CS.SV.LINK_DEMAND.LEVEL2

Level 2 assemblies should not contain LinkDemands.

LinkDemands are deprecated in the level 2 security rule set. Instead of using LinkDemands to enforce security at just-in-time (JIT) compilation time, mark the methods, types, and fields with the SecurityCriticalAttribute attribute.

Mitigation and prevention

To fix a violation of this rule, remove the LinkDemand and mark the type or member with the SecurityCriticalAttribute attribute.

Vulnerable code example

Copy

2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
  using System;
  using System.Security;
  using System.Security.Permissions;
  
  namespace TransparencyWarningsDemo
  {
  
      public class MethodsProtectedWithLinkDemandsClass
     {
         // CA2135 violation - the LinkDemand should be removed, and the method marked [SecurityCritical] instead
         [SecurityPermission(SecurityAction.LinkDemand, UnmanagedCode = true)]
         public void ProtectedMethod()
         {
         }
     }
 }

In the example, the LinkDemand should be removed and the method marked with the SecurityCriticalAttribute attribute.