CA2137: Transparent methods must contain only verifiable IL

TypeName

TransparentMethodsMustBeVerifiable

CheckId

CA2137

Category

Microsoft.Security

Breaking Change

Breaking

Cause

A method contains unverifiable code or returns a type by reference.

Rule Description

This rule fires on attempts by security transparent code to execute unverifiable MSIL (Microsoft Intermediate Language). However, the rule does not contain a full IL verifier, and instead uses heuristics to catch most violations of MSIL verification.

To be certain that your code contains only verifiable MSIL, run Peverify.exe (PEVerify Tool) on your assembly. Run PEVerify with the /transparent option which limits the output to only unverifiable transparent methods which would cause an error. If the /transparent option is not used, PEVerify also verifies critical methods that are allowed to contain unverifiable code.

How to Fix Violations

To fix a violation of this rule, mark the method with the SecurityCriticalAttribute or SecuritySafeCriticalAttribute attribute, or remove the unverifiable code.

When to Suppress Warnings

Do not suppress a warning from this rule.

Example

The method in this example uses unverifiable code and should be marked with the SecurityCriticalAttribute or SecuritySafeCriticalAttribute attribute.

using System;
using System.Security;


namespace TransparencyWarningsDemo
{

    public class UnverifiableMethodClass
    {
        // CA2137 violation - transparent method with unverifiable code.  This method should become critical or
        // safe critical 
    //    public unsafe byte[] UnverifiableMethod(int length)
    //    {
    //        byte[] bytes = new byte[length];
    //        fixed (byte* pb = bytes)
    //        {
    //            *pb = (byte)length;
    //        }

    //        return bytes;
    //    }
    }

}