Rule Definition
Applications having methods exposed that use Platform Invocation Services to access unmanaged code can have security issues. These methods must not be exposed as they are accessing unmanaged code. By keeping these methods private or internal, you make sure that your library cannot be used to breach security by allowing callers access to unmanaged APIs that they could not call otherwise.
Remediation
Change access modifier to "private", "internal"or "private protected"
Violation Code Sample
Will flag a violation if "public" or "protected" or "protected internal" access modifiers are used for P/Invoke declarations
using System;
using System.Runtime.InteropServices;
namespace InteroperabilityLibrary
{
public class NativeMethods
{
[DllImport("kernel32.dll", CharSet = CharSet.Unicode)]
public static extern bool RemoveDirectory(string name);
}
}
Fixed Code Sample
using System;
using System.Runtime.InteropServices;
namespace InteroperabilityLibrary
{
public class NativeMethods
{
[DllImport("kernel32.dll", CharSet = CharSet.Unicode)]
private static extern bool RemoveDirectory(string name);
}
}
Reference
https://docs.microsoft.com/en-us/visualstudio/code-quality/ca1401-p-invokes-should-not-be-visible?view=vs-2015
Related Technologies
Technical Criterion
Secure Coding - Encapsulation
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.