the same. (Mostly I will have to suppress CA 2151 too like I had suppress CA 2123)

    Can someone point me to its documentation (CA 2151)?




    • Edited by Ganesh Rao Friday, July 26, 2013 10:21 AM Removed underscore from Question
    Wednesday, July 24, 2013 12:29 PM

Answers

  • Hi Ganesh,

    I've filed a documentation bug for this issue. This will be worked on but I'm not sure when they will start on it as the technical writers are busy with the upcoming releases.

    You should see this fixed in a while.

    Thanks,
    Nibu Thomas


    Blog: http://ntcoder.com/bab


    Posts are provided as is without warranties or guaranties.

    • Marked as answer by Ganesh Rao Tuesday, September 3, 2013 10:46 PM
    Tuesday, September 3, 2013 12:10 PM
    Moderator

All replies

  • Hi Ganesh,

    Glad to see you again.

    Sorry for that I didn’t get this warning before, it doesn’t have it in the default rules “Microsoft.Security” in my side, if possible, you could check it in your side, please make sure that you don’t add your custom rule in your VS.

    Like this thread posed by you, if possible, you could resolve the CA2123 warning, and then check whether it has other warning like CA2151. Maybe it is generated by the default warning. If still no help, you could share me a simple sample, I will repro it in my VS.                                

    If there's any concern, please feel free to let me know.

    Best Regards,


    Jack Zhai [MSFT]
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, July 25, 2013 1:26 AM
    Moderator
  • Hi Jack,

    It is present in the default Microsoft Security Ruleset but it is marked as None i.e. by default it does not execute.

    CA 2151

    This comes if I enable that rule and add any member field that refers unmanaged code i.e. just add a private field in to C++ CLI ref class.

    e.g.

    #include <msclr/marshal.h>

    using namespace CSharpLibrary;

    namespace CPlusPlusCLIConsoleApp { public ref class MainClass : public IManagedClass { private: HINSTANCE m_hUnmanagedDataServiceLibrary; public: virtual void WriteSomething(); }; };}


    Again the problem here is that since C++ CLI is stuck at SecurityLevel 1, I am not sure of adding the SecurityCritical attribute on the member instance will help.




    • Edited by Ganesh Rao Friday, July 26, 2013 10:20 AM Added missing include directive
    Friday, July 26, 2013 10:16 AM
  • Hi Ganesh,

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Best Regards,


    Jack Zhai [MSFT]
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, July 29, 2013 6:26 AM
    Moderator
  • The following link has the documentation...

    http://msdn.microsoft.com/en-us/library/ms182305.aspx


    Blog: http://ntcoder.com/bab


    Posts are provided as is without warranties or guaranties.

    Tuesday, August 13, 2013 12:33 PM
    Moderator
  • Hi Nibu,

    I had posted this question for CA 2151 and not CA 2123.

    Thursday, August 15, 2013 1:18 PM
  • Sorry Ganesh, got confused with the numbers in the case. Checking on CA2151 I don't find any, the max documented error code of now is CA2149. Don't see any thing beyond this. I'll have to check with tech writers on this one. I'll get back to you.


    Blog: http://ntcoder.com/bab


    Posts are provided as is without warranties or guaranties.

    Friday, August 16, 2013 10:06 AM
    Moderator
  • I'm checking the product groups on why this is missing. Will keep you posted.

    Blog: http://ntcoder.com/bab


    Posts are provided as is without warranties or guaranties.

    Thursday, August 22, 2013 12:19 PM
    Moderator
  • Hi Ganesh,

    I've filed a documentation bug for this issue. This will be worked on but I'm not sure when they will start on it as the technical writers are busy with the upcoming releases.

    You should see this fixed in a while.

    Thanks,
    Nibu Thomas


    Blog: http://ntcoder.com/bab


    Posts are provided as is without warranties or guaranties.

    • Marked as answer by Ganesh Rao Tuesday, September 3, 2013 10:46 PM
    Tuesday, September 3, 2013 12:10 PM
    Moderator