Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
IZoneIntervalMap and IZoneIntervalMapWithMinMax violate code analysis rule CA2119
See original GitHub issueHi there, we have internal tooling which identified the following interfaces as violating a severe vulnerability from Microsoft’s code analysis triage process. The specific rule is CA2119.
There are many ways to fix this issue, as described in the link I provided. As it currently is implemented the code is open to manipulation from outside of the library through internal interface plus abstract. So if the original intent is to use interface could we consider marking the following interfaces as public anyways.
Alternatively, other implementations are welcome but also could result in downstream breaking changes.
Issue Analytics
- State:
- Created 3 years ago
- Comments:17 (12 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Ah, interesting. If you would ever like me to help get you back to the main release stream, I’d be happy to do whatever I can. (Note that staying on the vanilla NuGet releases means you get TZDB updates for free too - but you can always update those yourself with the nzd file either from GitHub or downloaded from nodatime.org.)
Got it! It’s because there are two interfaces involved, and only the “super” interface has a method that’s not sealed, but the type only explicitly declares that it implements the “sub” interface.
I’ve filed https://github.com/dotnet/roslyn-analyzers/issues/4406
That does leave the question of what to do with the warning in NodaTime though - because once the bug is fixed, the warning will be raised again. (My guess is that you were analyzing version 1.4, which doesn’t have IZoneIntervalMapWithMinMax.)
I could suppress the warning in the project file - which I may end up doing for some other FxCop warnings anyway. (This issue has caused me to have another look at everything… there are some things I don’t want to change, but others that I do…)