Menu
I am using VSTS 2008 + .Net 2.0 + C#. And I am running Code Analysis after build. I got the following confusing security warning. Here is the warning and related code, any ideas what is wrong? If there is security warning, how to fix it?
System.Diagnostics.Process myProcess = new System.Diagnostics.Process();
myProcess.StartInfo.FileName = "IExplore.exe";
myProcess.StartInfo.Arguments = @"default.html";
myProcess.StartInfo.Verb = "runas";
myProcess.Start();
warning : CA2122 : Microsoft.Security : 'TestHtml()' calls into 'Process.Start()' which has a LinkDemand. By making this call, 'Process.Start()' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection:
731
Your method calls Foo that calls into a Process.Start which is protected by a link demand for Full Trust. In order to avoid the problem that FxCop is warning you about, you should add a link demand or full demand for the same permissions to your method.
You can fix it by adding to your method
[PermissionSetAttribute(SecurityAction.LinkDemand, Name="FullTrust")]
See http://msdn.microsoft.com/en-us/library/970x52db.aspx
51
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
