471,599 Members | 1,910 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,599 software developers and data experts.

Security Warnings From FXCop - CA2122 & CA2123

Hi There

I am inheriting from DateTimePicker class to create a DateTimePicker
control with a configurable back colour. I got the original code from
http://dotnet.mvps.org/ then converted it to C# and it works OK in .NET
2.0 except for two warnings from CodeAnalysis:

CA2123 : Microsoft.Security : The virtual method
DateTimePicker.WndProc(Message&):Void defined by type
'System.Windows.Forms.DateTimePicker' and its override
ExtendedDateTimePicker.WndProc(Message&):Void do not have the same
LinkDemand status. Add a LinkDemand where required.

CA2122 : Microsoft.Security :
ExtendedDateTimePicker.WndProc(Message&):Void calls into
DateTimePicker.WndProc(Message&):Void which has a LinkDemand. By making
this call, DateTimePicker.WndProc(Message&):Void is indirectly exposed
to user code. Review the following call stack that might expose a way
to circumvent security protection:
->System.Windows.Forms.DateTimePicker.WndProc(Syste m.Windows.Forms.Message@)
: Void
->PickupBooking.ExtendedDateTimePicker.WndProc

My knowledge of security is amatuer and I need to deploy this project
with no security warnings ... I would greatly appreciate if anyone
could show me how fix the warnings and/or point out some good .NET 2.0
resources for security novices.

Btw, my C# 2.0 code is below.

TIA
Bill

using System;
using System.Windows.Forms;
using System.ComponentModel;
using System.Drawing;

namespace PickupBooking
{
public class ExtendedDateTimePicker : DateTimePicker
{
private SolidBrush m_BackBrush;

[Browsable(true),
DesignerSerializationVisibility(DesignerSerializat ionVisibility.Visible)]

public override Color BackColor
{
get
{
return base.BackColor;
}
set
{
if (!(m_BackBrush == null))
{
m_BackBrush.Dispose();
}
base.BackColor = value;
m_BackBrush = new SolidBrush(this.BackColor);
this.Invalidate();
}
}

protected override void WndProc(ref Message m)
{
const Int32 WM_ERASEBKGND = 20;
if (m.Msg == WM_ERASEBKGND)
{
Graphics g = Graphics.FromHdc(m.WParam);
if (m_BackBrush == null)
{
m_BackBrush = new SolidBrush(this.BackColor);
}
g.FillRectangle(m_BackBrush, this.ClientRectangle);
g.Dispose();
}
else
{
base.WndProc(ref m);
}
}

protected override void Dispose(bool disposing)
{
if (disposing && !(m_BackBrush == null))
{
m_BackBrush.Dispose();
}
base.Dispose(disposing);
}
}
}

Nov 17 '05 #1
2 7830
Bill,

Kudos for running FxCop on your code. It's a good practice to engage
in.

To solve your problem, add the following attribute to your WndProc
method:

[SecurityPermission(SecurityAction.LinkDemand,
Flags=SecurityPermissionFlag.UnmanagedCode)]

This will cause a permission check to be made when the code is linked
to, to determine that the current permissions allow for unmanaged code to be
called.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

<or*******@yahoo.com.au> wrote in message
news:11*********************@o13g2000cwo.googlegro ups.com...
Hi There

I am inheriting from DateTimePicker class to create a DateTimePicker
control with a configurable back colour. I got the original code from
http://dotnet.mvps.org/ then converted it to C# and it works OK in .NET
2.0 except for two warnings from CodeAnalysis:

CA2123 : Microsoft.Security : The virtual method
DateTimePicker.WndProc(Message&):Void defined by type
'System.Windows.Forms.DateTimePicker' and its override
ExtendedDateTimePicker.WndProc(Message&):Void do not have the same
LinkDemand status. Add a LinkDemand where required.

CA2122 : Microsoft.Security :
ExtendedDateTimePicker.WndProc(Message&):Void calls into
DateTimePicker.WndProc(Message&):Void which has a LinkDemand. By making
this call, DateTimePicker.WndProc(Message&):Void is indirectly exposed
to user code. Review the following call stack that might expose a way
to circumvent security protection:
->System.Windows.Forms.DateTimePicker.WndProc(Syste m.Windows.Forms.Message@)
: Void
->PickupBooking.ExtendedDateTimePicker.WndProc

My knowledge of security is amatuer and I need to deploy this project
with no security warnings ... I would greatly appreciate if anyone
could show me how fix the warnings and/or point out some good .NET 2.0
resources for security novices.

Btw, my C# 2.0 code is below.

TIA
Bill

using System;
using System.Windows.Forms;
using System.ComponentModel;
using System.Drawing;

namespace PickupBooking
{
public class ExtendedDateTimePicker : DateTimePicker
{
private SolidBrush m_BackBrush;

[Browsable(true),
DesignerSerializationVisibility(DesignerSerializat ionVisibility.Visible)]

public override Color BackColor
{
get
{
return base.BackColor;
}
set
{
if (!(m_BackBrush == null))
{
m_BackBrush.Dispose();
}
base.BackColor = value;
m_BackBrush = new SolidBrush(this.BackColor);
this.Invalidate();
}
}

protected override void WndProc(ref Message m)
{
const Int32 WM_ERASEBKGND = 20;
if (m.Msg == WM_ERASEBKGND)
{
Graphics g = Graphics.FromHdc(m.WParam);
if (m_BackBrush == null)
{
m_BackBrush = new SolidBrush(this.BackColor);
}
g.FillRectangle(m_BackBrush, this.ClientRectangle);
g.Dispose();
}
else
{
base.WndProc(ref m);
}
}

protected override void Dispose(bool disposing)
{
if (disposing && !(m_BackBrush == null))
{
m_BackBrush.Dispose();
}
base.Dispose(disposing);
}
}
}

Nov 17 '05 #2
Thanks Nicholas
Bill

Nov 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by | last post: by
3 posts views Thread by Velvet | last post: by
reply views Thread by John Wright | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.