CA2132: Default constructors must be at least as critical as base type default constructors

Article
06/28/2012

TypeName	DefaultConstructorsMustHaveConsistentTransparency
CheckId	CA2132
Category	Microsoft.Security
Breaking Change	Breaking

Note

This warning is only applied to code that is running the CoreCLR (the version of the CLR that is specific to Silverlight Web applications).

Cause

The transparency attribute of the default constructor of a derived class is not as critical as the transparency of the base class.

Rule Description

Types and members that have the SecurityCriticalAttribute cannot be used by Silverlight application code. Security-critical types and members can be used only by trusted code in the .NET Framework for Silverlight class library. Because a public or protected construction in a derived class must have the same or greater transparency than its base class, a class in an application cannot be derived from a class marked SecurityCritical.

For CoreCLR platform code, if a base type has a public or protected non-transparent default constructor then the derived type must obey the default constructor inheritance rules. The derived type must also have a default constructor and that constructor must be at least as critical default constructor of the base type.

How to Fix Violations

To fix the violation, remove the type or do not derive from security non-transparent type.

When to Suppress Warnings

Do not suppress warnings from this rule. Violations of this rule by application code will result in the CoreCLR refusing to load the type with a TypeLoadException.

Code

using System;
using System.Security;

namespace TransparencyWarningsDemo
{

    public class BaseWithSafeCriticalDefaultCtor
    {
        [SecuritySafeCritical]
        public BaseWithSafeCriticalDefaultCtor() { }
    }

    public class DerivedWithNoDefaultCtor : BaseWithSafeCriticalDefaultCtor
    {
        // CA2132 violation - since the base has a public or protected non-transparent default .ctor, the 
        // derived type must also have a default .ctor
    }

    public class DerivedWithTransparentDefaultCtor : BaseWithSafeCriticalDefaultCtor
    {
        // CA2132 violation - since the base has a safe critical default .ctor, the derived type must have 
        // either a safe critical or critical default .ctor.  This is fixed by making this .ctor safe critical 
        // (however, user code cannot be safe critical, so this fix is platform code only).
        DerivedWithTransparentDefaultCtor() { }
    }

    public class BaseWithCriticalCtor
    {
        [SecurityCritical]
        public BaseWithCriticalCtor() { }
    }

    public class DerivedWithSafeCriticalDefaultCtor : BaseWithSafeCriticalDefaultCtor
    {
        // CA2132 violation - since the base has a critical default .ctor, the derived must also have a critical 
        // default .ctor.  This is fixed by making this .ctor critical, which is not available to user code
        [SecuritySafeCritical]
        public DerivedWithSafeCriticalDefaultCtor() { }
    }
}