CS.SV.CRITICAL_CONST
Security critical constants should be transparent.
Transparency enforcement is not enforced for constant values because compilers inline constant values so that no lookup is required at run time. Constant fields should be security transparent so that code reviewers do not assume that transparent code cannot access the constant.
Mitigation and prevention
To fix a violation of this rule, remove the SecurityCritical attribute from the field or value.
Vulnerable code example
2 using System;
3 using System.Security;
4
5 //[assembly: SecurityRules(SecurityRuleSet.Level2)]
6 //[assembly: AllowPartiallyTrustedCallers]
7
8 namespace TransparencyWarningsDemo
9 {
10
11 public enum EnumWithCriticalValues
12 {
13 TransparentEnumValue,
14
15 // CA2130 violation
16 [SecurityCritical]
17 CriticalEnumValue
18 }
19
20 public class ClassWithCriticalConstant
21 {
22 // CA2130 violation
23 [SecurityCritical]
24 public const int CriticalConstant = 21;
25 }
26 }
In the example, the enum value EnumWithCriticalValues.CriticalEnumValue and the constant CriticalConstant raise this warning. To fix the issues, remove the [SecurityCritical] attribute to make them security transparent.