Gendarme.Rules.Security
From Mono
Gendarme's security rules are located in the Gendarme.Rules.Security.dll assembly. Latest sources are available from anonymous SVN (http://anonsvn.mono-project.com/viewcvs/trunk/mono-tools/gendarme/rules/Gendarme.Rules.Security/) (tarball (http://anonsvn.mono-project.com/viewcvs/trunk/mono-tools/gendarme/rules/Gendarme.Rules.Security.tar.gz?view=tar)).
Rules
ArrayFieldsShouldNotBeReadOnlyRule
This rule warns if a type declares a public readonly array field. Marking a field readonly only prevents the field from being assigned a different value, the object itself can still be changed. This means, that the elements of the array can still be changed.
Bad example:
class Bad { public readonly string[] Array = new string[] { "A", "B" }; } HasPublicReadonlyArray obj = HasPublicReadonlyArray (); obj.Array[0] = "B"; // valid
Good example:
class Good { private readonly string[] array = new string[] { "A", "B" }; public string[] GetArray () { return (string []) array.Clone(); } } string[] obj = new HasPublicReadonlyArray ().GetArray (); obj [0] = "B"; // valid, but has no effect on other users
NativeFieldsShouldNotBeVisibleRule
This rule checks if a class exposes native fields. Native fields should not be public because you lose control over their lifetime (other code could free the memory or use it after it has been freed).
Bad example:
class HasPublicNativeField { public IntPtr NativeField; }
Good example:
class HasPrivateNativeField { private IntPtr NativeField; public void DoSomethingWithNativeField (); }
MethodCallWithSubsetLinkDemandRule
Bad example:
Good example:
NonVirtualMethodWithInheritanceDemandRule
Bad example:
Good example:
SealedTypeWithInheritanceDemandRule
Bad example:
Good example:
SecureGetObjectDataOverridesRule
Bad example:
Good example:
StaticConstructorsShouldBePrivateRule
To avoid calls from user code, all static constructors must be private. C# allows only private static constructors but some .NET languages (including VB .NET) do not permit defining non-private static constructors (Shared in VB .NET), which is not a good practice.
Good example (C#):
public class PrivateCctor { ~PrivateCctor () { } // it is private }
Good example (VB .NET):
Public Class PrivateCctor Private Shared Sub New () End Sub End Class
Bad example (VB .NET):
Public Class PublicCctor Public Shared Sub New () End Sub End Class
TypeExposeFieldsRule
Bad example:
Good example:
TypeIsNotSubsetOfMethodSecurityRule
This rule checks for types that have declarative security permission that aren't a subset of the security permission on some of their methods.
Bad example:
[SecurityPermission (SSP.SecurityAction.PermitOnly, Unrestricted = true)] public class Correct { [SecurityPermission (SSP.SecurityAction.PermitOnly, ControlThread = true)] public void Method () { } }
Good example:
[SecurityPermission (SSP.SecurityAction.PermitOnly, ControlThread = true)] public class Correct { [SecurityPermission (SSP.SecurityAction.PermitOnly, Unrestricted = true)] public void Method () { } }
TypeLinkDemandRule
The rule checks for types that are not sealed and that have a LinkDemand. In this case the type should also have an InheritanceDemand for the same permissions. An alternative fix is to seal the type.
Bad example:
[SecurityPermission (SecurityAction.LinkDemand, ControlThread = true)] public class Bad { }
Good examples:
[SecurityPermission (SecurityAction.LinkDemand, ControlThread = true)] [SecurityPermission (SecurityAction.InheritanceDemand, ControlThread = true)] public class Correct { }
[SecurityPermission (SecurityAction.LinkDemand, ControlThread = true)] public sealed class Correct { }
Feedback
Please report any documentation errors, typos or suggestions to the Gendarme Google Group (http://groups.google.com/group/gendarme). Thanks!
Powered by MediaWiki