I'm running the Windows App Certification Kit v10.0.16299.15 to validate a WPF application that uses third party controls from Telerik v2017.2.606.45.
The result of the tests is this:
File Telerik.Windows.Controls.ImageEditor.dll contains a blocked executable reference to "CDB".
File Telerik.Windows.Controls.Navigation.dll contains a blocked executable reference to "rEg".
Questions
"CDB": Means Microsoft Console Debugger?
if the answer is yes, can you explain me how it can be called from the code without using Process.Start() ?
"rEg": Means Windows registry?
Reviewing the source code the only reference to the registry they are the following:
RegistryKey classesRoot = Registry.ClassesRoot;
RegistryKey regKeykFileType = classesRoot.OpenSubKey(ext);
and
string themeId = Microsoft.Win32.Registry.GetValue(@"HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\11.0\General", "CurrentTheme", "").ToString();
Reading the registry is not allowed?
The test for blocked executables is an optional test. You can submit successfully with those failures. They are really more like warnings, intended as pointer/reminder to validate your functionality on Windows 10 S mode: https://learn.microsoft.com/en-us/windows/uwp/porting/desktop-to-uwp-test-windows-s
I agree it's confusing how the tool reports these potential issues and will follow up with the WACK team to improve this.
To answer your questions: cdb.exe = Microsoft Console Debugger reg.exe = Console registry tool
You can certainly still use the registry from your WPF app. The code you showed is perfectly fine. What you can't do is launch the reg.exe tool and make modifications from outside your application. Seems like you are not doing that and the WACK is flagging a false positive here. I am guessing one of the libraries/frameworks you are including has some reference to to reg.exe, so it gets flagged in the static analysis even though you are not actually using that part of the library.