47 lines
941 B
Plaintext
47 lines
941 B
Plaintext
Pointer and unmanaged function pointer types such as `IntPtr`, `UIntPtr`, `int*` etc. are used to access unmanaged memory, usually in order to use C or {cpp} libraries. If such a pointer is not secured by making it `private`, `internal` or `readonly`, it can lead to a vulnerability allowing access to arbitrary locations.
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
[source,csharp]
|
|
----
|
|
using System;
|
|
|
|
namespace MyLibrary
|
|
{
|
|
public class MyClass
|
|
{
|
|
public IntPtr myPointer; // Noncompliant
|
|
protected UIntPtr myOtherPointer; // Noncompliant
|
|
}
|
|
}
|
|
----
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
[source,csharp]
|
|
----
|
|
using System;
|
|
|
|
namespace MyLibrary
|
|
{
|
|
public class MyClass
|
|
{
|
|
private IntPtr myPointer;
|
|
protected readonly UIntPtr myOtherPointer;
|
|
}
|
|
}
|
|
----
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::message.adoc[]
|
|
|
|
include::highlighting.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|