Share via


CA2106: Secure asserts

Note

This article applies to Visual Studio 2015. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here

Item Value
TypeName SecureAsserts
CheckId CA2106
Category Microsoft.Security
Breaking Change Breaking

Cause

A method asserts a permission and no security checks are performed on the caller.

Rule Description

Asserting a security permission without performing any security checks can leave an exploitable security weakness in your code. A security stack walk stops when a security permission is asserted. If you assert a permission without performing any checks on the caller, the caller could indirectly execute code by using your permissions. Asserts without security checks are permissible only when you are sure that the assert cannot be used in a harmful manner. An assert is harmless if the code you call is harmless, or users cannot pass arbitrary information to code that you call.

How to Fix Violations

To fix a violation of this rule, add a security demand to the method or its declaring type.

When to Suppress Warnings

Suppress a warning from this rule only after a careful security review.

See Also

System.Security.CodeAccessPermission.Assert Secure Coding Guidelines