Share via


CA2001: Avoid calling problematic methods

Note

This article applies to Visual Studio 2015. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here

Item Value
TypeName AvoidCallingProblematicMethods
CheckId CA2001
Category Microsoft.Reliability
Breaking Change Non-breaking

Cause

A member calls a potentially dangerous or problematic method.

Rule Description

Avoid making unnecessary and potentially dangerous method calls.

A violation of this rule occurs when a member calls one of the following methods.

Method Description
System.GC.Collect Calling GC.Collect can significantly affect application performance and is rarely necessary. For more information, see the Rico Mariani's Performance Tidbits blog entry on MSDN.
System.Threading.Thread.Resume

System.Threading.Thread.Suspend
Thread.Suspend and Thread.Resume have been deprecated because of their unpredictable behavior. Use other classes in the System.Threading namespace, such as Monitor, Mutex, and Semaphore to synchronize threads or protect resources.
System.Runtime.InteropServices.SafeHandle.DangerousGetHandle The DangerousGetHandle method poses a security risk because it can return a handle that is not valid. See the DangerousAddRef and the DangerousRelease methods for more information about how to use the DangerousGetHandle method safely.
System.Reflection.Assembly.LoadFrom

System.Reflection.Assembly.LoadFile

System.Reflection.Assembly.LoadWithPartialName
These methods can load assemblies from unexpected locations. For example, see Suzanne Cook's .NET CLR Notes blog posts LoadFile vs. LoadFrom and Choosing a Binding Context on the MSDN Web site for information about methods that load assemblies.
CoSetProxyBlanket (Ole32)

CoInitializeSecurity (Ole32)
By the time the user code starts executing in a managed process, it is too late to reliably call CoSetProxyBlanket. The common language runtime (CLR) takes initialization actions that may prevent the users P/Invoke from succeeding.

If you do have to call CoSetProxyBlanket for a managed application, we recommend that you start the process by using a native code (C++) executable, call CoSetProxyBlanket in the native code, and then start your managed code application in process. (Be sure to specify a runtime version number.)

How to Fix Violations

To fix a violation of this rule, remove or replace the call to the dangerous or problematic method.

When to Suppress Warnings

You should suppress messages from this rule only when no alternatives to the problematic method are available.

See Also

Reliability Warnings