rspec/rules/S4000/csharp/rule.adoc

Pointer and unmanaged function pointer types such as `IntPtr`, `UIntPtr`, `int*` etc. are used to access unmanaged memory, usually in order to use C or {cpp} libraries.  If such a pointer is not secured by making it `private`, `internal` or `readonly`, it can lead to a vulnerability allowing access to arbitrary locations.


== Noncompliant Code Example

----
using System;

namespace MyLibrary
{
  public class MyClass
  {
    public IntPtr myPointer;  // Noncompliant
    protected UIntPtr myOtherPointer; // Noncompliant
  }
}
----


== Compliant Solution

----
using System;

namespace MyLibrary
{
  public class MyClass
  {
    private IntPtr myPointer;
    protected readonly UIntPtr myOtherPointer;
  }
}
----
Modify rule S4000: Mention all pointer types in description (#288) 2021-09-01 17:55:00 +02:00			Pointer and unmanaged function pointer types such as `IntPtr`, `UIntPtr`, `int*` etc. are used to access unmanaged memory, usually in order to use C or {cpp} libraries. If such a pointer is not secured by making it `private`, `internal` or `readonly`, it can lead to a vulnerability allowing access to arbitrary locations.
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`== Noncompliant Code Example`

			`----`
			`using System;`

			`namespace MyLibrary`
			`{`
			`public class MyClass`
			`{`
			`public IntPtr myPointer; // Noncompliant`
			`protected UIntPtr myOtherPointer; // Noncompliant`
			`}`
			`}`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`== Compliant Solution`

			`----`
			`using System;`

			`namespace MyLibrary`
			`{`
			`public class MyClass`
			`{`
			`private IntPtr myPointer;`
			`protected readonly UIntPtr myOtherPointer;`
			`}`
			`}`
			`----`