问题
I am using VSTS 2008 + .Net 2.0 + C#. And I am running Code Analysis after build. I got the following confusing security warning. Here is the warning and related code, any ideas what is wrong? If there is security warning, how to fix it?
System.Diagnostics.Process myProcess = new System.Diagnostics.Process();
myProcess.StartInfo.FileName = "IExplore.exe";
myProcess.StartInfo.Arguments = @"default.html";
myProcess.StartInfo.Verb = "runas";
myProcess.Start();
warning : CA2122 : Microsoft.Security : 'TestHtml()' calls into 'Process.Start()' which has a LinkDemand. By making this call, 'Process.Start()' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection:
回答1:
Your method calls Foo that calls into a Process.Start which is protected by a link demand for Full Trust. In order to avoid the problem that FxCop is warning you about, you should add a link demand or full demand for the same permissions to your method.
You can fix it by adding to your method
[PermissionSetAttribute(SecurityAction.LinkDemand, Name="FullTrust")]
See http://msdn.microsoft.com/en-us/library/970x52db.aspx
回答2:
More information about security warnings and CA2122 - Do not indirectly expose methods with link demands
来源:https://stackoverflow.com/questions/1147220/what-does-this-security-warning-mean-net-process-class