diff options
author | Jesse Jones <jesjones@mono-cvs.ximian.com> | 2009-08-19 20:04:48 +0400 |
---|---|---|
committer | Jesse Jones <jesjones@mono-cvs.ximian.com> | 2009-08-19 20:04:48 +0400 |
commit | 5130eb7e7c1cde1718fd3510c1f0ec69af66eb59 (patch) | |
tree | 546f93917da49191d315d63d9df8c85f62efab9d | |
parent | 5037f60712702d5800e08de178fee0ea9a85d4d9 (diff) |
Edited the StaticConstructorsShouldBePrivateRule
rule description.
svn path=/trunk/mono-tools/; revision=140254
-rw-r--r-- | gendarme/rules/Gendarme.Rules.Security/ChangeLog | 5 | ||||
-rw-r--r-- | gendarme/rules/Gendarme.Rules.Security/StaticConstructorsShouldBePrivateRule.cs | 39 |
2 files changed, 10 insertions, 34 deletions
diff --git a/gendarme/rules/Gendarme.Rules.Security/ChangeLog b/gendarme/rules/Gendarme.Rules.Security/ChangeLog index 9aea7b8e..86317842 100644 --- a/gendarme/rules/Gendarme.Rules.Security/ChangeLog +++ b/gendarme/rules/Gendarme.Rules.Security/ChangeLog @@ -1,3 +1,8 @@ +2009-08-19 Jesse Jones <jesjones@mindspring.com> + + * StaticConstructorsShouldBePrivateRule.cs: Edited + the rule description. + 2009-07-07 Jesse Jones <jesjones@mindspring.com> * *Rule.cs: Edited most of the rule descriptions. diff --git a/gendarme/rules/Gendarme.Rules.Security/StaticConstructorsShouldBePrivateRule.cs b/gendarme/rules/Gendarme.Rules.Security/StaticConstructorsShouldBePrivateRule.cs index 4beb58a7..61d63c3a 100644 --- a/gendarme/rules/Gendarme.Rules.Security/StaticConstructorsShouldBePrivateRule.cs +++ b/gendarme/rules/Gendarme.Rules.Security/StaticConstructorsShouldBePrivateRule.cs @@ -31,43 +31,14 @@ using Gendarme.Framework.Rocks; namespace Gendarme.Rules.Security { - // TODO: FxCop says that VB does enforce this constraint. It would be nice to explain - // in a bit more detail why this is a problem. I think the issue is that it allows the ctor - // to be called earlier than it would have otherwise been called and (probably more - // important) it allows the ctor to be called multiple times. - /// <summary> - /// To avoid calls from user code, all static constructors must be private. C# enforces - /// this but some .NET languages (including VB .NET) do not. + /// This rule will fire if a type's static constructor is not private. This is a problem + /// because the static constructor is meant to be called by the runtime but if it is + /// not private then other code may call it as well which may lead to security + /// vulnerabilities. Note that C# and VB.NET enforce this rule. /// </summary> - /// <example> - /// Bad example (VB.NET): - /// <code> - /// Public Class PublicCctor - /// Public Shared Sub New () - /// End Sub - /// End Class - /// </code> - /// </example> - /// <example> - /// Good example (C#): - /// <code> - /// public class PrivateCctor { - /// ~PrivateCctor () { } // it is private - /// } - /// </code> - /// </example> - /// <example> - /// Good example (VB.NET): - /// <code> - /// Public Class PrivateCctor - /// Private Shared Sub New () - /// End Sub - /// End Class - /// </code> - /// </example> - [Problem ("Static constructors must be private because otherwise they may be called once or multiple times from user code.")] + [Problem ("Static constructors must be private because otherwise they may be called multiple times from user code.")] [Solution ("Change the static constructor access to private.")] [FxCopCompatibility ("Microsoft.Security", "CA2121:StaticConstructorsShouldBePrivate")] public class StaticConstructorsShouldBePrivateRule : Rule, ITypeRule { |