2

I have a simple WinForms solution, with a Form that has a PropertyGrid in it. In Form's constructor, I set that propertyGrid's selected object:

    public FormSettings()
    {
        InitializeComponent();

        pgMisc.SelectedObject = Settings.Current;
    }

And I'm getting this warning by Code Analysis:

Warning 1 CA2122 : Microsoft.Security : 'FormSettings.FormSettings()' calls into 'PropertyGrid.SelectedObject.set(object)' which has a LinkDemand. By making this call, 'PropertyGrid.SelectedObject.set(object)' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection: ->'FormSettings.FormSettings()'
->'FormSettings.FormSettings()'

What am I doing wrong here? Is there a way to disable this warning if there's nothing I'm doing wrong.

Soner Gönül
  • 97,193
  • 102
  • 206
  • 364
Istrebitel
  • 2,963
  • 6
  • 34
  • 49
  • Related: http://stackoverflow.com/questions/4091162/do-i-need-to-worry-about-link-demands-in-a-full-trust-only-exe – Patrick Hofman Jul 19 '14 at 12:35
  • Also see http://msdn.microsoft.com/en-us/library/ms182303.aspx – Patrick Hofman Jul 19 '14 at 12:35
  • I don't get it. Setting control's property in form's constructor is unsafe? How do I set it then? In a run-once timer event or something? – Istrebitel Jul 19 '14 at 12:59
  • 2
    Pretty important to understand what FxCop does. It rubs your nose into very obscure details that programmers overlook all the time. Like this one, it is a way for untrusted code to get a reference to your Settings class. What you do about it is first determine if it matters. Do you conduct security reviews on your code? Do you *actually* ever let untrusted code run in your Winforms program? Important details that FxCop isn't smart enough to figure out by itself. The 99% answer to either of those questions is "no". So you say "thank you for reminding me" and turn the warning off. – Hans Passant Jul 19 '14 at 14:25
  • Okay, I see. But, just out of curiosity, what is the safe way to set object property in a constructor then? – Istrebitel Jul 19 '14 at 18:21

0 Answers0