SPC050101: Do not use spaces in file or folders names
SPC050201: Instantiate a new SPSite inside RunWithElevatedPrivileges
SPC050222: Do not call SPList.Items
SPC050223: Do not call SPList.Items.GetItemById()
SPC050224: Do not call SPList.Items[]
SPC050225: Do not call SPList.Items.Count
SPC050226: Do not call SPListItemVersion.Delete to delete multiple versions
SPC050227: Do not call SPFileVersion.Delete to delete multiple versions
SPC050228: Do not enable ObjectTracking in Linq.DataContext
SPC050229: Do not access SPListCollection by indexer multiple times
SPC050230: Do not call SPFolder.Files.Count
SPC050231: Use SPBuiltInContentTypeId to reference builtin ContentType
SPC050232: Use SPBuiltInFieldId to reference builtin Field
SPC050233: Define RowLimit for SPQuery
SPC050234: Avoid using AppSettings to store configuration values
SPC050235: Apply lock when caching SharePoint objects
SPC050236: Do not call SPItemEventProperties.OpenWeb()
SPC050237: Do not request SPField from SPFieldCollection by index. Use SPFieldCollection.GetField() instead.
SPC050238: Do not call SPWeb.GetListFromUrl. Use SPWeb.GetListFromWebPartPageUrl instead.
SPC050239: Do not call PublishingWeb.GetPublishingPages()
SPC050250: Assign RowLimit for SPQuery in limited range
SPC050251: Use SPMonitoredScope with Developer Dashboard, on all custom code
SPC050251: Use SPMonitoredScope with Developer Dashboard, on all custom code
SPC050252: Timer jobs instances should be created in a Feature Activated
SPC052101: Do not activate or deactivate Features via API
SPC052201: Custom field types should not be user creatable
SPC055101: Attribute 'Name' and 'StaticName' should have the same value in Field
SPC055102: Consider setting attibute 'AllowDeletion' to FALSE in Field to prevent deletion by users
SPC055201: Consider using SPContentTypeCollection.BestMatch(SPContentTypeId) to retrieve a Content Type
SPC055202: Consider setting attibute 'Sealed' to TRUE in ContentType to prevent changes by users
SPC055501: Define Type of ListTemplate greater than 10000
SPC055502: Add ContentType for folders to ListTemplate
SPC055503: Avoid definition of ContentTypes in ListTemplates.
SPC055504: Consider setting attibute 'AllowDeletion' to FALSE in ListTemplate to prevent deletion by users
SPC056001: Do not instantiate SPList in Receiver
SPC056002: Do not instantiate SPListItem in Receiver
SPC056003: Do not instantiate SPSite in Receiver
SPC056004: Do not instantiate SPWeb in Receiver
SPC056401: Declare property 'AllowClose' in WebPart to prevent closing of webpart by the user
Expand Minimize

SPC050201: Instantiate a new SPSite inside RunWithElevatedPrivileges

An SPSite object created outside the delegate can be referenced inside the delegate, however, the methods and property assessors of the object run with the privileges of the user context in which the objects were created, not with the elevated privileges.

CheckId SPC050201
TypeName InstantiateNewSPSiteInRunWithElevatedPrivileges
Severity CriticalWarning
Type Assembly
Resolution

Instantiate a new SPSite inside RunWithElevatedPrivileges.
Bad Practice

SPSite site = new SPSite("http://mysharepointsite");
SPSecurity.RunWithElevatedPrivileges(delegate()
{
  // This SPWeb will NOT have elevated privileges, because "site" does not
  SPWeb notElevatedWeb = site.RootWeb;  
});

Good Practice
SPSite site = new SPSite("http://mysharepointsite");
// additional code using the site object
SPSecurity.RunWithElevatedPrivileges(delegate()
{
  // Create a new elevated version of the same site collection object
  using (SPSite elevatedSite = new SPSite(site.Id))    
  {
    SPWeb elevatedWeb = elevatedSite.RootWeb;
    // perform elevated operations with elevatedWeb here. . .
  } // SPSite object gets disposed automatically
});  

See also
Message Suppression

To suppress this violation in managed code add the following attribute to the method which contains the instruction (available since SPCAF version v5.2). Learn more about SuppressMessage here.

// Important: Ensure to have #define CODE_ANALYSIS at the beginning of your .cs file
[SuppressMessage("SPCAF.Rules.BestPracticesGroup", "SPC050201:InstantiateNewSPSiteInRunWithElevatedPrivileges", Justification = "Provide reason for suppression here")]
Disclaimer: The views and opinions expressed in this documentation and in SPCAF do not necessarily reflect the opinions and recommendations of Microsoft or any member of Microsoft. SPCAF and RENCORE are registered trademarks of RENCORE AB. All other trademarks, service marks, collective marks, copyrights, registered names, and marks used or cited by this documentation are the property of their respective owners.