Rule Wars
All rules
CA2109Security Enabled by default: No

Review visible event handlers

Review visible event handlers

Microsoft docs

Description

An externally visible event-handling method presents a security issue that requires review.

Do not expose event-handling methods unless absolutely necessary. An event handler, a delegate type, that invokes the exposed method can be added to any event as long as the handler and event signatures match. Events can potentially be raised by any code, and are frequently raised by highly trusted system code in response to user actions such as clicking a button. Adding a security check to an event-handling method does not prevent code from registering an event handler that invokes the method.

A demand cannot reliably protect a method invoked by an event handler. Security demands help protect code from untrusted callers by examining the callers on the call stack. Code that adds an event handler to an event is not necessarily present on the call stack when the event handler's methods run. Therefore, the call stack might have only highly trusted callers when the event handler method is invoked. This causes demands made by the event handler method to succeed. Also, the demanded permission might be asserted when the method is invoked. For these reasons, the risk of not fixing a violation of this rule can only be assessed after reviewing the event-handling method. When you review your code, consider the following issues:

  • Does your event handler perform any operations that are dangerous or exploitable, such as asserting permissions or suppressing unmanaged code permission?
  • What are the security threats to and from your code because it can run at any time with only highly trusted callers on the stack?

Cause

A public or protected event-handling method was detected. This rule has been deprecated. It last shipped with Microsoft.CodeAnalysis.NetAnalyzers 7.0.0 NuGet package and the .NET 7 SDK. The rule was removed because the threat that the analyzer warned about (an untrusted intermediary hooking a privileged event handler to a privileged event invoker) hasn't existed since .NET Framework 4.5.

How to fix violations

To fix a violation of this rule, review the method and evaluate the following:

  • Can you make the event-handling method non-public?
  • Can you move all dangerous functionality out of the event handler?
  • If a security demand is imposed, can this be accomplished in some other manner?

Example

#pragma warning disable CA2109
// The code that's violating the rule is on this line.
#pragma warning restore CA2109

When to suppress

Suppress a warning from this rule only after a careful security review to make sure that your code does not pose a security threat.

Your vote
Join a group to vote
Group results
0 yes 0 no
ConsensusNone (disabled)
Severity preference (yes voters)
Suggestion0
Warning0
Error0