CA2137: Transparent methods must contain only verifiable IL
TypeName |
TransparentMethodsMustBeVerifiable |
CheckId |
CA2137 |
Category |
Microsoft.Security |
Breaking Change |
Breaking |
Cause
A method contains unverifiable code or returns a type by reference.
Rule Description
This rule fires on attempts by security transparent code to execute unverifiable MSIL (Microsoft Intermediate Language). However, the rule does not contain a full IL verifier, and instead uses heuristics to catch most violations of MSIL verification.
To be certain that your code contains only verifiable MSIL, run Peverify.exe (PEVerify Tool) on your assembly. Run PEVerify with the /transparent option which limits the output to only unverifiable transparent methods which would cause an error. If the /transparent option is not used, PEVerify also verifies critical methods that are allowed to contain unverifiable code.
How to Fix Violations
To fix a violation of this rule, mark the method with the SecurityCriticalAttribute or SecuritySafeCriticalAttribute attribute, or remove the unverifiable code.
When to Suppress Warnings
Do not suppress a warning from this rule.
Example
The method in this example uses unverifiable code and should be marked with the SecurityCriticalAttribute or SecuritySafeCriticalAttribute attribute.
using System;
using System.Security;
namespace TransparencyWarningsDemo
{
public class UnverifiableMethodClass
{
// CA2137 violation - transparent method with unverifiable code. This method should become critical or
// safe critical
// public unsafe byte[] UnverifiableMethod(int length)
// {
// byte[] bytes = new byte[length];
// fixed (byte* pb = bytes)
// {
// *pb = (byte)length;
// }
// return bytes;
// }
}
}