Do not indirectly expose methods FxCop Error

"John Wright" <ri**********@notmail.comwrote in
news:e9**************@TK2MSFTNGP02.phx.gbl:

Here is the code that is being called

Public Function GetUserGroups(ByVal Domain As String, ByVal Username
As String) As List(Of String)

GetUserGroups = New List(Of String)

Dim ADGroups As Object

Dim adGroup As Object

'Code that retrieves a user's LDAP groups based on login

Return GetUserGroups

End Function

GetUserGroups is making a function call to itself.

You should be doing:

Dim _NewGroups as New List(Of String)

Return _NewGroups

"Spam Catcher" <sp**********@rogers.comschrieb:

>Here is the code that is being called

Public Function GetUserGroups(ByVal Domain As String, ByVal Username
As String) As List(Of String)

GetUserGroups = New List(Of String)

Dim ADGroups As Object

Dim adGroup As Object

'Code that retrieves a user's LDAP groups based on login

Return GetUserGroups

End Function

GetUserGroups is making a function call to itself.

You should be doing:

Dim _NewGroups as New List(Of String)

Return _NewGroups

.... or alternatively just assign the result to the function's name and omit
the 'Return' and use 'Exit Function' instead if it's not already the last
line of the procedure.

--
M S Herfried K. Wagner
M V P <URL:http://dotnet.mvps.org/>
V B <URL:http://dotnet.mvps.org/dotnet/faqs/>

Well, FXCop will complain that you shouldn't be returning List<Teither.

That should be either an Interface, or one of the
System.Collection.ObjectModel collections.

--
Chris Mullins, MCSD.NET, MCPD:Enterprise, MVP C#
http://www.coversant.net/blogs/cmullins

"Herfried K. Wagner [MVP]" <hi***************@gmx.atwrote in message
news:%2****************@TK2MSFTNGP06.phx.gbl...

"Spam Catcher" <sp**********@rogers.comschrieb:

>>Here is the code that is being called

Public Function GetUserGroups(ByVal Domain As String, ByVal Username
As String) As List(Of String)

GetUserGroups = New List(Of String)

Dim ADGroups As Object

Dim adGroup As Object

'Code that retrieves a user's LDAP groups based on login

Return GetUserGroups

End Function

GetUserGroups is making a function call to itself.

You should be doing:

Dim _NewGroups as New List(Of String)

Return _NewGroups

... or alternatively just assign the result to the function's name and
omit the 'Return' and use 'Exit Function' instead if it's not already the
last line of the procedure.

--
M S Herfried K. Wagner
M V P <URL:http://dotnet.mvps.org/>
V B <URL:http://dotnet.mvps.org/dotnet/faqs/>

John,

I don't know the exact answer, however I gues that a Friend function instead
of a Public function has a lot lower security risc.

Cor

"John Wright" <ri**********@notmail.comschreef in bericht
news:e9**************@TK2MSFTNGP02.phx.gbl...

>I ran FxCop against a program and was pleased with the security review
except I get the following error:

Do not indirectly expose methods

How would I fix this code so this error goes away. I think I understand
the error, but not the fix. I really need to fix this as it is called
from other programs and I do not want code elevating privileges in this
function.

Thanks.

John

Here is the code that is being called

Public Function GetUserGroups(ByVal Domain As String, ByVal Username As
String) As List(Of String)

GetUserGroups = New List(Of String)

Dim ADGroups As Object

Dim adGroup As Object

'Code that retrieves a user's LDAP groups based on login

Return GetUserGroups

End Function

"Chris Mullins [MVP]" <cm******@yahoo.comwrote in news:#XjPthDPHHA.2312
@TK2MSFTNGP04.phx.gbl:

Well, FXCop will complain that you shouldn't be returning List<Teither.

That should be either an Interface, or one of the
System.Collection.ObjectModel collections.

Just curious, how serious do you guys take FXCop? Is it overboard? Or are
most of the suggestions valid?

Spam,

Just curious, how serious do you guys take FXCop? Is it overboard? Or are
most of the suggestions valid?

I normally use "Code Analysis" from Visual Studio Team Suite; I take the
suggests very serious. As most of the rules are based on the .NET Design
Guidelines.

I don't consider it overboard, especially when creating control libraries
that others will consume. I consider most (99%) of the suggestions valid,
however there are a couple I turn off. For example I turn off CA1725 as VB
assigns the "wrong" parameter name with it emits properties in interfaces.
(Which reminds me I need to file a bug report). I also watch CA1004 closely
as I will use the type parameters to encapsulate downcasts, especially where
the encapsulated function expects a System.Type; for example:

Public Function GetCustomAttribute(Of T As Attribute)() As T
Dim assembly As System.Reflection.Assembly =
System.Reflection.Assembly.GetExecutingAssembly()
Dim attributes As Object() =
assembly.GetCustomAttributes(GetType(T), True)
If attributes Is Nothing OrElse attributes.Length = 0 Then Return
Nothing
Return DirectCast(attributes(0), T)
End Function
I understand that Code Analysis is derived from (compatible with) FxCop.
--
Hope this helps
Jay B. Harlow [MVP - Outlook]
..NET Application Architect, Enthusiast, & Evangelist
T.S. Bradley - http://www.tsbradley.net
"Spam Catcher" <sp**********@rogers.comwrote in message
news:Xn*********************************@127.0.0.1 ...

"Chris Mullins [MVP]" <cm******@yahoo.comwrote in news:#XjPthDPHHA.2312
@TK2MSFTNGP04.phx.gbl:

>Well, FXCop will complain that you shouldn't be returning List<Teither.

That should be either an Interface, or one of the
System.Collection.ObjectModel collections.

Just curious, how serious do you guys take FXCop? Is it overboard? Or are
most of the suggestions valid?