Gendarme's security rules are located in the Gendarme.Rules.Security.dll assembly. Latest sources are available from anonymous SVN (http://anonsvn.mono-project.com/viewcvs/trunk/mono-tools/gendarme/rules/Gendarme.Rules.Security/) (tarball (http://anonsvn.mono-project.com/viewcvs/trunk/mono-tools/gendarme/rules/Gendarme.Rules.Security.tar.gz?view=tar)).

1.1 ArrayFieldsShouldNotBeReadOnlyRule
1.2 NativeFieldsShouldNotBeVisibleRule
1.3 StaticConstructorsShouldBePrivateRule

3 Feedback

Rules

ArrayFieldsShouldNotBeReadOnlyRule

This rule warns if a type declares a public readonly array field. Marking a field readonly only prevents the field from being assigned a different value, the object itself can still be changed. This means, that the elements inside the array can still be changed.

Bad example:

class Bad {
    public readonly string[] Array = new string[] { "A", "B" };
}
 
HasPublicReadonlyArray obj = HasPublicReadonlyArray ();
obj.Array[0] = "B"; // valid

Good example:

class Good {
    private readonly string[] array = new string[] { "A", "B" };
    public string[] GetArray ()
    {
        return (string []) array.Clone();
    }
}
 
string[] obj = new HasPublicReadonlyArray ().GetArray ();
obj [0] = "B"; // valid, but has no effect on other users

NativeFieldsShouldNotBeVisibleRule

This rule checks if a class exposes native fields. Native fields should not be public because you lose control over their lifetime (other code could free the memory or use it after it has been freed).

Bad example:

public class HasPublicNativeField {
    public IntPtr NativeField;
}

Good example (hide):

class HasPrivateNativeField {
    private IntPtr NativeField;
    public void DoSomethingWithNativeField ();
}

Good example (read-only):

class HasReadOnlyNativeField {
    public readonly IntPtr NativeField;
}

StaticConstructorsShouldBePrivateRule

To avoid calls from user code, all static constructors must be private. C# allows only private static constructors but some .NET languages (including VB .NET) do permit defining non-private static constructors (Shared in VB.NET), which is not a good practice.

Bad example (VB.NET):

Public Class PublicCctor
Public Shared Sub New ()
End Sub
End Class

Good example (C#):

public class PrivateCctor {
    ~PrivateCctor () { } // it is private
}

Good example (VB.NET):

Public Class PrivateCctor
Private Shared Sub New ()
End Sub
End Class

Notes

Several security rules about Code Access Security (CAS) were moved into Gendarme.Rules.Security.Cas as of Gendarme 2.2.

Feedback

Please report any documentation errors, typos or suggestions to the Gendarme Google Group (http://groups.google.com/group/gendarme). Thanks!

Mono

Gendarme.Rules.Security

Table of Contents