VS2010插件开发与安全 [英] VS2010 plug-in development and security
问题描述
嗨
在创建VS2010插件时,我可以在项目属性中启用一个标记,该标记为:在构建时启用代码分析".然后我得到这个警告.
when creating a VS2010 plug-in I can enable a flag in the project properties named: "Enable Code Analysis on Build" then among others I get this warning..
...
警告:CA2122:Microsoft.Security:"Package.setEnableToolbar(bool)"调用具有链接需求的"MenuCommand.Enabled.set(bool)".通过进行此调用,"MenuCommand.Enabled.set(bool)"间接暴露给用户代码.查看以下通话 堆栈可能会暴露出一种规避安全保护的方法:
warning : CA2122 : Microsoft.Security : 'Package.setEnableToolbar(bool)' calls into 'MenuCommand.Enabled.set(bool)' which has a LinkDemand. By making this call,'MenuCommand.Enabled.set(bool)' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection:
...
代码段
私有静态OleMenuCommand menuItem;
private static OleMenuCommand menuItem;
公共静态无效setEnableToolbarBuild(启用布尔值)
{
menutem.Enabled =已启用;
}
public static void setEnableToolbarBuild(Boolean enabled)
{
menutem.Enabled = enabled;
}
...
至此,我的问题是...开发VS2010插件时,我必须考虑安全性吗?我看不到这个警告是关于什么的?
As of this.. my question then is... what do I have to think about security when developing a VS2010 plug-in? I can't see what this warning is about?
我在网上搜索了一些内容,找到了摆脱警告的方法,但是我也不知道我在做什么.
I searched some on the net and found how to get rid of the warning but again I don't know what I'm doing ..
public static void setEnableToolbarBuild(启用布尔值)
{
menuItem.Enabled =已启用;
}
public static void setEnableToolbarBuild(Boolean enabled)
{
menuItem.Enabled = enabled;
}
Security.Demand和FullTrust是什么?开发VS2010插件时是否有任何说明安全模型的指针?
Security.Demand and FullTrust what? Any pointers that explain security model when developing VS2010 plug-in?
/Jimmie
推荐答案
该警告表示该类之外的客户端代码可以自由设置menuItem.Enabled.
如果您要在此类之外设置menuItem.Enabled值,则如果要设置Enabled,则不可避免会出现此警告 类之外的值.
If you want to set the menuItem.Enabled value outside of this class, this warning is inevitable if you want to set the Enabled value outside of the class.
如果您不想看到此代码,请在错误列表窗口中右键单击此警告,然后单击抑制".
谢谢
Chao
这篇关于VS2010插件开发与安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
