CS.SV.TRANSP.HPCE

Transparent methods may not use the HandleProcessCorruptingExceptions attribute.

This rule fires any method which is transparent and attempts to handle a process corrupting exception by using the HandleProcessCorruptedStateExceptionsAttribute attribute. A process corrupting exception is a CLR version 4.0 exception classification of exceptions such AccessViolationException. The HandleProcessCorruptedStateExceptionsAttribute attribute may only be used by security critical methods, and will be ignored if it is applied to a transparent method. To handle process corrupting exceptions, this method must become security critical or security safe-critical.

Vulnerable code example

Copy

2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
  using System;
  using System.Runtime.InteropServices;
  using System.Runtime.ExceptionServices;
  using System.Security;
  
  namespace TransparencyWarningsDemo
  {
  
     public class HandleProcessCorruptedStateExceptionClass
     {
         [DllImport("SomeModule.dll")]
         private static extern void NativeCode();
 
         // CA2139 violation - transparent method attempting to handle a process corrupting exception
         [HandleProcessCorruptedStateExceptions]
         public void HandleCorruptingExceptions()
         {
             try
             {
                 NativeCode();
             }
             catch (AccessViolationException) { }
         }
     }
 
 }

In this example, a transparent method is marked with the HandleProcessCorruptedStateExceptionsAttribute attribute and will fail the rule. The method should also be marked with the SecurityCriticalAttribute or the SecuritySafeCriticalAttribute attribute.