RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5393 below:

CA5393: Do not use unsafe DllImportSearchPath value (code analysis) - .NET

Property Value Rule ID CA5393 Title Do not use unsafe DllImportSearchPath value Category Security Fix is breaking or non-breaking Non-breaking Enabled by default in .NET 9 No Cause

Using one of the unsafe values of <xref:System.Runtime.InteropServices.DllImportSearchPath?displayProperty=fullName:

AssemblyDirectory
UseDllDirectoryForDependencies
ApplicationDirectory
LegacyBehavior

Rule description

There could be a malicious DLL in the default DLL search directories and assembly directories. Or, depending on where your application is run from, there could be a malicious DLL in the application's directory.

For more information, see Load Library Safely.

How to fix violations

Use safe values of DllImportSearchPath to specify an explicit search path instead:

SafeDirectories
System32
UserDirectories

When to suppress warnings

It's safe to suppress this rule if:

You're sure the loaded assembly is what you want.
The imported assembly is a commonly used system assembly, like user32.dll, and the search path strategy follows the Known DLLs mechanism.

Suppress a warning

If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.

#pragma warning disable CA5393
// The code that's violating the rule is on this line.
#pragma warning restore CA5393

To disable the rule for a file, folder, or project, set its severity to none in the configuration file.

[*.{cs,vb}]
dotnet_diagnostic.CA5393.severity = none

For more information, see How to suppress code analysis warnings.

Configure code to analyze

Use the following option to configure which parts of your codebase to run this rule on.

Unsafe DllImportSearchPath bits

You can configure this option for just this rule, for all rules it applies to, or for all rules in this category (Security) that it applies to. For more information, see Code quality rule configuration options.

Unsafe DllImportSearchPath bits

You can configure which value of DllImportSearchPath is unsafe for the analysis. For example, to specify that the code should not use AssemblyDirectory, UseDllDirectoryForDependencies or ApplicationDirectory, add the following key-value pair to an .editorconfig file in your project:

dotnet_code_quality.CA5393.unsafe_DllImportSearchPath_bits = 770

You should specify the integer value of a bitwise combination of the enumeration's values.

Pseudo-code examples

using System;
using System.Runtime.InteropServices;

class ExampleClass
{
    [DllImport("The3rdAssembly.dll")]
    [DefaultDllImportSearchPaths(DllImportSearchPath.AssemblyDirectory)]
    public static extern int MessageBox(IntPtr hWnd, String text, String caption, uint type);

    public void ExampleMethod()
    {
        MessageBox(new IntPtr(0), "Hello World!", "Hello Dialog", 0);
    }
}

Solution

using System;
using System.Runtime.InteropServices;

class ExampleClass
{
    [DllImport("The3rdAssembly.dll")]
    [DefaultDllImportSearchPaths(DllImportSearchPath.UserDirectories)]
    public static extern int MessageBox(IntPtr hWnd, String text, String caption, uint type);

    public void ExampleMethod()
    {
        MessageBox(new IntPtr(0), "Hello World!", "Hello Dialog", 0);
    }
}

CA5392: Use DefaultDllImportSearchPaths attribute for P/Invokes

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4