Do not indirectly expose methods FxCop Error

[John Wright]

I ran FxCop against a program and was pleased with the security review
except I get the following error:

Do not indirectly expose methods

How would I fix this code so this error goes away. I think I understand the
error, but not the fix. I really need to fix this as it is called from
other programs and I do not want code elevating privileges in this function.

Thanks.

John

Here is the code that is being called

Public Function GetUserGroups(ByVal Domain As String, ByVal Username As
String) As List(Of String)

GetUserGroups = New List(Of String)

Dim ADGroups As Object

Dim adGroup As Object

'Code that retrieves a user's LDAP groups based on login

Return GetUserGroups

End Function

 

[Guest]

Here is the code that is being called

Public Function GetUserGroups(ByVal Domain As String, ByVal Username
As String) As List(Of String)

GetUserGroups = New List(Of String)

Dim ADGroups As Object

Dim adGroup As Object

'Code that retrieves a user's LDAP groups based on login

Return GetUserGroups

End Function

GetUserGroups is making a function call to itself.

You should be doing:

Dim _NewGroups as New List(Of String)

Return _NewGroups

 

[Herfried K. Wagner [MVP]]

GetUserGroups is making a function call to itself.

You should be doing:

Dim _NewGroups as New List(Of String)

Return _NewGroups

.... or alternatively just assign the result to the function's name and omit
the 'Return' and use 'Exit Function' instead if it's not already the last
line of the procedure.

 

[Chris Mullins [MVP]]

Well, FXCop will complain that you shouldn't be returning List<T> either.

That should be either an Interface, or one of the
System.Collection.ObjectModel collections.

 

[Cor Ligthert [MVP]]

John,

I don't know the exact answer, however I gues that a Friend function instead
of a Public function has a lot lower security risc.

Cor

 

[Guest]

Well, FXCop will complain that you shouldn't be returning List<T> either.

That should be either an Interface, or one of the
System.Collection.ObjectModel collections.

Just curious, how serious do you guys take FXCop? Is it overboard? Or are
most of the suggestions valid?

 

[Jay B. Harlow [MVP - Outlook]]

Spam,

Just curious, how serious do you guys take FXCop? Is it overboard? Or are
most of the suggestions valid?

I normally use "Code Analysis" from Visual Studio Team Suite; I take the
suggests very serious. As most of the rules are based on the .NET Design
Guidelines.

I don't consider it overboard, especially when creating control libraries
that others will consume. I consider most (> 99%) of the suggestions valid,
however there are a couple I turn off. For example I turn off CA1725 as VB
assigns the "wrong" parameter name with it emits properties in interfaces.
(Which reminds me I need to file a bug report). I also watch CA1004 closely
as I will use the type parameters to encapsulate downcasts, especially where
the encapsulated function expects a System.Type; for example:

Public Function GetCustomAttribute(Of T As Attribute)() As T
Dim assembly As System.Reflection.Assembly =
System.Reflection.Assembly.GetExecutingAssembly()
Dim attributes As Object() =
assembly.GetCustomAttributes(GetType(T), True)
If attributes Is Nothing OrElse attributes.Length = 0 Then Return
Nothing
Return DirectCast(attributes(0), T)
End Function


I understand that Code Analysis is derived from (compatible with) FxCop.