5

I have Microsoft Extended Correctness Rules rule set for my Xamarin.IOS project. When I analysed I had many troubles:

  1. CA2123: Add the following security attribute to BooleanNegationConverter.Convert(object, Type, object, CultureInfo) in order to match a LinkDemand on base method IMvxValueConverter.Convert(object, Type, object, CultureInfo): SecurityCriticalAttribute.

Why I need set security attributes? For what? Or do I must do it?

  1. CA2134: Transparent or safe critical method .get() is overriding critical method [simple self interface].get() in violation of method override rules. .get() must become security critical in order to override a critical virtual method or implement a critical interface method.

The same... How I can fix it for IOS project? Why I have this problem.

Thanks!

Sven-Michael Stübe
  • 14,560
  • 4
  • 52
  • 103
Mykyta Bondarenko
  • 552
  • 2
  • 16

1 Answers1

5

The Code Access Security is only partially and experimentally implemented in Mono.

Code Access Security (CAS) is a new experimental (i.e. unsupported) feature in the Mono 1.2 release. It is complete enough to play with it but should not be used in production (incomplete and unaudited). The security manager is off by default.

These Warnings are important if the runtime uses this feature. It is not used in iOS and Android. So you can ignore it.

Sven-Michael Stübe
  • 14,560
  • 4
  • 52
  • 103
  • Thanks! Can I use use same way for next rules?: 1. **CA2140** - Transparent method `[MetodName]` references security critical type `List`. In order for this reference to be allowed under the security transparency rules, either `[MethodName]` must become security critical or safe-critical, or `List` become security safe-critical or transparent. 2. **CA2146** - Transparent or safe-critical type `[Type]` derives from critical type `[Interface]` in violation of the transparency inheritance rules. `[Type]` must be critical to derive from a critical type or implement a critical interface. – Mykyta Bondarenko Apr 27 '16 at 07:47
  • 1
    Yes they are all related to this CAS feature. I also tried to set the Security attributes globally for my libraries. But the problem is then, that 3rd party libraries have still this problem and the unit test runner will not run the test on windows, because this is .NET and .NET has this features implemented. So ignoring them and document why we do it, is how we handle it in our projects. – Sven-Michael Stübe Apr 27 '16 at 17:43