CA2001: Avoid calling problematic methods
Note
This article applies to Visual Studio 2015. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here
| Item | Value |
|---|---|
| TypeName | AvoidCallingProblematicMethods |
| CheckId | CA2001 |
| Category | Microsoft.Reliability |
| Breaking Change | Non-breaking |
Cause
A member calls a potentially dangerous or problematic method.
Rule Description
Avoid making unnecessary and potentially dangerous method calls.
A violation of this rule occurs when a member calls one of the following methods.
| Method | Description |
|---|---|
| System.GC.Collect | Calling GC.Collect can significantly affect application performance and is rarely necessary. For more information, see the Rico Mariani's Performance Tidbits blog entry on MSDN. |
| System.Threading.Thread.Resume System.Threading.Thread.Suspend |
Thread.Suspend and Thread.Resume have been deprecated because of their unpredictable behavior. Use other classes in the System.Threading namespace, such as Monitor, Mutex, and Semaphore to synchronize threads or protect resources. |
| System.Runtime.InteropServices.SafeHandle.DangerousGetHandle | The DangerousGetHandle method poses a security risk because it can return a handle that is not valid. See the DangerousAddRef and the DangerousRelease methods for more information about how to use the DangerousGetHandle method safely. |
| System.Reflection.Assembly.LoadFrom System.Reflection.Assembly.LoadFile System.Reflection.Assembly.LoadWithPartialName |
These methods can load assemblies from unexpected locations. For example, see Suzanne Cook's .NET CLR Notes blog posts LoadFile vs. LoadFrom and Choosing a Binding Context on the MSDN Web site for information about methods that load assemblies. |
| CoSetProxyBlanket (Ole32) CoInitializeSecurity (Ole32) |
By the time the user code starts executing in a managed process, it is too late to reliably call CoSetProxyBlanket. The common language runtime (CLR) takes initialization actions that may prevent the users P/Invoke from succeeding. If you do have to call CoSetProxyBlanket for a managed application, we recommend that you start the process by using a native code (C++) executable, call CoSetProxyBlanket in the native code, and then start your managed code application in process. (Be sure to specify a runtime version number.) |
How to Fix Violations
To fix a violation of this rule, remove or replace the call to the dangerous or problematic method.
When to Suppress Warnings
You should suppress messages from this rule only when no alternatives to the problematic method are available.