CodeQL documentation
CodeQL resources

Bad dynamic call

ID: cs/invalid-dynamic-call
Kind: problem
Security severity: 
Severity: error
Precision: medium
Tags:
   - reliability
   - correctness
   - logic
   - external/cwe/cwe-628
Query suites:
   - csharp-security-and-quality.qls

Click to see the query in the CodeQL repository

Method calls on variables declared with type ‘dynamic’ are resolved at runtime rather than compile-time - the actual type of the instance is determined, and an attempt is made to call a method on that type with the appropriate signature. If such a method does not exist, a RuntimeBinderException is thrown.

This rule identifies calls to instances with the dynamic type where it can be statically determined that the call will throw a RuntimeBinderException.

Recommendation

Ensure it is not possible to make a call to a dynamic instance of a type that lacks the appropriate method signature for handling that call.

Example

In this example the program attempts to call Foo on a class that doesn’t have a Foo method. This program is guaranteed to fail at runtime with a RuntimeBinderException.

class BadDynamicCall
{
    class WithFoo
    {
        public void Foo(int i) { }
    }

    class WithoutFoo { }

    public static void Main(string[] args)
    {
        dynamic o = new WithoutFoo();
        o.Foo(3);
    }
}

References

  • © GitHub, Inc.
  • Terms
  • Privacy
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy