d3cfe19d7e
Co-authored-by: Marco Borgeaud <89914223+marco-antognini-sonarsource@users.noreply.github.com>
55 lines
1.0 KiB
Plaintext
55 lines
1.0 KiB
Plaintext
== Why is this an issue?
|
|
|
|
Pointer and unmanaged function pointer types such as `IntPtr`, `UIntPtr`, ``++int*++`` etc. are used to access unmanaged memory, usually in order to use C or {cpp} libraries. If such a pointer is not secured by making it `private`, `internal` or `readonly`, it can lead to a vulnerability allowing access to arbitrary locations.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,csharp]
|
|
----
|
|
using System;
|
|
|
|
namespace MyLibrary
|
|
{
|
|
public class MyClass
|
|
{
|
|
public IntPtr myPointer; // Noncompliant
|
|
protected UIntPtr myOtherPointer; // Noncompliant
|
|
}
|
|
}
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,csharp]
|
|
----
|
|
using System;
|
|
|
|
namespace MyLibrary
|
|
{
|
|
public class MyClass
|
|
{
|
|
private IntPtr myPointer;
|
|
protected readonly UIntPtr myOtherPointer;
|
|
}
|
|
}
|
|
----
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Makes this pointer readonly, internal or private.
|
|
|
|
|
|
=== Highlighting
|
|
|
|
The pointer declaration
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|