In an application we can output a report as a csv file and load it up similar to the following code:
Process.Start("C:\MyReport.csv") ' Not real path
When running code analysis it produces the following error:
CA2122 Do not indirectly expose methods with link demands 'Form.Function(Definition)' calls into 'Process.Start(String)' which has a LinkDemand. By making this call, 'Process.Start(String)' is indirectly exposed to user code
I have seen somewhere to mark the assembly with the SecurityTransparentAttribute, does this just suppress the message? If so this is not what I would like. Is there another way of opening the file that would circumvent this message without suppressing it? I would ideally like to avoid Excel automation if I can as Excel is not used anywhere else at the moment.
Ideas?
You may do not care about it at all (suppress the message locally) or in global suppression. It depends on your security policy/requests.
What is means is: Process.Start has some security attributes applied but it has specified that the check should be done only for it and for its caller (SecurityAction.LinkDemand). This implies that if you call it in a public method the code that use your method will skip this security check. Your code may be trusted to call Process.Start but their code not but if they call your method they'll gain that privilege.
If you need to fix this you may apply the same security attributes to your code, this will require your caller to have that privileges (SecurityAction.LinkDemand doesn't walk the full stack so it's faster).