SharePoint Code Analysis Framework (SPCAF)

Farm/Sandboxed Solutions

SPC020201: Do not update list of blocked extensions

SPC020202: Avoid setting 'AllowUnsafeUpdates' on SPWeb

SPC020203: Avoid setting 'AllowUnsafeUpdates' on SPSite

SPC020204: Do not call 'WindowsIdentity.Impersonate'

SPC020205: Do not set 'AllowEveryoneViewItems' for SPList to TRUE

SPC020206: Avoid usage of 'RunWithElevatedPrivileges'

SPC020210: Do not add PageParserPaths to web.config

SPC020220: Do not call 'HttpUtility.HtmlEncode'.

SPC020221: Do not nest calls to RunWithElevatedPrivileges

SPC020602: CAS Policy 'Maschine' with access='Administer' is not allowed

SPC020603: Policy Permission Impersonate not allowed

SPC020611: Do not define 'FileIOPermission' with 'Unrestricted=true'

SPC020612: Do not define 'RegistryPermission' with 'Unrestricted=true'

SPC020613: Do not define 'SecurityPermission' with 'Unrestricted=true'

SPC020614: Do not define 'EnvironmentPermission' with 'Unrestricted=true'

SPC020615: Do not define 'SmtpPermission' with 'Unrestricted=true'

SPC025501: Do not set 'AllowEveryoneViewItems' to TRUE in ListDefinition

SPC026901: Do not use inline code in ASPX pages

SPC026902: Add 'SharePoint:FormDigest' to ASPX page

SPC020611: Do not define 'FileIOPermission' with 'Unrestricted=true'

The CAS Policy for System.Security.Permissions.FileIOPermission with setting 'Unrestricted=true' is not allowed. This means read and write permission to all locations on the SharePoint system. Limit the permission to certain folders, e.g. TEMP.

CheckId	SPC020611
TypeName	DoNotDefineUnrestrictedFileIOPermission
Severity	Error
Type	PermissionSet

Remove permission 'FileIOPermission' with setting 'Unrestricted=true'.
Bad Practice

<Solution xmlns="http://schemas.microsoft.com/sharepoint/">
  <CodeAccessSecurity>
    <PolicyItem>
      <PermissionSet class="NamedPermissionSet" version="1">
      ...
        <IPermission class="System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089" version="1" Unrestricted="True" />
      ...
      </PermissionSet>
    <PolicyItem>
  <CodeAccessSecurity>
</Solution>

Message Suppression

Copyright © 2009 - 2014 RENCORE AB

SharePoint Code Analysis Framework, v5.3.4.2311

Disclaimer: The views and opinions expressed in this documentation and in SPCAF do not necessarily reflect the opinions and recommendations of Microsoft or any member of Microsoft. SPCAF and RENCORE are registered trademarks of RENCORE AB. All other trademarks, service marks, collective marks, copyrights, registered names, and marks used or cited by this documentation are the property of their respective owners.