有没有一种方法可以在自定义System.Security.IPermission实现上修复此FxCop CA2103警告?
作者:互联网
我有一个实现IPermission的类:
public class MySecurityPermission : IPermission
{
private string[] _demandRoles;
private string[] _denyRoles;
public MySecurityPermission(string[] demandRoles, string[] denyRoles)
{
this._demandRoles = demandRoles;
this._denyRoles = denyRoles;
}
}
现在,IPermission接口需要一个Copy()方法,该方法实现为:
public IPermission Copy()
{
return new MySecurityPermission(this._demandRoles.ToArray(), this._denyRoles.ToArray());
}
请注意,那里有.ToArray()调用,因为它进行数组的关闭/复制,并返回新的数组实例,而不是传递相同的数组.
这将导致FxCop CA2103:
“Review the following for a possible security vulnerability:
In ‘MySecurityPermission.Copy()’, the return value
of a call to ‘Enumerable.ToArray(this
IEnumerable)’ is being passed to a ‘MySecurityPermission’
constructor.”
有没有办法解决这个问题?我不太确定为什么FxCop甚至对此有所抱怨.如果有人可以解释,那就太好了.
解决方法:
似乎由于执行代码的位置而提高了规则.如果首先创建变量,则规则将通过:
public IPermission Copy()
{
var demand = _demandRoles.ToArray();
var deny = _denyRoles.ToArray();
return new MySecurityPermission(demand, deny);
}
标签:fxcop,c,net 来源: https://codeday.me/bug/20191201/2083757.html