CA2126: Type link demands require inheritance demands

  • Article

TypeName

TypeLinkDemandsRequireInheritanceDemands

CheckId

CA2126

Category

Microsoft.Security

Breaking Change

Breaking

Cause

A public unsealed type is protected with a link demand, has an overridable method, and neither the type nor the method is protected with an inheritance demand.

Rule Description

A link demand on a method or its declaring type requires the immediate caller of the method to have the specified permission. An inheritance demand on a method requires an overriding method to have the specified permission. An inheritance demand on a type requires a deriving class to have the specified permission.

How to Fix Violations

To fix a violation of this rule, secure the type or the method with an inheritance demand for the same permission as the link demand.

When to Suppress Warnings

Do not suppress a warning from this rule.

Example

The following example shows a type that violates the rule.

Imports System
Imports System.Security.Permissions

Namespace SecurityLibrary

    <EnvironmentPermission(SecurityAction.LinkDemand, Read:="PATH")> _
    Public Class TypesWithLinkDemands

        Protected Overridable Sub UnsecuredMethod()
        End Sub

        <EnvironmentPermission(SecurityAction.InheritanceDemand, Read:="PATH")> _
        Protected Overridable Sub SecuredMethod()
        End Sub 

    End Class 

End Namespace

using System;
using System.Security.Permissions;

namespace SecurityLibrary
{
   [EnvironmentPermission(SecurityAction.LinkDemand, Read = "PATH")]
   public class TypesWithLinkDemands
   {
      public virtual void UnsecuredMethod() {}

      [EnvironmentPermission(SecurityAction.InheritanceDemand, Read = "PATH")]
      public virtual void SecuredMethod() { }
   }
}

using namespace System;
using namespace System::Security::Permissions;

namespace SecurityLibrary
{
    [EnvironmentPermission(SecurityAction::LinkDemand, Read = "PATH")]
    public ref class TypesWithLinkDemands
    {
    protected:
        virtual void UnsecuredMethod() {}

        [EnvironmentPermission(SecurityAction::InheritanceDemand, 
           Read = "PATH")]
        virtual void SecuredMethod() {}
    };
}

CA2108: Review declarative security on value types

CA2112: Secured types should not expose fields

CA2122: Do not indirectly expose methods with link demands

CA2123: Override link demands should be identical to base

See Also

Concepts

Inheritance Demands

Link Demands

Demands

Other Resources

Secure Coding Guidelines