E
Eric Sabine
I'm running FX Cop on my assembly and on a form, tons of my labels and
buttons are being flagged with this error. I don't really get the error and
what I am supposed to do to resolve the error. I know that even the form
generated code isn't FxCop "safe" in the 1.1 DNF but apparently 2.0 will be.
Until then... can someone explan to me what needs to be fixed?
The button in this example is a simple one called cmdClear.
thanks
Eric
Error, Certainty 50, for
"UnsealedPublicTypesDoNotHaveInternalVirtualMembers"
{
Target : "set_cmdClear(System.Windows.Forms.Button):System.Void"
(IntrospectionTargetMethod)
Resolution : "The method 'set_cmdClear' is an internal, virtual method
defined in public type 'SearchDialog1'. Change the method to be non-virtual,
or secure the type with an inheritance demand for a strong name key that you
own.
"
Help : "file:
http://www.gotdotnet.com/team/fxcop/docs/rules/SecurityRules/InternalVirtualMbrs.html "
(String)
RuleFile : "SecurityRules.dll" (String)
Info : "When internal virtual members exist on a public type running on
version 1.0 of the .NET Framework, subclasses
can overwrite the internal virtual member, possibly creating an exploitable
security weakness."
More Info : "Callers might assume that they are accessing a member that is
defined internally, when the code being executed is actually defined in a
subclass of the type. Even though the 'internal' keyword is present on the
virtual member, on version 1.0 of the .NET framework this subclass
can be located in a different assembly. If the caller asserts permissions
before accessing the overridden member, the member code could run with
elevated permissions. Also, callers that make decisions based on data
returned by the member might be vulnerable to attack. While the assembly
containing the subclass must have access to the defining type in order to
override its members,the 'internal' key word is not, by itself, sufficient
to prevent this access. If you do not fix a violation of this rule, be sure
to review all code that calls this method to ensure any information returned
by the vulnerable member is being used safely."
Created : "6/17/2004 3:29:23 PM" (DateTime)
LastSeen : "6/17/2004 4:14:58 PM" (DateTime)
Status : Active (MessageStatus)
buttons are being flagged with this error. I don't really get the error and
what I am supposed to do to resolve the error. I know that even the form
generated code isn't FxCop "safe" in the 1.1 DNF but apparently 2.0 will be.
Until then... can someone explan to me what needs to be fixed?
The button in this example is a simple one called cmdClear.
thanks
Eric
Error, Certainty 50, for
"UnsealedPublicTypesDoNotHaveInternalVirtualMembers"
{
Target : "set_cmdClear(System.Windows.Forms.Button):System.Void"
(IntrospectionTargetMethod)
Resolution : "The method 'set_cmdClear' is an internal, virtual method
defined in public type 'SearchDialog1'. Change the method to be non-virtual,
or secure the type with an inheritance demand for a strong name key that you
own.
"
Help : "file:
http://www.gotdotnet.com/team/fxcop/docs/rules/SecurityRules/InternalVirtualMbrs.html "
(String)
RuleFile : "SecurityRules.dll" (String)
Info : "When internal virtual members exist on a public type running on
version 1.0 of the .NET Framework, subclasses
can overwrite the internal virtual member, possibly creating an exploitable
security weakness."
More Info : "Callers might assume that they are accessing a member that is
defined internally, when the code being executed is actually defined in a
subclass of the type. Even though the 'internal' keyword is present on the
virtual member, on version 1.0 of the .NET framework this subclass
can be located in a different assembly. If the caller asserts permissions
before accessing the overridden member, the member code could run with
elevated permissions. Also, callers that make decisions based on data
returned by the member might be vulnerable to attack. While the assembly
containing the subclass must have access to the defining type in order to
override its members,the 'internal' key word is not, by itself, sufficient
to prevent this access. If you do not fix a violation of this rule, be sure
to review all code that calls this method to ensure any information returned
by the vulnerable member is being used safely."
Created : "6/17/2004 3:29:23 PM" (DateTime)
LastSeen : "6/17/2004 4:14:58 PM" (DateTime)
Status : Active (MessageStatus)