This warning is reported in situations when one object, with type Object, is cast to another object with the possibility of lost data or even program failure.

Vulnerability and risk

Either data may be lost, or the program may fail.

Example 1

1                  using System;
2                  public class A {
3                     public int a;
4                  }
5                  public class ClassCastTests {
6                      public void foo() {
7                          A a;
8                          Object o = new object();
9                          a = (A)o;
10                     }
11                 }

Object o of class Object and object a of class A are declared on lines 7-8. Then, on line 9, Object is cast to A, which is invalid.

Security training

Application security training materials provided by Secure Code Warrior.