Home/ Questions/Q 7173813
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T15:54:09+00:00

I have a class that implements IPermission : public class MySecurityPermission : IPermission {

  • 0

I have a class that implements IPermission:

public class MySecurityPermission : IPermission
{
    private string[] _demandRoles;
    private string[] _denyRoles;

    public MySecurityPermission(string[] demandRoles, string[] denyRoles)
    {
        this._demandRoles = demandRoles;
        this._denyRoles = denyRoles;
    }
}

Now, the IPermission interface requires a Copy() method, which I implemented as:

public IPermission Copy()
{
    return new MySecurityPermission(this._demandRoles.ToArray(), this._denyRoles.ToArray());
}

Note that the .ToArray() calls are there because it makes a close/copy of the array, and returns a new array instance, instead of passing the same array around.

This results in an FxCop CA2103:

“Review the following for a possible security vulnerability:
In ‘MySecurityPermission.Copy()’, the return value
of a call to ‘Enumerable.ToArray(this
IEnumerable)’ is being passed to a ‘MySecurityPermission’
constructor.”

Is there a way to “fix” this? I’m not really sure why FxCop is even complaining about it. If someone could explain it, that would be great.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It would appear that the rule is being raised because of where the code gets executed. If you create the variables first the rule will pass:

    public IPermission Copy()
{
    var demand = _demandRoles.ToArray();
    var deny = _denyRoles.ToArray();
    return new MySecurityPermission(demand, deny);
}
    • 0