我有一个班级 - MobileLogging - 实施MvvmCross' IMvxTrace接口(来自参考文献Cirrious.MvvmCross.Droid,packages\MvvmCross.HotTuna.CrossCore.3.5.0\lib\MonoAndroid\Cirrious.CrossCore.dll):
namespace Cirrious.CrossCore.Platform
{
public interface IMvxTrace
{
void Trace(MvxTraceLevel level, string tag, Func<string> message);
void Trace(MvxTraceLevel level, string tag, string message);
void Trace(MvxTraceLevel level, string tag, string message, params object[] args);
}
}
从代码工作的角度看,一切都很好。但是,选择&#34;运行代码分析解决方案&#34;它产生了很多安全警告:
运行SecAnnotate.exe会生成一个包含其他内容的TransparencyAnnotations.xml
<type name="<...mynamespace...>.MobileLogging">
<annotations>
<critical>
<rule name="TypesMustBeAtLeastAsCriticalAsBaseTypes">
<reason pass="1">Transparent or safe-critical type 'MobileLogging' derives from
critical type 'IMvxTrace' in violation of the transparency inheritance rules.
'MobileLogging' must be critical to derive from a critical type or implement a
critical interface.</reason>
<reason pass="1">Transparent or safe-critical type 'MobileLogging' derives from
critical type 'IMobileLogging' in violation of the transparency inheritance
rules. 'MobileLogging' must be critical to derive from a critical type or
implement a critical interface.</reason>
</rule>
</critical>
</annotations>
起初我只是假设没关系,日志功能可能在某些时候可能会调用一些本机(非托管)日志记录功能,所以它被标记为安全关键似乎并不太远。但现在我开始认为IMvxTrace被认为是安全关键的事实是错误的。
首先,因为在查看MvvmCross' code base时,没有任何内容表明安全级别或任何事情的任何规范,实际上是在搜索字符串&#34; secur&#34;只匹配两行
SecureTextEntry = isPassword,
using System.Security.Cryptography;
寻找&#34; IMvxTrace的关键&#34;在谷歌上只返回5场比赛,其中没有一场与我相关。
因此,假设IMvxTrace被错误地标记为安全关键,可能的原因是什么,我该如何解决?